Storm-2372: Russian APT Using Device Code Phishing in Advanced Attacks
Storm-2372: Russian APT Using Device Code Phishing in Advanced Attacks A newly uncovered cyber campaign led by the Russian state-backed group Storm-2372 is exploiting device code phishing to bypass Mu...
UNC5221 Targets Critical Ivanti Flaw (CVE-2025-22457) with TRAILBLAZE ...
UNC5221 Targets Critical Ivanti Flaw (CVE-2025-22457) with TRAILBLAZE & BRUSHFIRE Malware A recently disclosed critical vulnerability in Ivanti products, CVE-2025-22457, has drawn urgent attention...
Everything You Need to Know About the Alleged Twilio SendGrid Breach
Everything You Need to Know About the Alleged Twilio SendGrid Breach [Update] April 9, 2025: “Alleged Breach Expands Beyond SendGrid” On April 3, 2025, a threat actor operating under the alias Satanic...
CrushFTP Vulnerability Under Active Exploitation (CVE-2025-31161): Wha...
CrushFTP Vulnerability Under Active Exploitation (CVE-2025-31161): What You Need to Know [Update] April 8, 2025: CISA Flags Actively Exploited CrushFTP Vulnerability (CVE-2025-31161) A newly discovere...
Alleged Check Point Breach: What Happened and What You Need to Know?
Alleged Check Point Breach: What Happened and What You Need to Know? [Update] April 2, 2025: “Latest Developments: Dissecting CoreInjection’s Claims and the Alleged Leak” On March 31, 2025, a threat a...
Mozilla Responds to Critical Vulnerability: Urgent Firefox Update
Mozilla Responds to Critical Vulnerability: Urgent Firefox Update In a rapid response to a similar vulnerability with Google Chrome, Mozilla has issued an update for its Firefox browser on Windows to ...
Ingress Nightmare: Critical Unauthenticated Remote Code Execution Vuln...
Ingress Nightmare: Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX On March 24, 2025, the Kubernetes Security Response Committee released a patch for a set of high to c...
Everything You Need to Know About Oracle Cloud Security Incident by ro...
Everything You Need to Know About Oracle Cloud Security Incident by rose87168 [Update] April 2, 2025: “What are the Recent Developments?” [Update] April 9, 2025: “Oracle has reportedly begun notifying...
Arkana Ransomware Attack on WideOpenWest: What You Need to Know
Arkana Ransomware Attack on WideOpenWest: What You Need to Know A previously unknown threat actor has launched its first ransomware attack, marking a worrisome new chapter in the cyber threat landscap...
Next.js Middleware Vulnerability (CVE-2025-29927): What You Need to Kn...
Next.js Middleware Vulnerability (CVE-2025-29927): What You Need to Know and How to Respond A critical security flaw has recently shaken the Next.js ecosystem, bringing urgent attention to the framewo...
Critical Veeam Vulnerability (CVE-2025-23120) Enables Remote Code Exec...
Critical Veeam Vulnerability (CVE-2025-23120) Enables Remote Code Execution by Domain Users A newly discovered vulnerability in Veeam Backup & Replication, tracked as CVE-2025-23120, has emerged a...
Windows Shortcut Zero-Day (ZDI-CAN-25373) Exploited by State-Backed Th...
Windows Shortcut Zero-Day (ZDI-CAN-25373) Exploited by State-Backed Threat Actors Since 2017: Overview of Key Details A sophisticated zero-day vulnerability, ZDI-CAN-25373, has been secretly exploited...
Apache Tomcat RCE Vulnerability (CVE-2025-24813) Under Active Exploita...
Apache Tomcat RCE Vulnerability (CVE-2025-24813) Under Active Exploitation: Patch Now A serious vulnerability in Apache Tomcat, CVE-2025-24813, is being actively exploited in the wild. This flaw allow...
Major Cyber Attacks in Review: February 2025
Major Cyber Attacks in Review: February 2025 In February 2025, several major cyber incidents demonstrated ongoing threats to industries worldwide. The Qilin ransomware attack disrupted operations at L...
Exploring MegaMedusa: The Streamlined DDoS Tool
Exploring MegaMedusa: The Streamlined DDoS Tool Distributed Denial of Service (DDoS) attacks continue to pose significant challenges in cybersecurity. Tools like MegaMedusa have made it easier for ind...
GitLab Security Update: Critical Authentication & RCE Flaws Demand Imm...
GitLab Security Update: Critical Authentication & RCE Flaws Demand Immediate Action Cybersecurity threats continue to evolve, and organizations relying on GitLab for code hosting, collaboration, a...
March 2025 Patch Tuesday: Microsoft Fixes 6 Critical & 6 Exploited Sec...
March 2025 Patch Tuesday: Microsoft Fixes 6 Critical & 6 Exploited Security Vulnerabilities [Update] April 18, 2025: “CVE-2025-24054 Actively Exploited in Phishing Campaigns” Microsoft has release...
X Faces Cyberattack: Dark Storm Team Takes Credit, Musk Blames Ukraine
X Faces Cyberattack: Dark Storm Team Takes Credit, Musk Blames Ukraine Yesterday, X (formerly Twitter) allegedly suffered a large-scale cyberattack, causing widespread outages. While Elon Musk claimed...
Critical Kibana Vulnerability (CVE-2025-25012) Exposes Systems to Code...
Critical Kibana Vulnerability (CVE-2025-25012) Exposes Systems to Code Execution, Patch Now A critical security vulnerability has been discovered in Kibana, the widely used data visualization platform...
VMware Security Alert: Active Exploitation of Zero-Day Vulnerabilities...
VMware Security Alert: Active Exploitation of Zero-Day Vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) [Update] March 7, 2025: “37,000 VMware ESXi Servers Still Vulnerable to CVE-...