Chinese Hackers Deploy Upgraded MysterySnail RAT to Target Russian and Mongolian Governments
A suspected Chinese state-sponsored hacking group, known as IronHusky, has launched a sophisticated cyber-espionage campaign targeting Russian and Mongolian government institutions. The attack involves a revamped version of the MysterySnail…
Windows Vulnerability CVE-2025-24054 Actively Exploited to Steal NTLM Credentials
A medium-severity vulnerability in Microsoft Windows, identified as CVE-2025-24054, is currently under active exploitation, enabling attackers to steal NTLM credentials through minimal user interaction. The U.S. Cybersecurity and Infrastructure Security…
U.S. Government Extends Funding for MITRE’s CVE Program Amid Cybersecurity Concerns
In a critical move to maintain global cybersecurity infrastructure, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has extended its contract with the MITRE Corporation to continue operating the Common…
Pakistan-Linked Hackers Expand Espionage Campaigns, Targeting Key Indian Sectors with Advanced Malware
A Pakistan-linked cyber espionage group has significantly broadened its targeting footprint in a new wave of attacks against Indian organizations. According to a report published by cybersecurity firm SEQRITE, this…
SpyNote, BadBazaar, and MOONSHINE Malware Exploit Fake Apps to Target Android and iOS Users
Cybersecurity experts have uncovered a series of sophisticated malware campaigns—SpyNote, BadBazaar, and MOONSHINE—designed to compromise Android and iOS devices through deceptive applications and websites. SpyNote Malware Disguised as Legitimate Apps…
Advanced Threat Actors Shift Focus to Firmware-Level Persistence on FortiGate Devices
Fortinet has issued a critical advisory revealing that threat actors are maintaining unauthorized, read-only access to FortiGate devices even after the initial vulnerabilities have been patched. This persistent access is…
Unpatched NVIDIA Container Toolkit Bug Could Let Attackers Escape Docker and Hijack Linux Hosts
In September 2024, NVIDIA addressed a critical vulnerability in its Container Toolkit, identified as CVE-2024-0132, which had a CVSS score of 9.0. This Time-of-Check Time-of-Use (TOCTOU) flaw allowed specially crafted…
Gamaredon Hackers Use Infected USB Drives to Target Western Military in Ukraine with GammaSteel Malware
The Russian-affiliated cyber-espionage group Gamaredon, also known as Shuckworm, has recently been implicated in a cyber attack targeting a Western military mission stationed in Ukraine. This operation aimed to deploy…
Critical FortiSwitch Vulnerability (CVE-2024-48887) Prompts Urgent Firmware Updates from Fortinet
Fortinet has issued a critical security advisory concerning a significant vulnerability in its FortiSwitch product line. The flaw, designated as CVE-2024-48887, has been assigned a CVSS (Common Vulnerability Scoring System)…
Apple Releases Security Updates to Fix Three Actively Exploited Zero-Day Vulnerabilities in iOS and macOS
Apple has released critical security updates to address three zero-day vulnerabilities actively exploited in the wild, extending these fixes to older iOS and macOS devices. The vulnerabilities, identified as CVE-2025-24085,…