Cyber trends overview

LogoFAIL - LogoFAIL refers to a set of vulnerabilities found in the Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs). These vulnerabilities are present in image parsing libraries embedded into the firmware. ...
1 year ago

Vidar Infostealer - Vidar is an infostealer malware that was first discovered in the wild in late 2018. It operates as malware-as-a-service and runs on Windows. Vidar can collect a wide range of sensitive data from browsers and digital wallets. Additionally, it is used ...
1 year ago

23andMe - 23andMe is a revolutionary service that analyzes your DNA and provides insights into your health, ancestry, and traits. This saliva-based DNA service offers personalized reports on your ancestry, family history, traits, and more. With one of the ...
1 year ago

Kimsuky - Kimsuky, also known as Velvet Chollima and Black Banshee, is a North Korean state-backed hacker group. The group has been active since at least 2012 and initially focused on targeting South Korean government entities, think tanks, and individuals ...
1 year ago

Okta - Okta is an enterprise-grade, identity management service that connects any person with any application on any device. It’s built for the cloud, but is also compatible with many on-premises applications. With Okta, IT can manage any employee’s ...
1 year ago

Gh0st rat - Gh0st RAT is a Trojan horse for the Windows platform. The “RAT” part of the name refers to the software’s ability to operate as a "Remote Administration Tool". It is a cyber spying computer program used to control infected Windows computers ...
1 year ago

Sophisticated Phishing Attacks Targeting Decision-Makers Including CEOs and CTOs - Security experts at Hackmosphere noted that the results shows the critical risks for organizations: 24% of CEOs clicked malicious links in test emails, compared to just 6% of CTOs, emphasizing discrepancies in threat perception among leadership ...
19 hours ago Cybersecuritynews.com

X now blocks Signal contact links, flags them as malicious - According to BleepingComputer's tests and other users' reports, attempting to post Signal.me links via public posts, direct messages, or profile bios receive error messages citing spam or malware risks. Social media platform X (formerly Twitter) is ...
3 days ago Bleepingcomputer.com

Hackers Abusing Microsoft Teams Meeting Invites to Trick Victims for Gaining Access - In a sophisticated cyberattack campaign, a threat actor identified as Storm-2372 has been leveraging Microsoft Teams meeting invites to execute “device code phishing” attacks. These emails prompt recipients to authenticate using the ...
4 days ago Cybersecuritynews.com

Indian Post Office Portal Exposed Thousands of KYC Records With Username & Mobile Number - According to Gokuleswaran, a Cyber Security Analyst, the vulnerability allowed unauthorized users to access private KYC records by exploiting a flaw in the portal’s URL structure. This breach exemplifies how IDOR vulnerabilities can lead to ...
3 days ago Cybersecuritynews.com

Pennsylvania utility says MOVEit breach at vendor exposed some customer data | The Record from Recorded Future News - PPL Electric Utilities said in an emailed statement that the vendor notified it in June 2023 of a breach through a widespread bug in the MOVEit file transfer software, which affected hundreds of organizations and exposed the data of tens of millions ...
6 days ago Therecord.media

Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication - Security researchers at Volexity have uncovered multiple Russian threat actors conducting sophisticated social engineering and spear-phishing campaigns targeting Microsoft 365 accounts through Device Code Authentication exploitation. The threat ...
3 days ago Cybersecuritynews.com

New Go-Based Malware Exploits Telegram and Use It as C2 Channel - Researchers have identified a new backdoor malware, written in Go programming language, that leverages Telegram as its command-and-control (C2) channel. Netskope Advanced Threat Protection proactively detects this threat under the identifier ...
5 days ago Cybersecuritynews.com

PurpleLab - A Free Cybersecurity Lab for Security Teams To Analyse Cyber Threats - PurpleLab is a cybersecurity lab that integrates various tools and technologies to support analysts in testing detection rules and simulating real-world cyber threats. In a significant step forward for cybersecurity professionals, PurpleLab offers an ...
4 days ago Cybersecuritynews.com

New Android Security Feature that Blocks Changing Sensitive Setting During Calls - A common tactic involves guiding victims over the phone to enable sideloading or accessibility permissions, which allow malicious apps to bypass safeguards and gain control of the device. This feature, currently live in the beta version, prevents ...
3 days ago Cybersecuritynews.com

Threat Actors Leveraging Modified Version of SharpHide Tool To Create Hidden Registry - Threat actors have been utilizing a modified version of the SharpHide tool to create hidden registry values, significantly complicating detection and deletion efforts. [+] SharpDelete by Andrew Petrus - Tool to delete hidden registry values ...
4 days ago Cybersecuritynews.com

Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment - A sophisticated cyber threat has emerged in recent weeks, targeting unsuspecting users with fake Outlook troubleshooting calls. To protect yourself from fake Outlook troubleshooting scams, always verify the caller’s identity, as legitimate ...
4 days ago Cybersecuritynews.com

Hidden Malware in WordPress Websites Allows Attackers to Execute Malicious Code Remotely - A sophisticated malware campaign has recently been uncovered by security researchers at Sucuri, targeting WordPress websites through hidden malware and backdoors in the mu-plugins directory. This campaign shows the importance of continuous WordPress ...
3 days ago Cybersecuritynews.com

RansomHub Evolves To Attack Windows, ESXi, Linux and FreeBSD Operating Systems - With RansomHub actively exploiting zero-day vulnerabilities and recruiting displaced ALPHV/LockBit affiliates, organizations must strengthen endpoint security and ensure backup isolation to prevent potential attacks. RansomHub ransomware group ...
3 days ago Cybersecuritynews.com

CVE-2025-0822 - Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of ...
5 days ago Tenable.com

CVE-2024-13500 - The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.6.17 ...
5 days ago Tenable.com

CVE-2024-13439 - The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9. This makes it possible for authenticated ...
5 days ago Tenable.com

CVE-2025-26793 - The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial ...
5 days ago Tenable.com

Meta Paid Out $2.3 Million to Researchers via Bug Bounty Program - This initiative, which began in 2011, has now surpassed $20 million in total payouts, underscoring Meta’s dedication to collaborating with the global security research community to enhance platform safety and integrity. Meta’s bug bounty ...
4 days ago Cybersecuritynews.com

CISA Warns of Apple iOS Vulnerability Exploited in Wild - The flaw, an authorization bypass in Apple’s USB Restricted Mode, enables attackers with physical access to disable security protections on locked devices, potentially exposing sensitive data. CVE-2025-24200, cataloged under CWE-863 (Incorrect ...
3 days ago Cybersecuritynews.com

Fintech giant Finastra notifies victims of October data breach - While Finastra has yet to share the number of individuals affected by the data breach and the nature of the exposed data (besides victims' names), the company started sending breach notification letters last week to at least 65 people in the state ...
3 days ago Bleepingcomputer.com

Microsoft reminds admins to prepare for WSUS driver sync deprecation - Introduced as Software Update Services (SUS) in 2005, almost two decades ago, WSUS enables IT admins to manage and distribute updates for Microsoft products across enterprise networks with large numbers of Windows devices from a single server instead ...
2 days ago Bleepingcomputer.com

Venture capital giant Insight Partners hit by cyberattack - After discovering the breach, Insight Partners notified law enforcement in relevant jurisdictions and hired third-party cybersecurity experts to investigate its impact. "We are working diligently to determine the scope of the incident with the ...
2 days ago Bleepingcomputer.com

Microsoft: Hackers steal emails in device code phishing attacks - "The invitations lure the user into completing a device code authentication request emulating the experience of the messaging service, which provides Storm-2372 initial access to victim accounts and enables Graph API data collection activities, such ...
5 days ago Bleepingcomputer.com

CVE-2025-1359 - A vulnerability, which was classified as problematic, has been found in SIAM Industria de Automação e Monitoramento SIAM 2.0. This issue affects some unknown processing of the file /qrcode.jsp. The manipulation of the argument url leads to cross ...
4 days ago Tenable.com

CVE-2025-1354 - A vulnerability was found in Asus RT-N12E 2.0.0.19. It has been classified as problematic. Affected is an unknown function of the file sysinfo.asp. The manipulation of the argument SSID leads to cross site scripting. It is possible to launch the ...
4 days ago Tenable.com

Xerox Printers Vulnerability Let Attackers Capture Auth Data From LDAP & SMB - In one demonstrated attack chain, researchers gained admin access via default credentials (Xerox devices often retain factory defaults), modified LDAP settings to attacker IP, triggered LDAP sync via “Test Connection” feature and used captured ...
3 days ago Cybersecuritynews.com

Ransomware Gangs Encrypt Systems After 17hrs From Initial Infection - A 2025 threat report by cybersecurity firm Huntress reveals ransomware gangs now take just 17 hours on average to encrypt systems after initial network intrusion, with some groups like Akira and RansomHub operating in as little as 4–6 hours. New ...
3 days ago Cybersecuritynews.com

Microsoft to remove the Location History feature in Windows - “We are deprecating and removing the Location History feature, an API that allowed Cortana to access 24 hours of device history when location was enabled,” reads Microsoft's announcement. The API behind the feature, ...
3 days ago Bleepingcomputer.com

CVE-2024-13834 - The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remote_request' function. ...
5 days ago Tenable.com

CVE-2024-10581 - The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it ...
5 days ago Tenable.com

SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild - The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by researchers at Bishop Fox, amplifying risks for organizations with unpatched devices. Security analysts attribute the rapid weaponization ...
5 days ago Cybersecuritynews.com

CVE-2024-13488 - The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter ...
5 days ago Tenable.com

IDOR vulnerability in ExHub Let Attacker Modify Web Hosting Configuration - The consequences of this IDOR vulnerability were severe where attackers could manipulate deployment configurations, potentially gaining unauthorized access to sensitive resources. This vulnerability effectively allowed unauthorized users to perform ...
3 days ago Cybersecuritynews.com

Microsoft rolls out BIOS update that fixes ASUS blue screen issues - "Devices with ASUS models X415KA and X515KA running a BIOS version lower than 311 will need to install the latest BIOS update to remove the safeguard and proceed with the Windows 11, version 24H2 upgrade," Microsoft said. However, in a ...
3 days ago Bleepingcomputer.com

Microsoft spots XCSSET macOS malware variant used for crypto theft - A new variant of the XCSSET macOS modular malware has emerged in attacks that target users' sensitive information, including digital wallets and data from the legitimate Notes app. XCSSET then creates a malicious Launchpad application with ...
3 days ago Bleepingcomputer.com

New Research Proposed To Enhance MITRE ATT&CK In Dynamic Cybersecurity Environments - However, analysts (at National University of Singapore and NCS Cyber Special Ops R&D) noted that the proposed research seeks to address current limitations by introducing advanced capabilities such as real-time threat mapping, cross-domain ...
2 days ago Cybersecuritynews.com

CVE-2024-12562 - The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. This makes it possible for ...
5 days ago Tenable.com

CVE-2024-13837 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. ...
3 days ago Tenable.com

Chase will soon block Zelle payments to sellers on social media - While Chase didn't share what exactly prompted this decision, the U.S. Consumer Financial Protection Bureau (CFPB) sued Early Warning Services (Zelle's operator) and three of its owner banks (Bank of America, JPMorgan Chase, and Wells Fargo) in ...
3 days ago Bleepingcomputer.com

Juniper patches critical auth bypass in Session Smart routers - "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based attacker to bypass authentication and take administrative control of the device," the American networking ...
2 days ago Bleepingcomputer.com

Beware of Fake BSOD Delivered by Malicious Python Script - According to security consultant Xavier Mertens, the tkinter library, a standard Python module, is typically used to create graphical user interfaces (GUIs). Security teams should consider monitoring for unusual uses of GUI libraries like tkinter as ...
5 days ago Cybersecuritynews.com

CVE-2021-30369 - Rejected reason: Was determined not a vulnerability. ...
3 days ago Tenable.com

Threat Actors Trojanize Popular Versions of Games To Infect Systems Bypassing Evasion Techniques - By exploiting user trust in popular games and employing advanced evasion techniques, threat actors have demonstrated their ability to infiltrate systems undetected while maximizing financial gain through cryptomining. In a sophisticated cyberattack ...
2 days ago Cybersecuritynews.com

China-Linked Threat Group Targets Japanese Orgs' Servers - In targeting organizations in the Asia-Pacific region, Winnti is exploiting vulnerabilities found in applications like IBM Lotus Domino to deploy malicious malware, including DEATHLOTUS, UNAPIMON, PRIVATELOG, CUNNINGPIGEON, WINDJAMMER, and ...
2 days ago Darkreading.com

CVE-2025-26508 - Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. ...
6 days ago Tenable.com

CVE-2025-26506 - Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. ...
6 days ago Tenable.com

CVE-2025-1357 - A vulnerability classified as problematic has been found in Seventh D-Guard up to 20250206. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to path traversal. It is possible to initiate the attack ...
4 days ago Tenable.com

CVE-2025-1355 - A vulnerability was found in needyamin Library Card System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signup.php of the component Add Picture. The manipulation leads to unrestricted ...
4 days ago Tenable.com

CVE-2025-1392 - A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The ...
3 days ago Tenable.com

CVE-2024-13879 - The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. This makes it possible for authenticated attackers, with ...
3 days ago Tenable.com