Critical Ivanti Zero-Day Vulnerability Exploited by Chinese State Hackers
A severe authentication bypass vulnerability in multiple Ivanti network products enables remote code execution, with active exploitation detected in the wild. Chinese state-sponsored group UNC5221 is deploying sophisticated malware to compromise systems, prompting urgent calls for immediate patching.
Social Security Website Faces Major Outages Amid DOGE Controversy
The Social Security Administration is grappling with widespread website disruptions affecting millions of Americans' access to online accounts. The crisis deepens as critics question the role of Elon Musk's DOGE in recent policy changes and potential office closures.
Browser-Based Ransomware: The Invisible Threat Targeting Cloud Data
Modern ransomware attacks have evolved beyond traditional file encryption to target cloud and SaaS applications through sophisticated browser-based techniques. Organizations face increasing risks from OAuth vulnerabilities, malicious extensions, and advanced social engineering that bypass conventional security tools.
Massive Scanning Campaign Targets Palo Alto VPN Portals, Raising Security Concerns
Security researchers have detected an extensive scanning operation targeting Palo Alto Networks GlobalProtect VPN portals, with nearly 24,000 IP addresses probing systems. The coordinated campaign, primarily focused on US targets, suggests systematic reconnaissance potentially preceding future exploitation attempts.
Oracle Faces Scrutiny Over Massive Data Breach Affecting 144,000 Clients
A major security breach at Oracle has exposed sensitive data of over 144,000 clients, including SSO credentials and personal information, while the company maintains silence. Security researchers have confirmed the breach's authenticity, raising concerns about corporate transparency and incident response practices.
Government Officials Suspended After Resisting DOGE Access to Federal Payroll Systems
High-ranking Department of Interior officials were placed on administrative leave for denying unprecedented system access to Department of Government Efficiency representatives. The controversial request sought extensive control over federal payroll and HR systems managing data for over 275,000 government workers.
Microsoft Unleashes AI Army: 11 New Security Copilots to Combat Cyber Threats
Microsoft's groundbreaking expansion introduces 11 autonomous AI agents to revolutionize cybersecurity defense across phishing, data protection, and threat analysis. Launching in 2025, this strategic initiative addresses rising cyber threats and enterprise AI security challenges, including the growing concern of 'shadow AI'.
Advanced Phishing Platform 'Morphing Meerkat' Impersonates Over 100 Brands
A sophisticated phishing-as-a-service platform has emerged that can automatically generate convincing fake login pages by analyzing email domains. The threat actor's system, nicknamed 'Morphing Meerkat', uses DNS records and advanced evasion tactics to customize attacks across multiple languages.
Cryptocurrency npm Packages Compromised in Nine-Year API Key Theft Campaign
Multiple long-standing npm packages were discovered to contain malicious code designed to steal API keys and sensitive data through obfuscated scripts. The attack targeted eleven packages including popular blockchain development libraries, with evidence pointing to compromised maintainer accounts.
Security Expert Troy Hunt Falls Victim to Sophisticated Mailchimp Phishing Scam
Renowned cybersecurity expert Troy Hunt became victim to a phishing attack targeting his Mailchimp newsletter service, exposing 16,000 subscriber records. His transparent response and swift action in addressing the breach sets an example for responsible incident disclosure.