Threat actor offers 15.8 million PayPal user credentials on cybercrime forum.
Posted inCybersecurity News

Threat actor offers 15.8 million PayPal user credentials on cybercrime forum.

A threat actor operating under the alias "Chucky_BF" has surfaced on a prominent cybercrime forum claiming to possess a massive trove of PayPal user credentials. The cybercriminal is advertising what they describe as the "Global PayPal Credential Dump 2025," containing allegedly 15.8 million email and password combinations from PayPal users worldwide.
Noodlophile infostealer is being distributed through fake copyright and intellectual property infringement notices.
Posted inCybersecurity News

Noodlophile infostealer is being distributed through fake copyright and intellectual property infringement notices.

Cybercriminals are conducting highly targeted spear-phishing campaigns across multiple regions, including the United States, Europe, Baltic countries, and the Asia-Pacific region. The attacks specifically target businesses through personalized emails that create urgency by threatening copyright or intellectual property infringement lawsuits.
Security researcher discloses full authentication bypass exploit for Fortinet’s FortiWeb application firewall.
Posted inCybersecurity News

Security researcher discloses full authentication bypass exploit for Fortinet’s FortiWeb application firewall.

A security researcher has disclosed a critical vulnerability in Fortinet's FortiWeb web application firewall that enables complete authentication bypass, allowing attackers to impersonate any user, including administrators. The flaw, designated CVE-2025-52970 and nicknamed "FortMajeure," represents a significant security concern for organizations relying on FortiWeb for web application protection.
Microsoft has announced two critical security enhancements currently in development for Teams users worldwide.
Posted inCybersecurity News

Microsoft has announced two critical security enhancements currently in development for Teams users worldwide.

The first enhancement introduces sophisticated malicious URL detection capabilities that can identify and warn users about potentially harmful links shared in chats and channels. This real-time protection system provides an additional layer of defense against malware attacks that commonly exploit seemingly innocent web links.
Microsoft August 2025 Security Update Addresses Critical Kerberos Vulnerability Among 111 Total Flaws.
Posted inCybersecurity News

Microsoft August 2025 Security Update Addresses Critical Kerberos Vulnerability Among 111 Total Flaws.

Microsoft's August 2025 Patch Tuesday release represents one of the most comprehensive security updates of the year, addressing 111 security vulnerabilities across the company's software portfolio. This substantial update includes fixes for 107 vulnerabilities in core Windows and Microsoft software products, with an additional 16 vulnerabilities addressed in Microsoft's Chromium-based Edge browser.
A critical vulnerability in HTTP/2 implementations has emerged as a significant threat to web infrastructure worldwide.
Posted inCybersecurity News

A critical vulnerability in HTTP/2 implementations has emerged as a significant threat to web infrastructure worldwide.

This denial-of-service attack exploits fundamental design characteristics of the HTTP/2 protocol, specifically targeting the control frame mechanism to overwhelm server resources. The attack demonstrates how legitimate protocol features can be weaponized to create devastating security implications for organizations relying on HTTP/2-enabled services.
Critical Security Alert: Over 3,000 NetScaler Devices Remain Vulnerable to CitrixBleed 2 Exploit.
Posted inCybersecurity News

Critical Security Alert: Over 3,000 NetScaler Devices Remain Vulnerable to CitrixBleed 2 Exploit.

A significant cybersecurity crisis continues to unfold as over 3,000 Citrix NetScaler devices remain unpatched against a critical vulnerability known as CitrixBleed 2. This alarming situation has prompted urgent warnings from cybersecurity agencies and researchers worldwide, as attackers actively exploit the flaw to gain unauthorized access to corporate and government networks.