As ransomware attacks devastate organizations globally, many companies are turning to professional negotiators to engage directly with cybercriminals, despite strong government opposition to paying ransoms. This emerging practice has sparked intense debate about when negotiation becomes necessary and how organizations…
Tag: Cyber Security News
MediaTek Vulnerabilities Let Attackers Escalate Privileges Without User Interaction
Multiple critical security vulnerabilities affecting MediaTek smartphones, tablets, and IoT chipsets could allow attackers to escalate privileges and compromise device security without requiring any user interaction. The Taiwan-based chipset manufacturer published its June 2025 Product Security Bulletin, revealing seven Common…
Vulnerabilities in Preinstalled Android Apps Expose PIN Codes and Allow Command Injection
Significant vulnerabilities were uncovered in pre-installed applications on Ulefone and Krüger&Matz Android smartphones that expose users to significant risks, including unauthorized factory resets, PIN code theft, and malicious command injection. These flaws, published on May 30, 2025, demonstrate how Improper…
DSPM vs. DLP:Understanding the Key Differences
Modern organizations face a growing challenge in protecting sensitive data. As more people adopt the cloud and rules get tougher, smart and adaptable security is now a must. Two approaches often compared are DSPM and DLP. While both aim to…
Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users
Mobile chipmaker Qualcomm has issued urgent security patches for three critical zero-day vulnerabilities in its Adreno GPU drivers that are actively being exploited in targeted attacks against Android users worldwide. The company confirmed that patches for the vulnerabilities have been…
New PyPI Supply Chain Attacks Python & NPM Users on Windows and Linux
A sophisticated malicious package campaign has emerged targeting Python and NPM users across Windows and Linux platforms through an unusual cross-ecosystem attack strategy. The campaign exploits typo-squatting and name confusion tactics against popular packages including colorama, a widely-used Python library…
Haozi’s Plug-and-Play Phishing Attack Stolen Over $280,000 From Users
A sophisticated phishing-as-a-service operation known as Haozi has emerged as a significant threat in the cybercriminal landscape, facilitating over $280,000 in fraudulent transactions within just five months. Unlike traditional phishing kits that require technical expertise, Haozi offers a streamlined, user-friendly…
HuluCaptcha – A FakeCaptcha Kit That Trick Users to Run Code via The Windows Run Command
A new and sophisticated malware distribution framework dubbed “HuluCaptcha” has emerged, leveraging fake CAPTCHA verification pages to trick users into executing malicious PowerShell commands through Windows Run dialogs. This advanced threat represents a significant evolution in social engineering attacks, combining…
Threat Actors Using ClickFix Technique to Deliver EddieStealer Malware
Cybersecurity researchers have identified a sophisticated new malware campaign leveraging the deceptive ClickFix technique to distribute EddieStealer, a dangerous information-stealing malware built using the Rust programming language. This emerging threat represents a significant evolution in social engineering tactics, exploiting user…
Prioritizing Vulnerabilities in a Sea of Alerts
According to recent industry analysis, cybersecurity professionals are overwhelmed by a flood of security alerts. Organizations process an average of 569,354 alerts annually, yet only 2-5% require immediate action, highlighting the importance of prioritizing vulnerabilities. This overwhelming volume of notifications…