Security News

Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan
2025-04-21 16:42

Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting...

⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More
2025-04-21 10:10

Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday...

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now
2025-04-19 14:05

Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. [...]

Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now
2025-04-17 21:34

A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. [...]

⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More
2025-04-14 11:19

Attackers aren’t waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and...

Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
2025-04-11 17:55

Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched....

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices
2025-04-11 17:46

A threat actor that has been using known old FortiOS vulnerabilities to breach FortiGate devices for years has also been leveraging a clever trick to maintain undetected read-only access to them...

Hackers exploit WordPress plugin auth bypass hours after disclosure
2025-04-10 19:11

Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. [...]

PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware
2025-04-09 08:04

Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets....

⚡ Weekly Recap: VPN Exploits, Oracle's Silent Breach, ClickFix Surge and More
2025-04-07 11:25

Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the code we trust, and malware hides not just in shady apps — but...