A significant security vulnerability in Hewlett-Packard Enterprise OneView for VMware vCenter (OV4VC) platform that could allow attackers with limited access to escalate their privileges to administrative levels. The vulnerability, tracked as CVE-2025-37101, affects all versions of the software prior to…
Tag: Cyber Security News
Iranian Spear-Phishing Attack Mimic Google, Outlook, and Yahoo Domains
A sophisticated Iranian cyber espionage campaign has resurfaced with renewed intensity, targeting high-profile figures through meticulously crafted spear-phishing operations that impersonate major email providers including Google, Outlook, and Yahoo. The campaign, attributed to the threat actor known as Educated Manticore,…
Researchers Obfuscated & Weaponized .NET Assemblies Using MacroPack
The cybersecurity landscape has witnessed a significant evolution in malware sophistication, with threat actors increasingly leveraging legitimate programming frameworks for malicious purposes. A recent development has emerged involving the weaponization of .NET assemblies through advanced obfuscation techniques, marking a concerning…
CISA Warns of D-Link Path Traversal Vulnerability Exploited in Attacks
CISA has issued an urgent warning regarding a critical path traversal vulnerability affecting D-Link DIR-859 routers that is being actively exploited in the wild. The vulnerability, designated as CVE-2024-0769, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on June…
nOAuth Abuse Leads to Full Account Takeover of Entra Cross-Tenant SaaS Applications
A critical authentication vulnerability known as nOAuth abuse has emerged as a severe threat to Microsoft Entra ID integrated SaaS applications, enabling attackers to achieve complete account takeover with minimal technical complexity. The vulnerability exploits fundamental flaws in how application…
Microsoft Teams New Feature Enables Admins to Manage Certified M365 Apps for Enhanced Security
Microsoft has announced a significant security enhancement for Microsoft Teams administrators, introducing a new feature that enables bulk management of Microsoft 365-certified applications through rule-based controls. This development, identified under Microsoft 365 Roadmap ID 485712, represents a major advancement in…
Cisco Identity Services Engine RCE Vulnerability Allows Remote Command Execution as Root User
Two critical security vulnerabilities in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) could allow unauthenticated remote attackers to execute arbitrary commands on affected systems with root privileges. The vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20282, both carry…
Cybercriminals Abuse LLM Models to Aid in Their Criminal Hacking Activities
The cybersecurity landscape has witnessed a concerning evolution as threat actors increasingly leverage artificial intelligence technologies to enhance their malicious operations. Large Language Models (LLMs), which have revolutionized legitimate applications across industries, are now being systematically exploited by cybercriminals to…
Threat Actors Weaponize ChatGPT, Cisco AnyConnect, Google Meet, and Teams to Attacks SMB’s
The cybersecurity landscape for small and medium-sized businesses has undergone a dramatic transformation in 2025, with threat actors increasingly exploiting the widespread adoption of artificial intelligence and collaboration tools to execute sophisticated attacks. The emergence of AI-powered platforms like ChatGPT…
25-Year-Old British National Believed To Be IntelBroker Charged
Federal prosecutors in the Southern District of New York have filed criminal charges against Kai West, a 25-year-old British national allegedly operating under the notorious hacker alias “IntelBroker.” The comprehensive complaint reveals a sophisticated cybercriminal operation that has caused approximately…