Cybersecurity News

Security researchers at Wiz have uncovered a sophisticated supply chain attack targeting GitHub Actions, compromising over 23,000 organizations worldwide. The attack, which centered on the popular tj-actions/changed-files component, revealed a complex cascade of security breaches originating from the compromise of the reviewdog/action-setup@v1 package. Understanding the Attack Vector and Its Impact The security incident exposed sensitive … Read more

A significant controversy has erupted in the cybersecurity community regarding Microsoft Security Response Center’s (MSRC) vulnerability reporting requirements, highlighting broader issues in how tech giants handle security researchers’ submissions. The dispute began when renowned security researcher Will Dormann encountered what many experts consider unnecessary bureaucratic obstacles in the vulnerability reporting process. The Evolution of Vulnerability … Read more

Kaspersky’s cybersecurity researchers have uncovered an alarming expansion in the operations of the SideWinder APT group (also known as T-APT-04 and RattleSnake), with a particular focus on nuclear energy facilities across South Asia. This sophisticated threat actor has significantly broadened its attack surface in 2024, targeting nuclear power plants and related government agencies with advanced … Read more

Cybersecurity researchers at EclecticIQ have uncovered a sophisticated new attack framework called BRUTED, developed by the notorious Black Basta ransomware group. This automated tool represents a significant evolution in cyber threats, specifically targeting corporate networks through vulnerabilities in edge devices and VPN gateways, raising serious concerns for enterprise security professionals. Technical Analysis of BRUTED’s Capabilities … Read more

WhatsApp’s security team has discovered and patched a critical zero-day vulnerability that cybercriminals actively exploited to deploy the sophisticated Graphite spyware. The malware, developed by Israeli firm Paragon Solutions Ltd., utilized a zero-click attack vector that enabled automatic malicious software installation on targeted devices without any user interaction. Technical Analysis of the Zero-Click Attack Vector … Read more

Offensive Security has unveiled Kali Linux 2025.1a, marking the first release of 2025 for the industry-leading penetration testing distribution. This significant update introduces enhanced security testing capabilities, refined visual elements, and crucial technical improvements designed to empower cybersecurity professionals in their assessment workflows. Enhanced Visual Experience and Interface Refinements The latest release features a comprehensive … Read more

A comprehensive security analysis conducted by Patchstack has unveiled alarming statistics about WordPress vulnerabilities in 2023, identifying 7,966 new security issues across the platform’s ecosystem. The findings highlight significant security challenges, particularly in third-party components, while the core WordPress system maintains robust security standards. WordPress Ecosystem Vulnerability Distribution: Plugins Present Major Risk The research reveals … Read more

Cybersecurity researchers at F6 have uncovered a previously unknown Advanced Persistent Threat (APT) group dubbed Telemancon, which has been actively targeting industrial organizations since February 2023. The group’s operations primarily focus on manufacturing enterprises, with a particular emphasis on military equipment producers and mechanical engineering facilities. Advanced Malware Arsenal: TMCDropper and TMCShell Analysis Security analysts … Read more

A comprehensive cybersecurity analysis by Positive Technologies reveals a concerning 13% increase in cyber incidents during Q4 2023 compared to the previous year. The report highlights that over half of all organizational attacks resulted in confidential data breaches, while one-third significantly disrupted business operations, marking a critical escalation in cyber threats. Social Engineering Dominates Corporate … Read more

Microsoft has confirmed a significant technical incident affecting Windows 10 and Windows 11 users worldwide. The March 2025 cumulative updates are automatically removing the integrated Copilot AI assistant from users’ systems, causing widespread disruption to artificial intelligence capabilities across the Windows ecosystem. Technical Details of the Windows Update Issue The problem stems from two specific … Read more