Windows Flaw CVE-2025-24054 Actively Exploited to Steal NTLM Passwords
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new Windows security flaw, CVE-2025-24054, to its Known Exploited […]
Apache Roller Vulnerability (CVE-2025-24859) Allows Unauthorized Access After Password Reset
A critical security vulnerability has been discovered in Apache Roller, a widely used open-source Java-based blogging server, which puts websites
Pakistan-Linked SideCopy APT Strikes Indian Government Agencies
A well-known hacker group named SideCopy APT is targeting Indian government ministries and critical infrastructure with dangerous cyberattacks. According to
Google Chrome 136 Update Stops Websites from Tracking Your Browsing History
Google has finally addressed a major privacy flaw in its Chrome browser that allowed websites to track a user’s browsing
Microsoft Defender Now Blocks Unknown Devices to Stop Cyberattacks
Microsoft is rolling out a new security feature in its Defender for Endpoint platform designed to block cyberattacks before they
CVE-2025-3102: OttoKit WordPress Plugin Exploit Gives Hackers Full Site Control
A serious security vulnerability in the popular OttoKit WordPress plugin (formerly known as SureTriggers) is being actively exploited by hackers
CVE-2025-30406: CentreStack Vulnerability Lets Hackers Remotely Control Servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious security vulnerability affecting Gladinet CentreStack,
CVE-2024-48887: Fortinet Warns of Severe Flaw in FortiSwitch Admin Interface
Fortinet, a global leader in cybersecurity solutions, has issued an urgent warning to all users of its FortiSwitch products. The
Google Fixes Two Actively Exploited Android Bugs in April 2025 Update
Google has rolled out its April 2025 Android security update, fixing a total of 62 vulnerabilities, including two high-severity flaws
Cryptojacking via VS Code: Hidden Crypto Miners Found in 300K Devices
A large-scale cryptojacking campaign has been discovered using malicious Visual Studio Code (VS Code) extensions. According to cybersecurity researchers at
CVE-2025-22457: Ivanti Connect Secure Zero-Day and Chinese APT Group
Ivanti has rolled out important security patches for a serious vulnerability in its Connect Secure VPN appliances. The flaw, tracked
Supply Chain Breach: SpotBugs PAT Theft Triggers GitHub Malware Spread
A recent GitHub supply chain attack that initially impacted Coinbase has now been traced back to a deeper issue: the
Severe Apache Parquet Flaw (CVE-2025-30065) Exposes Big Data Systems
A maximum severity remote code execution (RCE) vulnerability has been identified in Apache Parquet, affecting all versions up to and
Hackers Use GitHub C2 and Call Stack Spoofing in Latest Malware Attacks
Cybersecurity researchers have uncovered an updated version of the malware loader known as Hijack Loader, which incorporates advanced techniques to
PostgreSQL Under Attack: Fileless Malware Infects 1,500+ Cloud Servers
Cybercriminals are actively exploiting misconfigured PostgreSQL servers to deploy a fileless cryptominer, with over 1,500 systems compromised. Security researchers at