Canadian fintech giant Wealthsimple announced today that it has suffered a data breach, resulting in the unauthorized access of personal information belonging to a small fraction of its client base. The company stressed that all funds and accounts remain secure…
Category: Cyber Security News
Threats Actors Weaponize ScreenConnect Installers to Gain Initial Access to Organizations
A sophisticated cyber campaign has emerged targeting U.S.-based organizations through trojanized ConnectWise ScreenConnect installers, marking a significant evolution in remote monitoring and management (RMM) tool abuse. Since March 2025, these attacks have demonstrated increased frequency and technical sophistication, leveraging legitimate…
Hackers Weaponize Fake Microsoft Teams Site to Deploy Odyssey macOS Stealer
A sophisticated cyber campaign is targeting macOS users by distributing the potent “Odyssey” information stealer through a deceptive website impersonating the official Microsoft Teams download page. The attack, identified by researchers at CloudSEK’s TRIAD, leverages a social engineering technique known…
New Malware Leverages Windows Character Map to Bypass Windows Defender and Mine Cryptocurrency for The Attackers
A recently discovered strain of cryptomining malware has captured the attention of security teams worldwide by abusing the built-in Windows Character Map application as an execution host. The threat actor initiates the attack through a PowerShell script that downloads and…
North Korean Threat Actors Reveal Their Tactics in Replacing Infrastructure With New Assets
Over the past year, cybersecurity researchers have observed a surge in activity from North Korean threat actors leveraging military-grade social engineering techniques to target professionals in the cryptocurrency industry. This campaign, dubbed Contagious Interview, employs a deceptively benign job-application process…
Critical SAP S/4HANA Vulnerability Actively Exploited to Fully Compromise Your SAP System
A critical vulnerability in SAP S/4HANA is being actively exploited in the wild, allowing attackers with low-level user access to gain complete control over affected systems. The vulnerability, tracked as CVE-2025-42957, carries a CVSS score of 9.9 out of 10,…
10 Best Internal Network Penetration Testing Companies in 2025
In 2025, internal network penetration testing is more crucial than ever. While external defenses are often the focus, a single compromised credential or an employee falling for a sophisticated social engineering attack can grant an adversary a foothold inside your…
Critical 0-Click Vulnerability Enables Attackers to Takeover Email Access Using Punycode
A critical, zero-click vulnerability that allows attackers to hijack online accounts by exploiting how web applications handle international email addresses. The flaw, rooted in a technical discrepancy known as a “canonicalization mismatch,” affects password reset and “magic link” login systems,…
CISA Warns of Android 0-Day Use-After-Free Vulnerability Exploited in Attacks
CISA has issued an urgent alert regarding a zero-day vulnerability in the Android operating system that is being actively exploited in real-world attacks. The vulnerability, identified as CVE-2025-48543, is a high-severity issue that could allow attackers to gain elevated control…
New NightshadeC2 Botnet Uses ‘UAC Prompt Bombing’ to Bypass Windows Defender Protections
Security teams began observing a novel botnet strain slipping beneath the radar of standard Windows Defender defenses in early August 2025. Dubbed NightshadeC2, this malware family leverages both C and Python-based payloads to establish persistent, remote-control access on compromised hosts.…