Security News

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
2025-03-31 16:41

The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp....

Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
2025-03-31 12:04

Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites....

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
2025-03-30 05:07

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched...

BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
2025-03-29 03:52

In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial...

Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection
2025-03-27 20:05

Microsoft’s .NET MAUI lets developers build cross-platform apps in C#, but its use of binary blob files poses new risks by bypassing Android’s DEX-based security checks.

Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!
2025-03-27 10:00

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office...

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
2025-03-27 06:23

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited...

EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
2025-03-26 13:53

The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and...

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
2025-03-26 11:10

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in...

Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
2025-03-21 05:09

Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in...