Security

Hackers Abuse CSS Properties, Use Hidden-Text Salting to Inject Malicious Code

A rising email evasion technique, called hidden-text salting, is becoming a serious problem for email security, enabling attackers to hide large amounts of irrelevant or misleading content inside otherwise malicious messages. By abusing CSS properties and HTML structure, adversaries keep this content invisible to human recipients while confusing automated detection engines, including signature-based systems and […]

Hackers Abuse CSS Properties, Use Hidden-Text Salting to Inject Malicious Code Read More »

IRGC-Linked APT35’s Structure, Toolset, and Espionage Operations Revealed

Since surfacing in the mid-2010s as a persistent threat actor, the IRGC-linked APT35 collective has continually adapted its methods to target government agencies, energy companies, and diplomatic missions across the Middle East and beyond. What began as credential-harvesting phishing campaigns has matured into a modular, multi-stage toolkit that supports deep network infiltration and prolonged espionage.

IRGC-Linked APT35’s Structure, Toolset, and Espionage Operations Revealed Read More »

GitLab Releases Security Update to Patch Multiple Vulnerabilities Enabling DoS Attacks

GitLab has rolled out critical security updates for both its Community Edition (CE) and Enterprise Edition (EE), introducing versions 18.4.2, 18.3.4, and 18.2.8. These updates address several vulnerabilities that could be exploited to perform denial-of-service (DoS) attacks or gain unauthorized access to GitLab systems. GitLab strongly recommends all self-managed installations upgrade immediately to avoid potential service interruptions. Meanwhile,

GitLab Releases Security Update to Patch Multiple Vulnerabilities Enabling DoS Attacks Read More »

Microsoft Events Vulnerability Exposes User Data from Registration and Waitlist Databases

A major security vulnerability was discovered in the Microsoft Events platform, which could have allowed unauthorized access to personal information stored in two separate databases — the event registration list and the waitlist database. Discovery of the Flaw The issue was identified by a 15-year-old bug bounty researcher, known as Faav, who uncovered that the flaw exposed

Microsoft Events Vulnerability Exposes User Data from Registration and Waitlist Databases Read More »

Microsoft 365 Outage Blocks Access to Admin Center, Core Services, and Entra ID

A significant service outage has disrupted Microsoft 365, preventing users from accessing key services, including the Admin Center and applications that depend on Microsoft Entra ID for authentication. The issue began on Thursday, October 9, 2025, and is impacting organizations worldwide. Widespread Service Disruption The outage has affected users attempting to log in to the Microsoft 365

Microsoft 365 Outage Blocks Access to Admin Center, Core Services, and Entra ID Read More »

Critical Flaw in WordPress Service Finder Theme Allows Authentication Bypass by Attackers

A serious security flaw has been discovered in the popular Service Finder WordPress theme, which attackers are actively exploiting to gain unauthorized access to websites. This vulnerability allows threat actors to log in as any user, including administrators, and take complete control of affected sites. Details of the Vulnerability The flaw, tracked as CVE-2025-5947 with a

Critical Flaw in WordPress Service Finder Theme Allows Authentication Bypass by Attackers Read More »

Hackers Compromise WordPress Sites to Fuel Next-Generation ClickFix Phishing Campaigns

Cybersecurity teams have uncovered a coordinated campaign that compromises WordPress websites to inject malicious JavaScript, with the goal of redirecting visitors to fraudulent, malware laden pages. These drive by injections impersonate legitimate checks, tricking users into following steps that ultimately deliver malware or credential theft. What researchers found, and how the injection works Researchers at

Hackers Compromise WordPress Sites to Fuel Next-Generation ClickFix Phishing Campaigns Read More »

Chinese Hackers Use Open-Source Nezha Tool in Latest Cyberattack Campaign

Threat actors believed to be linked to China have repurposed a legitimate open-source monitoring framework, Nezha, to conduct a coordinated cyberattack, researchers found. The campaign, observed in August 2025 by Huntress, used a log poisoning technique to plant a PHP web shell on vulnerable web servers, then leveraged that access to deploy Nezha and ultimately

Chinese Hackers Use Open-Source Nezha Tool in Latest Cyberattack Campaign Read More »

OpenAI Blocks Russian, North Korean, and Chinese Hackers Exploiting ChatGPT for Cyberattacks

OpenAI has announced that it successfully disrupted three major cyber operations that attempted to exploit ChatGPT for malicious activities, including malware creation and phishing campaigns. Russian Threat Actor Used ChatGPT for Malware Development One of the disrupted groups was a Russian-language actor who misused ChatGPT to design and enhance a Remote Access Trojan (RAT) and

OpenAI Blocks Russian, North Korean, and Chinese Hackers Exploiting ChatGPT for Cyberattacks Read More »

Google’s New AI Not Only Detects Vulnerabilities but Also Automatically Patches Code

Google’s DeepMind has introduced a groundbreaking AI agent named CodeMender, designed to automatically identify, fix, and rewrite vulnerable code to prevent future exploits. This development strengthens Google’s ongoing efforts in AI-driven vulnerability detection, complementing tools such as Big Sleep and OSS-Fuzz. How CodeMender Works CodeMender operates both reactively and proactively, meaning it not only fixes

Google’s New AI Not Only Detects Vulnerabilities but Also Automatically Patches Code Read More »