Category: Cyber Security News

Global Cybersecurity Agencies Warn of Spyware Targeting Uyghur, Tibetan, and Taiwanese Communities
Summary: The UK’s National Cyber Security Centre, in collaboration with cybersecurity agencies from five countries, has issued a joint advisory on two spyware variants, BADBAZAAR and MOONSHINE, which are actively targeting Uyghur, Tibetan, and Taiwanese communities. This spyware campaign seeks to monitor and intimidate these groups perceived as threats by the Chinese state.…
Read More
New Adobe Security Update Fixes Critical Exploits — Don’t Delay Your Update
Summary: Adobe has released a critical security update addressing 30 vulnerabilities in various products, notably ColdFusion, After Effects, and Premiere Pro, which could lead to serious security risks such as arbitrary code execution. The update includes essential patches for several products in Adobe’s portfolio, emphasizing the urgent need for users to apply these updates to prevent exploitation.…
Read More
Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered
Summary: Adobe has issued security updates for ColdFusion versions 2025, 2023, and 2021 to address 30 newly discovered vulnerabilities, including 11 critical-severity flaws that could allow for arbitrary file read and code execution. The updates are essential to mitigate risks associated with these vulnerabilities, though Adobe reports no known exploits currently in the wild.…
Read More
Industry Moves for the week of April 7, 2025 – SecurityWeek
Summary: Checkmarx has announced the appointment of Jonathan Rende as its new Chief Product Officer. Rende brings extensive experience from his previous roles, including his position at PagerDuty and product development at Mercury Software. His leadership is expected to enhance Checkmarx’s product offerings and direction.

Affected: Checkmarx

Keypoints :

Jonathan Rende appointed as Chief Product Officer at Checkmarx.…
Read More
Microsoft: Zero-day bug used in ransomware attacks on US real estate firms
Summary: Hackers exploited a zero-day vulnerability, CVE-2025-29824, affecting the Windows Common Log File System Driver, to target real estate companies and various organizations worldwide. The attack involved the use of the malware PipeMagic, leading to the deployment of ransomware. Microsoft has released a security update, though concerns remain about unpatched systems, particularly Windows 10, leaving critical vulnerabilities open.…
Read More
NCSC shares technical details of spyware targeting Uyghur, Tibetan and Taiwanese groups
Summary: The U.K.’s National Cyber Security Centre highlights the deployment of two spyware types, MOONSHINE and BADBAZAAR, targeting Uyghur, Tibetan, and Taiwanese individuals and organizations. These spyware apps can access sensitive information without the victims’ knowledge, leveraging popular platform designs to lure users. The NCSC warns at-risk populations to be vigilant regarding app usage and permissions to mitigate the risks of surveillance.…
Read More
Summary: A Google Threat Intelligence Group report reveals a sophisticated phishing campaign attributed to UNC5837, a suspected Russia-nexus actor, targeting European government and military organizations through innovative use of Remote Desktop Protocol (RDP). The attackers employed signed .rdp files and leveraged lesser-known RDP features to redirect victim resources and capture sensitive data, bypassing traditional security warnings.…
Read More
Microsoft Patch Tuesday April 2025: One Zero-Day, 11 High-Risk Flaws
Summary: April 2025’s Microsoft Patch Tuesday addressed 135 vulnerabilities, including a critical zero-day vulnerability (CVE-2025-29824) that has been actively exploited in ransomware attacks. This month’s update marks a decrease in zero-day vulnerabilities reported compared to March and includes several high-risk vulnerabilities, particularly impacting SharePoint and Windows Remote Desktop Services.…
Read More
Windows 10 KB5055518 update fixes random text when printing
Summary: Microsoft has released the mandatory KB5055518 cumulative update for Windows 10 22H2 and 21H2, addressing critical security vulnerabilities and introducing several enhancements. This update includes fixes for nine issues, particularly regarding browser defaults for EEA users and printer bugs. Users can manually check for updates through Windows Update or download the update from the Microsoft Update Catalog.…
Read More
Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws
Summary: Microsoft’s April 2025 Patch Tuesday addresses 134 vulnerabilities, including one actively exploited zero-day and multiple critical flaws that enable remote code execution. The updates are currently available for Windows Server and Windows 11, with Windows 10 updates expected shortly. Affected organizations should prioritize these updates to protect their systems from potential exploits.…
Read More
Microsoft fixes auth issues on Windows Server, Windows 11 24H2
Summary: Microsoft has resolved authentication issues linked to Credential Guard when using the Kerberos PKINIT protocol, primarily affecting Windows 11 (version 24H2) and Windows Server 2025. Users experienced problems with password rotation, which led to user authentication difficulties on some enterprise systems. These issues are predominantly found in enterprise environments, leaving home devices largely unaffected.…
Read More
Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings
Summary: Threat actors are distributing cryptocurrency miner and clipper malware disguised as cracked software versions on SourceForge, particularly targeting Russian-speaking users looking for Microsoft Office. A recent report details how malicious ZIP files and PowerShell scripts facilitate the infection process, ultimately leading to the deployment of the malicious software.…
Read More
Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
Summary: Fortinet has announced critical security updates for FortiSwitch addressing a severe vulnerability (CVE-2024-48887) that allows unauthorized password changes by remote attackers. With a CVSS score of 9.3, the flaw affects multiple versions of FortiSwitch and necessitates immediate patching. Users are urged to apply updates or implement recommended workarounds to safeguard their systems.…
Read More
To tackle espionage, Dutch government plans to screen university students and researchers
Summary: The Dutch government is set to implement a vetting process for researchers and students accessing sensitive technology at Dutch academic institutions, screening an estimated 8,000 individuals annually. Authorities will evaluate personal histories to detect potential risks amidst increasing concerns about foreign espionage, particularly from nations like China, Russia, and Iran.…
Read More