According to the reported findings, cyber-criminals are increasingly manipulating Cascading Style Sheets (CSS) to help their malware evade detection. By embedding malicious code within CSS files, attackers can stealthily deliver payloads, circumventing traditional security tools that focus on more common threat vectors like JavaScript or executable files. Security researchers warn that this tactic highlights a […]
A recently disclosed flaw in Apache Tomcat, a popular Java-based web server and servlet engine, has prompted urgent warnings from cybersecurity experts. According to the latest reports, attackers could exploit the vulnerability to run malicious code or escalate privileges within compromised systems, putting countless web services and applications at risk. Apache Tomcat powers a significant […]
North Korean Hackers Exploit PowerShell for Stealth Attacks A recent report highlights that North Korean state-sponsored hackers are exploiting PowerShell-based scripts to infiltrate targeted systems worldwide. According to security researchers, the attackers rely on sophisticated social engineering tactics and cleverly disguised payloads to bypass traditional detection methods. Once inside a network, they move laterally, extract […]
Microsoft’s February 2025 Patch Tuesday addresses a total of 63 security flaws across various products, including two zero-day vulnerabilities under active exploitation. These zero-day bugs reportedly allow attackers to escalate privileges on Windows systems without user interaction. The updates cover an extensive range of Microsoft software, from Windows OS components and Exchange Server to developer […]
Palo Alto Networks has released a new set of security patches addressing several vulnerabilities within its PAN-OS operating system, the backbone of its next-generation firewalls. These flaws range in severity but include at least one critical issue that could allow remote threat actors to gain unauthorised access or execute arbitrary code. According to initial advisories, […]
In this article, security researchers highlight how artificial intelligence (AI) is evolving social engineering tactics to an unprecedented level of sophistication. Using advanced algorithms, cybercriminals can quickly gather personal data, generate highly convincing messages, and personalise attacks to trick individuals and businesses. The article stresses the importance of proactive security measures, educating users about AI-based […]
New ‘WhoAmI’ Attack Targets AWS AMI Naming to Slip Malicious Images Into Cloud Deployments Introduction A recently discovered cybersecurity threat, referred to as the WhoAmI attack, is taking aim at Amazon Web Services (AWS). By manipulating the naming of Amazon Machine Images (AMIs), attackers can introduce harmful images into AWS instances. This tactic allows them […]
Meta Confirms Zero-Click WhatsApp Vulnerability on iOS Meta has publicly confirmed that WhatsApp, one of the world’s most-used messaging services, recently contained a serious zero-click vulnerability on iOS devices. This flaw allowed attackers to compromise a target’s smartphone without requiring the user to tap or open any link. How the Attack Worked A zero-click exploit […]
A recent article explores how quickly modern cybercriminals can crack various types of passwords. Thanks to advancements in hardware and new cracking techniques, the time it takes to breach weak or common passwords has drastically shortened. The piece highlights why basic combinations (like “123456” or “password”) are exceptionally vulnerable and how even seemingly complex passwords […]
