Daily Cyber News

Cisco ASA Firewall Zero-Day Exploits Deliver RayInitiator and LINE VIPER Malware

The U.K. National Cyber Security Centre (NCSC) and Cisco have confirmed active exploitation of recently disclosed vulnerabilities in Cisco ASA firewalls to deploy highly persistent and evasive malware families, called RayInitiator and LINE VIPER. The campaign, attributed to a cluster named ArcaneDoor and linked to UAT4356 (aka Storm-1849), targets ASA 5500-X Series appliances, and in […]

Cisco ASA Firewall Zero-Day Exploits Deliver RayInitiator and LINE VIPER Malware Read More »

Salesforce Fixes Critical ForcedLeak Bug Exposing CRM Data Through AI Prompt Injection

Cybersecurity researchers have disclosed a major flaw in Salesforce Agentforce, a platform designed for building AI-powered agents. The vulnerability, codenamed ForcedLeak (CVSS score: 9.4), could have enabled attackers to exfiltrate sensitive data from Salesforce’s CRM system using an indirect AI prompt injection. The issue was discovered and reported by Noma Security on July 28, 2025.

Salesforce Fixes Critical ForcedLeak Bug Exposing CRM Data Through AI Prompt Injection Read More »

North Korean Hackers Deploy AkdoorTea Backdoor to Target Global Crypto Developers

Cybersecurity researchers have uncovered a new backdoor called AkdoorTea, linked to North Korean threat actors involved in the Contagious Interview campaign. This operation, also known by names such as DEV#POPPER, Famous Chollima, Gwisin Gang, Tenacious Pungsan, UNC5342, and Void Dokkaebi, primarily targets developers working on cryptocurrency and Web3 projects across Windows, Linux, and macOS. According

North Korean Hackers Deploy AkdoorTea Backdoor to Target Global Crypto Developers Read More »

Malicious Rust Crates Steal Solana and Ethereum Wallet Keys with 8,424 Downloads Confirmed

Cybersecurity researchers have uncovered two malicious Rust crates that were impersonating a legitimate library named fast_log in order to steal Solana and Ethereum wallet keys from source code. The rogue crates, titled faster_log and async_println, were published on May 25, 2025, by actors using the aliases rustguruman and dumbnbased. According to software supply chain security

Malicious Rust Crates Steal Solana and Ethereum Wallet Keys with 8,424 Downloads Confirmed Read More »

RedNovember, Chinese Hackers, Target Global Governments Using Pantegana, Cobalt Strike

A cyber espionage cluster previously identified in large-scale campaigns across Africa, Asia, North America, South America, and Oceania has now been assessed as a Chinese state-sponsored threat group. Threat intelligence firm Recorded Future, which earlier tracked this activity under the identifier TAG-100, has elevated the group’s status and assigned it the name RedNovember. Microsoft is

RedNovember, Chinese Hackers, Target Global Governments Using Pantegana, Cobalt Strike Read More »

LNK Stomping Attack Lets Hackers Bypass Windows Mark of the Web

A sophisticated technique, called LNK Stomping, abuses how Windows handles shortcut files to bypass the Mark of the Web, or MoTW, security control. Tracked as CVE-2024-38217 and patched on September 10, 2024, the vulnerability allows attackers to craft malicious LNK files that force Windows Explorer to normalize paths, accidentally strip the Zone.Identifier NTFS alternate data

LNK Stomping Attack Lets Hackers Bypass Windows Mark of the Web Read More »

Microsoft Patches Entra ID Security Flaw Allowing Cross-Tenant Global Admin Impersonation

Summary, a critical token validation failure in Microsoft Entra ID, formerly Azure Active Directory, could have let attackers impersonate any user, including Global Administrators, across tenants. The flaw, tracked as CVE-2025-55241, received a CVSS score of 10.0, and Microsoft describes it as a privilege escalation issue in Entra ID. Microsoft fixed the problem on July

Microsoft Patches Entra ID Security Flaw Allowing Cross-Tenant Global Admin Impersonation Read More »

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers

A malware-based proxy network called REM Proxy is driven by SystemBC, providing roughly 80% of the botnet’s capacity to its users, according to the latest research from Black Lotus Labs at Lumen Technologies. “REM Proxy is a large-scale network that also offers access to about 20,000 Mikrotik routers and multiple open proxies discovered online,” the

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers Read More »

CISA Warns Hackers Exploiting Ivanti EPMM Vulnerabilities to Deploy Malware

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a serious warning about ongoing malware campaigns targeting Ivanti Endpoint Manager Mobile (EPMM) platforms. Threat actors are actively exploiting two critical security flaws, CVE-2025-4427 and CVE-2025-4428, enabling complete system compromise and arbitrary code execution on affected servers. These attacks started shortly after Ivanti publicly disclosed the

CISA Warns Hackers Exploiting Ivanti EPMM Vulnerabilities to Deploy Malware Read More »

17,500 Phishing Domains Target 316 Brands Across 74 Countries Amid Global PhaaS Surge

A recent surge in phishing-as-a-service (PhaaS) activity has linked over 17,500 phishing domains to 316 brands across 74 countries. The platforms behind this activity, known as Lighthouse and Lucid, are making large-scale phishing campaigns more accessible to cybercriminals. Netcraft reported that “PhaaS deployments have risen significantly recently. Operators charge monthly fees for phishing software with

17,500 Phishing Domains Target 316 Brands Across 74 Countries Amid Global PhaaS Surge Read More »