IBM QRadar SIEM Vulnerabilities Allows Attackers to Execute Arbitrary Commands
Multiple high-severity vulnerabilities in IBM QRadar SIEM could allow attackers to execute arbitrary commands and access sensitive data.
The most critical flaw, tracked as CVE-2025-33117, carries a CVSS score of 9.1 and enables privileged users...
GodFather Android Malware Leverages On-Device Virtualization Technique to Hijack Legitimate Banking Apps
A sophisticated evolution of the GodFather banking malware has emerged, introducing a groundbreaking attack methodology that exploits on-device virtualization to compromise legitimate mobile applications.
This advanced threat represents a significant departure from traditional overlay attacks,...
Tesla Wall Connector Charger Hacked Through Charging Port in 18-Minute Attack
Tesla's popular Wall Connector home charging system was exploited during the January 2025 Pwn2Own Automotive competition, demonstrating how attackers could gain control of the device through the charging cable itself.
The groundbreaking attack targeted the...
Qilin Ransomware Emerges as World’s Top Threat, Demands $50 Million Ransom
Qilin ransomware has rapidly ascended to become the world's most prevalent ransomware threat, accumulating over $50 million in ransom payments throughout 2024 alone.
Originally developed as 'Agent' in 2022 and later recorded in the Rust...
New Sophisticated Attack Exploits Google App Passwords to Bypass Multi-Factor Authentication
A sophisticated Russian state-sponsored cyber operation has successfully exploited Google's App-Specific Password (ASP) feature to bypass multi-factor authentication protections, targeting prominent critics of Russia in a campaign that demonstrates the evolving threat landscape facing...
100,000+ WordPress Sites Exposed to Privilege Escalation Attacks via MCP AI Engine
A critical security vulnerability has emerged in the WordPress ecosystem, exposing over 100,000 websites to privilege escalation attacks through the AI Engine plugin's Model Context Protocol (MCP) implementation.
The vulnerability, designated CVE-2025-5071 with a high...
North Korean Hackers Using Weaponized Calendly and Google Meet Link to Deliver Malware
A sophisticated North Korean Advanced Persistent Threat (APT) group has been identified deploying malware through weaponized meeting scheduling platforms, targeting cryptocurrency organizations with an elaborate social engineering campaign that combines deepfake technology, legitimate meeting...
Silver Fox APT Using Weaponized Medical Software to Deploy Remote Access Tools & Disable...
A sophisticated China-based advanced persistent threat group known as Silver Fox has emerged as a significant cybersecurity concern, leveraging trojanized medical software to infiltrate healthcare organizations and public sector entities.
Active since 2024, this state-sponsored...
60+ GitHub Repositories Exploited to Store Windows-Based Payloads to Steal Sensitive Data
A sophisticated supply chain attack campaign has emerged targeting software developers through the exploitation of over 60 GitHub repositories containing trojanized Python files designed to steal sensitive Windows-based data.
The threat actor, known as Banana...
Gamers Under Attack! Fake Minecraft Mods Allow Attackers to Control Your System
The gaming community faces a sophisticated new threat as cybercriminals exploit the massive popularity of Minecraft to distribute advanced malware through fake modifications.
With over 200 million monthly active players and more than 1 million...
