Cybersecurity researchers have uncovered a serious security flaw in the control panel used by operators of the StealC malware. This weakness allowed experts to secretly observe how the attackers were running their operations. Such access is rare and valuable, as it provides direct insight into real cybercrime activity. The finding highlights how even criminal tools … Continued
Security researchers have disclosed a targeted cyber-espionage campaign that used politically themed spear-phishing emails to target U.S. government and policy-related organizations with a previously undocumented backdoor known as LOTUSLITE. The activity leveraged lures tied to recent geopolitical developments involving the United States and Venezuela. The phishing emails delivered a ZIP archive titled “US now deciding … Continued
Cisco has issued emergency security updates for a previously exploited zero-day vulnerability affecting its enterprise email security infrastructure, after confirming real-world attacks linked to a China-associated threat actor identified as UAT-9686. What Was Fixed The flaw, assigned CVE-2025-20393, allows unauthenticated remote command execution and has been given a CVSS severity score of 10.0. The … Continued
The Federal Trade Commission (FTC) has banned General Motors (GM) from selling drivers’ location and driving behavior data for five years. The decision comes after a federal investigation into GM’s data-sharing practices. Regulators found that sensitive vehicle data was shared without proper transparency. The ban officially applies across the United States. The FTC said GM … Continued
Palo Alto Networks has released a security update to fix a serious vulnerability in its PAN-OS firewall software. The issue affects systems that use the GlobalProtect gateway or portal feature. If left unpatched, the flaw could allow attackers to disrupt firewall operations. The company has confirmed the issue through an official security advisory. The vulnerability … Continued
Monroe University has confirmed that a major data breach in December 2024 affected 320,973 individuals. The incident occurred when unauthorized attackers gained access to the university’s internal systems. The intrusion lasted for nearly two weeks, from December 9 to December 23, 2024, during which files were copied from the network. After discovering the cyberattack, Monroe … Continued
In late 2025, Ukrainian cybersecurity authorities uncovered a new malware campaign that targeted members of Ukraine’s defense forces. The attackers used trusted messaging platforms like Signal and WhatsApp to spread the infection. This made the attack more dangerous because victims did not expect threats from these secure apps. The campaign was active between October and … Continued
A new malware campaign has been identified by cybersecurity researchers that targets Windows systems using a multi-stage attack method. The attackers are spreading a dangerous remote access malware known as Remcos RAT. This campaign uses advanced techniques to avoid detection and gain full control over infected computers. Security experts confirm that the threat is active … Continued
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Gogs vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming it is being actively exploited in the wild. The flaw, CVE-2025-8110 (CVSS 8.7), impacts Gogs and arises from a path traversal issue in the repository file editor. Improper handling of symbolic links in … Continued
BreachForums, a well-known underground hacking forum, has suffered a major database leak that exposed information linked to its own users. The incident has surprised many in the cybersecurity community. A platform known for trading stolen data has now become a victim itself. Researchers say this leak changes the usual balance between attackers and defenders. BreachForums … Continued
