Microsoft introduced a major update to Windows 11 (KB5031455), adding native support for 11 new compression formats, including RAR and 7z. This update aimed to enhance user convenience by enabling file management directly within File Explorer. However, the integration of…
Tag: Cyber Security News
New Malware Exploiting Outlook As a Communication Channel via The Microsoft Graph API
A new family of malware has been discovered that leverages Microsoft Outlook as a communication channel via the Microsoft Graph API. This sophisticated malware includes a custom loader and backdoor, known as PATHLOADER and FINALDRAFT, respectively. The malware is part…
KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques
Security researchers from Korea University have unveiled a new vulnerability in macOS systems running on Apple Silicon processors. Dubbed “SysBumps,” this attack successfully circumvents Kernel Address Space Layout Randomization (KASLR), a critical security mechanism designed to protect kernel memory from…
Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource
Researchers uncovered a critical vulnerability in Amazon Web Services (AWS) involving Amazon Machine Images (AMIs). Dubbed the “whoAMI” attack, this exploit leverages a name confusion attack, a subset of supply chain attacks, to gain unauthorized code execution within AWS accounts. …
Path Confusion in Nginx/Apache Leads to Critical Auth Bypass in PAN-OS
Palo Alto Networks has recently disclosed a critical vulnerability in its PAN-OS network security operating system, tracked as CVE-2025-0108, which allows attackers to bypass authentication on the management web interface. This vulnerability, with a CVSSv3.1 score of 7.8, exposes affected…
Have I Been Pwned Likely to Ban Resellers Subscriptions
Have I Been Pwned (HIBP), a popular data breach notification service, has expressed a strong inclination to ban resellers from obtaining platform memberships. Troy Hunt made this decision after thoroughly examining the excessive support burden these resellers impose on the…
Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications
Hackers have been leveraging the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) communications. Pyramid, first released on GitHub in 2023, is a Python-based post-exploitation framework designed to evade endpoint detection and response (EDR) tools. Its lightweight HTTP/S server…
BadPilot Attacking Network Devices To Expand Russian Seashell Blizzard’s Attacks
Microsoft Threat Intelligence has exposed a subgroup within the Russian state actor Seashell Blizzard, known as the “BadPilot campaign.” This subgroup has been conducting a multiyear operation to compromise Internet-facing infrastructure globally, expanding Seashell Blizzard’s reach beyond Eastern Europe. The…
CrowdStrike Falcon Sensor for Linux TLS Vulnerability Enabling MiTM Attack
CrowdStrike has disclosed a high-severity vulnerability in its Falcon Sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. The vulnerability, identified as CVE-2025-1146, originates from a validation logic error in the Transport Layer Security (TLS) connection routine. This…
Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords
A massive 2.7 billion records containing sensitive user data, including Wi-Fi network names, passwords, IP addresses, and device identifiers, were exposed in a massive IoT security breach linked to Mars Hydro, a China-based grow light manufacturer, and LG-LED SOLUTIONS LIMITED,…