A sophisticated malware campaign has emerged, targeting Indonesia’s most vulnerable digital citizens through a calculated exploitation of trust in the nation’s pension fund system. The malicious operation impersonates PT Dana Tabungan dan Asuransi Pegawai Negeri (TASPEN), the state-owned pension fund…
Category: Cyber Security News
CISA Warns of Citrix Netscaler 0-day RCE Vulnerability Exploited in Attacks
CISA has issued an urgent warning regarding a critical zero-day vulnerability affecting Citrix NetScaler systems, designated as CVE-2025-7775. This memory overflow vulnerability enables remote code execution (RCE) and has been actively exploited by malicious cyber actors, prompting immediate inclusion in…
Underground Ransomware Gang With New Tactics Against Organizations Worldwide
Over the past year, the Underground ransomware gang has emerged as a formidable threat to organizations across diverse industries and geographies. First identified in July 2023, the group resurfaced in May 2024 with a Dedicated Leak Site (DLS), signaling a…
28,000+ Citrix Instances Exposed to Active 0-Day RCE Vulnerability Exploited in the Wild
A critical zero-day remote code execution (RCE) vulnerability, tracked as CVE-2025-7775, is affecting over 28,000 Citrix instances worldwide. The flaw is being actively exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to…
Microsoft Teams Issue Blocks Users From Opening Embedded Office Documents
A widespread service issue is impacting Microsoft Teams users globally this Thursday, preventing many from opening embedded Microsoft Office documents within the collaboration platform. Reports began surfacing early this morning, with users expressing frustration over their inability to access essential…
NVIDIA NeMo AI Curator Enables Code Execution and Privilege Escalation
NVIDIA has issued a critical security bulletin addressing a high-severity vulnerability in its NeMo Curator platform that could allow attackers to execute malicious code and escalate privileges on affected systems. The vulnerability, designated CVE-2025-23307, affects all versions of NVIDIA NeMo…
IPFire Web-Based Firewall Interface Allows Authenticated Administrator to Inject Persistent JavaScript
A stored cross-site scripting (XSS) flaw identified in IPFire 2.29’s web-based firewall interface (firewall.cgi). Tracked as CVE-2025-50975, the vulnerability allows any authenticated administrator to inject persistent JavaScript into firewall rule parameters. Once stored, the payload executes automatically when another administrator…
How ClickFix and Multi-Stage Phishing Frameworks Are Breaking Enterprise Defenses
August 2025 has marked a significant evolution in cybercrime tactics, with threat actors deploying increasingly sophisticated phishing frameworks and social engineering techniques that are successfully bypassing traditional security defenses. Security researchers at ANY.RUN has identified three major campaign families that…
PoC Exploit Released for CrushFTP 0-day Vulnerability (CVE-2025-54309)
A weaponized proof-of-concept exploit has been publicly released targeting CVE-2025-54309, a severe authentication bypass vulnerability affecting CrushFTP file transfer servers. The flaw enables remote attackers to gain administrative privileges through a race condition in AS2 validation processing, circumventing authentication mechanisms…
28,000+ Citrix Servers Exposed to Active 0-Day RCE Vulnerability Exploited in the Wild
A critical zero-day remote code execution (RCE) vulnerability, tracked as CVE-2025-7775, is affecting over 28,000 Citrix instances worldwide. The flaw is being actively exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to…