Apple Releases Security Updates to Fix Three Actively Exploited Zero-Day Vulnerabilities in iOS and macOS
Apple has released critical security updates to address three zero-day vulnerabilities actively exploited in the wild, extending these fixes to older iOS and macOS devices. The vulnerabilities, identified as CVE-2025-24085,…
Russian Hackers Exploit CVE-2025-26633 in Microsoft MMC: Critical Zero-Day Vulnerability Under Attack
A Russian cybercriminal group, identified as Water Gamayun (also known as EncryptHub and LARVA-208), has been exploiting a zero-day vulnerability in the Microsoft Management Console (MMC) framework, designated as CVE-2025-26633…
Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability
Google has issued an emergency security update for its Chrome browser on Windows to address a high-severity zero-day vulnerability, identified as CVE-2025-2783, which has been actively exploited in targeted attacks…
Apache Tomcat CVE-2025-24813 Exploited in the Wild – Patch Now to Prevent Attacks
A critical security vulnerability identified as CVE-2025-24813 has been discovered in Apache Tomcat, a widely used open-source Java servlet container. This flaw is actively being exploited in the wild, allowing…
GitHub Uncovers Critical Ruby-SAML Vulnerabilities: Urgent Patch Required
GitHub’s Security Lab has identified two severe vulnerabilities in the open-source ruby-saml library, which could enable attackers to bypass Security Assertion Markup Language (SAML) authentication mechanisms. These vulnerabilities pose a…
Microsoft Alerts on New ‘ClickFix’ Phishing Scam Targeting Hospitality Industry via Booking.com
In a recent cybersecurity alert, Microsoft has identified an ongoing phishing campaign targeting the hospitality sector by impersonating the online travel agency Booking.com. This campaign employs a sophisticated social engineering…
Apple Releases Emergency Security Patch for WebKit Zero-Day Vulnerability (CVE-2025-24201)
Apple has rolled out an urgent security update to patch a zero-day vulnerability in WebKit (CVE-2025-24201), which has been actively exploited in the wild. This flaw, found in the Safari…
Chinese Hackers Exploit Juniper Networks Routers with Advanced Backdoors and Rootkits
In a recent cybersecurity incident, the Chinese cyber espionage group known as UNC3886 has successfully breached Juniper Networks’ end-of-life MX routers. This sophisticated attack involved deploying custom backdoors and rootkits,…
SideWinder APT Targets Maritime, Nuclear, and Critical Infrastructure: A Deep Dive into the Latest Cyber Espionage Campaigns
A sophisticated cyber espionage campaign has emerged, targeting maritime logistics, nuclear energy infrastructure, and diplomatic entities across South and Southeast Asia, the Middle East, and Africa. The SideWinder APT (Advanced…
Blind Eagle Cyberattack on Colombia: A Deep Dive into the APT-C-36 Threat
In a recent cybersecurity incident, the infamous hacker group Blind Eagle (APT-C-36) has launched a series of attacks on Colombian institutions and government agencies. The cyber espionage group, which has…