On November 12, 2024, Microsoft disclosed that two significant security vulnerabilities affecting Windows NT LAN Manager (NTLM) and Task Scheduler have been actively exploited in the wild. These vulnerabilities were part of the November Patch Tuesday update, which addressed a total of 90 security flaws across Microsoft products. Among the…
On Thursday, Google’s Threat Analysis Group (TAG) revealed that it is currently monitoring over 270 state-sponsored threat actors operating across more than 50 countries. Since the beginning of 2021, TAG has issued approximately 50,000 alerts concerning phishing and malware attempts tied to these government-backed actors. This represents a 33% increase…
A significant security breach has come to light, involving the exposure of 183 million email accounts along with their corresponding passwords. This data, reportedly stemming from a malware-driven theft, has been added to the renowned breach-notification platform, Have I Been Pwned, run by cybersecurity expert Troy Hunt. Following its discovery…
Google recently announced that its AI-driven fuzzing tool, OSS-Fuzz, has successfully uncovered 26 vulnerabilities in multiple open-source code repositories. Among these is a medium-severity flaw identified in the widely used OpenSSL cryptographic library. The open-source security team from Google highlighted in a blog post, shared with The Hacker News, that…
The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has highlighted the urgent need for government agencies to address known cyber vulnerabilities. In a recent announcement, the agency published a comprehensive catalog containing vulnerabilities identified from major tech companies including Apple, Cisco, Microsoft, and Google. These vulnerabilities are…
In a significant development within the cybersecurity landscape, Conor Brian Fitzpatrick, a 20-year-old who operated the now-defunct BreachForums, has been formally charged with conspiracy to commit access device fraud in the United States. This notable case highlights the growing scrutiny on online platforms facilitating cybercrime. Fitzpatrick, known online as “pompompurin,”…
RomCom Exploits Zero-Day Vulnerabilities in Firefox and Windows A sophisticated cyber operation attributed to the Russia-aligned threat actor known as RomCom has been reported, focusing on the exploitation of two zero-day vulnerabilities—one in Mozilla Firefox and another in Microsoft Windows. These attacks have been designed to deploy RomCom’s proprietary backdoor…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Russian Intelligence Hackers Adapt Strategies to Avoid Detection Chris Riotta (@chrisriotta) • October 21, 2025 A Russian Federal Security Service officer in assault gear. (Image: SGr/Shutterstock) A state-sponsored cyberespionage group from Russia, known for its targeting of policymakers, has swiftly enhanced its…
Recent revelations in cybersecurity highlight the increasing prevalence of long-term breaches, which often go unnoticed until substantial damage is done. A striking example is the incident involving F5, a significant player in the application delivery and security space. On August 9, 2025, F5 announced that unidentified threat actors had infiltrated…
