Google Patches Sixth Chrome Zero-Day Exploited in 2025 Attacks
Google has released an emergency security update to fix a new zero-day vulnerability in its Chrome web browser, marking the sixth actively exploited flaw patched this year. The Vulnerability Security Update Zero-Days in 2025 This latest fix adds to a growing list of Chrome zero-days exploited this year: In 2024, Google patched 10 additional zero-day […]
How attackers are still phishing “phishing-resistant” authentication
🔐 Overview Despite the rise in phishing‑resistant authentication methods such as FIDO2-based passkeys, WebAuthn, Windows Hello, and physical security keys attackers continue to successfully bypass them using more sophisticated phishing techniques. 🧪 Attack Techniques Used 1. Downgrade Attacks 2. Device‑Code Phishing 3. Consent Phishing (OAuth Abuse) ⚖️ Why These Methods Still Work ✅ Mitigation Strategies […]
16 billion passwords exposed in record-breaking data breach
The massive excitement around Artificial Intelligence (AI) tools has become a goldmine for cybercriminals. They’re heavily using this buzz to trick people into downloading dangerous ransomware and malware. This isn’t just a tactic for highly advanced hackers anymore; even smaller, lesser-known groups are now effectively using this strategy. These malicious actors, including ransomware gangs like […]
Cybercriminals Are Using Fake AI Tools to Spread Malware
The massive excitement around Artificial Intelligence (AI) tools has become a goldmine for cybercriminals. They’re heavily using this buzz to trick people into downloading dangerous ransomware and malware. This isn’t just a tactic for highly advanced hackers anymore; even smaller, lesser-known groups are now effectively using this strategy. These malicious actors, including ransomware gangs like […]
Over 16,000 Fortinet Devices Compromised with Symlink Backdoor
Security researchers have discovered that over 16,500 Fortinet FortiGate firewall devices have been compromised by attackers using a symlink-based backdoor. This attack allows persistent and stealthy remote access to affected systems. The discovery was made by Lexfo Security, and the infections are believed to have started as early as 2022. Despite patches being released by […]
SuperBlack Ransomware Exploits Fortinet Vulnerabilities for Unauthorized Access
A new ransomware group known as ‘Mora_001’ has been identified exploiting two authentication bypass vulnerabilities in Fortinet firewall appliances to deploy a custom ransomware strain named ‘SuperBlack’. Exploited Vulnerabilities: CVE-2025-24472: Initially fixed in January 2025, this vulnerability enables remote attackers to gain super-admin privileges by making maliciously crafted CSF proxy requests. Although Fortinet initially stated […]
Critical RCE bug in Microsoft Outlook now exploited in attacks
CISA Urges U.S. Federal Agencies to Secure Systems Against Critical Microsoft Outlook Vulnerability The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to U.S. federal agencies, urging them to secure their systems against ongoing attacks exploiting a critical remote code execution (RCE) vulnerability in Microsoft Outlook. This vulnerability, identified by Check Point researcher Haifei […]
Fortinet Warns Users to Beware of Zero-Day Vulnerabilities Already Exploited
CVE-2024-55591 Vulnerability: Authentication Bypass Threat Impacting FortiOS and FortiProxy CVE-2024-55591 is an Authentication Bypass vulnerability affecting FortiOS versions 7.0.0 to 7.0.16 and FortiProxy versions 7.0.0 to 7.0.79 and 7.2.0 to 7.2.12. This vulnerability allows attackers to send malicious requests to the Node.js WebSocket, granting themselves super-admin privileges. Attack Patterns According to observations from Fortinet and […]
