PoC Released for WSUS RCE CVE-2025-59287 Patch Now
A public PoC for CVE-2025-59287 exploits an unsafe deserialization flaw in WSUS. Administrators must deploy Microsoft’s October 2025 updates and hunt for indicators of compromise immediately.
Category: LATEST
Read More
WatchGuard Fireware VPN Flaw Risks Enterprise Networks
A critical flaw (CVE-2025-9242) in WatchGuard Fireware OS allows unauthenticated attackers to execute code remotely via the IKEv2 VPN process. This vulnerability impacts Firebox devices running outdated firmware and exposes enterprise networks to full compromise if left unpatched.
China’s National Time Agency Targeted by U.S. Cyber Espionage
China’s Ministry of State Security alleges that the U.S. National Security Agency breached its National Time Service Centre over multiple years. The event signals new exposure for timing infrastructure and escalates global cyber conflict.
Volkswagen Group Under 8Base Cyber Attack Data Exposure
Volkswagen Group faces a serious cybersecurity challenge after ransomware gang 8Base claimed to have stolen sensitive data from its global operations. The incident exposes growing supply-chain risks and highlights how industrial manufacturers remain prime targets for modern cyber-extortion campaigns.
Europol Raid Ends Multi-Nation SIM-Farm Used for SMS Phishing
Europol has shut down a cross-border SIM-farm network used to automate smishing and VoIP fraud, seizing equipment, servers, and arresting dozens of operators.
Google Ads Abused to Install Hidden macOS Malware
A new malvertising campaign is using deceptive Google Ads mimicking trusted macOS software brands like Homebrew and LogMeIn to deliver potent infostealers such as AMOS and Odyssey. Mac developers and advanced users are being targeted with copy-and-paste terminal commands that install malware under the guise of legitimate apps. This expert breakdown shows how the attack works, what to watch for and how to defend your environment.
Four-Year Sentence for Student Behind PowerSchool Data Breach
A college student has been sentenced to four years in federal prison for orchestrating a PowerSchool cyberattack that compromised sensitive education data. The case highlights growing concerns over insider-driven breaches targeting school information systems.
Net-CAPI: The Stealth Backdoor Hidden in Windows CryptoAPI
A newly discovered backdoor, dubbed Net-CAPI, has infiltrated multiple Russian government networks by hijacking Windows cryptographic services. Analysts believe the tool, developed by a sophisticated threat group, uses advanced evasion and persistence methods to hide within legitimate system operations—making detection nearly impossible.
NSO Group Loses U.S. Court Case on WhatsApp Hacking Claims
A U.S. court ordered Israeli spyware maker NSO Group to halt operations targeting WhatsApp and reduced damages in Meta’s lawsuit. The decision reinforces accountability for private surveillance firms accused of breaching digital privacy.
Silver Fox Winos 4.0 Malware Now Strikes in Japan and Malaysia
The Silver Fox group, long known for precision-targeted malware operations, has extended its Winos 4.0 campaign into Japan and Malaysia. Security experts now observe the deployment of HoldingHands RAT through malicious PDF attachments and deceptive software installers.