A concerning trend in digital attacks: threat actors are weaponizing PDF files. According to CheckPoint Research, while 68% of all malicious attacks are delivered through email, PDF-based attacks now constitute 22% of all malicious email attachments, making them a significant security…
Tag: Cyber Security News
Critical Apache Parquet RCE Vulnerability Lets Attackers Run Malicious Code
A critical remote code execution (RCE) vulnerability has been discovered in Apache Parquet’s Java library, potentially affecting thousands of data analytics systems worldwide. The flaw, identified as CVE-2025-30065, carries the highest possible CVSS score of 10.0 and allows attackers to…
Malicious PyPI Package With Fully Automated Carding Script Attacking E-commerce Websites
A sophisticated malicious Python package named “disgrasya” has been discovered on the PyPI repository, containing a fully automated carding script specifically targeting WooCommerce stores. This package, whose name translates to “disaster” in Filipino slang, enables attackers to test stolen credit…
DeepSeek-R1 Prompts Exploited to Create Sophisticated Malware & Phishing Pages
A concerning security vulnerability has emerged in the AI landscape as researchers discover that DeepSeek-R1’s Chain of Thought (CoT) reasoning system can be exploited to create sophisticated malware and generate convincing phishing campaigns. The 671-billion-parameter model, designed to enhance reasoning…
New Credit Card Skimming Attack Leverages Chrome, Edge, & Firefox Extensions to Steal Financial Data
A sophisticated new credit card skimming operation dubbed “RolandSkimmer” has emerged, targeting users primarily in Bulgaria through malicious browser extensions. Named after the unique string “Rol@and4You” embedded in its payload, this attack represents a concerning evolution in web-based financial theft…
Australian Pension Funds Hacked – Members to LOSE Money from Their Accounts
Multiple major Australian superannuation funds have fallen victim to a sophisticated cyberattack that has compromised thousands of member accounts and resulted in confirmed financial losses. Cybersecurity experts have identified the attack as a coordinated OAuth token manipulation campaign coupled with…
React Router Flaw Exposes Web Apps to Cache Poisoning & WAF Bypass Attacks
A critical security vulnerability, CVE-2025-31137, has been identified in React Router, a popular library used by millions of developers for managing routing in React applications. Security researchers from zhero_web_security discovered this flaw, which affects both React Router 7 and Remix…
Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring
Frida 16.7.0, the latest version of the popular dynamic instrumentation toolkit, has powerful new APIs specifically designed for advanced threat monitoring and security analysis. This major update, announced on March 13, 2025, introduces groundbreaking capabilities that significantly enhance the toolkit’s…
Chinese Hackers Actively Exploiting Ivanti VPN Vulnerability to Deploy Malware
Security researchers have identified a critical vulnerability in Ivanti Connect Secure (ICS) VPN appliances that is being actively exploited by suspected Chinese threat actors. The vulnerability, tracked as CVE-2025-22457, is a buffer overflow flaw affecting ICS version 22.7R2.5 and earlier…
OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code
A critical security vulnerability in OpenVPN has been discovered that could allow attackers to crash servers, potentially disrupting secure communications for thousands of users worldwide. The vulnerability, identified as CVE-2025-2704, affects OpenVPN versions 2.6.1 through 2.6.13 when configured with the…