Latest Cyber News

Gamers Playing Call of Duty Hacked - RCE Exploited Let Players Hack Other Players’ PCs - Call of Duty: WWII has been pulled offline after reports of a serious remote code execution vulnerability that allowed malicious players to take complete control of other gamers’ computers during live multiplayer matches. The recommended steps ...
4 minutes ago Cybersecuritynews.com
Atomic macOS infostealer adds backdoor for persistent attacks - Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as 'AMOS') that comes with a backdoor, to attackers persistent access to compromised systems. The analyzed version of the malware comes with an embedded ...
18 minutes ago Bleepingcomputer.com
Beware of Bert: New ransomware group targets healthcare, tech firms | The Record from Recorded Future News - A new ransomware group has been breaching organizations across Asia, Europe, and the U.S., with victims reported in the healthcare, technology and event services sectors, researchers have found. The researchers also noted that Bert may have ...
35 minutes ago Therecord.media
Parrot OS 6.4 Released With Update For Popular Penetration Testing Tools - This latest version brings substantial updates to core security tools, including Metasploit Framework 6.4.71, Sliver C2 framework, Caido web security toolkit, and PowerShell Empire 6.1.2, positioning itself as an essential platform for ethical ...
1 hour ago Cybersecuritynews.com
IT Gain Ingram Micro Internal Systems Hit by Ransomware Attack - The ransomware attack appears to have targeted the company’s internal operational systems, potentially including enterprise resource planning (ERP) platforms, customer relationship management (CRM) databases, and supply chain management ...
1 hour ago Cybersecuritynews.com
Qantas is being extorted in recent data-theft cyberattack - The Qantas breach is part of attacks targeting the aviation sector by threat actors linked to Scattered Spider. These threat actors are skilled at social engineering attacks used to gain initial access to corporate networks, commonly by tricking help ...
1 hour ago Bleepingcomputer.com Scattered Spider
'Batavia' Windows spyware campaign targets dozens of Russian orgs - Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. A previously undocumented spyware ...
1 hour ago Bleepingcomputer.com
IT company Ingram Micro says ransomware targeted internal systems | The Record from Recorded Future News - Cybersecurity expert Rebecca Moody said her team at research firm Comparitech has tracked 238 attacks by the SafePay group, including recent incidents affecting government technology contractor Conduent and British tech company Microlise. The company ...
2 hours ago Therecord.media
NordDragonScan Attacking Windows Users to Steal Login Credentials - Beyond individual system compromise, NordDragonScan poses broader network security risks through its network scanning capabilities. Once installed, NordDragonScan demonstrates extensive data collection capabilities that pose significant risks to ...
2 hours ago Cybersecuritynews.com
New Slopsquatting Attack Leverage Coding Agents Workflows to Deliver Malware - Researchers have identified a sophisticated new supply-chain threat targeting AI-powered development workflows, where malicious actors exploit coding agents‘ tendency to “hallucinate” non-existent package names to distribute ...
2 hours ago Cybersecuritynews.com
Hackers abuse leaked Shellter red team tool to deploy infostealers - Shellter Project, the vendor of a commercial AV/EDR evasion loader for penetration testing, confirmed that hackers used its Shellter Elite product in attacks after a customer leaked a copy of the software. In a report on July 3rd, Elastic Security ...
3 hours ago Bleepingcomputer.com
Microsoft to Remove PowerShell 2.0 From Windows 11 Following Architectural and Security Vulnerabilities - PowerShell 2.0, originally released with Windows 7, has been identified as a significant attack vector due to its lack of modern security features, including script block logging, constrained language mode, and Anti-Malware Scan Interface (AMSI) ...
4 hours ago Cybersecuritynews.com
BladedFeline Using Whisper and PrimeCache to Compromise IIS & Microsoft Exchange servers - Whisper’s operational workflow involves seven distinct steps: gaining access to compromised email accounts, establishing inbox rules for command processing, sending periodic check-in messages, fetching encrypted operator commands from email ...
4 hours ago Cybersecuritynews.com OilRig APT3
Comodo Internet Security 2025 Vulnerabilities Execute Remote Code With SYSTEM Privilege - Multiple critical vulnerabilities in Comodo Internet Security Premium 2025 allow attackers to execute remote code with SYSTEM privileges, completely compromising victim systems through malicious update packages. Despite using HTTPS connections to for ...
4 hours ago Cybersecuritynews.com CVE-2025-7095
Windows Update Gets Smarter: New Interface Puts Users in Control of Security Notifications - This latest update transforms how Windows communicates potential security risks by implementing proactive alerts that respect user preferences while maintaining essential security awareness. These notifications utilize advanced detection mechanisms ...
4 hours ago Cybersecuritynews.com
RingReaper - New Linux EDR Evasion Tool Using io_uring Kernel Feature - This advanced red team tool demonstrates how attackers can exploit high-performance asynchronous I/O operations to conduct stealthy operations while remaining undetected by traditional security monitoring mechanisms. A sophisticated new Linux evasion ...
6 hours ago Cybersecuritynews.com
1000+ New Fake Domains Mimic Amazon Prime Day Registered to Hunt Online Shoppers - These attacks range from fake calls and phishing emails to malicious links and spoofed websites, all designed to trick shoppers into revealing sensitive account information or making fraudulent payments. During Amazon’s Big Spring Sale in March ...
7 hours ago Cybersecuritynews.com
Linux Boot Vulnerability Allows Bypass of Secure Boot Protections on Modern Linux Systems - The attack exploits debug shells accessible during boot failures, enabling persistent malware injection that survives system reboots and maintains access even after users enter correct passwords for encrypted partitions. Attackers with physical ...
7 hours ago Cybersecuritynews.com
Threat Actors Abusing Signed Drivers to Launch Modern Kernel Level Attacks on Windows - A comprehensive investigation by cybersecurity researchers has uncovered how threat actors are systematically abusing Microsoft’s Windows Hardware Compatibility Program (WHCP) and Extended Validation (EV) certificates to legitimize malicious ...
8 hours ago Cybersecuritynews.com
10 Best Vulnerability Management Tools - 2025 - Its integration with other Tenable products and third-party tools enables a unified approach to vulnerability management, ensuring that security teams can quickly identify, prioritize, and remediate risks across their entire infrastructure. ...
8 hours ago Cybersecuritynews.com
8 New Malicious Firefox Extensions Steal OAuth Tokens, Passwords, and Spy on Users - Security researchers from the Socket Threat Research Team have uncovered a sophisticated network of eight malicious Firefox browser extensions that actively steal OAuth tokens, passwords, and spy on users through deceptive tactics. The investigation ...
9 hours ago Cybersecuritynews.com
ScriptCase Vulnerabilities Let Attackers Execute Remote Code and Gain Server Access - The vulnerabilities, tracked as CVE-2025-47227 and CVE-2025-47228, affect version 1.0.003-build-2 of the Production Environment module included in ScriptCase version 9.12.006 (23), with previous versions likely vulnerable as well. The exploit ...
9 hours ago Cybersecuritynews.com CVE-2025-47227
NightEagle APT Attacking Industrial Systems by Exploiting 0-Days and With Adaptive Malware - The group has demonstrated exceptional capabilities in exploiting unknown Exchange vulnerabilities and deploying adaptive malware to steal sensitive intelligence from high-tech companies, chip semiconductor manufacturers, quantum technology firms, ...
10 hours ago Cybersecuritynews.com
APT36 Attacking BOSS Linux Systems With Weaponized ZIP Files to Steal Sensitive Data - Data collection capabilities include the “github.com/kbinani/screenshot” library for desktop capture and main.sendResponse function for exfiltrating various data types, including files, command outputs, and system information. The ...
11 hours ago Cybersecuritynews.com
PoC Released for Linux Privilege Escalation Vulnerability via udisksd and libblockdev - The vulnerability, designated CVE-2025-6019, allows unprivileged users to gain root access through exploitation of the udisksd daemon and its backend library libblockdev, creating significant security risks for multi-user systems and shared ...
15 hours ago Cybersecuritynews.com CVE-2025-6019
OpenAI says GPT-5 will unify breakthroughs from different models - OpenAI has again confirmed that it will unify multiple models into one and create GPT-5, which is expected to ship sometime in the summer. "GPT-5 is our next foundational model that is meant to just make everything our models can currently do better ...
18 hours ago Bleepingcomputer.com
Hands on with Windows 11 Notepad's new markdown support - While it's lightweight, and I can confirm Notepad doesn't use excessive CPU or memory at any point when formatting, you can always clear all formatting or turn off the feature from Settings. Notepad now lets you use markdown text formatting on ...
18 hours ago Bleepingcomputer.com
ChatGPT is testing disruptive Study Together feature - OpenAI's "Study together" mode has been spotted in the wild, and it could help students prepare for exams directly from ChatGPT. The Study together mode, which doesn't work right now, might allow students to either invite their friends to study on ...
19 hours ago Bleepingcomputer.com
Ingram Micro outage caused by SafePay ransomware attack - An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned. Systems that are impacted in many locations include the company's AI-powered Xvantage ...
2 days ago Bleepingcomputer.com
"CitrixBleed 2" Vulnerability PoC Released - Warns of Potential Widespread Exploitation - A new critical vulnerability in Citrix NetScaler devices has security experts warning of potential widespread exploitation, drawing alarming parallels to the devastating “CitrixBleed” attacks that plagued organizations in 2023. The ...
2 days ago Cybersecuritynews.com CVE-2025-5777
Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure - The simultaneous arrests in the Kemerovo and Tomsk regions exposed a sophisticated cyber espionage network targeting Russia’s governmental, industrial, and financial information systems. Former FSB official Alexander Belyaev noted that ...
2 days ago Cybersecuritynews.com
Threat Actors Turning Job Offers Into Traps, Over $264 Million Lost in 2024 Alone - These malicious campaigns, known as “task scams,” represent a rapidly evolving threat landscape where fraudsters weaponize legitimate job-seeking behavior to extract cryptocurrency payments from unsuspecting victims through carefully ...
2 days ago Cybersecuritynews.com
Instagram Started Using 1-Week Validity TLS certificates and Changes Them Daily - Instagram has adopted an unprecedented approach to web security by implementing daily rotation of TLS certificates that maintain validity periods of just one week, according to a recent technical analysis. Traditional certificate management relies on ...
2 days ago Cybersecuritynews.com
Writable File in Lenovo’s Windows Directory Enables a Stealthy AppLocker Bypass - The issue affects all variants of Lenovo machines running default Windows installations and poses serious implications for enterprise security environments. This configuration creates a critical security gap in environments where AppLocker default ...
2 days ago Cybersecuritynews.com
New Phishing Attack Impersonates as DWP Attacking Users to Steal Credit Card Data - Since late May, a #phishing campaign impersonating @DWPgovuk has been circulating via SMS using shortened links leading to fake government websites, peaking in the second half of June. The researchers noted that the campaign utilizes shortened URLs ...
2 days ago Cybersecuritynews.com
XWorm - The Most Active RAT Uses New Stagers and Loaders to Bypass Defenses - This sophisticated malware has evolved far beyond traditional RAT capabilities, incorporating advanced features including keylogging, remote desktop access, data exfiltration, and command execution that make it particularly attractive to threat ...
2 days ago Cybersecuritynews.com LockBit
Threat Actors Abused AV - EDR Evasion Framework In-The-Wild to Deploy Malware Payloads - Cybersecurity researchers have uncovered a concerning development as malicious actors began exploiting SHELLTER, a commercial anti-virus and endpoint detection response (EDR) evasion framework, to deploy sophisticated malware payloads. The commercial ...
2 days ago Cybersecuritynews.com
Scattered Spider Upgraded Their Tactics to Abuse Legitimate Tools to Evade Detection and Maintain Persistence - Rapid7 analysts identified a novel persistence mechanism during recent incident investigations, revealing the group’s adoption of Teleport, an infrastructure access platform not previously associated with Scattered Spider operations. The ...
2 days ago Cybersecuritynews.com Scattered Spider
Hackers Exploit Legitimate Inno Setup Installer to Use as a Malware Delivery Vehicle - By leveraging legitimate frameworks like Inno Setup, attackers can distribute malware through various channels including phishing campaigns, compromised software repositories, and malicious advertisements without triggering immediate suspicion from ...
2 days ago Cybersecuritynews.com
Researchers Uncover New Technique to Exploit Azure Arc for Hybrid Escalation in Enterprise Environment and Maintain Persistence - IBM analysts identified multiple deployment vectors that introduce security vulnerabilities, including PowerShell scripts with embedded secrets, misconfigured System Center Configuration Manager (SCCM) deployments, and Group Policy Objects (GPOs) ...
2 days ago Cybersecuritynews.com
Hackers Exploiting Java Debug Wire Protocol Servers in Wild to Deploy Cryptomining Payload - A new wave of cyberattacks is targeting organizations that inadvertently expose Java Debug Wire Protocol (JDWP) servers to the internet, with attackers leveraging this overlooked entry point to deploy sophisticated cryptomining malware. Once a target ...
2 days ago Cybersecuritynews.com
Next.js Cache Poisoning Vulnerability Let Attackers Trigger DoS Condition - For the vulnerability to be exploitable, three critical conditions must be met simultaneously: deployment of an affected Next.js version (>=15.1.0 <15.1.8), utilization of Incremental Static Regeneration (ISR) with cache revalidation in ...
2 days ago Cybersecuritynews.com
Google's AI video maker Veo 3 is now available via $20 Gemini - Google says Veo 3, which is the company's state-of-the-art video generator, is now shipping to everyone using the Gemini app with a $20 subscription. Once done, open the Gemini app or Gemini.google.com, and select video. Google says you'll get 3 ...
2 days ago Bleepingcomputer.com
ChatGPT Deep Research tests new connectors for more context - ChatGPT Deep Research, which is an AI research tool to automate research, is getting support for new connectors (integrations), including Slack. Once integrated, ChatGPT can crawl your Slack messages and use them in the context of research. In ...
2 days ago Bleepingcomputer.com
Ingram Micro suffers global outage as internal systems inaccessible - IT giant Ingram Micro is experiencing a global outage that is impacting its websites and internal systems, with customers concerned that it may be a cyberattack after the company remains silent on the cause of the issues. Ingram Micro customers ...
3 days ago Bleepingcomputer.com
Hacker leaks Telefónica data allegedly stolen in a new breach - A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge. The hacker claiming responsibility for the attack is known as "Rey" and is a ...
3 days ago Bleepingcomputer.com
Critical HIKVISION ApplyCT Vulnerability Exposes Devices to Code Execution Attacks - Organizations using affected HIKVISION applyCT systems face risks of data breaches, service disruptions, and potential compromise of their entire security infrastructure. Assigned CVE-2025-34067 with a maximum CVSS score of 10.0, this vulnerability ...
3 days ago Cybersecuritynews.com CVE-2025-34067
Estonia’s cyber ambassador on digitalization, punching upwards and outing GRU spies | The Record from Recorded Future News - Well, UNIDIR [the United Nations Institute for Disarmament Research] has been doing some capacity building with some countries, and been doing in a smaller scale, but we saw that there's a need, really, to bring in people from all around the ...
3 days ago Therecord.media
Multiple PHP Vulnerabilities Allow SQL Injection & DoS Attacks - Update Now - This missing error checking could result in SQL injection vulnerabilities and application crashes due to null pointer dereferences. The flaw manifests when a SoapVar instance is created with a fully qualified name exceeding 2GB in size, triggering a ...
3 days ago Cybersecuritynews.com
Massive Android Ad Fraud 'IconAds' Leverages Google Play to Attack Phone Users - Cyber Security News - A sophisticated mobile ad fraud operation dubbed “IconAds” has infiltrated Android devices worldwide through 352 malicious applications distributed via Google Play Store, generating up to 1.2 billion fraudulent bid requests daily at its ...
3 days ago Cybersecuritynews.com
New Sophisticated Attack Bypasses Content Security Policy Using HTML-Injection Technique - A sophisticated technique to bypass Content Security Policy (CSP) protections using a combination of HTML injection and browser cache manipulation. This research demonstrates how attackers can circumvent one of the web’s most important security ...
3 days ago Cybersecuritynews.com
Microsoft Investigating Forms Service Issue Not Accessible for Users - Microsoft is currently investigating a significant service disruption affecting Microsoft Forms, leaving numerous users unable to access the popular online survey and quiz platform. The company stated, “We’re investigating an issue where ...
3 days ago Cybersecuritynews.com
New "123 | Stealer" Advertised on Underground Hacking Forums for $120 Per Month - The threat actor claims the stealer can also perform process grabbing and file grabbing operations, making it a versatile tool for data theft operations. This malware-as-a-service (MaaS) offering represents the latest evolution in information stealer ...
3 days ago Cybersecuritynews.com
Hackers use Fake Cloudflare Verification Screen to Trick Users into Executing Malware - This attack method leverages the trusted appearance of legitimate web security services to deceive victims into executing malicious code on their systems, exploiting inherent trust in established security providers. The malware campaign employs a ...
3 days ago Cybersecuritynews.com
Massive Spike in Password Attacks Targeting Cisco ASA VPN Followed by Microsoft 365 - A dramatic surge in password spray attacks targeting enterprise infrastructure, with Cisco ASA VPN systems experiencing an unprecedented 399% increase in attacks during Q1 2025, while Microsoft 365 authentication services saw a 21% rise in similar ...
3 days ago Cybersecuritynews.com
New Hpingbot Abusing Pastebin for Payload Delivery and Hping3 Tool to Launch DDoS Attacks - What makes this botnet particularly concerning is its dual-purpose design—while capable of launching various DDoS attack vectors, its primary value appears to lie in its ability to download and execute arbitrary payloads, positioning it as a ...
3 days ago Cybersecuritynews.com
Azure API Vulnerabilities Leak VPN Keys and Built-In Roles Allow Over-Privileged Access - Roles such as “Managed Applications Reader,” “Log Analytics Reader,” and “Monitoring Reader” mislead administrators into believing they provide narrow, service-specific access when they actually grant comprehensive ...
3 days ago Cybersecuritynews.com
Google open-sources privacy tech for age verification - Help Net Security - The technology could support a range of use cases, such as restricting minors’ access to adult content or verifying eligibility for age-specific services. The release also comes as regulators around the world are pushing for stronger online age ...
3 days ago Helpnetsecurity.com
Leaks hint at Operator-like tool in ChatGPT ahead of GPT-5 launch - As spotted by Tibor on X, the Android beta has strings like “click,” “drag,” “type,” and even “terminal feed,” which seem to suggest that ChatGPT could soon call a remote browser or sandboxed ...
3 days ago Bleepingcomputer.com
Leaks hints at Operator-like tool in ChatGPT ahead of GPT-5 launch - As spotted by Tibor on X, the Android beta has strings like “click,” “drag,” “type,” and even “terminal feed,” which seem to suggest that ChatGPT could soon call a remote browser or sandboxed ...
3 days ago Bleepingcomputer.com
xAI prepares Grok 4 Code as it plans to take on Claude and Gemini - xAI is planning to release Grok 4 without Vision and Image support after Independence Day in the United States of America. xAI is preparing the rollout of Grok 4, which replaces Grok 3 as the new state-of-the-art model. One of the models is ...
3 days ago Bleepingcomputer.com
Virginia county says April ransomware attack exposed employee SSNs | The Record from Recorded Future News - Government employees working for the county of Gloucester in Virginia had Social Security numbers and other sensitive data stolen during a ransomware attack in April. The county sent 3,527 current and former employees notices this week warning that ...
4 days ago Therecord.media Blacksuit
Police dismantles investment fraud ring stealing €10 million - “They persuaded their victims to make fake investments through a network of fake advisors and experts, manipulated websites, and telephone call centers,” the police says. In organized operations like the one dismantled by the Spanish ...
4 days ago Bleepingcomputer.com
Threat Actors Widely Abuse .COM TLD to Host Credential Phishing Website - Cofense researchers identified that threat actors utilizing .COM domains demonstrate remarkable consistency in their targeting preferences, with Microsoft-related services representing the overwhelming majority of spoofed brands in credential ...
4 days ago Cybersecuritynews.com
Citrix Warns Authentication Failures Following The Update of NetScaler to Fix Auth Vulnerability - The authentication failures manifest as broken login pages and complete inability to access NetScaler Gateway portals, particularly affecting environments utilizing DUO configurations based on RADIUS authentication, SAML implementations, and custom ...
4 days ago Cybersecuritynews.com
Grafana releases critical security update for Image Renderer plugin - Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. The Synthetic Monitoring Agent is part of Grafana Cloud's Synthetic Monitoring, used by ...
4 days ago Bleepingcomputer.com
Apache Tomcat and Camel Vulnerabilities Actively Exploited in The Wild - Critical vulnerabilities in Apache Tomcat and Apache Camel are being actively exploited by cybercriminals worldwide, with security researchers documenting over 125,000 attack attempts across more than 70 countries since their disclosure in March ...
4 days ago Cybersecuritynews.com CVE-2025-24813
IdeaLab confirms data stolen in ransomware attack last year - Earlier today, the threat actor announced that they're shutting down Hunters International and deleted all company entries and files from its extortion portal. The hackers offered to share free decryption keys for all their victims. In the ...
4 days ago Bleepingcomputer.com Cuba Hunters
Two new pro-Russian hacktivist groups target Ukraine, recruit insiders | The Record from Recorded Future News - The groups, calling themselves IT Army of Russia and TwoNet, use the Telegram messaging app to coordinate operations, recruit insiders and collect information about targets in Ukraine, according to a new report by cybersecurity firm Intel 471. Other ...
4 days ago Therecord.media
Microsoft investigates ongoing SharePoint Online access issues - Microsoft also mitigated a Microsoft 365 incident in April, which caused SharePoint Online users to experience delays or failures during searches, and another one in June when users opening SharePoint Online or OneDrive-hosted files in File Explorer ...
4 days ago Bleepingcomputer.com
Interpol identifies West Africa as potential new hotspot for cybercrime compounds | The Record from Recorded Future News - West Africa could be developing into a hub for scam centers, Interpol says, and other regions also are showing an uptick in such activity, mirroring a cybercrime trend that began in Southeast Asia. In a brief report posted this week, the ...
4 days ago Therecord.media
Microsoft shuts down 3,000 email accounts created by North Korean IT workers | The Record from Recorded Future News - To illustrate the scale of the financial benefits North Korea is achieving through the scheme, prominent cryptocurrency investigator Zachary Wolk, also known as ZachXBT, said a recent investigation found more than $16.5 million in cryptocurrency ...
4 days ago Therecord.media
Microsoft Confirms Error Entry in Windows Firewall With Advanced Security - Microsoft has officially acknowledged a harmless error event appearing in Windows Firewall With Advanced Security logs following the installation of the June 2025 Windows non-security preview update. Users experiencing this error on Windows 11 ...
4 days ago Cybersecuritynews.com
Russia jails man for 16 years over pro-Ukraine cyberattacks on critical infrastructure | The Record from Recorded Future News - The local security service previously told Russian media that the suspect — whose name was not disclosed at the time — used a messenger app to join the Ukrainian cyber forces, which are "overseen by Ukrainian intelligence," in order to ...
4 days ago Therecord.media
Urgent Update: Microsoft Edge Fixes Actively Exploited Chromium Vulnerability - The latest Microsoft Edge Stable Channel Version 138.0.3351.65 incorporates crucial security patches from the Chromium project, including an urgent fix for CVE-2025-6554, which security researchers have confirmed is being exploited in real-world ...
4 days ago Cybersecuritynews.com CVE-2025-6554

Trending Cyber News (last 7 days)

Researchers Uncover New Technique to Exploit Azure Arc for Hybrid Escalation in Enterprise Environment and Maintain Persistence - IBM analysts identified multiple deployment vectors that introduce security vulnerabilities, including PowerShell scripts with embedded secrets, misconfigured System Center Configuration Manager (SCCM) deployments, and Group Policy Objects (GPOs) ...
2 days ago Cybersecuritynews.com
Hackers Exploit Legitimate Inno Setup Installer to Use as a Malware Delivery Vehicle - By leveraging legitimate frameworks like Inno Setup, attackers can distribute malware through various channels including phishing campaigns, compromised software repositories, and malicious advertisements without triggering immediate suspicion from ...
2 days ago Cybersecuritynews.com
Scattered Spider Upgraded Their Tactics to Abuse Legitimate Tools to Evade Detection and Maintain Persistence - Rapid7 analysts identified a novel persistence mechanism during recent incident investigations, revealing the group’s adoption of Teleport, an infrastructure access platform not previously associated with Scattered Spider operations. The ...
2 days ago Cybersecuritynews.com Scattered Spider
Threat Actors Abused AV - EDR Evasion Framework In-The-Wild to Deploy Malware Payloads - Cybersecurity researchers have uncovered a concerning development as malicious actors began exploiting SHELLTER, a commercial anti-virus and endpoint detection response (EDR) evasion framework, to deploy sophisticated malware payloads. The commercial ...
2 days ago Cybersecuritynews.com
Threat Actors Turning Job Offers Into Traps, Over $264 Million Lost in 2024 Alone - These malicious campaigns, known as “task scams,” represent a rapidly evolving threat landscape where fraudsters weaponize legitimate job-seeking behavior to extract cryptocurrency payments from unsuspecting victims through carefully ...
2 days ago Cybersecuritynews.com
Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure - The simultaneous arrests in the Kemerovo and Tomsk regions exposed a sophisticated cyber espionage network targeting Russia’s governmental, industrial, and financial information systems. Former FSB official Alexander Belyaev noted that ...
2 days ago Cybersecuritynews.com
XWorm - The Most Active RAT Uses New Stagers and Loaders to Bypass Defenses - This sophisticated malware has evolved far beyond traditional RAT capabilities, incorporating advanced features including keylogging, remote desktop access, data exfiltration, and command execution that make it particularly attractive to threat ...
2 days ago Cybersecuritynews.com LockBit
New Phishing Attack Impersonates as DWP Attacking Users to Steal Credit Card Data - Since late May, a #phishing campaign impersonating @DWPgovuk has been circulating via SMS using shortened links leading to fake government websites, peaking in the second half of June. The researchers noted that the campaign utilizes shortened URLs ...
2 days ago Cybersecuritynews.com
Instagram Started Using 1-Week Validity TLS certificates and Changes Them Daily - Instagram has adopted an unprecedented approach to web security by implementing daily rotation of TLS certificates that maintain validity periods of just one week, according to a recent technical analysis. Traditional certificate management relies on ...
2 days ago Cybersecuritynews.com
"CitrixBleed 2" Vulnerability PoC Released - Warns of Potential Widespread Exploitation - A new critical vulnerability in Citrix NetScaler devices has security experts warning of potential widespread exploitation, drawing alarming parallels to the devastating “CitrixBleed” attacks that plagued organizations in 2023. The ...
2 days ago Cybersecuritynews.com CVE-2025-5777
Ingram Micro outage caused by SafePay ransomware attack - An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned. Systems that are impacted in many locations include the company's AI-powered Xvantage ...
2 days ago Bleepingcomputer.com
Microsoft Confirms Error Entry in Windows Firewall With Advanced Security - Microsoft has officially acknowledged a harmless error event appearing in Windows Firewall With Advanced Security logs following the installation of the June 2025 Windows non-security preview update. Users experiencing this error on Windows 11 ...
4 days ago Cybersecuritynews.com
Hunters International ransomware shuts down after World Leaks rebrand - ​"Unlike Hunters International, which combined encryption with extortion, World Leaks operates as an extortion-only group using a custom-built exfiltration tool," Group-IB said at the time, adding that the new tool appears to be an upgraded ...
4 days ago Bleepingcomputer.com Hunters
Threat Actors Weaponize PDFs to Impersonate Microsoft, DocuSign, Dropbox and More in Phishing Attack - These attacks have evolved beyond simple email phishing to incorporate telephone-oriented attack delivery (TOAD), also known as callback phishing, where victims receive PDF attachments containing fake invoices or security alerts with embedded phone ...
4 days ago Cybersecuritynews.com
IDE Extensions Like VSCode Let Attackers Bypass Trust Checks and Malware on Developer Machines - A critical security vulnerability has been discovered in popular Integrated Development Environments (IDEs) that allows malicious actors to bypass trust verification systems and execute code on developer machines while maintaining the appearance of ...
4 days ago Cybersecuritynews.com
Linux Sudo chroot Vulnerability Enables Hackers to Elevate Privileges to Root - The vulnerability, tracked as CVE-2025-32463, affects Sudo versions 1.9.14 through 1.9.17 and poses a significant threat to Linux systems running default configurations. The vulnerability affects the default Sudo configuration, making it a widespread ...
6 days ago Cybersecuritynews.com CVE-2025-32463
NimDoor crypto-theft macOS malware revives itself when killed - GoogIe LLC takes over to collect environment data and generate a hex-encoded config file, writing it to a temp path. It sets up a macOS LaunchAgent (com.google.update.plist) for persistence, which re-launches GoogIe LLC at login and stores ...
4 days ago Bleepingcomputer.com
Two new pro-Russian hacktivist groups target Ukraine, recruit insiders | The Record from Recorded Future News - The groups, calling themselves IT Army of Russia and TwoNet, use the Telegram messaging app to coordinate operations, recruit insiders and collect information about targets in Ukraine, according to a new report by cybersecurity firm Intel 471. Other ...
4 days ago Therecord.media
FileFix Attack Exploits Windows Browser Features to Bypass Mark-of-the-Web Protection - When users save webpages using Ctrl+S with “Webpage, Single File” or “Webpage, Complete” formats selected, files with HTML or XHTML+XML MIME types are saved without MOTW protection, the Windows security feature that warns ...
5 days ago Cybersecuritynews.com Rocke
Pro-Russian Hackers Making New Alliances to Launch High-Profile Attacks - These groups have also demonstrated capabilities in targeting operational technology environments, successfully manipulating water treatment facility control systems and forcing critical infrastructure to manual operation modes, highlighting the ...
4 days ago Cybersecuritynews.com
Microsoft to Remove PowerShell 2.0 From Windows 11 Following Architectural and Security Vulnerabilities - PowerShell 2.0, originally released with Windows 7, has been identified as a significant attack vector due to its lack of modern security features, including script block logging, constrained language mode, and Anti-Malware Scan Interface (AMSI) ...
4 hours ago Cybersecuritynews.com
Ransomware gang attacks German charity that feeds starving children | The Record from Recorded Future News - A spokesperson confirmed to Recorded Future News that WHH had been targeted by a ransomware-as-a-service (RaaS) group which recently listed the charity on its darknet leak site. Deutsche Welthungerhilfe (WHH), the German charity that aims to develop ...
5 days ago Therecord.media
13-Year-Old Dylan - Youngest Security Researcher Collaborates with Microsoft Security Response Center - Masquerading as a harmless Microsoft Teams plug-in, the threat weaponized legitimate meeting invitations to sideload a multi-stage loader that siphoned Azure AD refresh tokens and session cookies. Cyber Security News is a Dedicated News Platform For ...
4 days ago Cybersecuritynews.com
Cisco warns that Unified CM has hardcoded root SSH credentials - "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root ...
5 days ago Bleepingcomputer.com CVE-2025-20309
Russia jails man for 16 years over pro-Ukraine cyberattacks on critical infrastructure | The Record from Recorded Future News - The local security service previously told Russian media that the suspect — whose name was not disclosed at the time — used a messenger app to join the Ukrainian cyber forces, which are "overseen by Ukrainian intelligence," in order to ...
4 days ago Therecord.media
Hacker leaks Telefónica data allegedly stolen in a new breach - A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge. The hacker claiming responsibility for the attack is known as "Rey" and is a ...
3 days ago Bleepingcomputer.com
New FileFix attack runs JScript while bypassing Windows MoTW alerts - The technique, was devised by security researcher mr.d0x Last week, the researcher showed how the first FileFix method worked as an alternative to 'ClickFix' attacks by tricking users into pasting a disguised PowerShell command into the ...
6 days ago Bleepingcomputer.com
Microsoft Intune Admins Beware! Your Security Baseline Policy Tweaks are not Saved During Updates - The Intune Support Team officially acknowledged this known issue on July 1, 2025, affecting organizations that have implemented custom security configurations differing from Microsoft’s recommended baseline values. Organizations that rely ...
5 days ago Cybersecuritynews.com
IdeaLab confirms data stolen in ransomware attack last year - Earlier today, the threat actor announced that they're shutting down Hunters International and deleted all company entries and files from its extortion portal. The hackers offered to share free decryption keys for all their victims. In the ...
4 days ago Bleepingcomputer.com Cuba Hunters
ChatGPT Deep Research tests new connectors for more context - ChatGPT Deep Research, which is an AI research tool to automate research, is getting support for new connectors (integrations), including Slack. Once integrated, ChatGPT can crawl your Slack messages and use them in the context of research. In ...
2 days ago Bleepingcomputer.com
North Korean Remote IT Workers Added New Tactics and Techniques to Infiltrate Organizations - North Korean state-sponsored remote IT workers have significantly evolved their infiltration tactics, incorporating artificial intelligence tools and sophisticated deception techniques to penetrate organizations worldwide. Microsoft researchers ...
6 days ago Cybersecuritynews.com
Microsoft Teams to Allow Users Adding Agents and Bots With Their Current Conversation - The technology giant will deploy this enhanced agent engagement system to a randomized subset of users across Teams for Windows desktop, Teams for Mac desktop, and Teams for the web as part of an experimental rollout designed to gather user feedback ...
6 days ago Cybersecuritynews.com
AI Crawlers Reshape The Internet With Over 30% of Global Web Traffic - Unlike traditional web crawlers that primarily focused on search engine indexing, these new AI-driven bots serve multiple purposes including content analysis, model training, and real-time information retrieval. The analysis covered over 30 distinct ...
5 days ago Cybersecuritynews.com
Forminator plugin flaw exposes WordPress sites to takeover attacks - When the admin deletes this or when the plugin auto-deletes old submissions (as configured), Forminator wipes the core WordPress file, forcing the website to enter a “setup” stage where it’s vulnerable to takeover. The Forminator ...
5 days ago Bleepingcomputer.com CVE-2025-6463
New macOS Malware Employs Process Injection and Remote Communications to Exfiltrate Keychain Credentials - The malware, designated as NimDoor by security researchers, represents a significant evolution in macOS threats through its use of process injection capabilities and encrypted WebSocket communications to steal sensitive user credentials and financial ...
4 days ago Cybersecuritynews.com
CISA Warns of Chrome 0-day Vulnerability Exploited in Attacks - The vulnerability, designated CVE-2025-6554, affects the Chromium V8 JavaScript engine and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, marking it as a high-priority threat requiring immediate attention from ...
4 days ago Cybersecuritynews.com CVE-2025-6554
Microsoft investigates ongoing SharePoint Online access issues - Microsoft also mitigated a Microsoft 365 incident in April, which caused SharePoint Online users to experience delays or failures during searches, and another one in June when users opening SharePoint Online or OneDrive-hosted files in File Explorer ...
4 days ago Bleepingcomputer.com
Apache Tomcat and Camel Vulnerabilities Actively Exploited in The Wild - Critical vulnerabilities in Apache Tomcat and Apache Camel are being actively exploited by cybercriminals worldwide, with security researchers documenting over 125,000 attack attempts across more than 70 countries since their disclosure in March ...
4 days ago Cybersecuritynews.com CVE-2025-24813
Hackers use Fake Cloudflare Verification Screen to Trick Users into Executing Malware - This attack method leverages the trusted appearance of legitimate web security services to deceive victims into executing malicious code on their systems, exploiting inherent trust in established security providers. The malware campaign employs a ...
3 days ago Cybersecuritynews.com
CVE-2025-38233 - In the Linux kernel, the following vulnerability has been resolved: ...
3 days ago
Hackers Exploiting Java Debug Wire Protocol Servers in Wild to Deploy Cryptomining Payload - A new wave of cyberattacks is targeting organizations that inadvertently expose Java Debug Wire Protocol (JDWP) servers to the internet, with attackers leveraging this overlooked entry point to deploy sophisticated cryptomining malware. Once a target ...
2 days ago Cybersecuritynews.com
Stealthy WordPress Malware Deliver Windows Trojan via PHP Backdoor - Cyber Security News - A sophisticated multi-stage malware campaign has been discovered targeting WordPress websites, employing an intricate infection chain that delivers Windows trojans to unsuspecting visitors while maintaining complete invisibility to standard security ...
6 days ago Cybersecuritynews.com
12-Year-Old Sudo Linux Vulnerability Enables Privilege Escalation to Root User - While the documentation explicitly states that the host option should only work “in conjunction with the -l (–list) option,” the vulnerability allows malicious actors to execute privileged commands by specifying remote host rules ...
4 days ago Cybersecuritynews.com CVE-2025-32462
Interpol identifies West Africa as potential new hotspot for cybercrime compounds | The Record from Recorded Future News - West Africa could be developing into a hub for scam centers, Interpol says, and other regions also are showing an uptick in such activity, mirroring a cybercrime trend that began in Southeast Asia. In a brief report posted this week, the ...
4 days ago Therecord.media
Grafana releases critical security update for Image Renderer plugin - Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. The Synthetic Monitoring Agent is part of Grafana Cloud's Synthetic Monitoring, used by ...
4 days ago Bleepingcomputer.com
Critical HIKVISION ApplyCT Vulnerability Exposes Devices to Code Execution Attacks - Organizations using affected HIKVISION applyCT systems face risks of data breaches, service disruptions, and potential compromise of their entire security infrastructure. Assigned CVE-2025-34067 with a maximum CVSS score of 10.0, this vulnerability ...
3 days ago Cybersecuritynews.com CVE-2025-34067
CVE-2025-36630 - In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. ...
4 days ago
Microsoft asks users to ignore Windows Firewall config errors - "Following installation of the June 2025 Windows non-security preview update (KB5060829), security event logs might include an error event related to Windows Firewall With Advanced Security, which can be safely ignored," the company said on the ...
4 days ago Bleepingcomputer.com
Microsoft Confirms Laying Off 9,000 Employees, Impacting 4% of its Workforce - The company’s global operations infrastructure, including its Software-as-a-Service (SaaS) delivery platforms and Infrastructure-as-a-Service (IaaS) offerings, will undergo optimization to reduce redundancies and improve efficiency metrics. The ...
4 days ago Cybersecuritynews.com
Android Spyware Catwatchful Exposes Credentials of Over 62,000+ Customer Accounts - Despite operating a hybrid architecture using Google’s Firebase platform for storing stolen victim data, Catwatchful maintained a separate MySQL database containing user credentials that lacked basic security protections. A major security ...
4 days ago Cybersecuritynews.com