Cybersecurity researchers have identified a concerning new attack vector where threat actors are actively exploiting a vulnerability in Google Chrome version 133.0.6943.126 through DLL side-loading techniques. This sophisticated attack allows malicious code execution through Chrome’s trusted subprocesses, creating a significant…
Tag: Cyber Security News
Hackers Abuse Cobalt Strike, SQLMap & Other Tools to Target Organizations’ Web Applications
Cybersecurity experts have uncovered a sophisticated campaign targeting enterprise web applications through the abuse of legitimate penetration testing tools. Threat actors are increasingly leveraging professional security tools including Cobalt Strike, SQLMap, and other reconnaissance utilities to compromise corporate networks with…
Sophisticated Attack Via Booking Websites Installs LummaStealer Malware
Cybercriminals have launched a new sophisticated attack campaign targeting travelers through fake booking websites. The campaign, discovered in early 2025, tricks users into installing LummaStealer malware through deceptive CAPTCHA verification processes, putting personal and financial information at risk. The attack…
VPN Vulnerabilities Emerges As The Key Tool for Threat Actors to Attack Organizations
VPN infrastructure has become a prime target for cybercriminals and state-sponsored actors, with vulnerabilities in these systems serving as gateways to widespread organizational compromise. Even years after their disclosure, critical VPN vulnerabilities continue to enable threat actors to steal credentials…
Beware of Fake Coinbase Migration Messages Aimed to Steal Your Wallet Credentials
A sophisticated phishing campaign is targeting cryptocurrency investors with fraudulent emails claiming a mandatory Coinbase wallet migration requirement. These deceptive messages, bearing the subject line “Migrate to Coinbase wallet,” are being distributed at a large scale, potentially bypassing spam filters…
Hackers Allegedly Selling Firewall Access to Canon Inc on Hacking Forums
Threat actors are allegedly offering root access to Canon Inc.’s internal firewall systems on underground hacking forums. According to security monitoring firm ThreatMon, the advertisement appeared on a popular dark web marketplace, claiming to provide administrator-level access to the Japanese…
Microsoft Windows File Explorer Vulnerability Let Attackers Perform Network Spoofing – PoC Released
A critical vulnerability in Windows File Explorer, identified as CVE-2025-24071, enables attackers to steal NTLM hashed passwords without any user interaction beyond simply extracting a compressed file. Security researchers have released a proof-of-concept exploit demonstrating this high-severity flaw, which Microsoft…
Critical Synology Vulnerability Let Attackers Remote Execute Arbitrary Code
A severe vulnerability in Synology’s DiskStation Manager (DSM) allows remote attackers to execute arbitrary code with no user interaction. The flaw, disclosed during PWN2OWN 2024, received a Critical severity rating with a CVSS score of 9.8, indicating its potential for…
Hacker Weaponizing Hard Disk Image Files To Deliver VenomRAT
A sophisticated phishing campaign is leveraging virtual hard disk (.vhd) files to distribute the dangerous VenomRAT malware. The attack begins with purchase order-themed emails containing archive attachments that, when extracted, reveal hard disk image files designed to evade traditional security…
CISA Warns of Fortinet FortiOS Authentication Bypass Vulnerability Exploited in Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert highlighting a significant vulnerability in Fortinet’s FortiOS and FortiProxy systems, which threat actors are actively exploiting. The authentication bypass vulnerability, tracked as CVE-2025-24472, has been added to…