A significant threat has emerged in the form of the ZeroLogon ransomware exploit. This exploit targets a critical vulnerability in Microsoft’s Active Directory, specifically affecting domain controllers. The vulnerability, known as CVE-2020-1472, allows attackers to gain unauthorized access to domain…
Tag: Cyber Security News
Researchers Hacked into Software Supply Chain and Earned $50K Bounty
Researchers found a significant software supply chain vulnerability, which resulted in an outstanding $50,500 bounty from a major corporation’s bug bounty program. The duo’s success highlights the growing importance of securing the software supply chain and the risks posed by…
New YouTube Bug Exploited to Leak Users’ Email Addresses
A critical vulnerability in YouTube’s infrastructure allowed attackers to expose the email addresses tied to anonymous channels by combining flaws in Google’s account management system and an outdated Pixel Recorder API. The exploit chain, discovered by security researchers Brutecat and…
zkLend Hacked – $8.5M Stolen, Company offers 10% whitehat Bounty to Attacker
zkLend, a prominent decentralized finance (DeFi) protocol built on Ethereum’s Layer-2 zk-rollup technology, has fallen victim to a major security breach resulting in the theft of approximately 3,300 ETH, valued at around $8.5 million at current market prices. Unexpectedly, zkLend…
Hackers Allegedly Claiming Breach OmniGPT, 30,000+ User Accounts Exposed
Hackers have allegedly breached OmniGPT, a ChatGPT-like AI chatbot platform, exposing sensitive data of over 30,000 users. The leaked data reportedly includes email addresses, phone numbers, API keys, and over 34 million user-chatbot interactions. A post on a hacking forum…
Mirai Botnet Exploting Router Vulnerabilities to Gain Complete Device Control
A new wave of cyberattacks has surfaced, with a Mirai-based botnet exploiting a number of significant vulnerabilities in routers and smart devices, primarily targeting industrial and home networks worldwide. The Shadowserver Foundation recently shared on X the botnet’s active exploitation…
Unpatched SonicWall Firewalls Vulnerability Actively Exploited To Hijack SSL VPN Sessions
A critical vulnerability in SonicWall firewalls, identified as CVE-2024-53704, has been actively exploited by attackers to hijack SSL VPN sessions. This vulnerability affects SonicOS versions 7.1.x (7.1.1-7058 and older), 7.1.2-7019, and 8.0.0-8035. The exploit allows a remote attacker to bypass…
Windows Driver Zero-Day Vulnerability Allow Attackers To Gain System Access Remotely
A critical zero-day vulnerability has been discovered in a Windows driver, allowing attackers to gain remote access to systems. This vulnerability, identified as CVE-2025-21418, was disclosed on February 11, 2025, and is classified as “Important” with a CVSS score of…
Hackers Exploiting Ivanti Connect Secure RCE Vulnerability to Install SPAWNCHIMERA Malware
A critical vulnerability in Ivanti Connect Secure (CVE-2025-0282) is being actively exploited by multiple threat actors to deploy an advanced malware variant known as SPAWNCHIMERA. This vulnerability, disclosed in January 2025, is a stack-based buffer overflow that allows remote unauthenticated…
‘Wormable’ Windows LDAP Vulnerability Allow Attackers Arbitrary Code Remotely
A critical security vulnerability has been identified in Windows’ Lightweight Directory Access Protocol (LDAP) implementation, allowing attackers to execute arbitrary code remotely. This “wormable” vulnerability, designated as CVE-2025-21376, was disclosed on February 11, 2025, by Microsoft. The vulnerability is classified…