Aggregator

You must login to view this content

You must login to view this content

You must login to view this content

Cybersecurity researchers have developed innovative forensic methods to track sophisticated attackers who exploit Remote Desktop Protocol (RDP) for lateral movement within enterprise networks.  This breakthrough technique transforms what attackers believe to be stealthy operations into detailed digital footprints, providing incident responders with unprecedented visibility into malicious activities across compromised systems. Key Takeaways1.  Investigators identify RDP […]

The post New Forensic Technique Uncovers Hidden Trails Left by Hackers Exploiting Remote Desktop Protocol appeared first on Cyber Security News.

A sophisticated malware campaign leveraging the KongTuke threat cluster has emerged, targeting Windows users through a novel FileFix technique that deploys an advanced PHP-based variant of the Interlock remote access trojan (RAT). This represents a significant evolution from previous JavaScript-based implementations, demonstrating increased operational sophistication and resilience. Since May 2025, cybersecurity researchers have observed widespread […]

The post KongTuke Attacking Windows Users With New Interlock RAT Variant Using FileFix Technique appeared first on Cyber Security News.

With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 – a critical SQL command injection vulnerability in Fortinet’s FortiWeb web application firewall – is expected to be leveraged by attackers soon. About CVE-2025-25257 CVE-2025-25257 is found in FortiWeb’s Fabric Connector, the software that allows FortiWeb to communicate with other Fortinet security products (e.g., FortiGate firewalls, FortiSandbox, etc.). The flaw stems from the solution’s failure to properly neutralize special elements and, if triggered, it … More →

The post Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257) appeared first on Help Net Security.

Critical security vulnerabilities in Gigabyte motherboard firmware have been disclosed that allow attackers to execute arbitrary code in System Management Mode (SMM), the most privileged execution level on x86 processors. The flaws, identified by security researchers at Binarly REsearch, affect multiple Gigabyte motherboard models and stem from improper validation of System Management Interrupt (SMI) handlers […]

The post Gigabyte UEFI Firmware Vulnerability Allows Code Execution in SMM Privileged Mode appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Blumira launched new features and capabilities designed to help IT teams and managed service providers (MSPs) work smarter, reduce alert fatigue and simplify compliance reporting. With these updates, Blumira continues its mission to deliver security that adapts to the realities of day-to-day operations, helping technical teams accomplish critical tasks more efficiently. “We built these features to give our customers greater clarity, faster response and more confidence in their daily security work,” said Matthew Warner, CEO … More →

The post Blumira simplifies compliance reporting for IT teams and MSPs appeared first on Help Net Security.

A sophisticated zero-click attack methodology called RenderShock that exploits passive file preview and indexing behaviors in modern operating systems to execute malicious payloads without requiring any user interaction.  Unlike traditional phishing campaigns that rely on users clicking malicious links or opening infected attachments, RenderShock leverages built-in system automation features to achieve compromise through legitimate background […]

The post RenderShock 0-Click Vulnerability Executes Payloads via Background Process Without User Interaction appeared first on Cyber Security News.