Angel One, a leading financial services platform, disclosed a breach involving unauthorized access to specific client data after some of its Amazon Web Services (AWS) resources were compromised. The incident was discovered on February 27, 2025, when the company received…
Tag: Cyber Security News
Microsoft Listed Hackers Abusing Azure OpenAI Service to Generate Malicious Content
Microsoft has initiated legal proceedings against a global cybercrime syndicate accused of developing sophisticated tools to bypass safety protocols in its Azure OpenAI Service. The complaint, filed in the U.S. District Court for the Eastern District of Virginia, alleges that…
Hackers Abused Google & PayPal’s Infrastructure to Steal Users Personal Data
Security researchers have uncovered a coordinated attack campaign exploiting vulnerabilities in Google’s advertising ecosystem and PayPal’s merchant tools to steal sensitive user data. The operation leverages Google Search ads impersonating PayPal’s official support channels and abuses PayPal’s no-code checkout system…
Microsoft to shut down Skype, Here is the Deadline
Microsoft has confirmed that Skype will be permanently retired on May 5, 2025. The move underscores the company’s strategic shift toward consolidating its consumer communication tools under Microsoft Teams, a unified platform designed to bridge personal, educational, and professional collaboration.…
Chinese Hackers Exploiting Check Point’s VPN Zero-Day Flaw to Attack Orgs Worldwide
A cyber attack leveraging Check Point’s patched CVE-2024-24919 vulnerability has targeted organizations across Europe, Africa, and the Americas. Security analysts have observed direct linkages to Chinese state-sponsored threat actors. The intrusion chain, which deploys the ShadowPad backdoor and NailaoLocker ransomware,…
Nakivo Backup & Replication Tool Vulnerability Allows Attackers to Read Arbitrary Files – PoC Released
A critical vulnerability tracked as CVE-2024-48248, has been discovered in the Nakivo Backup & Replication tool, exposing systems to unauthenticated arbitrary file read attacks. Security researchers from watchTowr Labs disclosed the flaw, which affects version 10.11.3.86570 and potentially earlier versions…
PingAM Java Agent Vulnerability Let Attackers Gain Unauthorized Access
Ping Identity has issued an urgent security advisory for its PingAM Java Agent, revealing a critical severity vulnerability (CVE-2025-20059) that enables attackers to bypass policy enforcement mechanisms and gain unauthorized access to protected resources. The flaw, classified as a Relative…
New Pass-the-Cookie Attack Bypass Microsoft 365 & YouTube MFA Logins
A surge in “Pass-the-Cookie” (PTC) attacks is undermining multi-factor authentication (MFA), enabling cybercriminals to hijack session cookies and bypass security measures to access sensitive accounts. Recent advisories from the FBI and cybersecurity firms highlight how attackers exploit stolen browser cookies…
Njrat Attacking Users Abusing Microsoft Dev Tunnels for C2 Communications
Security researchers have uncovered a new campaign leveraging the Njrat remote access trojan (RAT) to abuse Microsoft’s developer-oriented Dev Tunnels service for covert command-and-control (C2) communications. Historically associated with credential theft and USB-based propagation, the malware now utilizes Microsoft’s infrastructure…
Poco RAT Malware Exploits PDF Files to Infiltrate Systems and Steal Data
A new variant of the Poco RAT malware has emerged as a significant threat to Spanish-speaking organizations across Latin America, leveraging sophisticated PDF decoys and cloud-based delivery systems to infiltrate networks and exfiltrate sensitive data. Linked to the cyber-mercenary group…