Cybercriminals are increasingly launching fraudulent trading platforms that mimic legitimate forex and cryptocurrency exchanges, with fake forex sites luring investors across Asia and beyond. These schemes use social engineering tactics to convince victims to transfer funds into attacker-controlled systems disguised as authentic investment platforms. Unlike earlier scams confined to single regions, these operations now span […]
A 4-terabyte SQL Server backup belonging to global accounting firm Ernst & Young was found publicly accessible on Microsoft Azure, exposing a staggering volume of client-related information. The discovery, made by cybersecurity company Neo Security during routine asset mapping, underscores how even major corporations like EY expose 4TB of client data through simple cloud misconfigurations. […]
CrowdStrike has detected active exploitation of a critical Git vulnerability, identified as CVE-2025-48384. The company reports that its endpoint protection platform, CrowdStrike Falcon, blocks Git-based attacks by intercepting malicious repositories crafted through advanced social engineering tactics. Threat actors are using these deceptive techniques to lure developers into cloning compromised repositories, triggering the exploit. The campaign […]
Cybercriminals are increasingly leveraging ClickFix, QR codes, and LOLBins to outmaneuver Security Operations Centers (SOCs), according to a recent threat analysis by ANY.RUN. The tactics capitalize on user interaction and system-native tools to bypass traditional detection methods, raising concerns about the readiness of current defense frameworks. ClickFix attacks simulate trusted platforms with fake CAPTCHAs, luring […]
Canada Says Hacktivists Hit critical infrastructure in a series of cyberattacks targeting water and energy systems, according to a warning issued by the Canadian Centre for Cyber Security. The agency reported that the intrusions allowed attackers to access and alter industrial control systems, creating the potential for hazardous situations. Officials said the breaches occurred at […]
Russian hackers breached government systems in Ukraine using stealthy tactics that rely heavily on legitimate tools to evade detection, according to new analysis by Symantec researchers. The campaign targeted public sector infrastructure and business services organizations, focusing on long-term access rather than immediate disruption. Investigators tied the operation to Sandworm, a notorious military intelligence unit […]
A critical vulnerability has struck browsers built on the Chromium engine, triggering widespread disruptions across several platforms. The Chromium flaw crashes Edge naturally along with other browsers like Atlas and Brave, exposing a shared weakness in the underlying codebase. The flaw enables a denial-of-service attack by exploiting how these browsers render specific web content. Security […]
Security researchers have identified ten malicious npm packages deploynaturally to imitate legitimate software tools and infect systems across multiple platforms. These packages, hosted in the npm registry, deliver an information-stealing component that targets Windows, Linux, and macOS environments. Once installed, the malware collects sensitive data from affected devices, putting users and organizations at risk. The […]
A newly disclosed vulnerability in Microsoft’s Cloud Files Minifilter driver, tracked as CVE-2025-55680, poses a significant elevation-of-privilege risk to all supported versions of Windows. Researchers from Exodus Intelligence revealed technical details of the flaw, which stems from the cldflt.sys driver used in cloud file operations. The Microsoft Cloud Files bug enables attackers with local access […]
Security researcher Crnkovic has revealed three critical vulnerabilities in WSO2 API Manager and WSO2 Identity Server, each carrying a CVSS score of 9.8. The flaws—cataloged as CVE-2025-9152, CVE-2025-10611, and CVE-2025-9804—allow attackers to bypass authentication mechanisms. These WSO2 flaws expose critical weaknesses in systems widely used for identity and access management across enterprise environments. The vulnerabilities […]
A newly disclosed security flaw in Dovecot, a widely used open-source IMAP and POP3 email server, may allow unauthorized access to user accounts due to a mismanaged authentication cache. The vulnerability, tracked as CVE-2025-30189, was disclosed on the Full Disclosure mailing list. The Dovecot flaw lets users inadvertently access other users’ accounts when cached authentication […]
Google has released Chrome version 142 to the stable channel for Windows, Mac, and Linux, patching 20 security vulnerabilities that could impact millions of users. The Google Chrome 142 fixes arrive as part of an urgent update, addressing critical flaws and enhancing browser security across all desktop platforms. The update, identified as version 142.0.744, aims […]