In a significant cybersecurity breach discovered in mid-2024, a sophisticated threat actor deployed custom backdoors on Juniper Networks’ Junos OS routers. The intrusion represents an alarming development in the targeting of critical network infrastructure by nation-state actors, with potential implications…
Tag: Cyber Security News
US Charges 12 Chinese Hackers For Hacking National Security Infrastructure
The United States Department of Justice unveiled charges against twelve Chinese nationals on March 5, 2025, accusing them of orchestrating a sophisticated global cyber espionage campaign targeting critical American infrastructure, government agencies, and dissidents. The indictments mark a significant escalation…
Cisco IOS XR Software Vulnerability Allows Attackers to Execute Commands as Root
Cisco has disclosed a high-severity privilege escalation vulnerability (CVE-2025-20138) in its IOS XR Software. This vulnerability enables authenticated local attackers to execute arbitrary commands as the root user on affected devices. The flaw, with a CVSS score of 8.8, impacts…
Multiple Zoom Client Vulnerabilities Exposes Sensitive Data
Recent security disclosures reveal multiple high-severity vulnerabilities in Zoom’s client software, exposing millions of users to potential data breaches, privilege escalation, and unauthorized access. The most critical flaws, patched in Zoom’s March 11, 2025, security bulletin, include CVE-2025-27440 (heap-based buffer…
Tycoon2FA Phishkit Updates Tactics with PDF Lures & Redirects
Tycoon is back with a new phishing trick! The threat group has updated its tactics, using PDF lures and clever redirects to steal credentials. Victims are tricked into clicking a fake company policy notice, leading them straight to a phishing…
MirrorFace APT Hackers Exploited Windows Sandbox & Visual Studio Code Using Custom Malware
The National Police Agency (NPA) and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released a security advisory regarding an Advanced Persistent Threat (APT) attack campaign targeting organizations in Japan. The campaign, attributed to a threat actor…
DCRat Malware Via YouTube Attacking Users To Steal Login Credentials
A new wave of cyberattacks utilizing the Dark Crystal RAT (DCRat) backdoor has been targeting users since early 2025 through YouTube distribution channels. Cybercriminals create or compromise YouTube accounts to upload videos advertising gaming cheats, cracks, and bots that appeal…
NVIDIA Riva Vulnerabilities Let Attackers Escalate Privileges
NVIDIA has issued a significant software update for its Riva speech AI platform, releasing version 2.19.0 to resolve two high-severity vulnerabilities (CVE-2025-23242 and CVE-2025-23243) involving improper access control mechanisms. The update, detailed in a March 10, 2025 security bulletin, impacts…
PHP XXE Injection Vulnerability Let Attackers Read Config Files & Private Keys
Security researchers have uncovered a sophisticated XML External Entity (XXE) injection vulnerability in PHP applications that could allow attackers to access sensitive configuration files and private keys. The vulnerability, discovered by researcher Aleksandr Zhurnakov, affects PHP applications using certain libxml…
Critical Windows Remote Desktop Services Vulnerability Lets Attackers Execute Malicious Code
Microsoft has released its March security update, addressing 57 vulnerabilities across its product range, including six critical flaws. Among the critical vulnerabilities are CVE-2025-24035 and CVE-2025-24045, both Remote Code Execution (RCE) vulnerabilities in Windows Remote Desktop Services (RDS). Each vulnerability…