Russian APT28 Hackers Exploit Zero-Day in MDaemon Webmail in Operation RoundPress
A newly uncovered cyber-espionage campaign, Operation RoundPress, has been linked to the Russian state-sponsored threat actor APT28, also known as Fancy Bear, Sednit, and BlueDelta. The attackers exploited multiple webmail…
Samsung Patches CVE-2025-4632 Flaw Exploited by Mirai Botnet in MagicINFO 9 Server
Samsung has released a critical security update to patch CVE-2025-4632, a high-severity vulnerability in its MagicINFO 9 Server platform actively exploited by attackers to deploy the Mirai botnet. CVE-2025-4632: What…
Marbled Dust Hackers Exploit Output Messenger Zero-Day to Deploy Golang Backdoors
A Türkiye-affiliated advanced persistent threat (APT) group, dubbed Marbled Dust, has been linked to the active exploitation of a zero-day vulnerability in Output Messenger, an enterprise communication platform developed by…
Critical SAP Vulnerability CVE-2025-31324 Exploited in Ongoing Cyberattacks
In a major cybersecurity development, several China-linked advanced persistent threat (APT) groups have been identified actively exploiting a critical vulnerability in SAP NetWeaver systems, known as CVE-2025-31324. This flaw, which…
Google Patches Actively Exploited Android Vulnerability CVE-2025-27363 in May 2025 Security Bulletin
May 6, 2025 — Google has issued its monthly Android security bulletin, highlighting a major vulnerability—CVE-2025-27363—that is confirmed to have been actively exploited in the wild. The critical flaw is…
Wormable AirPlay Flaws Allow Zero-Click Attacks on Apple and Third-Party Devices
Cybersecurity researchers have uncovered a series of critical vulnerabilities in Apple’s AirPlay protocol, collectively dubbed “AirBorne,” that could allow attackers to take control of devices without user interaction. These flaws,…
Critical Commvault Vulnerability Actively Exploited, Added to CISA’s KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Commvault’s Command Center to its Known Exploited Vulnerabilities (KEV) catalog, following confirmed reports of active exploitation.…
SentinelOne Uncovers Chinese APT ‘PurpleHaze’ Targeting Global Enterprises in Espionage Campaign
Cybersecurity firm SentinelOne has identified a sophisticated cyber-espionage campaign attributed to a China-linked threat cluster known as “PurpleHaze.” This group has been conducting reconnaissance operations against SentinelOne’s infrastructure and several…
Over 1,200 SAP NetWeaver Servers Exposed to Critical Vulnerability Actively Exploited in the Wild
A critical security flaw in SAP NetWeaver Application Server has left over 1,200 servers exposed to potential attacks, with threat actors actively exploiting the vulnerability to gain unauthorized access and…
Supply Chain Cyberattack Hits South Korean Firms: Lazarus Group Behind Operation
In a recent surge of cyber activity attributed to North Korea’s notorious Lazarus Group, six South Korean firms across various industries have fallen victim to a targeted supply chain cyberattack…