Fake Homebrew Google ads target Mac users with malware
Summary: Hackers are exploiting Google ads to distribute malware through a counterfeit Homebrew website, targeting Mac and Linux users with an infostealer known as AmosStealer. This malware is designed to extract sensitive information, including credentials and cryptocurrency wallets. Security experts warn users to be cautious of sponsored ads and to verify the legitimacy of websites before downloading software.…
Read More
7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now
Summary: A critical vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) security feature, enabling code execution on users’ systems when extracting malicious files from nested archives. This flaw, tracked as CVE-2025-0411, has been patched, but many users may still be vulnerable due to the lack of an auto-update feature.…
Read More
A series of critical vulnerabilities have been reported across various platforms, including Aviatrix Controller and Microsoft 365 applications, leading to significant security risks such as unauthorized access and data breaches. Additionally, a new phishing tactic targeting Apple iMessage users and a malicious PyPi package aimed at Discord developers have emerged, highlighting the evolving threat landscape.…
Read More
10 Most Historic Cyber Attacks That Changed the Internet World
This article discusses the evolution of cyber warfare through historical cyberattacks, emphasizing the importance of cybersecurity in the digital age. It highlights ten significant cyber incidents that have shaped our understanding of digital security, the lessons learned, and the ongoing threats organizations face today. Affected: organizations, government, healthcare, energy, transportation, technology sector

Keypoints :

Cyberattacks are malicious attempts to steal, damage, or disrupt computer systems and data.…
Read More
In Other News: Lawsuits and Settlements, CrowdStrike Phish, MITRE’s D3FEND 1.0 
Summary: This week’s cybersecurity news roundup highlights significant developments in the field, including new tools, vulnerabilities, and legal actions involving major companies. Key stories include the launch of MITRE’s D3FEND 1.0, a phishing campaign targeting CrowdStrike, and various lawsuits related to data breaches. The roundup emphasizes the evolving landscape of cyber threats and the ongoing efforts to enhance security measures.…
Read More
Attackers Hijack Google Advertiser Accounts to Spread Malware
Summary: Multiple threat actors are impersonating Google Ads login pages to deceive advertisers into revealing their credentials. This sophisticated malvertising campaign has led to the hijacking of accounts, which are then used to distribute malicious advertisements and malware. Researchers have labeled this operation as one of the most egregious malvertising campaigns ever tracked, affecting thousands of customers globally.…
Read More
Apple Bug Allows Root Protections Bypass Without Physical Access
Summary: Cyber defenders are urged to update macOS systems to address a critical vulnerability (CVE-2024-44243) that compromises the operating system’s security. This flaw allows threat actors to bypass System Integrity Protection (SIP), potentially leading to severe malware installations without physical access.

Threat Actor: Unknown | unknown Victim: Apple | Apple

Key Point :

Vulnerability allows bypassing of macOS System Integrity Protection (SIP).…
Read More
Adobe: Critical Code Execution Flaws in Photoshop
Summary: Adobe has released critical security updates for multiple products, addressing vulnerabilities that could allow remote code execution by malicious hackers. The updates affect Adobe Photoshop, Substance 3D Stager, Illustrator for iPad, Adobe Animate, and Substance 3D Designer.

Threat Actor: Malicious Hackers | malicious hackers Victim: Adobe | Adobe

Key Point :

Adobe Photoshop update addresses two critical arbitrary code execution vulnerabilities (CVE-2025-21127 and CVE-2025-21122).…
Read More
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Summary: Microsoft has revealed a security vulnerability in Apple macOS that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers. The flaw, identified as CVE-2024-44243, has been patched in macOS Sequoia 15.2.

Threat Actor: Unknown | unknown Victim: Apple | Apple

Key Point :

The vulnerability allows attackers running as “root” to bypass SIP protections.…
Read More
One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks
This article discusses the proactive detection of cyber threats through automated pivoting on known indicators, showcasing three case studies involving phishing campaigns. It highlights the use of a graph neural network (GNN) to uncover new malicious domains and emphasizes the importance of continuous monitoring of threat actors’ evolving indicators.…
Read More
Microsoft: macOS bug lets hackers install malicious kernel drivers
Summary: Apple has patched a critical macOS vulnerability (CVE-2024-44243) that allowed local attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers. This flaw could lead to severe security risks, including the installation of rootkits and unauthorized access to user data.

Threat Actor: Local attackers | local attackers Victim: macOS users | macOS users

Key Point :

Vulnerability allows bypassing SIP without physical access to the device.…
Read More
Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results
Summary: Attackers are exploiting YouTube and Google search results to target individuals seeking pirated software, leading them to malicious downloads that install infostealing malware. Researchers from Trend Micro have identified various tactics used by these threat actors to evade detection and compromise sensitive information.

Threat Actor: Cybercriminals | cybercriminals Victim: Individuals seeking pirated software | individuals seeking pirated software

Key Point :

Attackers pose as guides on YouTube, providing fake software installation tutorials to lure victims.…
Read More
Critical macOS Sandbox Vulnerability PoC Exploit Released Online
Summary: A proof-of-concept exploit for the critical macOS vulnerability CVE-2024-54498 has been released, enabling malicious applications to escape the macOS Sandbox. This vulnerability poses significant risks, including unauthorized access to sensitive data and system control.

Threat Actor: Malicious actors | malicious actors Victim: macOS users | macOS users

Key Point :

The vulnerability CVE-2024-54498 has a CVSS score of 8.8, indicating high severity.…
Read More
This article provides a comprehensive overview of significant cybersecurity incidents and vulnerabilities reported recently, including outages, data breaches, and exploits targeting various platforms. Affected: Proton Mail, Ivanti VPN, Banshee, BayMark Health Services, Medusind, MirrorFace, STIIIZY, Samsung, GFI KerioControl, Mitel MiCollab, CrowdStrike, Akamai, Casio.

Keypoints :

Proton Mail experienced a worldwide outage due to a surge in database connections during infrastructure migration.…
Read More