Cybersecurity News

A significant global security incident affecting DrayTek routers has emerged, causing widespread disruptions across multiple countries. Network administrators and security professionals are reporting systematic failures characterized by connection losses and recursive reboots across various DrayTek router models, indicating a potential large-scale security breach or critical firmware malfunction. Incident Analysis and Impact Assessment Major internet service … Read more

Security researchers at watchTowr Labs have uncovered a severe remote code execution (RCE) vulnerability in Veeam Backup & Replication, a widely-deployed enterprise backup solution. The vulnerability, tracked as CVE-2025-23120, received a critical CVSS score of 9.9 out of 10, affecting all version 12 builds up to 12.3.0.310, putting numerous organizations at significant risk. Understanding the … Read more

Blizzard Entertainment has implemented significant security policy changes for World of Warcraft Classic’s hardcore mode following a series of sophisticated Distributed Denial of Service (DDoS) attacks. These targeted cyber assaults have resulted in unprecedented character losses and severe gameplay disruptions, highlighting the growing challenges of maintaining security in modern gaming environments. Anatomy of the DDoS … Read more

A significant data breach affecting Keenetic router users has been revealed by CyberNews, exposing sensitive network configurations and device settings of over one million customers. The incident, which occurred in March 2023, predominantly impacted users in Russia and highlights serious concerns about IoT device security and cloud backup configurations. Breach Scope and Compromised Data Analysis … Read more

Cloudflare has announced a significant security enhancement for its API infrastructure, mandating HTTPS-only connections starting March 20, 2025. This decisive move will completely eliminate HTTP access to api.cloudflare.com, marking a crucial step forward in protecting sensitive data transmission and strengthening API security protocols. Understanding the Security Implications of HTTPS-Only API Access The transition to mandatory … Read more

A significant security breach has been discovered in Oracle’s cloud infrastructure, potentially exposing sensitive data of over 6 million users. Despite Oracle’s official denials, mounting evidence suggests a widespread compromise of the company’s federated SSO servers, raising serious concerns about cloud security integrity. Breach Details and Attack Vector Analysis The security incident came to light … Read more

Security researchers have identified a critical vulnerability (CVE-2025-2825) in CrushFTP software that enables unauthorized access to servers through HTTP(S) ports. This security flaw affects both versions 10 and 11 of the popular file transfer solution, potentially exposing thousands of enterprise servers to cyber attacks. Understanding the Technical Impact The vulnerability specifically targets CrushFTP’s web interface … Read more

Cybersecurity researchers at Solar 4RAYS have uncovered a sophisticated Linux rootkit named Puma, developed and deployed by the pro-Ukrainian threat actor Shedding Zmiy. This discovery represents a significant evolution in malware capabilities, particularly in its advanced stealth mechanisms and persistent threat characteristics. Anatomy of the Advanced Persistent Threat The malware was identified during a security … Read more

In a landmark decision, the U.S. Department of Treasury has lifted sanctions against Tornado Cash, a prominent decentralized cryptocurrency mixing service previously accused of facilitating extensive money laundering operations. This regulatory shift marks a crucial turning point in the oversight of cryptocurrency privacy tools and their legal status within the financial system. Understanding the Sanctions … Read more

Cybersecurity researchers have uncovered a sophisticated malware distribution campaign exploiting Valve’s Steam platform through a fraudulent game listing. The operation, centered around a non-existent game titled “Sniper: Phantom’s Resolution,” demonstrates an emerging threat vector targeting the gaming community with advanced infostealer malware. Anatomy of the Steam Platform Attack The threat actors orchestrated a well-crafted social … Read more