Cybersecurity Articles

486/68 Tuesday, November 25, 2025 Cybersecurity researchers from ThreatFabric have announced the discovery of a new and highly sophisticated Android malware variant named “Sturnus” on November 20, 2025. It is classified as a high-risk threat due to its advanced capabilities, which surpass those of typical malware. The most alarming feature is its ability to completely […]

485/68 Monday, November 24, 2025 Security researchers are warning about a long-running cyber-espionage campaign-active for nearly three years-that leverages supply-chain attacks and multiple infection techniques to distribute the “BadAudio” malware to a wide range of targets. The attackers spread the malware through website compromises, embedding malicious code into files from partner companies, and highly targeted […]

484/68 Monday, November 24, 2025 SolarWinds has released a security update addressing three critical vulnerabilities in its Serv-U File Transfer Solution that could allow attackers to execute arbitrary code remotely (Remote Code Execution – RCE). All vulnerabilities affect Serv-U version 15.5.2.2.102 and have been fixed in version 15.5.3. Details of the patched vulnerabilities include: SolarWinds […]

483/68 Monday, November 24, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Oracle Identity Manager vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming that attackers are actively exploiting it in the wild. The flaw, CVE-2025-61757, carries a CVSS score of 9.8/10 and stems from an authentication validation failure. It […]

482/68 Friday, November 21, 2025 Researchers have uncovered a cyberattack campaign known as Operation WrtHug, which targets older and near end-of-life (EOL) ASUS routers-over 50,000 devices worldwide-with the goal of creating a massive botnet. The largest concentrations of compromised devices were found in Taiwan, the United States, and Russia. Most affected routers were using ASUS […]

481/68 Friday, November 21, 2025 NHS England Digital has issued an alert regarding a security vulnerability in the 7-Zip file archiving software, identified as CVE-2025-11001 (CVSS 7.0), which is now being actively exploited. The flaw allows attackers to execute arbitrary code remotely (RCE). The 7-Zip development team has already released a fix in version 25.00, […]

480/68 Friday, November 21, 2025 A recent report from Push Security reveals that the Phishing-as-a-Service (PhaaS) toolkit known as Sneaky2FA has enhanced its capabilities by integrating Browser-in-the-Browser (BitB) techniques. This upgrade allows attackers to steal Microsoft 365 login credentials and session tokens with a high degree of realism. The BitB method enables the toolkit to […]

479/68 Thursday, November 20, 2025 Google has released an emergency security update to patch a Zero-Day vulnerability in Chrome that has been actively exploited. The flaw, tracked as CVE-2025-13223, is rated High Severity and stems from a Type Confusion bug in the V8 JavaScript engine. The issue was discovered by Clement Lecigne of Google’s Threat […]

478/68 Thursday, November 20, 2025 Microsoft has revealed that Azure DDoS Protection successfully detected and mitigated a massive Distributed Denial-of-Service (DDoS) attack on October 24, 2025. The attack reached a peak volume of 15.72 Tbps and 3.64 billion packets per second (pps), making it the largest cloud-based DDoS attack ever recorded. The target was a […]

477/68 Thursday, November 20, 2025 Cybersecurity experts are closely monitoring the rapid spread of RondoDox, a large-scale botnet now exploiting a critical vulnerability in the XWiki platform. The flaw, tracked as CVE-2025-24893, is a Remote Code Execution (RCE) vulnerability that allows attackers to execute arbitrary malicious code on vulnerable systems. The U.S. Cybersecurity and Infrastructure […]