RansomHub Evolves To Attack Windows, ESXi, Linux and FreeBSD Operating Systems
The RansomHub ransomware group has rapidly emerged as one of the most prolific cybercrime syndicates of 2024–2025. As this ransomware group done by expanding its…
Category: CyberSecurityNews
Xerox Printers Vulnerability Let Attackers Capture Auth Data From LDAP & SMB
Multiple vulnerabilities in enterprise-grade Xerox Versalink C7025 multifunction printers (MFPs) enable attackers to intercept authentication credentials from Lightweight Directory Access Protocol (LDAP) and Server Message…
CISA Warns of Apple iOS Vulnerability Exploited in Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and iPadOS, tracked as…
New Android Security Feature that Blocks Changing Sensitive Setting During Calls
Google has unveiled a groundbreaking security feature in Android 16 Beta 2 aimed at combating phone scams by blocking users from altering sensitive settings during…
New XCSSET Malware Attacking macOS Users by Infecting Xcode Projects
Microsoft Threat Intelligence has identified an evolved iteration of the XCSSET malware family actively exploiting macOS developers via weaponized Xcode projects. This modular backdoor, first…
IDOR vulnerability in ExHub Let Attacker Modify Web Hosting Configuration
A critical Insecure Direct Object Reference (IDOR) vulnerability was recently discovered in ExHub, a cloud-based platform for hulia-based development. This flaw allowed attackers to modify…
Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication
Security researchers at Volexity have uncovered multiple Russian threat actors conducting sophisticated social engineering and spear-phishing campaigns targeting Microsoft 365 accounts through Device Code Authentication…
Indian Post Office Portal Exposed Thousands of KYC Records With Username & Mobile Number
The Indian Post Office portal was found vulnerable to an Insecure Direct Object Reference (IDOR) attack, exposing sensitive Know Your Customer (KYC) data of thousands…
Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment
A sophisticated cyber threat has emerged in recent weeks, targeting unsuspecting users with fake Outlook troubleshooting calls. These calls, designed to appear legitimate, ultimately lead…
A Free Cybersecurity Lab for Security Teams To Analyse Cyber Threats
In a significant step forward for cybersecurity professionals, PurpleLab offers an innovative open-source cybersecurity lab for creating and testing detection rules, simulating logs, and running…
Threat Actors Leveraging Modified Version of SharpHide Tool To Create Hidden Registry
Threat actors have been utilizing a modified version of the SharpHide tool to create hidden registry values, significantly complicating detection and deletion efforts. This technique…
Hackers Abusing Microsoft Teams Meeting Invites to Trick Victims for Gaining Access
In a sophisticated cyberattack campaign, a threat actor identified as Storm-2372 has been leveraging Microsoft Teams meeting invites to execute “device code phishing” attacks. This…