Topic: security mitigation
-
Russian Hackers Attack Using New Microsoft Office Bug
Russian state-backed hackers (APT28/Fancy Bear) are actively exploiting a patched Microsoft Office vulnerability (CVE-2026-21509) in targeted attacks against Ukrainian and EU entities, using phishing emails with malicious documents. The attack delivers sophisticated malware via a complex WebDAV c...
Read More » -
Fancy Bear Targets Ukraine, EU with Microsoft Office Flaw
The Russian-linked cyber group Fancy Bear is exploiting a critical Microsoft Office vulnerability (CVE-2026-21509) to target Ukrainian and EU organizations, deploying malware via malicious documents. The campaign uses a sophisticated attack chain involving COM hijacking and the Covenant C2 framew...
Read More » -
Millions of PornHub Users' Data Stolen in Extortion Hack
U.S. border agencies are expanding surveillance by deploying small drones operationally and enhancing cybersecurity to monitor employees, amid investigations into leaks. Major data breaches include the theft of over 200 million user records from PornHub by hackers and the rise of AI tools like Ha...
Read More » -
Microsoft Blocks Dangerous File Previews in Windows
The October 2025 Windows update disables the File Explorer Preview Pane for files marked from the internet or accessed from untrusted network shares to enhance security. This change prevents NTLM hash leakage, a vulnerability where previewing certain files could allow attackers to intercept and m...
Read More » -
Zero-Day Attack Hits Gladinet File Sharing Software
A zero-day vulnerability (CVE-2025-11371) in Gladinet's CentreStack and Triofox platforms allows unauthenticated attackers to access sensitive files via Local File Inclusion, with at least three organizations already targeted. Attackers exploit the LFI flaw to retrieve machine keys and chain it w...
Read More » -
Microsoft: Hackers Steal University Payroll in Pirate Attacks
Storm-2657, a cybercrime group, has been targeting U.S. university payroll systems since March 2025, primarily compromising Workday accounts through sophisticated social engineering and exploiting weak multifactor authentication. The attackers use highly customized phishing emails, such as fake c...
Read More » -
Crimson Collective Hackers Breach AWS for Data Theft
The Crimson Collective is a hacking group infiltrating AWS infrastructures to steal sensitive data and extort organizations, as seen in a breach at Red GitLab repositories. Attackers compromise AWS using exposed credentials and tools like TruffleHog, then escalate privileges to gain administrativ...
Read More » -
Popular Password Managers Vulnerable to Clickjacking Login Leaks
Six major password managers with millions of users are vulnerable to unpatched clickjacking attacks, which can expose sensitive data like passwords and credit card details through deceptive website overlays. The vulnerabilities, discovered by an independent researcher and confirmed by cybersecuri...
Read More » -
Patch Now: Public Exploits for FortiWeb RCE Flaw (CVE-2025-25257)
CVE-2025-25257 is a critical remote code execution flaw in FortiWeb's Fabric Connector, allowing attackers to inject SQL commands via HTTP/S requests and gain root access, prompting urgent patching. Public proof-of-concept exploits have emerged, lowering the attack barrier, with unauthent...
Read More »