CISA Warns of SonicWall 0-day RCE Vulnerability Exploited in Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability, CVE-2025-23006, affecting SonicWall’s Secure Mobile Access (SMA) 1000 series appliances.
This vulnerability, actively exploited in the wild, poses...
Bypassing EDR Detection by Exploiting Hardware Breakpoints at CPU Level
Adversaries continue to innovate methods to bypass Endpoint Detection and Response (EDR) systems. An exceptionally sophisticated approach involves leveraging hardware breakpoints at the CPU level to evade detection mechanisms such as Event Tracing for...
New Ransomware Attacking VMware ESXi Hosts Via SSH Tunneling
New ransomware strains are quietly infiltrating VMware ESXi hosts by setting up SSH tunnels and concealing malicious traffic within legitimate activity.
This stealth tactic allows attackers to access critical virtual machine environments without triggering many...
PoC Exploit Released For Critical Microsoft Outlook (CVE-2025-21298) Zero-Click RCE Vulnerability
A new proof-of-concept (PoC) has been released for Microsoft Outlook zero-click remote code execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE), identified as CVE-2025-21298.
The PoC demonstrates memory corruption, shedding light on the...
GhostGPT – New AI Black Hat Tool Used by Hackers to Generative Malware &...
The development of generative AI offered both opportunities for beneficial productivity transformation and opportunities for malicious exploitation.
GhostGPT, an uncensored AI chatbot created specifically for cybercrime, is the most recent threat in this domain.
GhostGPT, which...
China Hackers Compromised VPN Service Provider in Supply-Chain Attack
A sophisticated supply-chain attack targeting a South Korean VPN provider. The attack has been attributed to a previously undisclosed China-aligned Advanced Persistent Threat (APT) group, now named PlushDaemon.
The operation, discovered in May 2024, involved...
Record-breaking 5.6 Tbps DDoS Attack From 13,000 Mirai Hacked Devices
Cloudflare recently thwarted the largest distributed denial-of-service (DDoS) attack ever recorded, peaking at an unprecedented 5.6 terabits per second (Tbps).
The attack, which occurred on October 29, 2024, targeted an Internet Service Provider (ISP)...
50,000 Fortinet Firewalls Remain Vulnerable to Critical Zero-Day Exploit
As of January 22, 2025, nearly 50,000 Fortinet firewall devices remain exposed to a critical zero-day vulnerability (CVE-2024-55591) despite urgent warnings and available patches.
The flaw, which has been actively exploited since November 2024, allows...
OWASP Top 10 2025 – Most Critical Weaknesses Exploited/Discovered
The Open Web Application Security Project (OWASP) has released its much-anticipated Smart Contract Top 10 for 2025, a comprehensive awareness document aimed at equipping Web3 developers and security teams with the knowledge to combat...
Let’s Encrypt Announces 6-day Validity Certificates
Let’s Encrypt, the non-profit certificate authority, has introduced six-day validity certificates, commonly referred to as short-lived certificates.
This new offering, set to roll out in stages throughout 2025, represents a major shift in how digital...