Cisco has released a security advisory addressing a vulnerability in its Nexus 3000 and 9000 Series Switches that could allow attackers to trigger a denial-of-service (DoS) condition. The vulnerability found in the health monitoring diagnostics of the switches could lead…
Tag: Cyber Security News
As a SOC/DFIR Team Member, How To Investigate Phishing Kit Attacks
Phishing kit attacks have become a pervasive threat in cybersecurity landscapes, lowering the barrier to entry for cybercriminals and enabling even low-skilled actors to launch sophisticated campaigns. These kits contain pre-built templates, data-harvesting scripts, and evasion tools designed to mimic…
Silent Killers Exploiting Windows Policy Loophole To Evade Detections & Deploy Malware
Check Point Research (CPR) has uncovered a sophisticated cyber campaign exploiting a Windows driver signing policy loophole to disable security tools and deploy malware across thousands of systems since June 2024. Attackers leveraged 2,500+ modified variants of the vulnerable Truesight.sys…
Threat Actor Allegedly Selling VMware ESXi 0-Day Exploit on Hacker Forum
A cybercriminal operating under the alias “Vanger” has surfaced on underground forums, offering a purported zero-day exploit targeting VMware ESXi hypervisors. The exploit claimed to enable virtual machine escape (VME), is being marketed at a steep price of $150,000. If…
Microsoft Entra ID DNS Resolution Failures Results in Authentication Issues
A critical DNS misconfiguration in Microsoft Entra ID (formerly Azure Active Directory) disrupted authentication services globally for nearly 90 minutes on February 25, 2025, affecting organizations relying on Seamless Single Sign-On (SSO) and Microsoft Entra Connect Sync. The outage stemmed…
GRUB2 Vulnerabilities Exposes Millions of Linux Systems to Cyber Attack
A critical set of 20 vulnerabilities in GRUB2, the ubiquitous bootloader underpinning most Linux distributions and Unix-like systems, has exposed millions of devices to potential secure boot bypass, remote code execution, and persistent firmware-level attacks. These flaws (CVSS scores up…
Genea IVF Clinic Breached – Thousand of Patient Data at Risk
Genea, one of Australia’s largest IVF providers, has confirmed that an unauthorized third party accessed its systems, potentially compromising sensitive patient data. The breach has left thousands of patients uncertain about their treatment schedules and medication plans, as critical digital…
MITRE Details New Framework OCCULT for Managing AI Security Threats
The MITRE Corporation has unveiled a groundbreaking evaluation framework designed to quantify the risks posed by large language models (LLMs) in offensive cyber operations (OCO). Dubbed OCCULT (Operational Evaluation Framework for Cyber Security Risks in AI), the methodology aims to…
Orange Communication Breached – Hackers Allegedly Claim Leak of 380,000 Emails
Orange Communication data breach was claimed by a threat actor using the pseudonym “Rey,” who was responsible for leaking 380,000 email records and sensitive corporate data on a dark web forum. The alleged breach, disclosed earlier this week, includes source…
New Phishing Attack Targeting Amazon Prime Users To Steal Login Credentials
A sophisticated phishing campaign targeting Amazon Prime users has emerged, leveraging counterfeit renewal notifications to harvest login credentials, payment details, and personal verification data. Discovered by the Cofense Phishing Defense Center (PDC) on February 18, 2025, the attack employs multi-stage…