On October 29, 2025, the notorious Akira ransomware syndicate announced a successful breach of Apache OpenOffice systems, resulting in the theft of an alarming 23 gigabytes of sensitive corporate data. The group is recognized for its aggressive double-extortion tactics, including the threat to publicly release the stolen information if a…
New Vulnerability Risks Driver Signature Enforcement on Windows Systems A recently uncovered attack method exposes vulnerabilities in Microsoft’s Driver Signature Enforcement (DSE) on fully updated Windows systems, enabling potential OS downgrade attacks. This breakthrough allows cybercriminals to load unsigned kernel drivers, paving the way for the deployment of custom rootkits.…
Researchers have identified that two critical vulnerabilities in Windows operating systems are currently being exploited in widespread cyberattacks. One of these vulnerabilities is a zero-day flaw that has remained active since 2017, while the second is a significant bug that Microsoft has struggled to patch effectively. The zero-day vulnerability was…
The Akira ransomware group has announced a breach of Apache OpenOffice, claiming to have stolen 23GB of sensitive data. For context, Apache OpenOffice is a widely recognized free and open-source office suite created by the Apache Software Foundation, offering tools that serve as alternatives to Microsoft Office on platforms like…
Security Flaws Discovered in Ollama AI Framework Recent disclosures by cybersecurity researchers have revealed six vulnerabilities within the Ollama artificial intelligence (AI) framework, a tool enabling users to deploy large language models (LLMs) locally on multiple operating systems, including Windows, Linux, and macOS. These vulnerabilities present significant risks, allowing potential…
On Monday, cybersecurity researchers unveiled the existence of a newly identified re-implementation of the notorious Cobalt Strike Beacon for both Linux and Windows operating systems. This variant, dubbed “Vermilion Strike,” has been actively targeting a range of sectors, including government, telecommunications, IT, and financial institutions. This advanced yet undetected penetration…
Microsoft Unveils Details of Targeted Phishing Attack Exploiting Critical Vulnerability On Wednesday, Microsoft provided significant insights into a sophisticated phishing campaign that capitalized on a now-resolved zero-day vulnerability in its MSHTML platform. The exploit involved specially designed Office documents aimed at deploying Cobalt Strike Beacon malware on compromised Windows systems,…
The LockBit ransomware group has made a notable return, launching its latest variant, LockBit 5.0, after a period of inactivity triggered by law enforcement actions earlier in 2024. The resurgence comes despite significant disruptions to their infrastructure and efforts to dismantle their operations during Operation Cronos. Under the direction of…
Critical Vulnerability Discovered in BillQuick Billing Software Exploited by Ransomware Actors Cybersecurity experts revealed a serious vulnerability in the BillQuick time and billing software, which has been actively targeted by threat actors to deploy ransomware. This flaw, designated as CVE-2021-42258, involves an SQL injection attack enabling remote code execution, putting…
