A financially motivated threat actor has been linked to a sophisticated cyber campaign that has been targeting users in Poland and Germany since July 2024. The effort uses phishing emails to spread a range of malware payloads, including Agent Tesla,…
Tag: Cyber Security News
Hackers Exploit Outdated Electricity Controller Using Flipper Zero to Disconnect Power Supply
Researchers Fabian Bräunlein and Luca Melette demonstrated how outdated Radio Ripple Control systems, used to manage up to 60 gigawatts (GW) of electricity, could be exploited by attackers to disrupt power supply on a massive scale. Their findings, presented at…
NVIDIA GPU Display Driver Vulnerabilities Let Attackers Trigger DoS
NVIDIA has issued a critical software security update for its GPU Display Driver, addressing multiple vulnerabilities that could potentially expose systems to denial-of-service (DoS) attacks, data tampering, and information disclosure. This update impacts users across Windows and Linux platforms and…
Destroying EDR Service Executable File by Using a Combination of Windows Symbolic Links
A new method of exploiting the “Bring Your Own Vulnerable Driver” (BYOVD) technique has emerged, combining it with Windows symbolic links to elevate its effectiveness. This innovative approach exploits drivers with file-writing capabilities, bypassing the need to rely solely on…
Hackers Using Hidden Text Salting Technique To Confuse Spam Filters & Evade Detection
Cybercriminals are increasingly employing a technique known as “hidden text salting” to bypass spam filters and evade detection. This method, which saw a surge in usage during the latter half of 2024, poses a significant threat to organizations relying on…
New Attack Mimics USPS To Deliver Malicious PDF In To Attack Mobile Devices
A sophisticated phishing campaign has been uncovered, leveraging malicious PDFs disguised as official U.S. Postal Service (USPS) communications to target mobile users. This attack, identified by Zimperium’s zLabs team, employs a novel obfuscation technique to bypass traditional endpoint security measures…
Critical One Identity Manager Vulnerability Let Attackers Escalate Privileges
A critical Insecure Direct Object Reference (IDOR) vulnerability has been identified in One Identity Manager, a widely used identity and access management solution. This vulnerability, officially tracked as CVE-2024-56404, allows unauthorized privilege escalation under specific configurations. The issue affects only…
Akira’s New Linux Ransomware Attacking VMware ESXi Servers
The Akira ransomware group, a prominent player in the Ransomware-as-a-Service (RaaS) domain since March 2023, has intensified its operations with a new Linux variant targeting VMware ESXi servers. Initially focused on Windows systems, Akira expanded its scope in April 2023…
Apple Security Update Fixed Actively Exploited Zero-day Vulnerability Affected iOS, macOS and More
Apple has released updates across its platforms, including iOS 18.3, iPadOS 18.3, macOS Ventura, macOS Sonoma, macOS Sequoia, and Safari, to address multiple vulnerabilities. These updates include critical fixes for zero-day vulnerabilities that were actively being exploited, as well as…
Apple Zero-day Vulnerability Actively Exploited to Attack iPhone Users
Apple has released critical security updates to address a zero-day vulnerability actively exploited in attacks targeting iPhone users. The flaw, identified as CVE-2025-24085, is a use-after-free issue in the Core Media framework, which handles multimedia processing across Apple’s ecosystem. This…