ASUS Driver Hub Vulnerabilities Could Let Malicious Websites Gain Admin Privileges
ASUS Driver Hub Vulnerabilities Could Let Malicious Websites Gain Admin Privileges Two critical vulnerabilities, CVE-2025-3462 and CVE-2025-3463, have been discovered in ASUS DriverHub, a utility designed to help users update drivers on ASUS systems. These flaws could be exploited by malicious actors to execute unauthorized commands with elevated privileges. The issues stem from insufficient origin […]
“Bring Your Own Installer” Attack Exploits SentinelOne EDR Misconfigurations
“Bring Your Own Installer” Attack Exploits SentinelOne EDR Misconfigurations A novel attack technique, termed “Bring Your Own Installer” (BYOI), has been identified by cybersecurity researchers at Aon’s Stroz Friedberg. This method enables threat actors to bypass SentinelOne’s Endpoint Detection and Response (EDR) protections by exploiting misconfigurations during the agent’s upgrade or downgrade processes. The attack […]
Fake AI Video Tools Platforms Drop New Noodlophile Infostealer Malware
Fake AI Video Tools Platforms Drop New Noodlophile Infostealer Malware Cybercriminals are leveraging fake AI-powered video generation tools to spread a new information stealing malware family dubbed Noodlophile. Masquerading as an MP4 video file, the malware initiates a multi-stage infection chain designed to harvest browser credentials, session cookies and cryptocurrency wallet data. Exfiltration is carried […]
Lemon Sandstorm Breach Middle East Infrastructure
Lemon Sandstorm Breach Middle East Infrastructure The Iranian state-sponsored hacking group Lemon Sandstorm also known as Pioneer Kitten, Parisite, and UNC757 conducted a prolonged, multi-stage cyberattack targeting critical national infrastructure in the Middle East. According to a report by the FortiGuard Incident Response (FGIR) team, the campaign spanned from May 2023 to February 2025, involving […]
Uncover APT34-Like Infrastructure Before It Becomes a Threat
Uncover APT34-Like Infrastructure Before It Becomes a Threat From November 2024 to April 2025, researchers identified inactive infrastructure masquerading as an Iraqi educational entity and UK technology companies, hosted on M247. Indicators such as reused SSH credentials, standardized web layouts, and deceptive HTTP replies on port 8080 reflect tactics commonly associated with APT34 (OilRig). Although […]
HexaLocker Ransomware: A Modern Threat Forged for Maximum Pressure
HexaLocker Ransomware: A Modern Threat Forged for Maximum Pressure HexaLocker is a contemporary ransomware strain making waves across cybersecurity circles for its aggressive dual-threat capabilities: data encryption and the threat of public exposure. Once embedded within a target system, it encrypts critical files and simultaneously exfiltrates sensitive data. Victims are coerced not only with file […]
Earth Kurma APT Campaign Targets Government and Telecom Sectors in Southeast Asia
Earth Kurma APT Campaign Targets Government and Telecom Sectors in Southeast Asia Earth Kurma, a newly identified APT group, has been targeting government and telecom sectors in Southeast Asia since June 2024. The campaign involves sophisticated tactics including the use of custom malware, kernel-level rootkits, and cloud services like Dropbox and OneDrive for data exfiltration. […]
Surge in GPS Spoofing Threatens Aviation Safety in Middle East
Surge in GPS Spoofing Threatens Aviation Safety in Middle East GPS spoofing a cyber technique once confined to academic research and niche military applications has rapidly evolved into a widespread and dangerous threat. In 2024 alone, aviation operators reported hundreds of spoofing incidents, particularly across the Middle East and Southeast Asia. By manipulating satellite-based positioning […]
Digital Crumbs: Exploiting Entra ID’s Session Cookies to Breach Microsoft 365
Digital Crumbs: Exploiting Entra ID’s Session Cookies to Breach Microsoft 365 In a recent wave of sophisticated cyberattacks, security researchers uncovered a stealthy campaign dubbed “Cookie Bite,” which targets Microsoft Entra ID (formerly Azure Active Directory) to compromise Microsoft 365 accounts. The attackers abuse OAuth and session tokens to bypass multi-factor authentication (MFA) protections and […]
Critical Remote Code Execution Vulnerability in Cisco Webex App
Critical Remote Code Execution Vulnerability in Cisco Webex App Cisco has disclosed a critical vulnerability tracked as CVE-2025-20236, affecting its popular Webex video conferencing platform. This flaw allows attackers to execute code remotely on a user’s machine. All they need to do is trick someone into clicking a specially crafted meeting link. The vulnerability lies […]