Cybersecurity News

Security researchers at Qualys have discovered two significant vulnerabilities in OpenSSH, exposing systems to Man-in-the-Middle (MitM) and Denial of Service (DoS) attacks. Most concerning is the revelation that one of these vulnerabilities remained undetected for over a decade, potentially compromising countless systems worldwide. Long-standing MitM Vulnerability Threatens SSH Communications The more severe vulnerability (CVE-2025-26465) was … Read more

Kaspersky Lab researchers have uncovered a sophisticated malware campaign dubbed “StaryDobry” that specifically targets users of pirated video games. The operation deploys the XMRig cryptocurrency miner through modified versions of popular games, utilizing victims’ computing resources to mine Monero cryptocurrency while evading detection. Campaign Timeline and Targeted Games The malicious campaign gained significant momentum during … Read more

Cybersecurity researchers at Netcraft have uncovered an alarming development in the phishing threat landscape with the imminent release of Darcula Suite 3.0, a sophisticated upgrade to the notorious Darcula phishing platform. This new version introduces automated DIY phishing kit generation capabilities, representing a significant escalation in the accessibility and effectiveness of phishing attacks against organizations … Read more

In an unprecedented cybersecurity incident, threat actors successfully orchestrated the largest cryptocurrency theft in history, extracting $1.46 billion worth of digital assets from Bybit exchange’s cold storage wallet. This sophisticated attack has surpassed the previous record holder – the 2022 Axie Infinity breach – by more than twofold, marking a significant escalation in cryptocurrency-related cyber … Read more

Microsoft Threat Intelligence researchers have uncovered a sophisticated update to the XCSSET malware, marking its first major evolution since 2022. This enhanced variant specifically targets macOS developers using Xcode development environment, implementing advanced evasion techniques and novel infection mechanisms that pose significant risks to the Apple development ecosystem. Advanced Persistence Mechanisms Reveal Sophisticated Evolution The … Read more

Google’s Threat Intelligence Group (TIG) has uncovered a sophisticated attack campaign targeting Signal messenger users worldwide. The attack exploits Signal’s legitimate device linking functionality through manipulated QR codes, potentially exposing users’ private communications to unauthorized access. This discovery represents a significant security concern as it doesn’t require full device compromise to succeed. Understanding the QR … Read more

Security researchers at Elastic Security Labs have uncovered a sophisticated new malware family dubbed FinalDraft, which employs an innovative technique to conceal its command-and-control (C2) communications through Microsoft Outlook draft folders. This advanced persistent threat demonstrates how cybercriminals are increasingly leveraging legitimate cloud services to evade detection while conducting malicious operations. Technical Analysis: Infection Chain … Read more

Cybersecurity researchers have detected widespread exploitation attempts targeting a newly discovered critical vulnerability (CVE-2025-0108) in Palo Alto Networks’ PAN-OS firewall systems. The security flaw, rated 7.8 on the CVSS severity scale, enables malicious actors to bypass authentication mechanisms in the device management web interface, potentially compromising enterprise network security. Technical Analysis of the Authentication Bypass … Read more

A significant development in digital communications security has emerged as X (formerly Twitter) implements new restrictions targeting Signal’s secure messaging platform. The social media giant has begun blocking Signal.me URLs, which are primarily used for sharing contact information between Signal messenger users, raising concerns about digital communication freedom and platform control. Technical Analysis of the … Read more

Microsoft has released an emergency security update addressing a critical privilege escalation vulnerability (CVE-2025-24989) in its Power Pages platform. The vulnerability, which carries a CVSS score of 8.2, has been actively exploited in the wild as a zero-day threat, prompting immediate attention from security professionals and system administrators. Technical Analysis of the Security Vulnerability The … Read more