In recent weeks, ShadowServer has observed a significant rise in brute-force attacks targeting web login pages of edge devices, with honeypot data revealing up to 2.8 million IPs involved daily. These attacks, primarily originating from Brazil, are aimed at devices…
Tag: Cyber Security News
New Facebook Fake Copyright Notices Phishing Steals Your FB Credentials
A recent phishing campaign has been targeting Facebook users with fake copyright infringement notices, aiming to steal their login credentials. This sophisticated scam has been sent to over 12,279 email addresses, primarily affecting enterprises across the EU, US, and Australia.…
New Attack Technique Uncovered Abusing Kerberos Delegation in Active Directory Networks
A new attack vector exploiting vulnerabilities in Kerberos delegation within Active Directory (AD) networks has been uncovered, posing significant risks to enterprise security. This technique leverages the inherent weaknesses of Unconstrained Kerberos Delegation, a legacy feature that allows services to…
Microsoft Edge Vulnerabilities Let Attackers Execute Remote Code – Update Now!
Microsoft has released a critical security update for its Edge browser, addressing multiple vulnerabilities that could allow attackers to execute remote code and compromise user systems. Users are strongly urged to update their browsers immediately to mitigate potential risks. Four…
Developers Beware! Malicious ML Models Detected on Hugging Face Platform
In a concerning development for the machine learning community, researchers at ReversingLabs have identified malicious models on the popular Hugging Face platform. These models exploit vulnerabilities in the Pickle file serialization format, a widely used method for storing and sharing…
HPE Aruba Networking ClearPass Policy Manager Vulnerabilities Allow Arbitrary Code Execution
Hewlett Packard Enterprise (HPE) has disclosed multiple critical vulnerabilities in its Aruba Networking ClearPass Policy Manager (CPPM), a widely used network access control solution. These flaws, if exploited, could lead to arbitrary code execution, privilege escalation, and sensitive data exposure.…
DeepSeek iOS App Sending Data Unencrypted to ByteDance Controlled Server
Critical vulnerabilities have been disclosed in the DeepSeek iOS app, raising concerns over privacy and national security risks. The app, which has been the top iOS download since January 25, 2025, transmits sensitive user data unencrypted to servers controlled by…
Dell Update Manager Plugin Vulnerability Let Hackers Access Sensitive Data
Dell Technologies has issued a security update addressing a vulnerability in its Update Manager Plugin (UMP), which could allow attackers to exploit sensitive data through improper neutralization of HTML tags in web pages. This vulnerability, identified as CVE-2025-22402, has been…
Ex-Google Engineer Charged for Stealing AI Secrets to China
In a groundbreaking case highlighting the intersection of technology and national security, a federal grand jury has indicted Linwei Ding, also known as Leon Ding, on four counts of theft of trade secrets. The charges allege that Ding, a former…
Logsign Vulnerability Remote Attackers to Bypass Authentication
A severe security vulnerability identified as CVE-2025-1044 has been disclosed in the Logsign Unified SecOps Platform, a widely used software for security operations. This flaw, rated with a CVSS score of 9.8, poses a critical threat, allowing remote attackers to…