Google has announced plans to remove two Certificate Authorities (CAs) from Chrome’s Root Store due to ongoing security concerns. The Chrome Root Program and Security Team revealed that Chunghwa Telecom and Netlock will no longer be trusted by default in…
Tag: Cyber Security News
Threat Actors Exploit ‘Prove You Are Human’ Scheme To Deliver Malware
Cybersecurity researchers have uncovered a sophisticated malware campaign that weaponizes users’ trust in routine internet verification processes to deliver malicious payloads. The scheme exploits familiar “prove you are human” prompts, transforming seemingly innocent website interactions into vectors for malware distribution…
Windows Authentication Coercion Attacks Pose Significant Threats to Enterprise Networks
Windows authentication coercion attacks continue to pose substantial risks to enterprise Active Directory environments in 2025, despite Microsoft’s ongoing efforts to implement protective measures. These sophisticated attacks allow threat actors with minimal privileges to gain administrative access to Windows workstations…
IBM QRadar Vulnerabilities Let Attackers Access Sensitive Configuration Files
Multiple severe vulnerabilities in IBM QRadar Suite Software that could allow attackers to access sensitive configuration files and compromise enterprise security infrastructures. The most severe vulnerability, tracked as CVE-2025-25022, carries a CVSS base score of 9.6 and enables unauthenticated users…
Aembit Named to Rising in Cyber 2025 List of Top Cybersecurity Startups
Aembit, the workload identity and access management (IAM) company, today announced its inclusion in Rising in Cyber 2025, an independent list launched by Notable Capital to spotlight the 30 most promising cybersecurity startups shaping the future of security. Unlike traditional rankings,…
New Firefox Feature Automatically Detects Malicious Extensions by Behavior
A sophisticated new security feature has been released by Firefox designed to automatically identify and neutralize malicious browser extensions before they can compromise user data. The implementation comes as crypto wallet scams continue to surge globally, with the FBI reporting…
New Linux PumaBot Attacking IoT Devices by Brute-Forcing SSH Credentials
Cybersecurity researchers have identified a sophisticated new threat targeting the expanding Internet of Things ecosystem. PumaBot, a Go-based Linux botnet, has emerged as a significant concern for organizations operating vulnerable IoT devices, particularly surveillance systems. Unlike conventional malware that conducts…
Hackers Weaponize Ruby Gems To Exfiltrate Telegram Tokens and Messages
A sophisticated supply chain attack has emerged targeting the RubyGems ecosystem, exploiting geopolitical tensions surrounding Vietnam’s recent Telegram ban to steal sensitive developer credentials and communications. The malicious campaign involves two typosquatted Ruby gems designed to impersonate legitimate Fastlane plugins,…
North Face Fashion Brand Warns of Credential Stuffing Attack
The North Face, a prominent outdoor fashion retailer, has issued a comprehensive security notification to customers following the discovery of a credential stuffing attack against its website on April 23, 2025. The incident represents a growing cybersecurity threat where attackers…
State-Sponsored Groups Actively Targeting Manufacturing Sector & OT systems
A comprehensive analysis reveals an alarming escalation in cyberattacks targeting the manufacturing sector, with state-sponsored threat actors and hacktivist groups increasingly focusing their efforts on operational technology systems that control critical industrial processes. The manufacturing sector has emerged as a…