Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A newly discovered zero-day vulnerability, CVE-2025-24085 is a use-after-free vulnerability affecting Apple products, including iOS and macOS. It has been addressed in updates such as iOS 18.3 and macOS Sequoia 15.3 has emerged on the dark web and poses a severe security risk to Apple users. The exploit reportedly sells for 0.00254009 BTC ($233.09 USD) and enables attackers to escalate privileges within iOS devices. Researchers confirm that the vulnerability has been actively exploited in the wild.

Cloud storage is the backbone of modern IT infrastructure. It offers a relatively easy way to manage data and deploy software. A recent study has revealed crucial yet oft-overlooked vulnerability-abandoned AWS S3 buckets. These unclaimed storage containers are a significant cybersecurity threat, which may result in a SolarWinds-type supply chain attack.

Today's transforming cyber threat landscape is an age of major malice regarding malware. Lumma Stealer remains one of the most fascinating malicious pieces out here. The aim of this blog is to tell you about all recent activities regarding this malware within the year 2025. Thereby, focusing on some practical real-based scenarios, where incidents have unfolded using this malware as a sample analysis, with line-by-line analysis of malware along with dissected code infection patterns.

Artificial Intelligence (AI) has been a game-changer in industries that have further churned into process efficiency and revolutionized cybersecurity. On the flip side, its potential has been weaponized by threat actors. Google's Threat Intelligence Group (GTIG) recently came out with reports which showed that state-sponsored hackers are actively exploiting Google's AI-powered Gemini assistant to strengthen their cyberattacks.

Are You Testing for Compliance or Preparing for Real Attacks? Cybersecurity isn’t just about checking boxes—it’s about staying ahead of threats. Many businesses rely on Penetration Testing (Pentesting) and Red Teaming to identify vulnerabilities. However, these traditional methods often assume that attackers play by the same rules as defenders. Reality has other plans.

Executive Summary DeepSeek is one of the biggest AI-based systems that originated in China, some serious cyberattacks recently disrupted its services, especially affecting new user registrations. It is not yet clear how it has been done. However, based on analysis and experience, people believe it was a Distributed Denial of Service (DDoS) attack against the system, as a DDoS attack simply sends too much traffic to any given system that causes downtime.

Here's a closer look at one such advanced malware employed with tools by Black Basta—to name a few, Zbot, DarkGate, and customer-designed payloads on order as well—and how these latter help in extracting data coupled with sustaining unauthorized access at some distance. Introduction.

The world of cyber security is dynamically sophisticated, and many corporate brands have faced highly evolved breaches. The recent news about HPE(Hewlett Packard Enterprise) hacking has alarmed the tech industries worldwide. IntelBroker his tea named CyberNiggers operating on the dark web, took credit for a breach that exposed sensitive data and access credentials tied to HPE. This breach, unfolding over two days, serves as a sober reminder of vulnerabilities in even the most well-resourced organizations.

Summary FunkSec is a new ransomware group that came into the spotlight after attacking many sectors around the world. The group runs a data leak site on Tor. Funksec employees conduct double extortion attacks, which means hackers encrypt and exfiltrate data from the victim to extort them for paying ransom to the attackers.

It was in January 2025 when a disaster leakage of data was leaked having more than 15,000 configuration files carrying VPN credentials leaked from FortiGate devices spread on several devices. It depicts acute problems inside organizations using the products by Fortinet about a higher need for an excellent security approach. The Belsen Group, the hacking collective carried out this attack by taking advantage of the zero-day vulnerability known as CVE-2022-40684.