Daily Cyber News

add a heading (30)

Microsoft VS Code Remote-SSH Extension Exploited to Run Malicious Code

A severe security flaw has been identified in Microsoft’s VS Code Remote-SSH extension, enabling attackers to execute malicious code on a developer’s local machine by abusing compromised remote servers. Security experts have demonstrated this exploit, named “Vibe Hacking”, which takes advantage of the trusted link between remote development environments and local systems. The issue impacts […]

Microsoft VS Code Remote-SSH Extension Exploited to Run Malicious Code Read More »

add a heading (29)

Critical Apache Tika PDF Parser Flaw Exposes Sensitive Data

A newly discovered security flaw in Apache Tika’s PDF parser module poses a serious threat to enterprise environments. The vulnerability, tracked as CVE-2025-54988, has been rated critical by security researchers because it enables attackers to steal sensitive data and send malicious requests to internal systems. Key Points XXE Vulnerability Explained The vulnerability arises from an

Critical Apache Tika PDF Parser Flaw Exposes Sensitive Data Read More »

add a heading (28)

Russian Hackers Exploit 7-Year-Old Cisco Flaw to Steal Industrial Configs

A Russian state-backed cyber espionage group known as Static Tundra has been exploiting a seven-year-old flaw in Cisco networking devices to steal sensitive configuration data and maintain hidden access across critical infrastructure networks. This group, tied to Russia’s Federal Security Service (FSB) Center 16, has been targeting outdated and unpatched devices since 2015. Their operations

Russian Hackers Exploit 7-Year-Old Cisco Flaw to Steal Industrial Configs Read More »

add a heading (26)

CISA Issues Four ICS Advisories on Vulnerabilities and Exploits

On August 19, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released four detailed Industrial Control Systems (ICS) advisories, warning of serious security flaws in critical infrastructure sectors such as energy and manufacturing. The reported issues carry CVSS severity scores between 5.8 and 9.8, highlighting the urgent need for action from administrators and security teams.

CISA Issues Four ICS Advisories on Vulnerabilities and Exploits Read More »

add a heading (24)

Scattered Spider Hacker Sentenced to 10 Years for $13M SIM Swapping Crypto Theft

A 20-year-old member of the cybercrime gang Scattered Spider has been sentenced to 10 years in U.S. federal prison for his involvement in a series of major hacking campaigns and cryptocurrency theft operations. Sentencing Details Noah Michael Urban pleaded guilty in April 2025 to charges of wire fraud and aggravated identity theft, according to reports from Bloomberg and

Scattered Spider Hacker Sentenced to 10 Years for $13M SIM Swapping Crypto Theft Read More »

add a heading (23)

Hackers Exploit ADFS and Office.com to Steal Microsoft 365 Credentials

A new and highly deceptive phishing campaign is targeting Microsoft 365 accounts by abusing Microsoft’s own Active Directory Federation Services (ADFS). The attackers redirect users from legitimate office.com links to malicious login pages, making the scam exceptionally hard to detect. Evolution of Phishing Attacks Researchers at cybersecurity firm Push Security revealed this tactic, describing it

Hackers Exploit ADFS and Office.com to Steal Microsoft 365 Credentials Read More »

add a heading (22)

RingReaper Malware Targets Linux Servers, Evades EDR

A newly discovered malware called RingReaper is actively targeting Linux servers, raising serious concerns due to its advanced evasion strategies that undermine traditional endpoint detection and response (EDR) solutions. How RingReaper Operates RingReaper functions as a post-exploitation agent that takes advantage of the Linux kernel’s io_uring interface, a modern asynchronous I/O system designed for high-performance

RingReaper Malware Targets Linux Servers, Evades EDR Read More »

add a heading (21)

Threat Actors Use GenAI to Craft Realistic Phishing Content

Cybercriminals are increasingly taking advantage of generative AI platforms to create advanced phishing campaigns that are much harder for traditional security systems to detect. The rapid growth of GenAI services has built an environment where attackers can easily generate realistic phishing emails, mimic trusted organizations, and scale attacks with very little technical skill required. Modern

Threat Actors Use GenAI to Craft Realistic Phishing Content Read More »

add a heading (10)

Scaly Wolf Hackers Target Organizations to Steal Secrets

The cybersecurity world is once again witnessing the rise of advanced threat actors, with groups adopting increasingly complex attack chains to infiltrate corporate systems and extract confidential information. A new investigation by security experts has revealed an ongoing campaign conducted by the Scaly Wolf Advanced Persistent Threat (APT) group). This operation successfully compromised a Russian

Scaly Wolf Hackers Target Organizations to Steal Secrets Read More »

add a heading (9)

FBI Warns: FSB-Linked Hackers Exploit Unpatched Cisco Devices

A Russian state-backed cyber espionage group known as Static Tundra has been actively abusing a seven-year-old Cisco vulnerability to maintain long-term access to targeted networks. Targets and Regions Affected According to Cisco Talos, the campaign is directed at organizations in telecommunications, higher education, and manufacturing across North America, Europe, Asia, and Africa. Victims are chosen

FBI Warns: FSB-Linked Hackers Exploit Unpatched Cisco Devices Read More »