The Cybersecurity and Infrastructure Security Agency (CISA) has released five new advisories addressing critical vulnerabilities in Industrial Control Systems (ICS) from Siemens, Schneider Electric, and ABB. These advisories, published on April 22, 2025, provide detailed information on security flaws, associated…
Tag: Cyber Security News
ChatGPT Creates Working Exploit for CVEs Before Public PoCs Released
In a development that could transform vulnerability research, security researcher Matt Keeley demonstrated how artificial intelligence can now create working exploits for critical vulnerabilities before public proof-of-concept (PoC) exploits are available. Keeley used GPT-4 to develop a functional exploit for…
New Cookie-Bite Attack Let Hackers Bypass MFA & Maintain Access to Cloud Servers
A sophisticated attack technique dubbed “Cookie-Bite” enables cybercriminals to silently bypass multi-factor authentication (MFA) and maintain persistent access to cloud environments. Varonis Threat Labs revealed that attackers leverage stolen browser cookies to impersonate legitimate users without requiring credentials, effectively rendering…
Google Cloud Composer Vulnerability Let Attackers Elevate Their Privileges
A critical privilege-escalation vulnerability in Google Cloud Platform (GCP), dubbed “ConfusedComposer,” could have allowed attackers to gain elevated permissions to sensitive cloud resources. The vulnerability, now patched, enabled attackers with minimal permissions to potentially gain control over a highly privileged…
ChatGPT Creates Working Exploit for CVE’s Before Public PoCs Released
In a development that could transform vulnerability research, security researcher Matt Keeley demonstrated how artificial intelligence can now create working exploits for critical vulnerabilities before public proof-of-concept (PoC) exploits are available. Keeley used GPT-4 to develop a functional exploit for…
How to Secure the Extended Enterprise – CISO Insights on Third-Party Risk
Modern organizations rely on a sprawling network of third-party vendors, suppliers, and partners to drive innovation and operational efficiency. However, this interconnected ecosystem introduces significant cybersecurity risks. As attack surfaces expand, malicious actors increasingly target weaker links in the supply…
Malicious npm Packages Attacking Linux Developers to Install SSH Backdoors
A concerning new supply chain attack has emerged targeting Linux developers who work with Telegram’s bot ecosystem. Discovered in early 2025, several malicious npm packages have been masquerading as legitimate Telegram bot libraries to deliver SSH backdoors and exfiltrate sensitive…
Hackers Abuse Cloudflare Tunnel Infrastructure to Deliver Multiple RATs
Cybersecurity experts have identified a sophisticated attack campaign exploiting Cloudflare’s tunnel infrastructure to distribute various remote access trojans (RATs). The infrastructure, which has demonstrated remarkable resilience since February 2024, serves as a distribution platform for malicious files and trojans that…
Beyond SSL: Advanced Cyber Security Tools Every eCommerce Site Needs
In an era where online shopping has become second nature and eCommerce revenues are breaking new records every year, the trust between customer and vendor is more than just a matter of reputation it’s a matter of survival. That trust…
New Magecart Attack With Malicious JavaScript Steals Credit Card Data
A sophisticated Magecart attack campaign has been discovered targeting e-commerce platforms, employing heavily obfuscated JavaScript code to harvest sensitive payment information. This latest variant of Magecart skimming attacks exhibits advanced techniques for evading detection while seamlessly capturing credit card details…