1010.cx

1010.cx

/

Archive

/

Category: cyber security

  • Critical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privileges

    A critical vulnerability in Azure Bastion (CVE-2025-49752) allows remote attackers to bypass authentication mechanisms and escalate privileges to administrative levels. The flaw, categorized as an authentication bypass vulnerability, poses an immediate risk to organizations that rely on Azure Bastion for secure administrative access to their cloud infrastructure. Attackers Can Escalate Privileges Without User Interaction The […] The post Critical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privileges appeared first on Cyber Security News.

    ·

    , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Tycoon2FA Launches Nearly 1 Million Attacks Targeting Office 365 Accounts

    Tycoon2FA, a sophisticated phishing-as-a-service platform tracked by Microsoft as Storm-1747, has emerged as the dominant threat targeting Office 365 accounts throughout 2025. The cybercriminal operation has launched an aggressive campaign involving ne…

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • 15 Best Remote Monitoring Tools – 2025

    Remote monitoring tools are essential for managing and maintaining the health and performance of IT infrastructure and systems. Remote monitoring tools provide continuous oversight of network devices, servers, applications, and other critical components from a remote location. These tools help identify and resolve issues proactively by offering real-time alerts, performance metrics, and detailed reports. With […] The post 15 Best Remote Monitoring Tools – 2025 appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • CrowdStrike Fires Employee for Leaking Internal System Info to Hackers

    Cybersecurity giant CrowdStrike has terminated an employee who allegedly shared sensitive internal system information with a notorious hacking collective. The incident involved the leak of internal screenshots posted on a public Telegram channel operat…

    ·

    ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • ShinyHunters Claims Data Theft from 200+ Companies via Salesforce Gainsight Breach

    A sophisticated supply chain attack has reportedly compromised data across hundreds of organizations, linking the breach to a critical integration between customer success platform Gainsight and CRM giant Salesforce. The notorious hacking collective ShinyHunters is claiming responsibility for the intrusion, which allegedly affects over 200 companies. The attack vector did not rely on breaking into […] The post ShinyHunters Claims Data Theft from 200+ Companies via Salesforce Gainsight Breach appeared first on Cyber Security News.

    ·

    ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Metasploit Adds Exploit Module for Recently Disclosed FortiWeb 0-Day Vulnerabilities

    The Metasploit Framework has introduced a new exploit module targeting critical vulnerabilities in Fortinet’s FortiWeb Web Application Firewall (WAF). This module chains two recently disclosed flaws, CVE-2025-64446 and CVE-2025-58034, to achieve unauthenticated Remote Code Execution (RCE) with root privileges. The release follows reports of active exploitation in the wild, including “silent patches” and subsequent bypasses that have left many […] The post Metasploit Adds Exploit Module for Recently Disclosed FortiWeb 0-Day Vulnerabilities appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Fired Techie Admits Hacking Employer’s Network in Retaliation for Termination

    A former IT contractor from Ohio has admitted to launching a cyberattack against his employer’s network in retaliation for being terminated, federal prosecutors announced this week. Maxwell Schultz, 35, of Columbus, Ohio, pleaded guilty to computer fraud charges after leading a technical attack that locked thousands of employees out of their systems nationwide. On May […] The post Fired Techie Admits Hacking Employer’s Network in Retaliation for Termination appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Metasploit Releases New Exploit for Fresh FortiWeb 0-Day Vulnerabilities

    Rapid7’s Metasploit team has released a new exploit module targeting critical zero-day vulnerabilities in Fortinet’s FortiWeb web application firewall, chaining two security flaws to achieve unauthenticated remote code execution with root p…

    ·

    , , , , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • CrowdStrike Fires Insider for Sharing Internal System Details with Hackers

    Cybersecurity giant CrowdStrike has confirmed the termination of an insider who allegedly provided sensitive internal system details to a notorious hacking collective. The incident, which came to light late Thursday and Friday morning, involved the leak of internal screenshots on a public Telegram channel operated by the threat group known as “Scattered Lapsus$ Hunters.” The […] The post CrowdStrike Fires Insider for Sharing Internal System Details with Hackers appeared first on Cyber Security News.

    ·

    ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • AI-Based Obfuscated Malicious Apps Evading AV Detection to Deploy Malicious Payload

    A new wave of malicious Android applications impersonating a well-known Korean delivery service has emerged, featuring advanced obfuscation techniques powered by artificial intelligence. These apps work to bypass traditional antivirus detection methods while extracting sensitive user information. The threat actors behind this campaign have demonstrated sophisticated knowledge of mobile security vulnerabilities, combining multiple evasion strategies […] The post AI-Based Obfuscated Malicious Apps Evading AV Detection to Deploy Malicious Payload appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶