Hackers Exploit PowerShell for Stealth Attacks

North Korean Hackers Exploit PowerShell for Stealth Attacks A recent report highlights that North Korean state-sponsored hackers are exploiting PowerShell-based scripts to infiltrate targeted systems worldwide. According to security researchers, the attackers rely on sophisticated social engineering tactics and cleverly disguised payloads to bypass traditional detection methods. Once inside a network, they move laterally, extract […]

Read More

MS Feb 25 Patch

Microsoft’s February 2025 Patch Tuesday addresses a total of 63 security flaws across various products, including two zero-day vulnerabilities under active exploitation. These zero-day bugs reportedly allow attackers to escalate privileges on Windows systems without user interaction. The updates cover an extensive range of Microsoft software, from Windows OS components and Exchange Server to developer […]

Read More

Palo Alto Patches Auth Bypass

Palo Alto Networks has released a new set of security patches addressing several vulnerabilities within its PAN-OS operating system, the backbone of its next-generation firewalls. These flaws range in severity but include at least one critical issue that could allow remote threat actors to gain unauthorised access or execute arbitrary code. According to initial advisories, […]

Read More

AI-Powered Social Engineering

In this article, security researchers highlight how artificial intelligence (AI) is evolving social engineering tactics to an unprecedented level of sophistication. Using advanced algorithms, cybercriminals can quickly gather personal data, generate highly convincing messages, and personalise attacks to trick individuals and businesses. The article stresses the importance of proactive security measures, educating users about AI-based […]

Read More

WhoAmI Attack Exploits

New ‘WhoAmI’ Attack Targets AWS AMI Naming to Slip Malicious Images Into Cloud Deployments Introduction A recently discovered cybersecurity threat, referred to as the WhoAmI attack, is taking aim at Amazon Web Services (AWS). By manipulating the naming of Amazon Machine Images (AMIs), attackers can introduce harmful images into AWS instances. This tactic allows them […]

Read More

PostgreSQL Vulnerability

Article Summary A newly discovered vulnerability in PostgreSQL has attracted attention from both security researchers and cybercriminals. Attackers have reportedly exploited this flaw to gain unauthorised access, potentially placing sensitive information at risk. The vulnerability allows malicious users to manipulate database queries and, in some cases, even escalate privileges. PostgreSQL maintainers have issued patches, emphasising […]

Read More

Whatsapp zero-click iOS vulnerability

Meta Confirms Zero-Click WhatsApp Vulnerability on iOS Meta has publicly confirmed that WhatsApp, one of the world’s most-used messaging services, recently contained a serious zero-click vulnerability on iOS devices. This flaw allowed attackers to compromise a target’s smartphone without requiring the user to tap or open any link. How the Attack Worked A zero-click exploit […]

Read More

Hackers crack weak common passwords

A recent article explores how quickly modern cybercriminals can crack various types of passwords. Thanks to advancements in hardware and new cracking techniques, the time it takes to breach weak or common passwords has drastically shortened. The piece highlights why basic combinations (like “123456” or “password”) are exceptionally vulnerable and how even seemingly complex passwords […]

Read More

Ransomware actively targeting VMware ESXi

A new ransomware strain is actively targeting VMware ESXi systems through a previously disclosed security flaw, according to a recent report. Attackers exploit unpatched servers running virtual machines, enabling them to encrypt large numbers of workloads swiftly. By focusing on the hypervisor rather than individual machines, criminals aim for maximum operational disruption. Security researchers indicate […]

Read More