In a massive security breach discovered this week, approximately 23,000 GitHub repositories have been compromised in what security experts are calling one of the largest supply chain attacks to date. The attackers exploited vulnerabilities in the software development pipeline to…
Tag: Cyber Security News
Telegram CEO Returns to Dubai Amid French Investigation Continues
Pavel Durov, founder and CEO of Telegram, announced his return to Dubai on Monday following months of judicial supervision in France as investigations into alleged criminal activities on his messaging platform continue. Durov expressed relief at being back home and…
Kentico Xperience CMS Authentication Bypass Vulnerability Allow Attackers Execute Arbitrary Code Remotely
Researchers discovered critical vulnerabilities in Kentico’s Xperience CMS that could allow attackers to completely compromise affected systems. The vulnerabilities, identified as WT-2025-0006, WT-2025-0007, and WT-2025-0011, can be chained together to achieve unauthenticated remote code execution on systems with common configurations.…
Beware of Free File Word To PDF Converter That Delivers Malware
The FBI has issued an urgent warning about the rising threat of malicious file conversion tools that are being used to spread malware across the United States. Cybercriminals are targeting users searching for free utilities to convert documents from one…
MassJacker Clipper Malware Attacking Users Installing Pirated Software
A newly discovered cryptojacking malware dubbed “MassJacker” is targeting users who download pirated software, replacing cryptocurrency wallet addresses to redirect funds to attackers. The malware acts as a clipboard hijacker, monitoring when users copy crypto wallet addresses and silently replacing…
Proactive Cybersecurity – Staying Ahead of Threats with a Preventive Approach
The old adage “Prevention is better than cure” has taken a new, more urgent meaning in the cybersecurity community. With 600 million cyber attacks per day, several companies have started investing heavily in proactive cybersecurity measures that encompass risk-based vulnerability…
Manage Engine Analytics Vulnerability Allows User Account Takeover
A high-severity authentication vulnerability in ManageEngine Analytics Plus on-premise installations has been identified, potentially allowing malicious actors to gain unauthorized access to Active Directory (AD) authenticated user accounts. The vulnerability, tracked as CVE-2025-1724, affects all Windows builds prior to 6130…
Zoom Team Chat Decrypted to Uncover User Activities
In a significant development for digital forensics investigators, new research has revealed comprehensive methods to decrypt Zoom Team Chat databases, potentially exposing sensitive user communications and activities. As organizations worldwide continue to rely on Zoom for remote collaboration, these findings…
Wazuh Open Source SIEM Vulnerability Allows Malicious Code Execution Remotely
Cybersecurity researchers have disclosed a critical remote code execution vulnerability (CVE-2025-24016) affecting Wazuh, a widely-used open-source security information and event management (SIEM) platform. The vulnerability, which carries a severe CVSS score of 9.9, impacts versions 4.4.0 through 4.9.0 and allows…
Espressif Systems Vulnerabilities Let Attackers Execute Arbitrary Code
Security researchers have uncovered several critical vulnerabilities in Espressif Systems’ ESP-IDF framework that could allow attackers to execute arbitrary code on ESP32 devices via Bluetooth interfaces. The high-risk flaws, which affect ESP-IDF versions 5.0.7, 5.1.5, 5.2.3, and 5.3.1 (and likely…