A sophisticated malware campaign has emerged that exploits Cloudflare’s tunneling infrastructure to deliver multi-stage Python-based payloads, demonstrating an alarming evolution in cybercriminal tactics. The campaign, tracked as SERPENTINE#CLOUD, represents a significant escalation in the abuse of legitimate cloud services for…
Tag: Cyber Security News
Authorities Busted Ransomware Gang – Nine Laptops and 15 Mobile Devices Were Seized
Thai law enforcement successfully dismantled a sophisticated ransomware operation during a coordinated raid at the Antai Holiday Hotel in central Pattaya on Monday, June 16, 2025. The operation resulted in the arrest of six Chinese nationals specifically tasked with distributing…
Cisco AnyConnect VPN Server Vulnerability Let Attackers Trigger DoS Attack
A critical security vulnerability affecting Cisco Meraki MX and Z Series devices could allow unauthenticated attackers to launch denial of service (DoS) attacks against AnyConnect VPN services. The vulnerability, tracked as CVE-2025-20271 with a CVSS score of 8.6, was published…
Password Reset Poisoning Attack Allows Account Takeover Using the Password Reset Link
A critical vulnerability in password reset mechanisms has been discovered that allows attackers to completely take over user accounts by manipulating password reset links. Security researcher Pratik Dabhi recently disclosed details of a Host Header Injection attack that exploits how…
Golden SAML Attack Let Attackers Gains Control of The Private Keyused by Federation Server
Cybersecurity professionals are facing a sophisticated new threat as Golden SAML attacks emerge as one of the most dangerous yet stealthy techniques targeting enterprise identity infrastructure. These attacks represent a significant escalation in the threat landscape, allowing malicious actors to…
Xiaomi Smartwatch Hacked Using Touch Point to Find Unlock PIN coordinates
Security researcher Sergei Volokitin has presented findings on hardware vulnerabilities discovered in Xiaomi devices, including the company’s S3 smartwatch, during a presentation at a major cybersecurity conference. The research was conducted as part of a collaborative security event where researchers…
5 New Trends In Phishing Attacks On Businesses – Must Aware Threats
Phishing remains one of the most effective ways attackers infiltrate corporate environments. Today’s phishing campaigns are no longer just poorly written emails with obvious red flags. They’re sophisticated, well-disguised, and tailored to exploit trust in everyday tools your teams use. …
New SuperCard Malware Using Hacked Android Phones to Relay Data from Users Payment Cards to Attackers Device
In a concerning development for mobile payment security, cybersecurity experts have identified a sophisticated new malware strain named “SuperCard” that exploits Android devices to steal payment card data. This malicious application, a modified version of the legitimate NFCGate program, intercepts…
Insecure GitHub Actions in Open Source Projects MITRE and Splunk Exposes Critical Vulnerabilities
A comprehensive security investigation has revealed widespread vulnerabilities in GitHub Actions workflows across major open source repositories, including those maintained by prestigious organizations such as MITRE and Splunk. The discovery highlights a concerning pattern of insecure continuous integration and continuous…
RapperBot Botnet Attack Peaks 50,000+ Attacks Targeting Network Edge Devices
The RapperBot botnet has reached unprecedented scale, with security researchers observing over 50,000 active bot infections targeting network edge devices across the globe. This sophisticated malware campaign represents one of the most persistent and evolving cyber threats currently plaguing internet-connected…