Lemon Web Solutions

E-Commerce Fraud In Malaysia Nearly Doubles: Why Online Shoppers Need To Be More Alert Than Ever

Cybersecurity | 11 November 2025

Online shopping has become second nature to Malaysians, especially with the convenience, speed and sheer variety that digital marketplaces offer. But behind the convenience lies a growing threat. According to the Commercial Crime Investigation Department (CCID) of PDRM, e-commerce fraud is not just rising; it is accelerating at an alarming pace. Their latest report paints a worrying picture, showing just how quickly cybercriminals are adapting and exploiting online shoppers.

Ransomware Is Evolving Fast — Here’s How Wazuh Helps You Fight Back

Cybersecurity | 10 November 2025

Ransomware has grown from a nuisance into one of the most destructive forms of cybercrime today. Whether you're running a small clinic, a multinational company, or even just a personal PC, ransomware doesn't discriminate. One wrong click on a phishing link, one outdated system, or one compromised vendor can lock you out of your own data and bring operations to a standstill.

What Are Windows 10 Extended Security Updates (ESU)?

Cybersecurity | 10 November 2025

Even though general support has ended, Microsoft is offering a lifeline for those who need more time before moving to Windows 11 or refreshing their hardware. ESU gives you one extra year of critical security updates, lasting until October 13, 2026.

Meta Under Pressure: Malaysia Demands Answers Over Alarming Report on Scam and Gambling Ads

Cybersecurity | 08 November 2025

A new report by Reuters has raised serious concerns about Meta's advertising ecosystem, and Malaysia wants answers. Communications Minister Fahmi Fadzil has described the findings as "very worrying" and "explosive," prompting the government to initiate a formal inquiry into the social media giant's alleged profits from unlawful advertisements.

42 Million Downloads Later: The Hidden Epidemic of Malicious Android Apps on Google Play

Cybersecurity | 06 November 2025

Despite Google's ongoing security efforts, malware continues to slip through the cracks of Google Play, reaching millions of unsuspecting users worldwide. According to the latest Zscaler ThreatLabz 2025 report, more than 239 malicious Android apps were discovered on the official Play Store between June 2024 and May 2025, amassing a staggering 42 million downloads in total.

Android Users on Alert: Critical “Zero-Click” Flaw Could Let Hackers Take Over Your Phone

Cybersecurity | 06 November 2025

A new security bulletin from Google has revealed one of the most alarming Android vulnerabilities in recent years — a "zero-click" flaw so severe that hackers could take control of your device without you doing anything at all.

Microsoft Fixes Critical Windows Driver Flaw Allowing Privilege Escalation

Cybersecurity | 03 November 2025

Microsoft has patched a serious security vulnerability in its Windows Cloud Files Minifilter driver, closing a loophole that could let attackers gain SYSTEM-level privileges on affected devices. The flaw, tracked as CVE-2025-55680, carries a CVSS 3.1 score of 7.8, marking it as a high-severity threat. While not yet widely exploited, researchers believe it's "exploitation more likely," meaning attackers could easily weaponize it.

Google Dismisses Reports of a Massive Gmail Breach — What Really Happened

Cybersecurity | 29 October 2025

When rumors start circulating about millions of Gmail accounts being compromised, it's easy for panic to set in. Over the past few days, several online posts and forums have suggested that a huge trove of Gmail passwords had leaked — but according to Google, those claims are completely unfounded.

Critical Microsoft WSUS Flaw Exploited in the Wild: What You Need to Know

Cybersecurity | 28 October 2025

When Microsoft releases an urgent patch, it's usually serious—but this time, it's critical. A newly discovered flaw in Windows Server Update Services (WSUS) has sent ripples across the cybersecurity world. The vulnerability, officially tagged CVE-2025-59287, allows attackers to remotely execute code on unpatched systems—without any user interaction. In short, it's a hacker's dream and an admin's nightmare.

Introducing the Second Edition of “Online Safety IRL: Scam Edition”

Cybersecurity | 27 October 2025

The Ministry of Communications Malaysia (Kementerian Komunikasi) has officially launched the second chapter of its "Online Safety IRL" fellowship programme—this time titled the Scam Edition. The initiative is driven in collaboration with CelcomDigi Berhad (CelcomDigi), Meta Platforms, Inc. (Meta) and Ratio:Cause, and media partner Tonton. The focus? Tackling the evolving online-scam threat landscape—especially those scams enhanced by artificial intelligence.

Decoding Malicious PDFs: How Proofpoint’s New Tool Is Changing the Game

Cybersecurity | 26 October 2025

PDFs have long been one of the most trusted document formats in the world — widely used for invoices, reports, contracts, and even resumes. But in the cybersecurity world, that same trust has made PDFs a perfect disguise for malicious intent. Cybercriminals know that people rarely suspect a simple PDF attachment, and that's exactly why it has become a popular weapon in phishing and malware campaigns.

Malaysia Tightens the Net on Dark Web Sales of Personal Data

Cybersecurity | 24 October 2025

As cases of leaked personal data continue to spark outrage among Malaysians, the government is finally drawing a harder line against those profiting from citizens' stolen information online. The Digital Ministry, led by Gobind Singh Deo, is stepping up efforts to stop the sale and exchange of personal data across the dark web and shady online platforms.

A Critical ASP.NET Flaw Exposes Web Apps to Remote Security Bypass Attacks

Cybersecurity | 23 October 2025

Microsoft has issued a serious warning for developers using ASP.NET Core — a popular framework powering countless web applications worldwide. A newly discovered flaw, tagged CVE-2025-55315, could allow attackers to bypass key security mechanisms remotely, posing a severe risk to enterprise environments.

Critical Zero-Day in Windows Remote Access Connection Manager (RasMan) Actively Exploited

Cybersecurity | 17 October 2025

Microsoft has recently confirmed a critical zero-day vulnerability affecting the Windows Remote Access Connection Manager (RasMan) service. The flaw, tracked as CVE-2025-59230, poses a serious risk to enterprise systems, enabling attackers to escalate privileges from low-level user accounts to full SYSTEM-level access. Security researchers have verified that this exploit is already being actively used in the wild, prompting urgent calls for immediate patching.

Microsoft Warns of AI-Enhanced Phishing Campaign That Outsmarted Traditional Defenses

Cybersecurity | 15 October 2025

Microsoft has raised alarms over a recent phishing campaign that cleverly used AI technology to conceal its malicious code and slip past email security filters. According to the company, the attackers appeared to have harnessed a large language model (LLM) to generate complex, machine-crafted code that mimicked legitimate business content.

LEMON BLOG