A sophisticated global cybercrime campaign dubbed “ShadowCaptcha” has emerged as a significant threat to organizations worldwide, leveraging fake Google and Cloudflare CAPTCHA pages to trick victims into executing malicious commands. Discovered by researchers at the Israel National Digital Agency in…
Category: Cyber Security News
Analysis of Apple’s ImageIO Zero-Day Vulnerability: Attacker Context and Historical iOS Zero-Click Similarities
Apple has issued emergency security updates across its entire ecosystem to address CVE-2025-43300, a critical zero-day vulnerability in the ImageIO framework that has been actively exploited in sophisticated targeted attacks. This represents the seventh zero-day vulnerability that Apple has patched in 2025, underscoring the…
CISA releases New ICS Advisories Surrounding Vulnerabilities and Exploits
CISA released three significant Industrial Control Systems (ICS) advisories on August 26, 2025, alerting organizations to critical vulnerabilities affecting widely-deployed automation systems. These advisories highlight severe security flaws across INVT Electric’s engineering tools, Schneider Electric’s Modicon controllers, and Danfoss refrigeration…
New BruteForceAI Tool Automatically Detects Login Pages and Executes Smart Brute-Force Attacks
BruteForceAI, an innovative penetration testing framework developed by Mor David, integrates large language models (LLMs) with browser automation to autonomously identify login forms and conduct sophisticated brute-force attacks. By combining AI-driven form analysis with evasion techniques and comprehensive logging, BruteForceAI…
Spotify Launches Direct Message Feature for Music Sharing, What are the Risks Associated?
Spotify today rolled out a native direct messaging feature, Messages, for both Free and Premium users aged 16+ in select markets on mobile. This long-awaited addition creates a dedicated in-app space to share tracks, podcasts, and audiobooks, supercharging word-of-mouth recommendations.…
New Zip Slip Vulnerability Allows Attackers to Manipulate ZIP Files During Decompression
A newly observed variant of the Zip Slip vulnerability has emerged, enabling threat actors to exploit path traversal flaws in widely used decompression utilities. Exploits leveraging this vulnerability craft malicious archives containing specially constructed file names with relative paths. When…
DOGE Accused of Mimicking Country’s Social Security Info in Unsecured Cloud
A whistleblower disclosure filed today alleges that the Department of Government Efficiency (DOGE) within the Social Security Administration (SSA) covertly created a live copy of the nation’s entire Social Security dataset in an unsecured cloud environment. Chief Data Officer Charles…
New ZipLine Campaign Attacks Critical Manufacturing Companies to Deploy In-memory Malware MixShell
In recent weeks, a sophisticated phishing operation known as the ZipLine campaign has targeted U.S.-based manufacturing firms, leveraging supply-chain criticality and legitimate-seeming business communications to deploy an advanced in-memory implant dubbed MixShell. This threat actor reverses traditional phishing workflows by…
New Cephalus Ransomware Leverages Remote Desktop Protocol to Gain Initial Access
A newly identified ransomware strain named Cephalus has emerged as a sophisticated threat, targeting organizations through compromised Remote Desktop Protocol (RDP) connections. The malware, which takes its name from Greek mythology referencing the son of Hermes who tragically killed his…
DOGE Accused of Creating Live Copy of the Country’s Social Security Information in Unsecured Cloud Environment
A whistleblower disclosure filed today alleges that the Department of Government Efficiency (DOGE) within the Social Security Administration (SSA) covertly created a live copy of the nation’s entire Social Security dataset in an unsecured cloud environment. Chief Data Officer Charles…