Underground cybercriminal forums have recently witnessed a solicitation seeking developers capable of bypassing PerimeterX (PX) CAPTCHA protection systems, specifically targeting Microsoft’s account registration infrastructure. The threat actor is offering $1,500 USD for a working solution to circumvent the “hold CAPTCHA”…
Tag: Cyber Security News
New Lyrix Ransomware Attacking Windows Users With New Evasion Tactics
A sophisticated new ransomware strain dubbed “Lyrix” has emerged in the cyberthreat landscape, targeting Windows systems with an arsenal of advanced evasion techniques that have caught the attention of security researchers worldwide. The malware represents a significant evolution in ransomware…
New ModSecurity WAF Vulnerability Let Attackers Crash the System
A significant denial of service vulnerability has been discovered in ModSecurity, one of the most widely deployed open-source web application firewall (WAF) engines used to protect Apache, IIS, and Nginx web servers. The vulnerability, designated as CVE-2025-48866, affects all ModSecurity…
Microsoft and CrowdStrike Teaming Up to Bring Clarity To Threat Actor Mapping
Microsoft and CrowdStrike announced a groundbreaking collaboration yesterday to streamline the confusing landscape of cyberthreat actor identification, marking what industry experts are calling a watershed moment for cybersecurity intelligence sharing. The partnership addresses a critical challenge that has long plagued…
Multiple HPE StoreOnce Vulnerabilities Let Attackers Execute Malicious Code Remotely
Multiple security vulnerabilities in Hewlett-Packard Enterprise (HPE) StoreOnce software platform that could allow remote attackers to execute malicious code, bypass authentication mechanisms, and access sensitive enterprise data. The vulnerabilities affect HPE StoreOnce VSA versions prior to 4.3.11 and present significant…
Splunk Enterprise XSS Vulnerability Let Attackers Execute Unauthorized JavaScript Code
A significant security vulnerability in the Splunk Enterprise platform could allow low-privileged attackers to execute unauthorized JavaScript code through a reflected Cross-Site Scripting (XSS) flaw. The vulnerability, tracked as CVE-2025-20297, affects multiple versions of Splunk Enterprise and Splunk Cloud Platform,…
Hackers Exploit AI Tools Misconfiguration To Run Malicious AI-generated Payloads
Cybercriminals are increasingly leveraging misconfigured artificial intelligence tools to execute sophisticated attacks that generate and deploy malicious payloads automatically, marking a concerning evolution in threat actor capabilities. This emerging attack vector combines traditional configuration vulnerabilities with the power of AI-driven…
SentinelOne Global Service Outage Root Cause Revealed
Cybersecurity company SentinelOne has released a comprehensive root cause analysis revealing that a software flaw in an infrastructure control system caused the global service disruption that affected customers worldwide on May 29, 2025. The outage, which lasted approximately 20 hours,…
Google Chrome 0-Day Vulnerability Exploited in the Wild to Execute Arbitrary Code
Google has released an emergency security update for Chrome after confirming that a critical zero-day vulnerability is being actively exploited by attackers in the wild. The vulnerability, tracked as CVE-2025-5419, allows threat actors to execute arbitrary code on victims’ systems…
Future of Passwords Biometrics and Passwordless Authentication
The digital authentication landscape is dramatically transforming as passwordless technologies gain unprecedented momentum. Passkey adoption surging 400% in 2024 alone. Despite predictions that passwords will become obsolete, emerging evidence suggests the future lies not in their complete elimination but in…