Schedule a Demo

Cyber Security

Cyber Security
Cyber Security

Red Hat Data Breach Threat Actors Claim Breach of 28K Private GitHub Repositories

red-hat-data-breach-threat-actors-claim-breach-of-28k-private-github-repositories

An extortion group known as the Crimson Collective claims to have breached Red Hat’s private GitHub repositories, making off with nearly 570GB of compressed data from 28,000 internal repositories. This data theft is being regarded as one of the most significant breaches in technology history, involving the unauthorized extraction of source code and sensitive confidential […]

Chrome Security Update Patch for 21 Vulnerabilities that Allows Attackers to Crash Browser

chrome-security-update-patch-for-21-vulnerabilities-that-allows-attackers-to-crash-browser

Google has released Chrome 141 to address 21 security vulnerabilities, including critical flaws that could allow attackers to crash browsers and potentially execute malicious code. The update, rolling out across Windows, Mac, and Linux platforms, patches several high-severity vulnerabilities that pose significant risks to user security. The most severe vulnerability addressed is CVE-2025-11205, a heap […]

Hackers use Weaponized Microsoft Teams Installer to Compromise Systems With Oyster Malware

hackers-use-weaponized-microsoft-teams-installer-to-compromise-systems-with-oyster-malware

A sophisticated malvertising campaign is using fake Microsoft Teams installers to compromise corporate systems, leveraging poisoned search engine results and abused code-signing certificates to deliver the Oyster backdoor malware. The attack was neutralized by Microsoft Defender’s Attack Surface Reduction (ASR) rules, which blocked the malware from establishing contact with its command-and-control server. The multi-stage attack […]

Apache Airflow Vulnerability Exposes Sensitive Details to Read-Only Users

apache-airflow-vulnerability-exposes-sensitive-details-to-read-only-users

A critical security flaw has emerged in Apache Airflow 3.0.3, exposing sensitive connection information to users with only read permissions. The vulnerability, tracked as CVE-2025-54831 and classified as “important” severity, fundamentally undermines the platform’s intended security model for handling sensitive data within workflow connections. Apache Airflow version 3.0 introduced significant changes to how sensitive information […]

Malware Operators Collaborate With Covert North Korean IT Workers to Attack Corporate Organizations

malware-operators-collaborate-with-covert-north-korean-it-workers-to-attack-corporate-organizations

A sophisticated cybercriminal alliance between malware operators and covert North Korean IT workers has emerged as a significant threat to corporate organizations worldwide. This hybrid operation, known as DeceptiveDevelopment, represents a dangerous convergence of traditional cybercrime and state-sponsored activities, targeting software developers and cryptocurrency professionals through elaborate social engineering campaigns. The DeceptiveDevelopment group, active since […]

New YiBackdoor Allows Attackers to Execute Arbitrary Commands and Exfiltrate Sensitive Data from Hacked Systems

new-yibackdoor-allows-attackers-to-execute-arbitrary-commands-and-exfiltrate-sensitive-data-from-hacked-systems

A sophisticated new malware family dubbed YiBackdoor has emerged in the cybersecurity landscape, posing a significant threat to organizations worldwide. First observed in June 2025, this malicious software represents a concerning evolution in backdoor technology, featuring advanced capabilities that enable threat actors to execute arbitrary commands, capture screenshots, collect sensitive system information, and deploy additional […]

CISA Warns of Google Chrome 0-Day Vulnerability Exploited in Attacks

cisa-warns-of-google-chrome-0-day-vulnerability-exploited-in-attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a high-severity zero-day vulnerability in Google Chrome that is being actively exploited in attacks. The vulnerability, tracked as CVE-2025-10585, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling an urgent need for users and administrators to take action. Google has […]

Hackers Exploit WerFaultSecure.exe Tool to Steal Cached Passwords From LSASS on Windows 11 24H2

hackers-exploit-werfaultsecure.exe-tool-to-steal-cached-passwords-from-lsass-on-windows-11-24h2

Threat actors are leveraging the legacy Windows error‐reporting utility WerFaultSecure.exe to extract the memory region of the Local Security Authority Subsystem Service (LSASS.EXE) and harvest cached credentials from fully patched Windows 11 24H2 systems.  After gaining initial access to a host, adversaries frequently seek to dump LSASS memory to escalate privileges and move laterally across […]

Hackers Abusing GitHub Notifications to Deliver Phishing Emails

hackers-abusing-github-notifications-to-deliver-phishing-emails

In recent weeks, security researchers have uncovered an elaborate phishing campaign that leverages legitimate GitHub notification mechanisms to deliver malicious content. Victims receive seemingly authentic repository alerts, complete with real-looking commit messages and collaborator updates. Upon closer inspection, the notification headers reveal altered sender addresses and obfuscated links. The campaign’s sophistication has allowed it to […]

Libraesva ESG Vulnerability Let Attackers Inject Malicious Commands

libraesva-esg-vulnerability-let-attackers-inject-malicious-commands

A critical security flaw in Libraesva ESG email security gateways has been identified and patched, allowing threat actors to execute arbitrary commands through specially crafted email attachments.  The vulnerability, tracked as CVE-2025-59689, affects multiple versions of the popular email security platform and has already been exploited by what security researchers believe to be a foreign […]