-
A sophisticated espionage campaign leveraging a previously unknown malware strain dubbed GONEPOSTAL, attributed to the notorious Russian state-sponsored group KTA007, better known as Fancy Bear or APT28. The malware transforms Microsoft Outlook into a …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has released a warning about two serious security flaws in Windows BitLocker that could allow attackers to gain elevated privileges on affected machines. These vulnerabilities, tracked as CVE-2025-54911 and CVE-2025-54912, were publicly discl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
DarkSamural, a newly identified subspecies of the notorious OceanLotus APT, has launched a sophisticated campaign targeting high-value organizations in Pakistan. Leveraging malicious LNK files masquerading as PDF documents and sophisticated MSC contain…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability CVE-2025-42922 has been discovered in SAP NetWeaver that allows an authenticated, low-privileged attacker to execute arbitrary code and achieve a full system compromise. The flaw resides in the Deploy Web Service upload mechanism, where insufficient access control validation permits the upload and execution of malicious files. This vulnerability poses a significant risk […] The post Critical SAP NetWeaver Vulnerability Let Attackers Execute Arbitrary Code And Compromise System appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in SAP NetWeaver AS Java Deploy Service that enables authenticated attackers to execute arbitrary code and potentially achieve complete system compromise. The flaw, tracked as CVE-2025-429…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitHub repositories for malware delivery through sophisticated weaponized LNK files, according to recent analysis by S2W’s Threat Intelligence Center, TALON. This campaign demonstrates the group’s evolving tactics in leveraging trusted plat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Gentlemen ransomware group has emerged as a sophisticated threat actor, demonstrating advanced capabilities through systematic compromise of enterprise environments across 17 countries. Their campaign combines legitimate driver abuse, Group Policy …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Major enterprise software provider Workday has disclosed a significant security incident that exposed customer data through a compromised third-party application, affecting business contact information and support case details. Third-Party Security Bre…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released an urgent security update for Chrome to address two significant vulnerabilities, including a critical remote code execution flaw that could allow attackers to completely compromise user systems. The stable channel update brings Chro…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Workday has confirmed it suffered a data breach after a security incident involving a third-party application that compromised customer information. The breach originated from Salesloft’s Drift application, which connects to Salesforce environments. On August 23, 2025, Workday became aware of the issue and immediately disconnected the app, invalidated its access tokens, and initiated an investigation […] The post Workday Confirms Data Breach – Hackers Accessed Customers Data and Case Information appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
