thecyberexpress

Microsoft Security Lapse Exposed Sensitive Credentials and Internal Resources of Employees

The compromised internal Azure server seemed to be associated with the functioning of the Bing search engine and had been used to store scripts, configuration & code containing sensitive data such as ...
thecyberexpress

GhostBat RAT Returns with Fake RTO Apps Targeting Indian Android Users with Telegram Bot-Driven Malware

A new trend of Android malware is sweeping across India, leveraging the guise of Regional Transport Office (RTO) apps to steal financial data, mine cryptocurrency, and exfiltrate SMS messages, all ...
thecyberexpress

Patch Tuesday October 2025: Three Zero-days Under Attack

Microsoft’s Patch Tuesday October 2025 included fixes for 175 vulnerabilities, including three exploited zero-days and 13 additional high-risk vulnerabilities. The three zero-days under attack were ...
thecyberexpress

Kearney Public Schools Hit by Cyberattack, Network and Phones Down Ahead of Monday Classes

Kearney Public Schools (KPS) is fighting with a cybersecurity incident that has disrupted its entire technology network, affecting phones, computers, and other digital systems across the district. The ...
thecyberexpress

China Alleges NSA Cyberattack on National Time Service Center

China claims it has “irrefutable evidence” that the U.S. National Security Agency (NSA) launched a two-year cyberattack campaign on China’s National Time Service Center (NTSC). In a WeChat post, China ...
thecyberexpress

Capita Ransomware Fine: ICO Hits UK Outsourcing Giant with Record £14 Million Penaltyc

Capita has been handed a record ransomware fine of £14 million by the Information Commissioner’s Office (ICO) after a 2023 cyberattack exposed the personal data of 6.6 million people. The Capita ...
thecyberexpress

North Korean Hackers Deploy “Drone” Malware in Targeting of European UAV Manufacturers

The name said it all: DroneEXEHijackingLoader.dll. That internal file name, buried in malicious code delivered to three European defense contractors, revealed what security researchers now believe ...
thecyberexpress

CISA Adds Microsoft, Apple and Oracle Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five CVEs to its Known Exploited Vulnerabilities (KEV) catalog today, including Microsoft, Apple and Oracle vulnerabilities. CISA ...
thecyberexpress

Why the Netherlands Invoked Emergency Powers Over Chinese Chipmaker Nexperia

The Dutch government has invoked the Goods Availability Act (Wet Beschikbaarheid Goederen) to assert control over decisions made by Chinese-owned semiconductor firm Nexperia, citing risks to national ...
thecyberexpress

Vidar Stealer 2.0 Boosts Infostealer’s Credential Theft and Evasion Capabilities

Vidar Stealer 2.0 has been released, and the updated infostealer claims to offer improved performance with advanced credential stealing and evasion abilities, features that will necessitate even ...
thecyberexpress

Microsoft Disrupts Vanilla Tempest Campaign Using Fraudulent Code-Signing Certificates

Microsoft said it disrupted a high-volume campaign in October after discovering a coordinated effort by the ransomware group known as Vanilla Tempest to weaponize fraudulently signed installers that ...
thecyberexpress

SessionReaper Exploits Erupt as Magento Sites Lag on Patching

Six weeks after Adobe shipped an emergency fix, attackers have begun weaponizing SessionReaper — and most Magento stores still stand exposed. Security firm Sansec’s forensics team said it blocked ...