Cybersecurity News

British telecommunications provider TalkTalk has launched an extensive investigation into a significant data breach after reports emerged of customer information being offered for sale on underground hacking forums. The incident, which allegedly occurred in January 2025, has raised serious concerns about supply chain security in the telecommunications sector. A threat actor operating under the alias … Read more

Cybersecurity researchers at GreyNoise have detected widespread exploitation of a critical command injection vulnerability (CVE-2024-40891) affecting Zyxel CPE devices. This high-severity security flaw, initially discovered in summer 2023, remains unpatched, leaving thousands of devices exposed to potential attacks. Understanding the Technical Impact The vulnerability (CVE-2024-40891) enables unauthorized remote code execution through supervisor and zyuser service … Read more

Apple’s cybersecurity team has identified and patched a critical zero-day vulnerability (CVE-2024-23222) that threat actors were actively exploiting across multiple Apple operating systems. The security flaw, discovered in the Apple Core Media framework, affects a broad spectrum of devices running iOS, iPadOS, macOS, tvOS, watchOS, and the newly introduced visionOS. Understanding the Security Vulnerability The … Read more

Security researchers at Sekoia have uncovered an extensive phishing operation utilizing nearly 1,000 fraudulent websites that impersonate popular platforms Reddit and WeTransfer. The sophisticated campaign aims to distribute the dangerous Lumma stealer malware, putting users’ sensitive data at significant risk. Sophisticated Social Engineering Tactics Revealed The threat actors have deployed an intricate network of 529 … Read more

Hewlett Packard Enterprise (HPE) has confirmed a significant cybersecurity breach affecting its critical development infrastructure. The incident, claimed by the threat actor group IntelBroker, has resulted in unauthorized access to multiple corporate systems, including sensitive API interfaces and GitHub repositories, highlighting the growing sophistication of targeted attacks against major technology corporations. Breach Impact and Compromised … Read more

ESET security researchers have uncovered a sophisticated supply chain attack targeting IPany, a South Korean VPN provider, potentially compromising thousands of users’ systems. The attack, attributed to the Chinese threat actor group PlushDaemon, involved the deployment of a malicious backdoor called SlowStepper through the provider’s official installation package. Attack Vector and Malware Distribution Strategy The … Read more

Cybersecurity firm CloudSEK has uncovered a sophisticated cyber-attack campaign targeting amateur hackers through a compromised version of the XWorm RAT builder. The operation has successfully infected over 18,459 devices across multiple countries, with the highest concentration of victims in Russia, the United States, India, Ukraine, and Turkey. Distribution Strategy and Infection Mechanics The threat actors … Read more

Cybersecurity researchers at Qualys have uncovered a significant new threat in the IoT security landscape – the Murdoc botnet, a sophisticated variant of the notorious Mirai malware. Since its emergence in July 2024, this malicious network has successfully compromised more than 1,370 devices, primarily targeting systems in Southeast Asia and Latin America, marking a concerning … Read more

Kaspersky Lab’s security researchers have uncovered multiple critical vulnerabilities in the first-generation Mercedes-Benz MBUX infotainment system, highlighting significant cybersecurity concerns in modern vehicle infrastructure. The comprehensive security audit revealed potential attack vectors that could compromise various vehicle functions and user data. Detailed Technical Analysis and Research Methodology The investigation, conducted on a Mercedes B180 vehicle, … Read more

In a significant cybersecurity development, Cloudflare has successfully defended against the largest distributed denial-of-service (DDoS) attack ever recorded, peaking at an unprecedented 5.6 terabits per second. The attack, orchestrated through a Mirai botnet comprising approximately 13,000 compromised devices, targeted a major Internet Service Provider in East Asia on October 29, 2024. Technical Analysis of the … Read more