A sophisticated phishing campaign has been discovered targeting organizations reliant on Microsoft’s Active Directory Federation Services (ADFS). This legacy single sign-on (SSO) solution, designed to streamline authentication across multiple applications, is being exploited by attackers to bypass multi-factor authentication (MFA)…
Category: Cyber Security News
CISA Releases Guidance to Protect Firewalls, Routers, & Internet-Facing Servers
The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with international cybersecurity authorities, has issued comprehensive guidance aimed at securing network edge devices. These devices, which include firewalls, routers, VPN gateways, Internet of Things (IoT) devices, internet-facing servers, and operational…
Critical Veeam Backup Vulnerability Let Attackers Execute Arbitrary Code to Gain Root Access
A critical vulnerability, identified as CVE-2025-23114, has been discovered in the Veeam Updater component, a key element of multiple Veeam backup solutions. This flaw enables attackers to execute arbitrary code on affected servers through a Man-in-the-Middle (MitM) attack, potentially granting…
0-Day Vulnerabilities in Microsoft Sysinternals Tools Allow Attackers To Launch DLL Injection Attacks on Windows
A critical security vulnerability has been identified in nearly all Microsoft Sysinternals tools, presenting a significant risk to IT administrators and developers who rely on these utilities for system analysis and troubleshooting. This vulnerability, outlining how attackers can exploit DLL…
Hackers Exploiting A Six-Year-Old IIS Vulnerability To Gain Remote Access
The eSentire Threat Response Unit (TRU) revealed that threat actors are actively exploiting a six-year-old IIS vulnerability in Progress Telerik UI for ASP.NET AJAX to gain remote access to systems. This vulnerability, identified as CVE-2019-18935, allows attackers to execute arbitrary…
TinyZero – Researchers Replicated DeepSeek’s R1-Zero Model for Just $30
In an impressive demonstration of cost-effective AI research, a group of researchers has successfully replicated DeepSeek’s R1-Zero model for just $30. Dubbed TinyZero, this project focuses on countdown and multiplication tasks, leveraging reinforcement learning (RL) to enable a 3-billion-parameter (3B)…
CISA Adds Apache, Microsoft Vulnerabilities to Its Database that Are Actively Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding several newly identified vulnerabilities to its authoritative list of security flaws exploited in the wild. This catalog Developed to assist cybersecurity professionals in…
Chrome Use-After-Free Vulnerabilities Let Attackers Execute Remote Code – Update Now
The Google Chrome team has officially released Chrome 133, now available on the stable channel for Windows, Mac, and Linux. This update, version 133.0.6943.53 for Linux and 133.0.6943.53/54 for Windows and Mac, brings a host of improvements and critical security…
AMD SEV Vulnerability Allows Malicious CPU Microcode Injection as Admin
AMD has disclosed a high-severity vulnerability (CVE-2024-56161) in its Secure Encrypted Virtualization (SEV) technology, which could allow attackers with administrative privileges to inject malicious CPU microcode. This flaw compromises the confidentiality and integrity of virtual machines (VMs) protected by SEV-SNP,…
New Tiny FUD Attacking macOS Users Bypassing Antivirus and Security Tools
A new, highly sophisticated malware known as Tiny FUD has been identified, targeting macOS users with advanced evasion techniques that allow it to bypass traditional antivirus and security tools. This malware leverages process name spoofing, DYLD injection, and C2-based command…