Vidar Stealer, an information-stealing malware first identified in 2018, has evolved with a sophisticated new deception technique targeting cybersecurity professionals and system administrators. This notorious malware, which evolved from the Arkei Trojan, has been continuously adapted to harvest sensitive data…
Tag: Cyber Security News
Zoom Workplace Apps Vulnerability Let Attackers Inject Malicious Script
Zoom has released updates to address multiple vulnerabilities affecting its Workplace applications across various platforms. The most pressing flaw could allow attackers to inject malicious scripts, potentially compromising the integrity of user data. Users are strongly encouraged to apply the…
26,000+ Discussions on Dark Web Forums Towards Hacking Financial Organizations
The cybersecurity landscape is experiencing a significant transformation as threat actors adopt increasingly sophisticated approaches to bypass security measures. A comprehensive analysis of 46 deep-web hacker forums and over 26,000 threat actors’ forum threads has revealed alarming trends in cyber…
New Red Team Technique “RemoteMonologue” Exploits DCOM To Gain NTLM Authentication Remotely
As Microsoft tightens the screws on traditional credential theft methods and Endpoint Detection and Response (EDR) systems grow more sophisticated, red teams are pivoting to innovative, fileless attack vectors. Enter RemoteMonologue, a novel technique unveiled by security researcher Andrew Oliveau…
Morphing Meerkat PhaaS Using DNS Reconnaissance To Generate Phishing Pages Based on Target
Morphing Meerkat, a sophisticated Phishing-as-a-Service (PhaaS) platform first identified in 2020, has evolved from a simple tool capable of mimicking five email services to a comprehensive cybercriminal resource offering more than 100 different scam templates. This platform represents a significant…
OpenSSL 3.5.0 Released with Support for Post-Quantum Cryptography
The OpenSSL Project has officially released version 3.5.0 of its widely used cryptographic library, marking a significant milestone with the integration of post-quantum cryptography (PQC) algorithms and other groundbreaking features. This release, announced on April 8, 2025, is set to…
SAP April 2025 Security Update : Critical Code Injection Vulnerabilities Patched
SAP announced its latest Security Patch Day, unveiling 18 new Security Notes alongside updates to two previously released advisories. This comprehensive update focuses on addressing multiple vulnerabilities in SAP’s extensive product portfolio, with a particular spotlight on critical code injection…
Developers Beware of Malicious VS Code Extension Apps With Million of Installations
Cybersecurity researchers have uncovered a disturbing campaign targeting software developers through malicious Visual Studio Code extensions that have collectively amassed millions of installations. These compromised extensions, masquerading as legitimate productivity tools, covertly execute malicious code while developers focus on their…
Fortinet Warns of FortiSwitch Vulnerability Let Attackers Modify Admin Passwords
Fortinet has issued a critical advisory regarding a newly discovered vulnerability in its FortiSwitch product line. The vulnerability, identified as an unverified password change vulnerability (CWE-620), could allow remote, unauthenticated attackers to modify administrative passwords via specially crafted requests. This…
Threat Actor Leaked Data from Major Bulletproof Hosting Medialand
A significant data breach occurred when an unidentified threat actor leaked internal data from Medialand, a major bulletproof hosting (BPH) provider with extensive ties to cybercriminal operations worldwide. The leaked information exposes the infrastructure that has been enabling a wide…