A sophisticated phishing campaign emerged in May 2025, targeting U.S. citizens through a coordinated impersonation of state Department of Motor Vehicles (DMV) agencies. This large-scale operation utilized SMS phishing techniques combined with deceptive web infrastructure to harvest personal and financial…
Tag: Cyber Security News
OWASP AI Testing Guide – A New Project to Detect Vulnerabilities in AI Applications
The Open Web Application Security Project (OWASP) has announced the development of a comprehensive OWASP AI Testing Guide, marking a significant milestone in addressing the growing security challenges posed by artificial intelligence implementations across industries. This specialized framework emerges as…
Aviatrix Cloud Controller Authentication Vulnerability Let Attackers Execute Remote Code
Two critical vulnerabilities in Aviatrix Controller, a Software-Defined Networking (SDN) utility that enables cloud connectivity across different vendors and regions. The vulnerabilities allowed attackers to bypass authentication and execute remote code with root privileges, potentially compromising entire cloud infrastructures. Critical…
WinRAR Directory Vulnerability Allows Arbitrary Code Execution Using a Malicious File
A severe security vulnerability has been identified in RARLAB’s WinRAR software that enables remote attackers to execute arbitrary code through malicious archive files. The flaw, designated as CVE-2025-6218, carries a CVSS score of 7.8 and affects the handling of directory…
Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers
A sophisticated malware campaign has emerged targeting WordPress and WooCommerce websites with highly obfuscated credit card skimmers and credential theft capabilities, representing a significant escalation in e-commerce cyberthreats. The malware family demonstrates advanced technical sophistication through its modular architecture, featuring…
WinRAR Vulnerability Let Execute Arbitrary Code Using a Malicious File
A severe security vulnerability has been identified in RARLAB’s WinRAR software that enables remote attackers to execute arbitrary code through malicious archive files. The flaw, designated as CVE-2025-6218, carries a CVSS score of 7.8 and affects the handling of directory…
WhatsApp Banned on U.S. House Staffers Devices Due to Potential Security Risks
The U.S. House of Representatives has implemented a comprehensive ban on the WhatsApp messaging application across all government-issued devices used by congressional staffers, marking a significant escalation in federal cybersecurity protocols. The Chief Administrative Officer (CAO) issued the directive Monday,…
North Korean Hackers Trick Users With Weaponized Zoom Apps to Execute System-Takeover Commands
A sophisticated cybercriminal campaign has emerged targeting professionals through meticulously crafted fake Zoom applications designed to execute system takeover commands. The attack leverages advanced social engineering techniques combined with convincing domain spoofing to deceive users into compromising their systems, representing…
LapDogs Hackers Leverages 1,000 SOHO Devices Using a Custom Backdoor to Act Covertly
A sophisticated China-linked cyber espionage campaign has emerged, targeting over 1,000 Small Office/Home Office (SOHO) devices worldwide through an advanced Operational Relay Box (ORB) network dubbed “LapDogs.” This covert infrastructure operation, active since September 2023, represents a significant evolution in…
Notepad++ Vulnerability Let Attacker Gain Complete System Control – PoC Released
A severe privilege escalation vulnerability has been discovered in Notepad++ version 8.8.1, potentially exposing millions of users worldwide to complete system compromise. The flaw, designated CVE-2025-49144, allows attackers to gain SYSTEM-level privileges through a technique known as binary planting, with…