Remote Monitoring and Management (RMM) software has long been the silent partner of help-desk engineers, automating patch cycles and troubleshooting sessions across sprawling enterprises. Over the past year, however, the same remote consoles have been quietly repurposed by ransomware gangs…
Tag: Cyber Security News
CISA Warns of Microsoft SharePoint Code Injection and Authentication Vulnerability Exploited in Wild
CISA has issued an urgent warning regarding two critical Microsoft SharePoint vulnerabilities that threat actors are actively exploiting in the wild. The vulnerabilities, designated as CVE-2025-49704 and CVE-2025-49706, pose significant risks to organizations running on-premises SharePoint servers and have been…
Windows 11 Gets New Black Screen of Death With Auto Recovery Tool
Microsoft has unveiled significant improvements to Windows 11’s system recovery capabilities, introducing a redesigned Black Screen of Death restart screen alongside an automated Quick Machine Recovery (QMR) tool. These enhancements are part of the broader Windows Resiliency Initiative (WRI), designed…
Chinese Hackers Actively Exploiting SharePoint Servers 0-Day Flaw in the Wild
Microsoft has confirmed that Chinese state-sponsored threat actors are actively exploiting critical zero-day vulnerabilities in on-premises SharePoint servers, prompting urgent security warnings for organizations worldwide. The tech giant’s Security Response Center reported coordinated attacks targeting internet-facing SharePoint installations using newly…
Kali Linux Unveils Two New Tools to Boost Wi-Fi Performance for Raspberry Pi Users
Kali Linux has announced the release of two groundbreaking packages that significantly enhance wireless penetration testing capabilities for Raspberry Pi users. The new brcmfmac-nexmon-dkms and firmware-nexmon packages, introduced in Kali Linux 2025.1, enable the onboard Wi-Fi interface on supported Raspberry…
Chrome High-Severity Vulnerabilities Allow Attackers to Execute Arbitrary Code
Google has released an urgent security update for its Chrome browser, addressing three critical vulnerabilities that could enable attackers to execute arbitrary code on users’ systems. The Stable channel update to version 138.0.7204.168/.169 for Windows and Mac, and 138.0.7204.168 for…
Scavenger Malware Hijacks Popular npm Packages to Attack Developers
A sophisticated supply chain attack targeting JavaScript developers emerged on Friday, July 18th, 2025, when cybercriminals compromised multiple popular npm packages to distribute the newly identified “Scavenger” malware. The attack primarily focused on eslint-config-prettier, a widely-used code formatting package, along…
Researchers Unmasked Russia’s Most Secretive FSB’s Spy Network
A groundbreaking investigation has pulled back the curtain on one of Russia’s most clandestine intelligence operations, revealing unprecedented details about the Federal Security Service’s (FSB) 16th Center and its extensive signals intelligence network. The research, conducted by CheckFirst analysts over…
Threat Actors Attacking Linux SSH Servers to Deploy SVF Botnet
Cybersecurity researchers have uncovered a sophisticated attack campaign targeting poorly managed Linux servers through SSH brute force attacks to deploy the SVF Botnet, a Python-based distributed denial-of-service malware. The malware leverages Discord as its command-and-control infrastructure and employs multiple proxy…
New Web3 Phishing Attack Leverages Fake AI Platforms to Steal Usernames and Passwords
A sophisticated phishing campaign targeting Web3 developers has emerged, exploiting the growing interest in artificial intelligence platforms to deliver credential-stealing malware. The threat actor LARVA-208, previously known for targeting IT staff through phone-based social engineering, has pivoted to focus on…