Cybersecurity News

Cybersecurity researchers at SilentPush have uncovered a sophisticated phishing operation dubbed “PoisonSeed” that specifically targets cryptocurrency service users through compromised enterprise email marketing platforms. This large-scale campaign demonstrates an advanced level of social engineering and technical sophistication, representing a significant threat to both marketing service providers and cryptocurrency holders. Advanced Attack Chain: Compromising Email Marketing … Read more

Microsoft’s Offensive Research and Security Engineering (MORSE) team has discovered a critical security vulnerability in Canon printer drivers that poses a significant threat to enterprise and consumer systems. The flaw, assigned CVE-2025-1268 with a severe CVSS score of 9.4, affects a wide range of Canon printing devices, including industrial printers, office multifunction devices, and laser … Read more

Cybersecurity researchers at ThreatFabric have identified a sophisticated new Android malware strain called Crocodilus, specifically engineered to target cryptocurrency assets through advanced social engineering tactics. This dangerous trojan demonstrates unprecedented capabilities in bypassing modern Android security mechanisms while employing psychological manipulation to steal crypto wallet seed phrases. Technical Capabilities and Distribution Methods Crocodilus employs a … Read more

Palo Alto Networks has revealed detailed findings from their investigation into a sophisticated supply chain attack targeting GitHub Actions ecosystem. The incident, which impacted more than 23,000 repositories, originated from the compromise of SpotBugs, a popular static analysis tool, in November 2024. This attack represents one of the most significant security breaches in the GitHub … Read more

Security researchers at Sonatype have uncovered a sophisticated supply chain attack targeting multiple popular npm packages, some of which have been fundamental to the JavaScript ecosystem for nearly a decade. The attack specifically targeted ten packages primarily used in cryptocurrency operations, implementing malicious code designed to steal sensitive developer credentials and confidential data. Critical Impact … Read more

A groundbreaking security research conducted by PT SWARM has revealed a sophisticated new exploitation technique that combines multiple known Intel processor vulnerabilities, significantly amplifying the potential impact of attacks on affected devices. The research demonstrates how the coordinated exploitation of previously documented vulnerabilities (CVE-2017-5705, CVE-2017-5706, CVE-2017-5707, CVE-2019-0090, CVE-2021-0146) can lead to complete compromise of system … Read more

A significant cybersecurity incident has struck British postal service provider Royal Mail, resulting in the exposure of 144GB of sensitive data on a prominent hacking forum. The breach, which also affected Royal Mail’s data processing partner Spectos GmbH, represents one of the most substantial data compromises in the postal sector this year. Breach Timeline and … Read more

Oracle has officially confirmed a significant data breach affecting its legacy Oracle Cloud Classic infrastructure, exposing sensitive corporate client credentials. The incident, discovered in early 2025, impacts authentication data stored in systems last actively used in 2017, marking one of the most substantial security incidents in the company’s recent history. Breach Discovery and Initial Response … Read more

Leading cybersecurity solutions provider Check Point has firmly rejected claims of a significant data breach after a threat actor attempted to sell what they claimed was critical corporate information. The incident has sparked considerable attention in the cybersecurity community and highlights the importance of verified threat intelligence. Analysis of the Alleged Data Breach A threat … Read more

Microsoft has implemented significant changes to Windows 11’s security architecture by removing the BypassNRO.cmd script from preview builds, effectively limiting users’ ability to create local accounts and install the operating system without an internet connection. This strategic move represents a fundamental shift in Microsoft’s approach to user authentication and system security. Microsoft’s Security Strategy Evolution … Read more