Author: RedSecNinja

Introduction On August 7, 2025, Apple pushed emergency security updates for its mobile and desktop operating systems after researchers discovered a critical zero‑day vulnerability, tracked as CVE‑2025‑43300, being exploited in the wild【613819609957971†L150-L180】. The flaw resides in the Image I/O framework, which is used to parse and display image files. A malicious image could cause memory…

A neA newly disclosed browser attack shows how even trusted password managers can be tricked into handing over your secrets. Security researchers have uncovered a DOM-based clickjacking technique that hides critical extension prompts behind fake UI elements, allowing attackers to exfiltrate usernames, passwords, and even one-time codes in a single click. This news highlights the…

Background Transparent Tribe (also tracked as APT36, ProjectM, Earth Karkaddan and Mythic Leopard) is a Pakistan‑linked espionage group active since at least 2013. The group typically targets Indian government agencies, defence and aerospace contractors and educational institutions by sending spear‑phishing emails that deliver malicious ZIP/ISO attachments. Transparent Tribe’s operations are wide ranging: they develop both Windows and Linux malware,…

Introduction A new phishing campaign disguised as a Netflix job offer is stealing Facebook accounts from unsuspecting marketing and social media managers. By luring victims with fake employment opportunities, attackers are capturing login credentials in real time and using compromised accounts for advertising fraud. How the Scam Works Attackers begin by sending victims a job…

IntroductionChief information security officers (CISOs) are under increasing scrutiny as high-profile breaches make headlines and regulators demand accountability. According to a recent survey of 1,000 security leaders by Fastly, 93% of organizations have changed their security policies in response to growing concern that CISOs could face personal liability for cyber incidents【955599603953553†L37-L79】. A New Era of…

IntroductionIn March 2025, security researchers disclosed a set of severe firmware vulnerabilities in Dell’s ControlVault3 security chip—collectively dubbed “ReVault.” ControlVault3 is a secure subsystem used in Dell laptops to store encryption keys, biometric templates and other secrets. The newly discovered flaws, tracked as CVE ‑2025‑25050, CVE ‑2025‑25215, CVE ‑2025‑24922, CVE ‑2025‑24311 and CVE ‑2025‑24919, could allow attackers to bypass Windows…

IntroIntroductionSilk Typhoon, also known as Murky Panda, is a Chinese state-linked espionage group that has been targeting North American government agencies, technology firms and other organizations. CrowdStrike and Cybersecurity Dive reported that this threat actor recently exploited multiple zero‑day flaws in Citrix NetScaler and Commvault products to gain access to the cloud environments of software‑as‑a‑service…

Background Transparent Tribe (also tracked as APT36, ProjectM, Earth Karkaddan and Mythic Leopard) is a Pakistan‑linked espionage group active since at least 2013. The group typically targets Indian government agencies, defence and aerospace contractors and educational institutions by sending spear‑phishing emails that deliver malicious ZIP/ISO attachments. Transparent Tribe’s operations are wide ranging: they develop both Windows and Linux malware,…