CVE/vulnerability
Critical Microsoft Bing Vulnerability Enabled Remote Code Execution Attacks
A critical security flaw in Microsoft Bing tracked as CVE-2025-21355, allowed unauthorized attackers to execute arbitrary code remotely, posing severe risks to organizations and...
Cyber Security News
Fake Timesheet Report Emails Linked to Tycoon 2FA Phishing Kit
Cybersecurity researchers have uncovered a novel phishing campaign distributing the notorious Tycoon 2FA phishing kit through fraudulent timesheet notification emails, marking a concerning evolution...
Cyber Security News
Microsoft Text Services Framework Exploited for Stealthy Persistence
A novel persistence mechanism exploiting Microsoft's Text Services Framework (TSF) has been uncovered by researchers at Praetorian Labs, revealing a sophisticated method for maintaining...
Cyber Security News
Hackers Exploit Microsoft Teams Invites to Gain Unauthorized Access
The Microsoft Threat Intelligence Center (MSTIC) has uncovered an ongoing and sophisticated phishing campaign leveraging Microsoft Teams invites to gain unauthorized access to user...
cyber security
Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Third-Party Logins
A new phishing kit named Astaroth has emerged as a significant threat in the cybersecurity landscape by bypassing two-factor authentication (2FA) mechanisms.First advertised on...
cyber security
BadPilot Attacking Network Devices to Expand Russian Seashell Blizzard’s Attacks
A newly uncovered cyber campaign, dubbed "BadPilot," has been linked to a subgroup of the Russian state-sponsored hacking collective Seashell Blizzard, also known as...
cyber security
New Malware Abuses Microsoft Graph API to Communicate via Outlook
A newly discovered malware, named FINALDRAFT, has been identified leveraging Microsoft Outlook as a command-and-control (C2) communication channel through the Microsoft Graph API.This...
cyber security
Russian Hackers Leverages Weaponized Microsoft Key Management Service (KMS) to Hack Windows Systems
In a calculated cyber-espionage campaign, the Russian state-sponsored hacking group Sandworm (APT44), linked to the GRU (Russia’s Main Intelligence Directorate), has been exploiting pirated...