Fake Microsoft OAuth Apps Open the Door to Mass Account Takeovers
A New Wave of Phishing Uses Trusted Logos to Slip Past Defenses A fresh phishing storm is sweeping across the internet, and it hinges on Microsoft OAuth. Security analysts warn that crooks are posing as well-known brands to sneak malicious cloud apps into corporate Microsoft 365 environments. Once…
0 Comments6 Minutes
Chaos Ransomware Sparks Corporate Lockdowns Worldwide
A Rapid Rise from the Ashes When a fresh extortion crew calling itself Chaos Ransomware burst onto the scene in February 2025, security analysts noticed an all‑too‑familiar playbook. The group arrived just weeks after law‑enforcement agencies yanked the dark‑web infrastructure used by the notorious…
0 Comments6 Minutes
WordPress mu‑plugins backdoor lets attackers seize admin control
A quiet path to a full site takeover Researchers have warned that attackers are hiding a new backdoor inside WordPress’ mu‑plugins folder, giving them a durable foothold and the power to run any PHP they want. Because mu‑plugins (short for “must‑use” plugins) load automatically on every site in the…
0 Comments4 Minutes
Hackers Can Seize Your Phone Network due to New Mitel Flaws
What Went Wrong in MiVoice MX‑ONE Mitel has confirmed a “critical” hole in the Provisioning Manager of its MiVoice MX‑ONE phone system that lets anyone skip the login screen and grab full control. The weakness, tracked internally as MXO‑15711, sits in every build from version 7.3 all the way…
0 Comments5 Minutes
Hackers Tear Through Microsoft SharePoint
Weekend breach spreads across government and industry A worldwide investigation is under way after cyber‑intruders slipped through a brand‑new hole in Microsoft’s SharePoint Server, hijacking critical systems at government offices, universities, energy suppliers and at least one Asian…
0 Comments5 Minutes
MDifyLoader: Fresh Malware Wave Exploits Ivanti VPN Flaws
Two critical bugs open the door Security teams who thought they were safe after January’s and April’s patch cycles may need to take another look. Researchers at Japan’s computer emergency response team, JPCERT/CC, have confirmed that attackers are chaining two separate Ivanti Connect Secure…
0 Comments6 Minutes
Critical NVIDIA Container Toolkit Bug Lets Attackers Break Out of AI Containers
New flaw threatens the backbone of GPU‑powered cloud services Cloud‑security firm Wiz has uncovered a serious weakness in the NVIDIA Container Toolkit (NCT) that could let a malicious container jump its fence and seize control of the underlying server. The issue, logged as CVE‑2025‑23266 and…
0 Comments4 Minutes
Interlock Hackers Turn to FileFix and a PHP-Based RAT in Their Latest Campaign
Booby-Trapped Websites Funnel Unsuspecting Visitors Into FileFix’s Trap Researchers from The DFIR Report and Proofpoint say the crew behind the Interlock ransomware operation has shifted tactics once again, swapping its Node.js remote-access trojan for a new PHP rewrite and delivering it through a…
0 Comments6 Minutes
Fortinet Rushes Out Emergency Patch for Severe FortiWeb Flaw
A simple mistake with big consequences Fortinet has pushed an urgent update for its FortiWeb web-application firewall after researchers uncovered a critical weakness that lets anyone on the internet run their own database commands on unprotected systems. The defect, catalogued as CVE-2025-25257 and…
0 Comments6 Minutes
Leaked Shellter Elite Copy Fuels New Wave of Infostealer Attacks
From Test-Lab Helper to Criminal Workhorse A security tool that was meant to help ethical hackers has slipped into the wrong hands. Shellter Elite, a commercial framework designed to let red-teamers hide test payloads from antivirus and endpoint protection, is now turning up inside real-world…
0 Comments5 Minutes