The Federal Bureau of Investigation (FBI) has issued an urgent alert regarding a sophisticated email-based extortion campaign targeting corporate executives, wherein threat actors impersonate the notorious BianLian ransomware group. The scam, first identified in early March 2025, involves physical letters…
Tag: Cyber Security News
Apache Pinot Vulnerability Let Remote Attackers Bypass Authentication
A critical security vulnerability in Apache Pinot designated CVE-2024-56325, has been disclosed. It allows unauthenticated, remote attackers to bypass authentication mechanisms and gain unauthorized access to sensitive systems. Researchers from the Knownsec 404 Team discovered the flaw and disclosed it…
Microsoft 365 Announces E5 Security for Business Premium Customers as Add-on
Microsoft has announced the immediate availability of Microsoft 365 E5 Security as a cost-effective add-on for Business Premium subscribers, marking a strategic expansion of enterprise-grade cybersecurity tools for small and medium businesses (SMBs). The release introduces enhanced threat detection, identity…
Cisco Secure Client for Windows Let Attackers Execute Arbitrary Code With SYSTEM Privileges
A newly identified vulnerability in the Cisco Secure Client for Windows could allow attackers to execute arbitrary code with SYSTEM privileges. The vulnerability lies within the interprocess communication (IPC) channel and can be exploited by an authenticated, local attacker to…
As an SOC/DFIR Team Member, How to Analyse Real-Time Linux Malware Network Traffic
Network traffic analysis has emerged as one of the most effective methods for detecting and investigating linux based malware infections . By scrutinizing communication patterns, security professionals can uncover signs of malicious activity, including command-and-control (C2) connections, data exfiltration, and…
Threat Actors Mimic Electronic Frontier Foundation To Attack Gaming Community
Cybersecurity researchers have uncovered a sophisticated campaign targeting the Albion Online gaming community through impersonation of the Electronic Frontier Foundation (EFF). The operation, discovered in early March 2025, leverages decoy documents designed to appear as official EFF communications while deploying…
As a SOC/DFIR Team Member, How to Analyse Real-Time Linux Malware Network Traffic
Network traffic analysis has emerged as one of the most effective methods for detecting and investigating linux based malware infections . By scrutinizing communication patterns, security professionals can uncover signs of malicious activity, including command-and-control (C2) connections, data exfiltration, and…
Misconfigured Apache Airflow Servers Exposes Login Credentials to Hackers
A critical security oversight in widely used Apache Airflow instances has exposed credentials for platforms like AWS, Slack, PayPal, and other services, leaving organizations vulnerable to data breaches and supply chain attacks. Researchers at Intezer discovered thousands of unprotected instances…
Sitecore 0-Day Vulnerability Let Attackers Execute Remote Code
A newly disclosed critical vulnerability in Sitecore Experience Platform (CVE-2025-27218) allows unauthenticated attackers to execute arbitrary code on unpatched systems. The flaw, rooted in insecure deserialization practices, affects Sitecore Experience Manager (XM) and Experience Platform (XP) versions 8.2 through 10.4…
Researchers Bypassed CrowdStrike Falcon Sensor to Execute Malicious Applications
Security researchers at SEC Consult have discovered a significant vulnerability in CrowdStrike’s Falcon Sensor that allowed attackers to bypass detection mechanisms and execute malicious applications. This vulnerability, dubbed “Sleeping Beauty,” was initially reported to CrowdStrike in late 2023 but was…