A newly disclosed attack method targeting Docker installations has raised significant security concerns among developers and system administrators. The vulnerability leverages a misconfigured Docker Engine API setting, allowing attackers to achieve remote code execution (RCE) with minimal user interaction. While…
Category: Cyber Security News
New Phishing Campaign Mimic Amazon Prime Membership To Steal Credit Card Data
A sophisticated phishing campaign targeting Amazon Prime members has been uncovered, aiming to steal credit card information and other sensitive data. Cybersecurity experts have identified a complex attack chain that leverages PDF attachments, redirects, and cleverly crafted phishing sites to…
FortiOS Authentication Bypass Vulnerability Exploited to Gain Super-Admin Access
A critical zero-day vulnerability in Fortinet’s FortiOS and FortiProxy products tracked as CVE-2024-55591, has been actively exploited in the wild, allowing attackers to gain super-admin privileges. The flaw, which carries a CVSS score of 9.6, has raised significant concerns among…
Microsoft Announces Phishing Attack Protection for Teams Chat Starting February 2025
Microsoft has unveiled a new security feature for its popular collaboration platform, Microsoft Teams, to combat phishing attacks through brand impersonation in external chats. The feature, which will alert users to potential impersonation risks during initial contact from external domains,…
DeepSeek Hit by Large-Scale Cyber Attack, Temporarily Limits Registrations
DeepSeek, the Chinese AI startup that recently dethroned OpenAI’s ChatGPT as the top-rated free app on Apple’s App Store in the United States, announced it is facing a significant cyber attack, prompting the company to temporarily halt new user registrations.…
New Phishing Attack Using zero-width Characters to Bypass Security Filters
Cybercriminals are employing sophisticated strategies to bypass email security filters, creating phishing emails that are undetectable by utilizing HTML entities and zero-width characters. This new wave of attacks, dubbed “Shy Z-WASP,” combines zero-width joiners and soft hyphen entities to obfuscate…
Xerox Workplace Suite Vulnerability Let Attackers Bypass API Security
Xerox has released a critical security bulletin addressing multiple vulnerabilities in its Xerox Workplace Suite, a widely used print management server solution. These vulnerabilities, identified as CVE-2024-55925 through CVE-2024-55931, could allow attackers to bypass API security, manipulate headers, and exploit…
New Attack Abusing Multicast Poisoning for PreAuthenticated Kerberos Relay
A novel attack method leveraging multicast poisoning to execute pre-authenticated Kerberos relay attacks over HTTP. This technique, detailed by Quentin Roland of Synacktiv, combines legacy weaknesses in local name resolution protocols with advanced authentication relaying tools like Responder and krbrelayx.…
Burp Suite 2025.1 With New Intruder Options & Bug Fixes
PortSwigger has released Burp Suite 2025.1, introducing several new features and improvements aimed at enhancing the tool’s usability and efficiency for penetration testers. This update includes significant advancements in the Burp Intruder module, HTTP response analysis, and interaction management, alongside…
New Malware Campaign Using 7z & UltraVNC Tool To Deploy Malware
A sophisticated malware campaign has been uncovered, leveraging 7-Zip self-extracting archives and the UltraVNC remote access tool to target Russian-speaking entities. The operation, attributed to a threat actor dubbed GamaCopy, mimics tactics previously associated with the Kremlin-aligned Gamaredon group. The…