A sophisticated cyber espionage campaign has emerged targeting Ukrainian and Polish organizations through weaponized PDF invitation files designed to execute malicious shell scripts. The campaign, active since April 2025, demonstrates a calculated approach to infiltrating government and private sector networks…
Category: Cyber Security News
Windows Docker Desktop Vulnerability Leads to Full Host Compromise
A newly disclosed vulnerability in Docker Desktop for Windows has revealed how a simple Server-Side Request Forgery (SSRF) attack could lead to complete host system compromise. CVE-2025-9074, discovered by Felix Boulet and reported on August 21, 2025, affects all Docker…
South Asian APT Hackers Using Novel Tools to Compromise Phones of Military-Adjacent Members
A sophisticated South Asian Advanced Persistent Threat (APT) group has been conducting an extensive espionage campaign targeting military personnel and defense organizations across Sri Lanka, Bangladesh, Pakistan, and Turkey. The threat actors have deployed a multi-stage attack framework combining targeted…
Azure’s Default API Connection Vulnerability Enables Full Cross-Tenant Compromise
A critical vulnerability in Microsoft Azure’s API Connection infrastructure enabled attackers to compromise resources across different Azure tenants worldwide. The flaw, which earned Gulbrandsrud a $40,000 bounty and a Black Hat presentation slot, exploited Azure’s shared API Management (APIM) instance…
Colt Confirms Customer Data Stolen in Ransomware Attack
Telecommunications giant Colt Technology Services has confirmed that customer data was compromised in a sophisticated cyber attack that began on August 12, 2025. The company disclosed that threat actors accessed sensitive files containing customer information and subsequently posted document titles…
NIST Releases Control Overlays to Manage Cybersecurity Risks in Use and Developments of AI Systems
The National Institute of Standards and Technology (NIST) has unveiled a comprehensive concept paper outlining proposed NIST SP 800-53 Control Overlays for Securing AI Systems, marking a significant milestone in establishing standardized cybersecurity frameworks for artificial intelligence applications. Released on…
Anatsa Malware Attacking Android Devices to Steal Login Credentials and Monitor Keystrokes
The Anatsa banking trojan, also known as TeaBot, continues to evolve as one of the most sophisticated Android malware threats targeting financial institutions worldwide. First discovered in 2020, this malicious software has demonstrated remarkable persistence in infiltrating Android devices through…
New Linux Malware With Weaponized RAR Archive Deploys VShell Backdoor
Linux environments, long considered bastions of security, are facing a sophisticated new threat that challenges traditional assumptions about operating system safety. A recently discovered malware campaign exploits an ingenious attack vector that weaponizes RAR archive filenames to deliver the VShell…
Microsoft Warns of Hackers Using ClickFix Technique to Attack Windows and macOS Devices
Cybersecurity researchers have identified a sophisticated social engineering technique called ClickFix that has been rapidly gaining traction among threat actors since early 2024. This deceptive attack method targets both Windows and macOS devices, tricking users into executing malicious commands through…
AI Systems Can Generate Working Exploits for Published CVEs in 10-15 Minutes
Artificial intelligence systems can automatically generate functional exploits for newly published Common Vulnerabilities and Exposures (CVEs) in just 10-15 minutes at approximately $1 per exploit. This breakthrough significantly compresses the traditional “grace period” that defenders typically rely on to patch…