A global brute force attack campaign leveraging 2.8 million IP addresses actively targets edge security devices, including VPNs, firewalls, and gateways from vendors such as Palo Alto Networks, Ivanti, and SonicWall. The attack, first detected in January 2025, has been…
Tag: Cyber Security News
Cybersecurity Weekly Brief: Latest on Attacks, Vulnerabilities, & Data Breaches
Welcome to this week’s Cybersecurity Newsletter, which provides the latest updates and key insights from the ever-evolving field of cybersecurity. In the current fast-paced digital landscape, it is essential to remain informed. Our objective is to deliver the most pertinent…
10 Best UTM (Unified Threat Management) Firewalls – 2025
Unified Threat Management (UTM) firewall is a comprehensive cybersecurity solution that integrates multiple security functions into a single platform or appliance. It is designed to simplify security management, reduce costs, and provide robust protection against a variety of cyber threats. UTM solutions are especially popular among…
Hackers Compromising IIS Servers to Deploy BadIIS Malware
A widespread campaign targeting Microsoft Internet Information Services (IIS) servers to deploy the BadIIS malware, a tool used for search engine optimization (SEO) fraud and malicious content injection. The campaign, attributed to the Chinese-speaking hacking group DragonRank, has affected over…
CISA Warns of Trimble Cityworks RCE Vulnerability Exploited to Hack IIS Servers
The CISA has issued a warning regarding a critical remote code execution (RCE) vulnerability affecting Trimble Cityworks, a popular software solution for local government and public works asset management. The vulnerability, identified as CVE-2025-0994, allows an external actor to exploit…
HPE Alerts Employees of Data Breach After Russian Cyberattack on Office 365
Hewlett Packard Enterprise (HPE) has disclosed a significant data breach involving its Office 365 email environment, attributed to the Russian state-sponsored hacking group known as Midnight Blizzard, also referred to as Cozy Bear or APT29. The breach, which began in…
Meta Trained Its Llama AI Models Using 81.7 TB of Books Stolen From Torrent Shadow Libraries
Meta Platforms, Inc. is facing serious allegations in a copyright infringement lawsuit, with plaintiffs claiming the tech giant used 81.7 terabytes of pirated books from shadow libraries to train its Llama AI models. The lawsuit, filed in the U.S. District…
Hackers Attacking Web Login Pages of Popular Firewalls for Brute-Force Attacks
In recent weeks, ShadowServer has observed a significant rise in brute-force attacks targeting web login pages of edge devices, with honeypot data revealing up to 2.8 million IPs involved daily. These attacks, primarily originating from Brazil, are aimed at devices…
New Facebook Fake Copyright Notices Phishing Steals Your FB Credentials
A recent phishing campaign has been targeting Facebook users with fake copyright infringement notices, aiming to steal their login credentials. This sophisticated scam has been sent to over 12,279 email addresses, primarily affecting enterprises across the EU, US, and Australia.…
New Attack Technique Uncovered Abusing Kerberos Delegation in Active Directory Networks
A new attack vector exploiting vulnerabilities in Kerberos delegation within Active Directory (AD) networks has been uncovered, posing significant risks to enterprise security. This technique leverages the inherent weaknesses of Unconstrained Kerberos Delegation, a legacy feature that allows services to…