U.S. Army Specialist Cameron John Wagenius, 21, is charged with federal offenses for allegedly hacking at least 15 telecom companies and trying to extort a major provider while leveraging stolen call detail records (CDRs) of high-ranking officials. The U.S. Department…
Tag: Cyber Security News
New Vulnerability in Substack let Attackers Take Over Subdomains
A newly disclosed edge case in Substack’s custom domain implementation allows threat actors to hijack inactive subdomains, potentially enabling content spoofing, phishing campaigns, and brand impersonation. The researcher identified 1,426 vulnerable domains – representing 8% of all Substack-associated custom domains…
MediaTek Warns of Multiple Vulnerabilities that let Attackers Escalate Privileges
MediaTek has issued urgent security advisories warning of multiple high-severity vulnerabilities in its system-on-chip (SoC) architectures, including flaws that enable local privilege escalation (LPE) and remote code execution (RCE). The March 2025 Product Security Bulletin highlights three high severity vulnerabilities…
Apache Derby Vulnerability Let Attackers Bypass Authentication with LDAP Injection
A critical security vulnerability (CVE-2022-46337) in Apache Derby, an open-source relational database implemented entirely in Java, has exposed systems to authentication bypass attacks via LDAP injection. The flaw, rated with a CVSS score of 9.1, enables attackers to craft malicious…
Vidar & StealC 2.0 Released by Threat Actors With a Complete New Build
Threat actors have simultaneously released major updates for two prominent info-stealers, Vidar and StealC, marking their transition to version 2.0. These updates, announced in late February 2025, introduce redesigned builds, modernized features, and enhanced capabilities. However, cybersecurity experts have uncovered…
Why Off-the-Shelf Security Solutions Fail: The Need for Custom Cybersecurity Services
Have you ever wondered why businesses still face cyber threats, even with the latest security software? Cybercriminals are always finding new ways to attack. To stay safe, companies need strong and adaptable security measures. Many businesses rely on off-the-shelf security…
Trigon – A New Exploit Revealed for iOS 0-Day kernel Vulnerability
Security researchers have released a sophisticated new kernel exploit targeting Apple iOS devices, dubbed Trigon, which leverages a critical vulnerability in the XNU kernel’s virtual memory subsystem. The exploit, linked to the ith “Operation Triangulation” spyware campaign that first weaponized…
Windows Hyper-V NT Kernel Vulnerability Let Attackers Gain SYSTEM Privileges – PoC Released
Threat actors have actively exploited CVE-2025-21333, a critical vulnerability in Microsoft’s Windows Hyper-V NT Kernel Integration Virtual Service Provider (VSP). This heap-based buffer overflow vulnerability allows local attackers to escalate their privileges to the SYSTEM level, posing a significant security…
Critical Vulnerability in Wazuh Server Enables Remote Attackers to Execute Malicious Code
A critical remote code execution (RCE) vulnerability has been discovered in the Wazuh server, a popular open-source security platform used for threat detection and compliance monitoring. Identified as CVE-2025-24016, this flaw allows attackers with API access to execute arbitrary Python…
Android Phone’s Unlocked Using Cellebrite’s Linux USB Zero-day Exploit
Amnesty International’s Security Lab has uncovered a sophisticated cyber-espionage campaign in Serbia, where authorities used a zero-day exploit chain developed by Cellebrite to unlock the Android phone of a student activist. The attack, which occurred on December 25, 2024, leveraged…