Credential stuffing has emerged as one of the most pervasive and effective attack vectors in today’s cybersecurity landscape. This technique, which leverages stolen username and password combinations across multiple platforms, has been significantly enhanced through a sophisticated automation tool called…
Tag: Cyber Security News
B1ack’s Stash MarketPlace Actors to Release 4 Million Stolen Credit Card Details for Free
Dark web carding marketplace B1ack’s Stash has announced the release of 4 million stolen credit card details at no cost to cybercriminals. This massive data leak, publicized on February 19, 2025, represents one of the largest freely distributed caches of…
PoC Exploit Released for Ingress-NGINX Remote Code Execution Vulnerabilities
A proof-of-concept (PoC) exploit for a critical remote code execution vulnerability in Kubernetes Ingress-NGINX controllers, tracked as CVE-2025-1974. The vulnerability uncovered by WiZ affects the validation webhook component and could allow attackers to execute arbitrary code on affected systems, potentially…
Pakistan APT Hackers Create Weaponized IndiaPost Website to Attack Windows & Android Users
Cybersecurity researchers have uncovered a sophisticated attack campaign leveraging a fraudulent website that impersonates the Indian Post Office to deliver malware to both Windows and Android users. The fake website, hosted at postindia[.]site, employs device detection techniques to serve tailored…
CodeQLEAKED – GitHub Supply Chain Attack Allows Code Execution Using CodeQL Repositories
A significant vulnerability in GitHub’s CodeQL actions could have permitted attackers to execute malicious code across hundreds of thousands of repositories. The vulnerability, assigned CVE-2025-24362, originated from a publicly exposed GitHub token in workflow artifacts that created a small but…
New Sophisticated Linux-Backdoor Attacking OT Systems Exploiting 0-Day RCE
A sophisticated Linux-based backdoor dubbed “OrpaCrab” has emerged as a significant threat to operational technology (OT) systems, particularly those managing gas station infrastructure. Security researchers discovered the malware after it was uploaded to VirusTotal in January 2024 from the United…
OpenAI Offering Up to $100,000 for Critical Vulnerabilities in its Infrastructure
OpenAI has dramatically increased its maximum bug bounty reward to $100,000 for exceptional critical security vulnerabilities, up from the previous cap of $20,000. This fivefold increase highlights the AI leader’s growing emphasis on cybersecurity as its models advance toward artificial…
Exim Use-After-Free Vulnerability Allows Privilege Escalation
A critical security vulnerability has been identified in the widely used Exim mail transfer agent (MTA), potentially allowing attackers with command-line access to escalate privileges on affected systems. The vulnerability, tracked as CVE-2025-30232, affects Exim versions 4.96 through 4.98.1 and…
12 Cybercriminals Arrested Following Takedown of Ghost Communication Platform
Irish and Spanish law enforcement authorities have successfully apprehended 12 members of a high-risk criminal network in a coordinated operation spanning both countries. The arrests, announced on March 26, 2025, included six suspects in Ireland and six in Spain, all…
Splunk RCE Vulnerability Let Attackers Execute Arbitrary Code Via File Upload
Splunk has released patches to address a high-severity Remote Code Execution (RCE) vulnerability affecting Splunk Enterprise and Splunk Cloud Platform. The vulnerability, identified as CVE-2025-20229, could allow a low-privileged user to execute arbitrary code by uploading malicious files. The vulnerability…