Mozilla’s Firefox 150 Release Enhances Cybersecurity with AI-Backed Protections Amidst the intensifying discourse on the implications of emerging AI technologies on cybersecurity, Mozilla has announced that its latest release of the Firefox browser—version 150—will incorporate robust defenses addressing 271 vulnerabilities. This significant upgrade leverages insights gained through early access to…
Date: Aug 26, 2025
Categories: Enterprise Security / Artificial Intelligence
Cybersecurity experts are highlighting a complex social engineering initiative aimed at crucial supply chain manufacturing firms, deploying in-memory malware known as MixShell. This campaign, dubbed “ZipLine” by Check Point Research, circumvents traditional phishing tactics by initiating contact through companies’ public “Contact Us” forms. Attackers deceive employees into engaging in what appears to be a legitimate communication. According to Check Point’s statement to The Hacker News, these interactions can span several weeks, often involving fabricated non-disclosure agreements before the attackers deliver a weaponized ZIP file containing the stealthy MixShell malware. The attacks have impacted various organizations across multiple sectors, with a particular focus on U.S. manufacturers in industrial fields such as machinery, metalworking, component production, and engine manufacturing.
MixShell Malware Campaign Targets U.S. Supply Chain Manufacturers via Contact Forms August 26, 2025 Enterprise Security / Artificial Intelligence Cybersecurity experts have drawn attention to a sophisticated social engineering operation known as ZipLine, which is specifically aimed at U.S. supply chain manufacturers. This campaign employs a stealthy in-memory malware called…
Date: Aug 26, 2025
Categories: Enterprise Security / Artificial Intelligence
Cybersecurity experts are highlighting a complex social engineering initiative aimed at crucial supply chain manufacturing firms, deploying in-memory malware known as MixShell. This campaign, dubbed “ZipLine” by Check Point Research, circumvents traditional phishing tactics by initiating contact through companies’ public “Contact Us” forms. Attackers deceive employees into engaging in what appears to be a legitimate communication. According to Check Point’s statement to The Hacker News, these interactions can span several weeks, often involving fabricated non-disclosure agreements before the attackers deliver a weaponized ZIP file containing the stealthy MixShell malware. The attacks have impacted various organizations across multiple sectors, with a particular focus on U.S. manufacturers in industrial fields such as machinery, metalworking, component production, and engine manufacturing.
Microsoft’s Emergency Patch Ineffective Against PrintNightmare RCE Vulnerability
July 8, 2021
Microsoft’s attempt to mitigate the notorious PrintNightmare vulnerability across Windows 10 version 1607, Windows Server 2012, and Windows Server 2016 has proven inadequate. Reports indicate that the fix for the remote code execution exploit within the Windows Print Spooler service can still be circumvented under certain conditions, allowing attackers to execute arbitrary code on compromised systems. The company released an emergency out-of-band update for CVE-2021-34527 (CVSS score: 8.8) after researchers from Hong Kong-based cybersecurity firm Sangfor unintentionally disclosed the flaw late last month. Notably, this vulnerability is distinct from another issue, CVE-2021-1675, which Microsoft addressed on June 8. “Several days ago, two security vulnerabilities were identified in Microsoft Windows’ existing printing mechanism,” explained Yaniv Balmas, head of cyber research at C…
Microsoft’s Emergency Patch Fails to Fully Resolve PrintNightmare RCE Vulnerability On July 8, 2021, Microsoft announced the release of an emergency out-of-band update intended to address the PrintNightmare vulnerability, officially identified as CVE-2021-34527. This flaw pertains to a remote code execution (RCE) exploit within the Windows Print Spooler service, impacting…
Microsoft’s Emergency Patch Ineffective Against PrintNightmare RCE Vulnerability
July 8, 2021
Microsoft’s attempt to mitigate the notorious PrintNightmare vulnerability across Windows 10 version 1607, Windows Server 2012, and Windows Server 2016 has proven inadequate. Reports indicate that the fix for the remote code execution exploit within the Windows Print Spooler service can still be circumvented under certain conditions, allowing attackers to execute arbitrary code on compromised systems. The company released an emergency out-of-band update for CVE-2021-34527 (CVSS score: 8.8) after researchers from Hong Kong-based cybersecurity firm Sangfor unintentionally disclosed the flaw late last month. Notably, this vulnerability is distinct from another issue, CVE-2021-1675, which Microsoft addressed on June 8. “Several days ago, two security vulnerabilities were identified in Microsoft Windows’ existing printing mechanism,” explained Yaniv Balmas, head of cyber research at C…
Cybersecurity Alert: Aug 29, 2025
Cybersecurity experts have uncovered a new cybercrime operation utilizing deceptive advertising techniques to funnel victims to fraudulent websites, leading them to download an information-stealing malware known as TamperedChef. Researchers from Truesec—Mattias Wåhlén, Nicklas Keijser, and Oscar Lejerbäck Wolf—reported on the findings, revealing that the goal is to entice victims into installing a Trojan PDF editor. This malicious software is designed to capture sensitive information, including login credentials and web cookies. The scheme primarily leverages multiple fake sites to promote a free PDF editor named AppSuite PDF Editor. Once downloaded and executed, the software prompts users to agree to its terms of service and privacy policy, all while in the background covertly connecting to an external server to install the actual malware.
TamperedChef Malware Poses as Fake PDF Editors to Steal Credentials and Cookies In a recent cybersecurity alert, researchers uncovered a malicious campaign that employs deceptive advertising techniques to lure victims into downloading a second-rate PDF editor. This operation centers around a malware known as TamperedChef, which is specifically designed to…
Cybersecurity Alert: Aug 29, 2025
Cybersecurity experts have uncovered a new cybercrime operation utilizing deceptive advertising techniques to funnel victims to fraudulent websites, leading them to download an information-stealing malware known as TamperedChef. Researchers from Truesec—Mattias Wåhlén, Nicklas Keijser, and Oscar Lejerbäck Wolf—reported on the findings, revealing that the goal is to entice victims into installing a Trojan PDF editor. This malicious software is designed to capture sensitive information, including login credentials and web cookies. The scheme primarily leverages multiple fake sites to promote a free PDF editor named AppSuite PDF Editor. Once downloaded and executed, the software prompts users to agree to its terms of service and privacy policy, all while in the background covertly connecting to an external server to install the actual malware.
Cybersecurity agencies in Australia and the U.S. are sounding the alarm about a serious vulnerability in ForgeRock’s OpenAM access management system, which is being actively exploited to execute remote code on compromised systems. The Australian Cyber Security Centre (ACSC) has reported that threat actors are leveraging this flaw to infiltrate multiple hosts, deploying additional malware and tools. However, details regarding the nature and scope of the attacks, as well as the identities of the perpetrating actors, remain undisclosed.
Identified as CVE-2021-35464, this vulnerability is a pre-authentication remote code execution (RCE) flaw linked to unsafe Java deserialization in the Jato framework used by ForgeRock Access Manager. Exploiting this vulnerability allows attackers to execute commands within the context of the current user rather than as a root user.
Critical RCE Vulnerability in ForgeRock Access Manager Under Active Exploitation On July 13, 2021, cybersecurity agencies from Australia and the United States issued a serious warning regarding an actively exploited vulnerability within ForgeRock’s OpenAM access management solution. This security flaw could allow attackers to execute arbitrary code on affected systems…
Cybersecurity agencies in Australia and the U.S. are sounding the alarm about a serious vulnerability in ForgeRock’s OpenAM access management system, which is being actively exploited to execute remote code on compromised systems. The Australian Cyber Security Centre (ACSC) has reported that threat actors are leveraging this flaw to infiltrate multiple hosts, deploying additional malware and tools. However, details regarding the nature and scope of the attacks, as well as the identities of the perpetrating actors, remain undisclosed.
Identified as CVE-2021-35464, this vulnerability is a pre-authentication remote code execution (RCE) flaw linked to unsafe Java deserialization in the Jato framework used by ForgeRock Access Manager. Exploiting this vulnerability allows attackers to execute commands within the context of the current user rather than as a root user.
July 26, 2013
The passport control system at Istanbul Ataturk Airport’s international departure terminal experienced a cyber attack on Friday, impacting operations at another airport in the city. Passengers faced lengthy delays, with many waiting hours as flight departures were postponed due to the system shutdown at both locations. Authorities were able to restore functionality after some time.
Reports indicated that the passport control system at Sabiha Gokcen International Airport was also affected by issues stemming from the Polnet data system managed by the Istanbul provincial security directorate. Preliminary investigations suggest the systems may have been compromised by malware, though authorities are still determining whether any user information was extracted from the affected machines.
As of now, there has been no claim of responsibility for the cyber attack. This incident is part of a worrying trend of malware attacks targeting critical infrastructure. Cybersecurity has become an increasingly critical concern in recent years.
Cyber Attack Disrupts Istanbul Airport’s Passport Control Systems On July 26, 2013, the passport control systems at Istanbul Ataturk Airport’s international departure terminal faced a significant disruption due to a cyber attack, affecting operations not only at this major facility but also at Sabiha Gokcen International Airport, another key location…
July 26, 2013
The passport control system at Istanbul Ataturk Airport’s international departure terminal experienced a cyber attack on Friday, impacting operations at another airport in the city. Passengers faced lengthy delays, with many waiting hours as flight departures were postponed due to the system shutdown at both locations. Authorities were able to restore functionality after some time.
Reports indicated that the passport control system at Sabiha Gokcen International Airport was also affected by issues stemming from the Polnet data system managed by the Istanbul provincial security directorate. Preliminary investigations suggest the systems may have been compromised by malware, though authorities are still determining whether any user information was extracted from the affected machines.
As of now, there has been no claim of responsibility for the cyber attack. This incident is part of a worrying trend of malware attacks targeting critical infrastructure. Cybersecurity has become an increasingly critical concern in recent years.
Booking.com is reaching out to its customers following a confirmed data breach in which a third party accessed portions of its reservation data. The company characterizes this incident as a targeted attack impacting an undisclosed number of bookings. In communications to affected customers, the exposed information may consist of names,…
“Noisy Bear Campaign Disguised as Phishing Test Revealed Targeting Kazakhstan’s Energy Sector”
Sep 06, 2025 – Malware / Cyber Espionage
A suspected Russian threat actor is behind a series of attacks aimed at Kazakhstan’s energy sector, identified as Operation BarrelFire by Seqrite Labs, which tracks the group as Noisy Bear. Active since at least April 2025, the campaign specifically targets employees of KazMunaiGas (KMG). The attackers delivered a counterfeit document purporting to be from the KMG IT department, mimicking legitimate internal communications and addressing topics like policy updates, certification processes, and salary adjustments. According to security researcher Subhajeet Singha, the infection process starts with a phishing email containing a ZIP file that includes a Windows shortcut (LNK) downloader, a decoy document related to KazMunaiGas, and a README.txt file with instructions in both Russian and Kazakh to execute a program named “KazMunayGaz_Viewer.”
Noisy Bear Campaign: Phishing Test Unveiled in Kazakhstan’s Energy Sector On September 6, 2025, cybersecurity experts revealed that a series of attacks targeting Kazakhstan’s energy sector has been linked to a threat actor possibly originating from Russia. This campaign, dubbed Operation BarrelFire, is attributed to a new group identified by…
“Noisy Bear Campaign Disguised as Phishing Test Revealed Targeting Kazakhstan’s Energy Sector”
Sep 06, 2025 – Malware / Cyber Espionage
A suspected Russian threat actor is behind a series of attacks aimed at Kazakhstan’s energy sector, identified as Operation BarrelFire by Seqrite Labs, which tracks the group as Noisy Bear. Active since at least April 2025, the campaign specifically targets employees of KazMunaiGas (KMG). The attackers delivered a counterfeit document purporting to be from the KMG IT department, mimicking legitimate internal communications and addressing topics like policy updates, certification processes, and salary adjustments. According to security researcher Subhajeet Singha, the infection process starts with a phishing email containing a ZIP file that includes a Windows shortcut (LNK) downloader, a decoy document related to KazMunaiGas, and a README.txt file with instructions in both Russian and Kazakh to execute a program named “KazMunayGaz_Viewer.”
In the midst of escalating tensions between the United States and Iran, President Donald Trump issued dire warnings as both nations engaged in ceasefire negotiations. Concurrently, US officials disclosed that hackers linked to Iran have targeted critical energy and water infrastructure in the United States. This alarming development occurs against…
