Modern phishing attacks have evolved far beyond simple deceptive emails, now incorporating AI-generated content, deepfake impersonation, and sophisticated social engineering techniques that bypass traditional security measures. Organizations face an unprecedented challenge as cybercriminals leverage artificial intelligence to create compelling phishing…
Tag: Cyber Security News
FortiOS SSL-VPN Vulnerability Let Attackers Access full SSL-VPN settings
Fortinet has disclosed a new security vulnerability affecting its FortiOS SSL-VPN web-mode that allows authenticated users to gain unauthorized access to complete SSL-VPN configuration settings through specially crafted URLs. The vulnerability, designated as CVE-2025-25250, was published today and affects multiple…
Global Heroku Outage Disrupts Web Platforms Worldwide
Salesforce’s cloud platform Heroku is currently experiencing a widespread service disruption that has affected thousands of businesses around the globe. The outage, which began earlier today, has crippled critical platform services including authentication systems and deployment pipelines, leaving developers unable…
Free vs. Paid Threat Intelligence Feeds: What SOC Managers Need To Know
In today’s dynamic threat landscape, Threat Intelligence (TI) feeds have become a must-have for Security Operations Centers (SOCs). Whether free or paid, they offer vital insights helping teams identify threats, develop detection rules, enrich alerts, and accelerate incident response. Threat intelligence feeds…
New SharePoint Phishing Attacks Using Lick Deceptive Techniques
A sophisticated new wave of phishing attacks is exploiting Microsoft SharePoint’s trusted platform to bypass traditional security measures, representing a significant evolution in cyberthreat tactics. These attacks leverage SharePoint’s inherent legitimacy within corporate environments to deceive users into believing they…
Understanding and Preventing SQL Injection Attacks – A Technical Guide
SQL injection represents one of the most persistent and dangerous web application vulnerabilities, consistently ranking among the top security threats in the OWASP Top 10. This comprehensive technical guide explores the mechanics of SQL injection attacks, demonstrates practical exploitation techniques,…
Qtap – An Open-Source Tool to See Through Encrypted Traffic in Linux systems
Qpoint has released Qtap, an open-source eBPF agent for monitoring network traffic in Linux systems. It hooks into TLS/SSL functions to capture data before and after encryption, showing unencrypted traffic with details like process, container, host, user, and protocol. Qtap…
Hardening Linux Servers – A Comprehensive Cybersecurity Checklist
Linux servers power much of our digital infrastructure, from corporate intranets to cloud services. Their security is paramount in today’s threat landscape. This comprehensive hardening guide provides concrete steps to secure your Linux servers against various attack vectors, complete with…
Critical SAP NetWeaver Vulnerability Let Attackers Bypass Authorization Checks
A critical security vulnerability has been discovered in SAP NetWeaver Application Server for ABAP that allows authenticated attackers to bypass standard authorization checks and escalate their privileges within enterprise systems. The vulnerability, tracked as CVE-2025-42989 and assigned a CVSS score…
Fortinet OS Command Injection Vulnerability Lets Attackers Execute Unauthorised Code on FortiAnalyzer-Cloud
Fortinet, a leading provider of cybersecurity solutions, has recently addressed a significant security vulnerability, CVE-2023-42788, classified as an OS command injection issue under CWE-78. This vulnerability affects multiple products earlier including FortiManager, FortiAnalyzer, and today Fortinet confirmed that the vulnerability…