A sophisticated attack vector dubbed “MalDoc in PDF” allows threat actors to bypass traditional security scanning by embedding malicious Word documents into PDF files. This technique, observed in attacks dating back to July, enables macros to execute when victims open…
Tag: Cyber Security News
41% of Success Logins Across Websites Involves Compromised Passwords
Password reuse continues to be one of the most significant security vulnerabilities in 2025, with alarming new data showing nearly half of all successful website logins involve previously exposed credentials. This widespread practice of recycling passwords across multiple services creates…
US Sperm Donor Giant California Cryobank Hacked – Customers Personal Data Exposed
California Cryobank LLC, one of America’s largest sperm donor repositories, has confirmed a significant data breach that exposed sensitive customer information. The cyber intrusion, which occurred on April 20, 2024, but remained undetected until October 4, 2024, has triggered mandatory…
Threat Actors Stolen Over 3.2 Billion Login Credentials & Infected 23 Million Devices Worldwide
In what security experts are calling one of the largest credential theft campaigns in history, sophisticated threat actors have successfully exfiltrated over 3.2 billion login credentials and compromised approximately 23 million devices across six continents. The massive operation, identified in…
Arcane Stealer Via YouTube Videos Steal Data From Network Utilities Including VPN & FileZilla
A sophisticated new malware strain called “Arcane” that specifically targets network utilities, VPN clients, and file transfer applications. The malware, discovered in late 2024, is being distributed through seemingly innocent YouTube videos that promote game cheats and cracks, putting thousands…
New AI Jailbreak Technique Bypasses Security Measures to Write Malware for Google Chrome
A new report indicates that individuals lacking technical knowledge can create advanced malware using widely recognized AI systems, thereby turning ordinary people into significant cybersecurity threats. The 2025 Cato CTRL™ Threat Report, published on March 18, details how a threat…
Cloudflare Launches Cloudforce One Threat Platform to Analyze IoCs, IP, Hashes & Domains
Cloudflare has unveiled its new threat events platform for Cloudforce One customers, offering a comprehensive solution to one of the most significant challenges in cybersecurity today: contextualizing threat intelligence data. The platform provides security practitioners with actionable insights by analyzing indicators…
Hackers Leveraging Azure App Proxy Pre-authentication to Access Orgs Private Network Resources
Recent security findings reveal that threat actors are actively exploiting misconfigured Azure application proxies to gain unauthorized access to organizations’ internal resources. When Azure app proxy pre-authentication is set to “Passthrough” instead of the default “Microsoft Entra ID” setting, private…
PHP RCE Vulnerability Actively Exploited in Wild to Attack Windows-based Systems
Security researchers at Bitdefender Labs have detected a significant surge in exploitation attempts targeting a critical PHP vulnerability that allows attackers to execute malicious code on Windows-based systems. The vulnerability, tracked as CVE-2024-4577, has been actively exploited since June 2024,…
MirrorFace Hackers Customized AsyncRAT Execution Chain to Run Within Windows Sandbox
The China-aligned advanced persistent threat (APT) group MirrorFace has updated its tactics, techniques, and procedures (TTPs) with a sophisticated approach to deploying malware. Known primarily for targeting Japanese entities, the group has expanded its operations to include a Central European…