PipeMagic Trojan Exploits Windows CLFS for Stealth Attacks A newly identified PipeMagic trojan exploits the Common Log File System (CLFS) in Windows to launch sophisticated attacks. Security researchers observed the malware injecting itself into system processes using a previously undocumented technique related to Windows’ CLFS driver. This stealthy approach helps bypass many endpoint defences, allowing […]

WordPress Sites Under Threat from Stealthy MU Plugins Cybercriminals are exploiting WordPress MU plugins (commonly known as “must-use” plugins) to maintain persistent access to WordPress sites. By disguising their backdoors or malicious scripts as MU plugins, attackers can evade standard plugin checks and remain undetected. These sneaky plugins load automatically whenever WordPress runs, making it […]

The Top Three MS Office Exploits Hackers Are Using Right Now Recent findings highlight the top three Microsoft Office exploits that cybercriminals are frequently using in real-world attacks. These include flaws in macro-enabled documents, malicious embedded objects, and privilege escalation vulnerabilities—often leveraged via phishing emails or booby-trapped Office files. Attackers exploit users’ trust in familiar […]

10 Critical Network Penetration Test Findings Every Organisation Should Know The article highlights the 10 most common and critical findings from network penetration tests, illustrating how weaknesses in infrastructure, misconfigurations, and unpatched systems can expose organisations to serious threats. It starts by stressing the importance of regular pentesting and quickly dives into each finding: Ensuring […]

Researchers Reveal 46 Critical Security Vulnerabilities in Embedded Systems Researchers have identified 46 critical vulnerabilities affecting a range of embedded systems, including IoT devices and other networked hardware. These flaws pose significant risks, as attackers could potentially exploit them to gain remote access, disrupt operations, or exfiltrate sensitive data. The vulnerabilities affect multiple vendors, some […]

CoffeeLoader Malware Conceals Code with GPU Techniques Researchers have discovered a new CoffeeLoader malware strain that leverages GPU-based obfuscation techniques to hide malicious code on compromised systems. By shifting some functionalities to the graphics card’s memory, CoffeeLoader reduces its footprint in system RAM, making it harder for conventional antivirus and endpoint detection tools to spot. […]

Critical AMI BMC Vulnerability Revealed, Putting Servers at Risk Security researchers have identified a critical vulnerability in American Megatrends Inc. (AMI) baseboard management controller (BMC) software. BMCs provide remote management features for servers, including power cycling and hardware monitoring. The newly discovered flaw could enable attackers with network access to bypass authentication controls, potentially allowing […]

Resurge Malware Exploits Ivanti Flaw, Prompting Urgent Patching A new strain of Resurge malware has been spotted exploiting a recently disclosed vulnerability in Ivanti’s product line, notably affecting Ivanti Endpoint Manager. According to security researchers, attackers can leverage this flaw to gain unauthorised access, potentially enabling remote code execution or privilege escalation. The malware then […]

According to the latest Patch Tuesday announcement, Microsoft has released 57 security fixes covering a broad range of products, including Windows OS, Microsoft Office, and Azure services. Among the patched flaws are several that attackers have already exploited in the wild, emphasising the need for immediate deployment. Security experts advise users and IT teams to […]