Cybersecurity experts have observed a concerning trend where sophisticated threat actors are increasingly targeting Continuous Integration/Continuous Deployment (CI/CD) pipelines to gain unauthorized access to sensitive cloud resources. These attacks exploit misconfigurations in the OpenID Connect (OIDC) protocol implementation, allowing attackers…
Tag: Cyber Security News
Google Patched Android 0-Day Vulnerability Exploited in the Wild
Google has released its April 2025 Android Security Bulletin, addressing numerous critical vulnerabilities including two zero-day flaws actively exploited in targeted attacks. This marks the third consecutive month that Google has issued emergency patches for actively exploited vulnerabilities, highlighting the…
Linux 6.15-rc1 Released With Major Driver Update & Perfomance Boost
The Linux community has unveiled the highly anticipated Linux 6.15-rc1 test kernel, marking a significant milestone in the ongoing evolution of the open-source operating system. This release introduces substantial driver updates, performance optimizations, and new hardware support that collectively enhance…
Nissan Leaf Vulnerability Exploited to Gain Control Over the Car Remotely
A team of researchers at PCAutomotive revealed to Cyber security news today that attackers could fully compromise second-generation Nissan Leaf EVs (2020 model) through a flaw in the infotainment system, enabling unprecedented remote control over critical vehicle functions. The exploit…
Subwiz – New AI-powered Recon Tool to Hunt for Hidden Subdomains
The first-ever custom-trained AI tool for subdomain discovery to transform the way security professionals identify hidden subdomains, which are often overlooked yet highly vulnerable entry points for cyberattacks. Traditionally, subdomain enumeration has relied on brute-force methods, which involve generating and…
Kelloggs Data Breach – Hackers Breached the Servers and Stolen Data
WK Kellogg Co., the prominent North American cereal manufacturer, has confirmed a significant data breach affecting its servers hosted by Cleo, a third-party vendor providing secure file transfer services. The breach occurred on December 7, 2024, but was only discovered…
ANY.RUN’s Enhanced Threat Intelligence Feeds With Unique IOC for SOC/DFIR Teams
ANY.RUN’s Threat Intelligence (TI) Feeds have established themselves as a valuable resource for cybersecurity professionals seeking fresh and unique indicators of compromise (IOCs). This continuously updated stream of threat intelligence leverages data from over 500,000 researchers and security professionals worldwide,…
PoC Exploit Released for Yelp Flaw that Exposes SSH Keys on Ubuntu Systems
A proof-of-concept (PoC) exploit has been released for CVE-2025-3155, a critical vulnerability in GNOME’s Yelp help viewer that enables attackers to exfiltrate SSH keys and other sensitive files from Ubuntu systems. The flaw leverages improper handling of the ghelp:// URI…
WhatsApp Vulnerability Let Attackers Execute Malicious Code Via Attachments
A critical vulnerability in WhatsApp for Windows that could allow attackers to execute malicious code through seemingly innocent file attachments. The spoofing vulnerability, officially tracked as CVE-2025-30401, affects all versions of WhatsApp Desktop for Windows prior to 2.2450.6 and poses…
Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections
In a sophisticated espionage campaign targeting European government and military institutions, hackers believed to be connected with Russian state actors have been utilizing a lesser-known feature of Windows Remote Desktop Protocol (RDP) to infiltrate systems. The Google Threat Intelligence Group…