A significant security vulnerability has been discovered in BeyondTrust’s Privilege Management for Windows solution, allowing local authenticated attackers to escalate their privileges to the administrator level. The flaw, designated as CVE-2025-2297 with a CVSSv4 score of 7.2, affects all versions…
Tag: Cyber Security News
Lumma Password Stealer Attack Infection Chain and Its Escalation Tactics Uncovered
The cybersecurity landscape has witnessed a significant surge in information-stealing malware, with Lumma emerging as one of the most prevalent and sophisticated threats targeting Windows systems globally. This C++-based information stealer has rapidly gained traction in underground markets, establishing itself…
10 Best Dark Web Monitoring Tools in 2025
Monitoring and tracking actions on the dark web, a section of the internet that is hidden and requires particular software and configurations to access, is called monitoring. The selling of stolen data, illegal drugs, illegal weapons, hacking services, and other…
Global Authorities Shared IoCs and TTPs of Scattered Spider Behind Major ESXi Ransomware Attacks
Joint international advisory warns of evolving social engineering tactics and new DragonForce ransomware deployment targeting commercial facilities A collaboration of international cybersecurity agencies issued an urgent updated advisory on July 29, 2025, highlighting the escalating threat posed by the Scattered…
ChatGPT Agent Bypasses Cloudflare “I am not a robot” Verification Checks
ChatGPT agents demonstrate the ability to autonomously bypass Cloudflare’s CAPTCHA verification systems, specifically the ubiquitous “I am not a robot” checkbox. This development, first documented in a viral Reddit post on the r/OpenAI community, showcases the evolving sophistication of AI…
Microsoft Details Defence Techniques Against Indirect Prompt Injection Attacks
Microsoft has unveiled a comprehensive defense-in-depth strategy to combat indirect prompt injection attacks, one of the most significant security threats facing large language model (LLM) implementations in enterprise environments. The company’s multi-layered approach combines preventative techniques, detection tools, and impact…
Enterprise LLMs Under Risk: How Simple Prompts Can Lead to Major Breaches
Enterprise applications integrating Large Language Models (LLMs) face unprecedented security vulnerabilities that can be exploited through deceptively simple prompt injection attacks. Recent security assessments reveal that attackers can bypass authentication systems, extract sensitive data, and execute unauthorized commands using nothing…
Hackers Exploiting SAP NetWeaver Vulnerability to Deploy Auto-Color Linux Malware
A sophisticated cyberattack targeting a US-based chemicals company has revealed the first observed pairing of SAP NetWeaver exploitation with Auto-Color malware, demonstrating how threat actors are leveraging critical vulnerabilities to deploy advanced persistent threats on Linux systems. In April 2025,…
Chrome High-Severity Vulnerabilities Allow Memory Manipulation and Arbitrary Code Execution
Google has issued an urgent security update for its Chrome browser, patching several vulnerabilities, including a high-severity vulnerability that could allow attackers to manipulate memory and execute arbitrary code on a user’s system. The latest version, Chrome 138.0.7204.183 for Linux…
Lionishackers Threat Actors Exfiltrating and Selling Corporate Databases on Dark Web
A financially motivated threat actor known as Lionishackers has emerged as a significant player in the illicit marketplace for corporate data in recent months. Leveraging opportunistic targeting and a preference for Asian-based victims, the group employs automated SQL injection tools…