High School Dropout Sentenced to 20 Years for $38M Retirement Fund Hack
Evan Frederick Light, a 22-year-old from Lebanon, Indiana, has been sentenced to 20 years in federal prison for orchestrating a sophisticated cyber intrusion that led to the theft of over $37 million in cryptocurrency.
The...
Microsoft Edge Vulnerabilities Let Attackers Execute Remote Code – Update Now!
Microsoft has released a critical security update for its Edge browser, addressing multiple vulnerabilities that could allow attackers to execute remote code and compromise user systems.
Users are strongly urged to update their browsers immediately...
Parrot 6.3 Released With Improved Security & New Hacking Tools
ParrotOS, the cybersecurity-focused Linux distribution, has recently released its latest update, Parrot 6.3, which includes a number of new features, performance improvements, and updated tools to enhance the user experience.This release is designed to...
phpMyAdmin Vulnerability Let Hackers Trigger XSS Attack With Malicious Tables
A moderate-severity Cross-Site Scripting (XSS) vulnerability has been identified in phpMyAdmin, a widely used open-source tool for managing MySQL databases.
This flaw, tracked as CVE-2025-24530, affects versions 5.x prior to 5.2.2 and is linked to...
GhostGPT – New AI Black Hat Tool Used by Hackers to Generative Malware &...
The development of generative AI offered both opportunities for beneficial productivity transformation and opportunities for malicious exploitation.
GhostGPT, an uncensored AI chatbot created specifically for cybercrime, is the most recent threat in this domain.
GhostGPT, which...
New Cookie Sandwich Technique Let Attackers Bypass HttpOnly Flag On Servers
A newly discovered attack technique, dubbed the "cookie sandwich," enables attackers to bypass the HttpOnly flag on certain servers, exposing sensitive cookies, including session identifiers, to client-side scripts.
The "cookie sandwich" attack exploits flaws in...
China Hackers Compromised VPN Service Provider in Supply-Chain Attack
A sophisticated supply-chain attack targeting a South Korean VPN provider. The attack has been attributed to a previously undisclosed China-aligned Advanced Persistent Threat (APT) group, now named PlushDaemon.
The operation, discovered in May 2024, involved...
Record-breaking 5.6 Tbps DDoS Attack From 13,000 Mirai Hacked Devices
Cloudflare recently thwarted the largest distributed denial-of-service (DDoS) attack ever recorded, peaking at an unprecedented 5.6 terabits per second (Tbps).
The attack, which occurred on October 29, 2024, targeted an Internet Service Provider (ISP)...
50,000 Fortinet Firewalls Remain Vulnerable to Critical Zero-Day Exploit
As of January 22, 2025, nearly 50,000 Fortinet firewall devices remain exposed to a critical zero-day vulnerability (CVE-2024-55591) despite urgent warnings and available patches.
The flaw, which has been actively exploited since November 2024, allows...
Vim Command Line Text Editor Vulnerability Tiggers Potential Crash
A segmentation fault vulnerability has been identified in the popular command-line text editor Vim, affecting versions before 9.1.1043.
This flaw, CVE-2025-24014, exposes users to a potential crash when operating Vim in silent Ex mode (-s...