Cybersecurity News

Microsoft has identified significant security authentication issues affecting Windows Hello functionality following the April 2024 cumulative update. The problem specifically impacts devices running enhanced security features, potentially leaving users unable to access their systems through biometric authentication methods. Technical Impact and Affected Systems The authentication vulnerability specifically affects systems running Windows 11 24H2 and Windows … Read more

Microsoft has released a comprehensive security update addressing over 120 vulnerabilities across its product lineup, with particular emphasis on a critical zero-day vulnerability (CVE-2025-29824) that has been actively exploited by the RansomEXX cybercrime group. This high-severity security flaw in the Windows Common Log File System (CLFS) driver poses a significant risk to organizations worldwide. Technical … Read more

In a significant breakthrough for global cybersecurity, Europol has announced the successful identification and arrest of at least five key operators of the notorious Smokeloader botnet following Operation Endgame. The investigation, leveraging data from seized malicious infrastructure servers, marks a crucial milestone in international efforts to combat sophisticated cyber threats. Unprecedented International Collaboration Drives Cybercrime … Read more

Security researchers at Socket have uncovered a sophisticated credit card testing operation leveraging a malicious Python package named “disgrasya” distributed through the Python Package Index (PyPI). The package, which recorded over 34,000 downloads, was specifically designed to automate the validation of stolen credit cards through legitimate WooCommerce-based online stores. Unprecedented Approach to Malware Distribution In … Read more

Cybersecurity researchers at SilentPush have uncovered a sophisticated phishing operation dubbed “PoisonSeed” that specifically targets cryptocurrency service users through compromised enterprise email marketing platforms. This large-scale campaign demonstrates an advanced level of social engineering and technical sophistication, representing a significant threat to both marketing service providers and cryptocurrency holders. Advanced Attack Chain: Compromising Email Marketing … Read more

Microsoft’s Offensive Research and Security Engineering (MORSE) team has discovered a critical security vulnerability in Canon printer drivers that poses a significant threat to enterprise and consumer systems. The flaw, assigned CVE-2025-1268 with a severe CVSS score of 9.4, affects a wide range of Canon printing devices, including industrial printers, office multifunction devices, and laser … Read more

Cybersecurity researchers at ThreatFabric have identified a sophisticated new Android malware strain called Crocodilus, specifically engineered to target cryptocurrency assets through advanced social engineering tactics. This dangerous trojan demonstrates unprecedented capabilities in bypassing modern Android security mechanisms while employing psychological manipulation to steal crypto wallet seed phrases. Technical Capabilities and Distribution Methods Crocodilus employs a … Read more

Palo Alto Networks has revealed detailed findings from their investigation into a sophisticated supply chain attack targeting GitHub Actions ecosystem. The incident, which impacted more than 23,000 repositories, originated from the compromise of SpotBugs, a popular static analysis tool, in November 2024. This attack represents one of the most significant security breaches in the GitHub … Read more

Security researchers at Sonatype have uncovered a sophisticated supply chain attack targeting multiple popular npm packages, some of which have been fundamental to the JavaScript ecosystem for nearly a decade. The attack specifically targeted ten packages primarily used in cryptocurrency operations, implementing malicious code designed to steal sensitive developer credentials and confidential data. Critical Impact … Read more

A groundbreaking security research conducted by PT SWARM has revealed a sophisticated new exploitation technique that combines multiple known Intel processor vulnerabilities, significantly amplifying the potential impact of attacks on affected devices. The research demonstrates how the coordinated exploitation of previously documented vulnerabilities (CVE-2017-5705, CVE-2017-5706, CVE-2017-5707, CVE-2019-0090, CVE-2021-0146) can lead to complete compromise of system … Read more