Nation-state cyber operations in 2025 show a new level of intensity, technical skill, and geopolitical purpose. Instead of isolated incidents, these events show patterns of spying, spreading false information, and targeting infrastructure that cross borders and sectors. From stealthy data theft to public website defacements and infrastructure damage, nation-state attacks are no longer quiet actions … Continued
Offense Meets Defense. Real-Time Cyber Battles Unpacked. Day 1 of Black Hat USA 2025 featured a thrilling Red vs Blue Team Simulation, where top cybersecurity pros clashed in a live cyber battle. The exercise revealed real-world lessons in offense, defense, and response. Attack Surface Blindness Hurts Red Teams easily exploited unknown assets and weak configs. … Continued
Security researchers from Cisco Talos have discovered five major security vulnerabilities in the firmware of Dell laptops. These flaws affect Dell’s ControlVault3 and ControlVault3+ chips, which are responsible for handling sensitive operations like biometric authentication and password storage. The vulnerabilities have been named “ReVault” and impact over 100 Dell Latitude and Precision laptop models commonly … Continued
As cyber threats grow more sophisticated by the hour, defending against them demands more than muscle it calls for real innovation. At Infosecurity Europe 2025, the brightest minds converged in London to showcase the next wave of cybersecurity breakthroughs, from AI-powered detection to next-gen endpoint controls. Out of hundreds of launches and demos, only a … Continued
A massive cyberattack campaign has been discovered targeting TikTok Shop users. Security researchers have found over 15,000 fake domains that are being used to trick users into downloading malware and stealing their cryptocurrency. This campaign, named “ClickTok” by cybersecurity firm CTM360, is one of the largest TikTok-related scams seen to date. The attackers are creating … Continued
Mozilla has recently issued a warning to Firefox add-on developers about a phishing campaign that is actively targeting their accounts. This campaign is specifically aimed at developers who use the addons.mozilla.org (AMO) platform to upload and manage their extensions. The attackers are trying to trick developers into handing over their login credentials by sending them … Continued
A hacking group named Storm-2603 has recently been found exploiting security weaknesses in Microsoft SharePoint servers. Their goal is to break into organizations and deploy ransomware. What’s really concerning is that they’re using a new kind of backdoor that works through DNS, which helps them control infected systems secretly over the internet. These attacks are … Continued
Microsoft has officially announced that its Authenticator app will no longer support password management features. Starting August 1, 2025, all stored passwords in the app will be removed. Before that, users already lost the ability to add new passwords in June, and in July, autofill was turned off. This change is part of Microsoft’s bigger … Continued
Google has officially launched the open beta of Device Bound Session Credentials DBSC for Chrome on Windows. This feature is designed to prevent session hijacking by tying session cookies to a specific device. DBSC was first announced as a prototype in early 2024, and after months of development and testing, it is now available for … Continued
Cybersecurity authorities at CISA have just added a serious flaw in PaperCut NG/MF print management software to their Known Exploited Vulnerabilities Catalog, marking it as actively exploited. This vulnerability, tracked as CVE-2023-2533, is a cross-site request forgery issue that attackers are currently using to target organizations globally. CISA officially listed this vulnerability on July 28, … Continued
