Cybersecurity News Aggregator | CyberSecurityBoard

Latest Cyber News

Popular npm linter packages hijacked via phishing to drop malware - On July 18th, developers began noticing unusual behavior after installing versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7 of eslint-config-prettier. These versions were published to the npm registry but had no corresponding changes in the GitHub ...
1 hour ago Bleepingcomputer.com

Snake Keylogger Evades Windows Defender and Scheduled Tasks to Harvest Login Credentials - A sophisticated phishing campaign targeting Turkish defense and aerospace enterprises has emerged, delivering a highly evasive variant of the Snake Keylogger malware through fraudulent emails impersonating TUSAŞ (Turkish Aerospace Industries). ...
1 hour ago Cybersecuritynews.com

ChatGPT"s GPT-5-reasoning-alpha model spotted ahead of launch - GPT-5 might be just a few days or weeks away, as we've spotted references to a new model called gpt-5-reasoning-alpha-2025-07-13. Other researchers have also dropped hints that GPT-5 will combine breakthroughs from all models to create a unified ...
1 hour ago Bleepingcomputer.com

Chinese Threat Actors Using 2,800 Malicious Domains to Deliver Windows-Specific Malware - The final payload employs XOR encryption with the key 0x25 to decode and execute the embedded PE file, demonstrating the campaign’s technical sophistication in evading detection while maintaining operational simplicity for widespread deployment ...
2 hours ago Cybersecuritynews.com

New Veeam Themed Phishing Attack Using Weaponized Wav File to Attack users - The attack represents an evolution in social engineering tactics, combining traditional phishing techniques with audio-based deception to bypass conventional security measures and user awareness training. A sophisticated phishing campaign targeting ...
3 hours ago Cybersecuritynews.com

New CrushFTP 0-Day Vulnerability Exploited in the Wild to Gain Access to Servers - A critical zero-day flaw in the CrushFTP managed file-transfer platform was confirmed after vendor and threat-intelligence sources confirmed active exploitation beginning on 18 July 2025 at 09:00 CST. Shadowserver honeypots began recording ...
4 hours ago Cybersecuritynews.com CVE-2025-31161

New QR Code Attack Via PDFs Evades Detection Systems and Harvest Credentials - A sophisticated phishing campaign dubbed “Scanception” has emerged as a significant threat to enterprise security, leveraging QR codes embedded in PDF attachments to bypass traditional email security measures and harvest user credentials. ...
4 hours ago Cybersecuritynews.com

OpenAI, Anthropic, Google may disrupt education market with new AI tools - "A project for studying your course materials, where Claude helps visualize key concepts, build comprehensive study guides, and tutor you according to your learning needs," the description of the feature reads. As spotted on X, Claude's Study ...
7 hours ago Bleepingcomputer.com

Lumma Infostealer Steal All Data Stored in Browsers and Selling Them in Underground Markets as Logs - Upon extraction, victims encounter a Nullsoft Scriptable Install System (NSIS) installer, typically named setup.exe or set-up.exe, which executes the Lumma payload packed with the CypherIT crypter—a tool designed to obfuscate malware signatures and ...
8 hours ago Cybersecuritynews.com

CISA Warns of Fortinet FortiWeb SQL Injection Vulnerability Exploited in Attacks - “An improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs ...
10 hours ago Cybersecuritynews.com

New CrushFTP zero-day exploited in attacks to hijack servers - The attack occurs via the software's web interface in versions prior to CrushFTP v10.8.5 and CrushFTP v11.3.4_23. It is unclear when these versions were released, but CrushFTP says around July 1st. CrushFTP is warning that threat actors are ...
15 hours ago Bleepingcomputer.com CVE-2025-54309

CrushFTP zero-day exploited in attacks to gain admin access on servers - The attack occurs via the software's web interface in versions prior to CrushFTP v10.8.5 and CrushFTP v11.3.4_23. It is unclear when these versions were released, but CrushFTP says around July 1st. CrushFTP is warning that threat actors are ...
15 hours ago Bleepingcomputer.com CVE-2025-54309

CrushFTP zero-day exploited to gain admin access on servers - CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. The attack occurs via the software's ...
15 hours ago Bleepingcomputer.com CVE-2025-54309

Arch Linux pulls AUR packages that installed Chaos RAT malware - Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices. The AUR is a repository where Arch Linux users can publish package build scripts ...
16 hours ago Bleepingcomputer.com

New ChatGPT o3-alpha model hints at coding upgrade - It also doesn't appear to be o4 because o4 simply doesn't exist as OpenAI plans to combine reasoning and multi-modal with GPT-5. As spotted on X, OpenAI is testing a new "Alpha" variant of the o3 model, which has significant coding-related ...
18 hours ago Bleepingcomputer.com

Japanese police release decryptor for Phobos ransomware after February takedown | The Record from Recorded Future News - The spinoff operation named 8Base ramped up its activity in the summer of 2023 and the group claimed responsibility for high-profile attacks on the United Nations Development Programme and the Atlantic States Marine Fisheries Commission as well as a ...
19 hours ago Therecord.media 8base

Russian alcohol retailer WineLab closes stores after ransomware attack - WineLab, the retail store of the largest alcohol company in Russia, has closed its stores following a cyberattack that is impacting its operations and causing purchase problems to its customers. For instance, in May 2022, Ukrainian hacktivists ...
19 hours ago Bleepingcomputer.com

New Wave of Crypto-Hijacking Infects 3,500+ Websites - With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Once ...
20 hours ago Cybersecuritynews.com

New Phobos ransomware decryptor lets victims recover files for free - The Japanese police have released a Phobos and 8-Base ransomware decryptor that lets victims recover their files for free, with BleepingComputer confirming that it successfully decrypts files. The Japanese police have now released a free decryptor ...
22 hours ago Bleepingcomputer.com 8base

Hackers scanning for TeleMessage Signal clone flaw exposing passwords - When using outdated Spring Boot configurations that do not restrict access to diagnostic endpoints, the flaw lets an attacker download a full Java heap memory dump of approximately 150MB, which may contain plaintext usernames, passwords, tokens, and ...
22 hours ago Bleepingcomputer.com CVE-2025-48927

Fancy Bear Hackers Attacking Governments, Military Entities With New Sophisticated Tools - Their attack chains often begin with weaponized documents containing malicious macros that downgrade security settings and establish persistent backdoor access through malware families including HATVIBE and CHERRYSPY. These attacks leverage ...
23 hours ago Cybersecuritynews.com Fancy Bear APT28

Threat Actors Exploiting Ivanti Connect Secure Vulnerabilities to Deploy Cobalt Strike Beacon - The ongoing attacks demonstrate advanced persistent threat techniques, deploying multiple malware families including MDifyLoader, Cobalt Strike Beacon, vshell, and Fscan to establish long-term access to compromised networks. Following initial ...
1 day ago Cybersecuritynews.com CVE-2025-0282

Sophos Intercept X for Windows Vulnerabilities Enable Arbitrary Code Execution - The registry ACL vulnerability CVE-2024-13972 impacts all Intercept X for Windows installations prior to version 2024.3.2, as well as Fixed Term Support (FTS) 2024.3.2.23.2 and Long Term Support (LTS) 2025.0.1.1.2 releases. Identified as ...
1 day ago Cybersecuritynews.com CVE-2024-13972

Ubiquiti UniFi Devices Vulnerability Allows Attackers to Inject Malicious Commands - According to the official Security advisory, the vulnerability allows malicious actors who have gained access to the UniFi Access management network to inject and execute arbitrary commands on affected devices. A critical security vulnerability ...
1 day ago Cybersecuritynews.com CVE-2025-27212

Threat Actors Weaponizing GitHub Accounts To Host Payloads, Tools and Amadey Malware Plug-Ins - The operation leverages fake GitHub accounts to host an arsenal of malware tools, plugins, and payloads, capitalizing on GitHub’s widespread corporate acceptance to bypass traditional web filtering mechanisms. The researchers discovered that ...
1 day ago Cybersecuritynews.com

Microsoft Defender for Office 365 New Dashboard to Provide More Details Across a Range of Threat Vectors - By exposing granular metrics on features such as Safe Links, Safe Attachments, and Zero-hour Auto Purge, the dashboard empowers CISOs and security architects to make data-driven decisions in an environment where transparency is the new currency of ...
1 day ago Cybersecuritynews.com

Lenovo Protection Driver Vulnerability Let Attackers Escalate Privilege and Execute Arbitrary Code - A buffer overflow vulnerability in Lenovo Protection Driver could allow local attackers with elevated privileges to execute arbitrary code on affected systems. The vulnerability, designated as CVE-2025-4657, affects multiple Lenovo applications and ...
1 day ago Cybersecuritynews.com CVE-2025-4657

Russian Vodka Producer Beluga Hit by Ransomware Attack - The cyberattack, which occurred on July 14, 2025, represents an escalation in cybercriminal activities targeting major beverage companies, forcing the organization to implement emergency response protocols while maintaining its principled stance ...
1 day ago Cybersecuritynews.com

New "Daemon Ex Plist" Vulnerability Gives Attackers Root Access on macOS - The vulnerability, dubbed “Daemon Ex Plist,” exploits weaknesses in how macOS handles service property list (plist) files and has been found to affect multiple popular VPN applications and other software. To address this vulnerability, ...
1 day ago Cybersecuritynews.com

Hackers Launch 11.5 Million Attacks on CitrixBleed 2 - Compromising Over 100 Organizations - Security researcher Kevin Beaumont, who first coined the term “CitrixBleed 2,” reported that attackers have been “carefully selecting victims, profiling NetScaler before attacking to make sure it is a real box”. A massive wave ...
1 day ago Cybersecuritynews.com CVE-2025-5777 Ransomhub

Microsoft Details Scattered Spider TTPs Observed in Recent Attack Chains - Cyber Security News - In mid-2025, a new surge of targeted intrusions, attributed to the threat group known variously as Scattered Spider, Octo Tempest, UNC3944, Muddled Libra, and 0ktapus, began impacting multiple industries. Complicating defenses further, Scattered ...
1 day ago Cybersecuritynews.com Scattered Spider Dragonforce

CISA Releases 3 ICS Advisories Covering Vulnerabilities and Exploits - These advisories highlight severe security flaws with CVSS v4 scores ranging from 8.5 to 8.7, exposing critical infrastructure across multiple sectors to potential cyberattacks and unauthorized access. Johnson Controls has released specific ...
1 day ago Cybersecuritynews.com CVE-2024-22774

OpenAI: GPT-5 is coming, "we'll see" if it creates a shockwave - Ahead of GPT-5 debut, OpenAI announced ChatGPT Agent, which can think and act, proactively choose from a toolbox of agentic skills to complete tasks for you using its own computer. In addition to GPT-5, OpenAI plans to upgrade Operator and ...
1 day ago Bleepingcomputer.com

Signal App Clone TeleMessage Vulnerability May Leak Passwords; Hackers Exploiting It - GreyNoise recommends blocking malicious IPs using their threat intelligence feeds, specifically targeting SPRING BOOT ACTUATOR CRAWLER and SPRING BOOT ACTUATOR HEALTH SCANNER activities. The severity of this issue prompted the Cybersecurity and ...
1 day ago Cybersecuritynews.com CVE-2025-48927

New WAFFLED Attack Exploits AWS, Azure, Cloud Armor, Cloudflare, and ModSecurity WAFs - By mutating innocuous elements such as boundary delimiters in multipart/form-data, character sets in application/json, or namespace features in application/xml, the attack convinces a WAF that a request is benign while the downstream web framework ...
1 day ago Cybersecuritynews.com

Hackers are Using ClickFix Techniques to Deliver NetSupport RAT, Latrodectus and Lumma Stealer Malware - Cyber Security News - A carefully crafted landing page instructs victims to open the Run dialog (Win+R) and paste an injected PowerShell command, which subsequently downloads a ZIP archive containing a malicious DLL loader. At the heart of the ClickFix vector is ...
1 day ago Cybersecuritynews.com

BIND 9 Vulnerabilities Expose Organizations to Cache Poisoning and DoS Attacks - For CVE-2025-40776, organizations should upgrade to BIND 9.18.38-S1 or 9.20.11-S1, or disable ECS by removing the ecs-zones option from named.conf. CVE-2025-40777 requires upgrading to BIND 9.20.11 or 9.21.10, with temporary workarounds including ...
1 day ago Cybersecuritynews.com CVE-2025-40776

Microsoft Entra ID Vulnerability Let Attackers Escalate Privileges - Security researchers at Datadog discovered that service principals (SPs) assigned the Cloud Application Administrator role, Application Administrator role, or Application.ReadWrite.All permission can escalate their privileges by hijacking the ...
1 day ago Cybersecuritynews.com

Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks - Security researcher Kevin Beaumont has previously stated that repeated POST requests to /doAuthentication.do in NetScaler logs is a good indication that someone is attempting to exploit the flaw, especially when the request includes a Content-Length: ...
1 day ago Bleepingcomputer.com CVE-2025-5777

VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin - VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025. These vulnerabilities were demonstrated as zero-days during the Pwn2Own ...
1 day ago Bleepingcomputer.com CVE-2025-41239

Microsoft Teams voice calls abused to push Matanbuchus malware - The Matanbuchus malware loader has been seen being distributed through social engineering over Microsoft Teams calls impersonating IT helpdesk. Last year, DarkGate malware operators abused Microsoft Teams to deliver their loader onto ...
1 day ago Bleepingcomputer.com

Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier - By the time defenders detected anomalous network traffic, the attackers had exfiltrated more than 47 TB of technical data, including drone design schematics, production logs, and employee records. With years of experience under his belt in Cyber ...
1 day ago Cybersecuritynews.com

Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices - The BadBox 2.0 malware botnet is a cybercrime operation that utilizes infected Android Open Source Project (AOSP) devices, including smart TVs, streaming boxes, and other connected devices that lack security protections, such as Google Play ...
1 day ago Bleepingcomputer.com

Chinese State-Sponsored Hackers Attacking Semiconductor Industry with Weaponized Cobalt Strike - A sophisticated Chinese state-sponsored cyber espionage campaign has emerged targeting Taiwan’s critical semiconductor industry, employing weaponized Cobalt Strike beacons and advanced social engineering tactics. The campaign represents a ...
1 day ago Cybersecuritynews.com

LameHug malware uses AI LLM to craft Windows data-theft commands in real-time - These AI-generated commands were used by LameHug to collect system information and save it to a text file (info.txt), recursively search for documents on key Windows directories (Documents, Desktop, Downloads), and exfiltrate the data using SFTP or ...
1 day ago Bleepingcomputer.com Fancy Bear APT28

Russian vodka producer reports disruptions after ransomware attack | The Record from Recorded Future News - More than 2,000 WineLab liquor stores across Russia have remained shut for three days following a ransomware attack on their parent company, one of Russia’s largest alcohol producers. Novabev Group is a major Russian producer and distributor of ...
1 day ago Therecord.media

Researchers Uncover on How Hacktivist Groups Gaining Attention and Selecting Targets - Recent analysis reveals that hacktivist groups have developed sophisticated methods for maximizing their visibility and impact, often targeting high-profile entities such as social media platforms, government agencies, and critical infrastructure. ...
1 day ago Cybersecuritynews.com

H2Miner Attacking Linux, Windows, and Containers to Mine Monero - Once inside, the botnet deploys tailored loader scripts— ce.sh on Linux and 1.ps1 on Windows— that terminate competing miners, disable endpoint protection, and fetch the XMRig binary from 78.153.140.66. Containers are not spared: spr.sh scans ...
1 day ago Cybersecuritynews.com

Hackers Exploiting Blind Spots in DNS Records to Store and Deliver Malware - A sophisticated new attack vector where malicious actors are hiding malware inside DNS records, exploiting a critical blind spot in most organizations’ security infrastructure. During analysis of DNS records from 2021-2022, security researchers ...
1 day ago Cybersecuritynews.com

4M+ Internet-Exposed Systems at Risk From Tunneling Protocol Vulnerabilities - Researchers have uncovered critical security vulnerabilities affecting millions of computer servers and routers worldwide, stemming from the insecure implementation of fundamental internet tunneling protocols. Their investigation revealed that over ...
1 day ago Cybersecuritynews.com

Hacker steals $27 million in BigONE exchange crypto breach - Blockchain crime investigator ZachXBT commented on the incident, underlining BigONE’s role in processing significant volumes of proceeds coming from romance baiting and investment scams, saying that such hacks may help bring “a natural ...
1 day ago Bleepingcomputer.com

Thai officials restore Ministry of Labor website after hack, defacement | The Record from Recorded Future News - The website for Thailand’s Ministry of Labor has been restored after hackers defaced the site and allegedly stole government data. When the group defaced the Ministry of Labor website, they claimed to have been active in the organization’s ...
1 day ago Therecord.media Dragonforce Ransomhub Qilin

Chinese hackers breached National Guard to steal network configurations - The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and administrator credentials that could be used to ...
1 day ago Bleepingcomputer.com

Massistant Chinese Mobile Forensic Tooling Gain Access to SMS Messages, Images, Audio and GPS Data - During laboratory testing, Lookout researchers identified hard-coded shell commands (setprop service.adb.tcp.port 5555 followed by stop adbd && start adbd) that reopen ADB in TCP mode, a feature quietly advertised on Meiya Pico’s commercial ...
1 day ago Cybersecuritynews.com

Max severity Cisco ISE bug allows pre-auth command execution, patch now - A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices. ...
1 day ago Bleepingcomputer.com CVE-2025-20337

Armenian, Ukrainian nationals among Ryuk ransomware actors facing US hacking charges | The Record from Recorded Future News - Armenian national Karen Serobovich Vardanyan, 33, was extradited from Ukraine last month and now faces up to five years in prison for his role in Ryuk, prosecutors said on Wednesday. The DOJ said if convicted, Vardanyan faces a maximum sentence of ...
1 day ago Therecord.media

UNG0002 Actors Deploys Weaponize LNK Files Using ClickFix Fake CAPTCHA Verification Pages - The malicious campaign employs a multi-stage infection chain beginning with weaponized LNK files embedded within CV-themed decoy documents, progressing through VBScript execution, batch processing, and culminating in PowerShell-based payload ...
1 day ago Cybersecuritynews.com

Armenian Hacker Extradited to U.S. After Ransomware Attacks on Tech Firms - An Armenian national has been extradited from Ukraine to the United States to face federal charges for his alleged involvement in a series of Ryuk ransomware attacks and an extortion conspiracy that targeted U.S. companies, including a technology ...
1 day ago Cybersecuritynews.com

UK Retailer Co-op Confirms 6.5 Million Members' Data Stolen in Massive Cyberattacks - While no financial or transaction data was accessed, the attack has prompted widespread concern about cybersecurity vulnerabilities in the retail sector and led to the arrests of four suspects by the National Crime Agency (NCA). In response to the ...
2 days ago Cybersecuritynews.com

UK NCA officer jailed for stealing bitcoin from darknet criminal he previously helped investigate | The Record from Recorded Future News - “Once he had stolen the cryptocurrency, Paul Chowles sought to muddy the waters and cover his tracks by transferring the Bitcoin into mixing services to help hide the trail of money,” added Johnson. However, following an investigation by ...
2 days ago Therecord.media

Iranian Threat Actors Leveraging AI-Crafted Emails to Target Cybersecurity Researchers and Academics - The campaign, primarily attributed to APT35 (also known as Charming Kitten and Magic Hound), represents a marked evolution in Iranian cyber warfare tactics, moving beyond traditional surveillance operations to more sophisticated, high-trust social ...
2 days ago Cybersecuritynews.com Magic Hound APT3

Elite Russian university launches degree program on sanctions evasion | The Record from Recorded Future News - One of Moscow’s top universities has launched a new master’s program aimed at training students to navigate Western sanctions imposed on Russia following its invasion of Ukraine. According to Illia Vitiuk, former head of cybersecurity at the SBU, ...
2 days ago Therecord.media

FCC wants to ban Chinese tech from undersea cables | The Record from Recorded Future News - The rules package will include “a range of measures to protect submarine cables against foreign adversaries—apply a presumption of denial for certain foreign adversary controlled license applicants, limiting capacity leasing agreements to such ...
2 days ago Therecord.media

1-Click Oracle Cloud Code Editor RCE Vulnerability Lets Attackers Upload Malicious Files - The vulnerability, now remediated, affected Code Editor’s integrated services, including Resource Manager, Functions, and Data Science, demonstrating how seemingly isolated cloud development tools can become attack vectors. The vulnerability ...
2 days ago Cybersecuritynews.com

Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The Record from Recorded Future News - The $2.17 billion stolen so far this year already surpasses the losses seen in all of 2024, and is the highest number seen in the first six months of a year since the company began tracking the figures in 2022. Chainalysis researchers noted several ...
2 days ago Therecord.media

GhostContainer Malware Hacking Exchange Servers in the Wild Using N-day Vulnerability - GhostContainer C2 Commands and Functionality Command IDFunctionality0Get the system architecture type (e.g., x86 or x64).1Run received data as shellcode.2Execute a command line.3Load .NET byte code in a child thread.4Send a GET request.5Download and ...
2 days ago Cybersecuritynews.com

Hackers Exploit DNS Queries for C2 Operations and Data Exfiltration, Bypassing Traditional Defenses - Other notable tools include Iodine (24% detection rate), which tunnels IPv4 traffic over DNS and has been used by nation-state actors, and Sliver (12% detection rate), a cross-platform C2 framework with advanced DNS tunneling capabilities. Infoblox ...
2 days ago Cybersecuritynews.com

Critical SharePoint RCE Vulnerability Exploited Using Malicious XML Payload Within Web Part - The vulnerability highlights the critical importance of secure deserialization practices in enterprise applications and the need for comprehensive security reviews of complex application frameworks like SharePoint. According to the Viettel Security ...
2 days ago Cybersecuritynews.com

PyPI Bans Inbox.ru Domains Following Massive 1,500+ Fake Project Uploads - The attack, which began on June 9, 2025, involved the creation of more than 250 user accounts that systematically flooded the repository with empty packages designed to exploit package confusion vulnerabilities. The campaign demonstrated a methodical ...
2 days ago Cybersecuritynews.com

Hackers Started Exploiting CitrixBleed 2 Vulnerability Before Public PoC Disclosure - On July 9, the Cybersecurity and Infrastructure Security Agency (CISA) corroborated GreyNoise findings and added CVE-2025-5777 to the Known Exploited Vulnerabilities (KEV) catalog. By integrating threat intelligence sources directly into security ...
2 days ago Cybersecuritynews.com CVE-2025-5777

Europol Disrupted "NoName057(16)" Hacking Group’s Infrastructure of 100+ Servers Worldwide - The joint operation, dubbed “Eastwood,” coordinated by Europol involved 12 countries and resulted in multiple arrests, warrants, and the neutralization of a sophisticated distributed denial-of-service (DDoS) attack network that had been ...
2 days ago Cybersecuritynews.com

Threat Actors Weaponized 28+ New npm Packages to Infect Users With Protestware Scripts - The persistence mechanism stores an initiation timestamp in localStorage using the key ‘swal-initiation’, calculating elapsed time since first visit to determine payload activation, ensuring repeat users experience the full protestware ...
2 days ago Cybersecuritynews.com

Threat Actors Weaponizing SVG Files to Embed Malicious JavaScript - As the attachments bypass signature checks, the first line of defence fails; Ontinue analysts identified the wave after correlating near-identical SVGs sent to B2B service providers and SaaS vendors, all containing distinct Base64 tracking strings ...
2 days ago Cybersecuritynews.com

Cisco Unified Intelligence Center Vulnerability Allows Remote Attackers to Upload Arbitrary Files - Tracked as CVE-2025-20274 and assigned a CVSS Base Score of 6.3, the weakness stems from insufficient server-side validation of file uploads, enabling adversaries to store malicious payloads and execute arbitrary commands at the root level on ...
2 days ago Cybersecuritynews.com CVE-2025-20274

Microsoft Congratulates MSRC's Most Valuable Security Researchers - Each valid vulnerability report undergoes rigorous evaluation by Microsoft’s security team, with points awarded based on the Common Vulnerability Scoring System (CVSS) and Microsoft’s internal risk assessment protocols. The Microsoft ...
2 days ago Cybersecuritynews.com

Trending Cyber News (last 7 days)

Co-op confirms data of 6.5 million members stolen in cyberattack - UK retailer Co-op has confirmed that personal data of 6.5 million members was stolen in the massive cyberattack in April that shut down systems and caused food shortages in its grocery stores. BleepingComputer was told that the attack was linked to ...
2 days ago Bleepingcomputer.com Dragonforce Scattered Spider

Critical Cisco ISE Vulnerability Allows Remote Attacker to Execute Commands as Root User - Cisco has disclosed multiple critical security vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow unauthenticated remote attackers to execute arbitrary commands with root privileges on ...
2 days ago Cybersecuritynews.com

AsyncRAT New Forks Uncovered With New Features Ranging From Screamer to a USB Malware Spreader - The open-source nature of AsyncRAT, first released on GitHub in 2019, has spawned numerous sophisticated forks that incorporate enhanced evasion techniques, novel plugins, and specialized attack vectors that pose significant threats to cybersecurity ...
4 days ago Cybersecuritynews.com

Cloudflare Confirms Recent 1.1.1.1 DNS Outage Caused by BGP Attack or Hijack - Cloudflare’s widely used 1.1.1.1 DNS resolver service experienced a significant 62-minute global outage on July 14, 2025, affecting millions of users worldwide from 21:52 UTC to 22:54 UTC. Contrary to initial speculation, the company has ...
2 days ago Cybersecuritynews.com

Android malware Konfety uses malformed APKs to evade detection - In that case, SoumniBot declared an invalid compression method in AndroidManifest.xml, declared a fake file size and data overlay, and confused analysis tools with very large namespace strings. A new variant of the Konfety Android malware emerged ...
4 days ago Bleepingcomputer.com

GLOBAL GROUP RaaS Operators Enable AI-driven Negotiation Functionality - GLOBAL GROUP, operated by threat actor “$$$”, has claimed 17 victims across multiple countries since its June 2025 launch, demonstrating rapid operational scaling through automated systems and strategic partnerships with Initial Access ...
4 days ago Cybersecuritynews.com

Lenovo Vantage Vulnerabilities Allow Attackers to Escalate Privileges as SYSTEM User - Although Lenovo’s July update raises the add-ins to VantageCoreAddin 1.0.0.199 and LenovoSystemUpdateAddin 1.0.24.32, security teams should push the patch urgently, audit registry ACLs for lingering abuse, and consider removing or restricting ...
2 days ago Cybersecuritynews.com CVE-2025-6230

OpenAI is to Launch a AI Web Browser in Coming Weeks - The new browser will feature integrated AI agent capabilities designed to autonomously handle various online tasks, positioning OpenAI as a direct competitor to traditional browser giants like Google Chrome while advancing the company’s vision ...
6 days ago Cybersecuritynews.com

GPUHammer - First Rowhammer Attack Targeting NVIDIA GPUs - Cybersecurity researchers at the University of Toronto have achieved a breakthrough in hardware-level attacks by successfully demonstrating GPUHammer, the first Rowhammer attack specifically targeting discrete NVIDIA GPUs. The research, which focuses ...
6 days ago Cybersecuritynews.com Inception

Windows 10 KB5062554 update breaks emoji panel search feature - The search feature for the Windows 10 emoji panel is broken after installing the KB5062554 cumulative update released Tuesday, making it not possible to look up emojis by name or keyword. BleepingComputer can confirm that the search feature in ...
5 days ago Bleepingcomputer.com

Fortinet FortiWeb Instances Hacked with Webshells Following Public PoC Exploits - Dozens of Fortinet FortiWeb instances have been compromised with webshells in a widespread hacking campaign, according to the threat monitoring organization The Shadowserver Foundation. The flaw, discovered by security researcher Kentaro Kawane of ...
2 days ago Cybersecuritynews.com CVE-2025-25257

WordPress GravityForms Plugin Hacked to Include Malicious Code - A sophisticated supply chain attack has compromised the official GravityForms WordPress plugin, allowing attackers to inject malicious code that enables remote code execution on affected websites. The attack, discovered on July 11, 2025, represents a ...
6 days ago Cybersecuritynews.com Rocke

Threat Actors Weaponize WordPress Websites to Redirect Visitors to Malicious Websites - The malware, first reported in July 2025, represents a significant evolution in web-based threats, utilizing advanced obfuscation techniques and stealthy persistence methods to redirect unsuspecting visitors to malicious domains while simultaneously ...
2 days ago Cybersecuritynews.com

Hackers are exploiting critical RCE flaw in Wing FTP Server - Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public. The attacker sent malformed login requests with null-byte-injected ...
6 days ago Bleepingcomputer.com CVE-2025-47812

Google Gemini flaw hijacks email summaries for phishing - Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links. As many users are likely to ...
5 days ago Bleepingcomputer.com

Google fixes actively exploited sandbox escape zero day in Chrome - The security issue is described as an insufficient validation of untrusted input in ANGLE and GPU that affects Google Chrome versions before 138.0.7204.157. An attacker successfully exploiting it could perform a sandbox escape by using a specially ...
3 days ago Bleepingcomputer.com CVE-2025-7656

U.S. Army soldier pleads guilty to extorting 10 tech, telecom firms - 18, 2024, Cameron John Wagenius, 21, used online accounts associated with the nickname “kiberphant0m” and conspired with others to defraud at least 10 victim organizations by obtaining login credentials for the organizations’ ...
2 days ago Bleepingcomputer.com

Albemarle County Hit By Ransomware Attack - Hackers Accessed Residents Personal Details - County officials confirmed that the malware deployment resulted in potential exposure of resident data, prompting immediate notification to the FBI, Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), and ...
3 days ago Cybersecuritynews.com

Weekly Cybersecurity Roundup: Key Vulnerabilities, Threats, and Data Breaches - Multiple critical vulnerabilities have been identified in Scriptcase, a low-code development platform, particularly in versions like 9.4.019 and 9.10.023. These flaws include arbitrary file uploads, path traversal, and cross-site scripting (XSS), ...
5 days ago Cybersecuritynews.com

Google Gemini for Workspace Vulnerability Lets Attackers Conceal Malicious Scripts in Emails - Cyber Security News - Security researchers have uncovered a significant vulnerability in Google Gemini for Workspace that enables threat actors to embed hidden malicious instructions within emails. The attack exploits the AI assistant’s “Summarize this ...
5 days ago Cybersecuritynews.com

11 Best Cloud Access Security Broker Software (CASB) - 2025 - Netskope is widely recognized as a leader in cloud security, offering a comprehensive CASB solution that delivers deep visibility, advanced threat protection, and granular policy enforcement. The CASB solution provides rich visibility, control, and ...
5 days ago Cybersecuritynews.com

Infostealers Distributed with Crack Apps Emerges as Top Attack Vector For June 2025 - Network defenders should monitor for anomalous connections to known cloud-storage services immediately after new executable launches, deploy YARA rules targeting password-protected archives shipped via search-engine links, and validate unsigned ...
2 days ago Cybersecuritynews.com

Grok-4 Jailbreaked With Combination of Echo Chamber and Crescendo Attack - The success rates indicate that current LLM safety measures may be inadequate against sophisticated multi-turn attack strategies that exploit conversational context rather than relying on overtly harmful input patterns. The research, published by ...
5 days ago Cybersecuritynews.com

SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware - It is unclear how the hackers obtained initial access, but researchers investigating UNC6148 attacks noticed that the threat actor already had local administrator credentials on the targeted appliance. With shell access on the appliance, the threat ...
2 days ago Bleepingcomputer.com Abyss Hunters

MacOS Malware NimDoor Weaponizing Zoom SDK Update to Steal Keychain Credentials - Upon execution, NimDoor triggers a multi-stage infection deploying two distinct Mach-O binaries: a C++ binary responsible for payload decryption and data theft operations, and a Nim-compiled “installer” that establishes persistence ...
2 days ago Cybersecuritynews.com

Italian police dismantle Romanian ransomware gang targeting nonprofits, film companies | The Record from Recorded Future News - Italian police have dismantled a Romanian ransomware gang that targeted civil rights groups, design and film production companies, as well as international nonprofits in northern Italy, authorities said this week. The group, known as ...
2 days ago Therecord.media

Cloudflare says 1.1.1.1 outage not caused by attack or BGP hijack - To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration. Cloudflare also points out that the ...
2 days ago Bleepingcomputer.com

Hackers Using 607 Malicious Domains to Deliver APK Malware That Enables Remote Command Execution - The malicious domains, primarily hosted in Chinese language, utilize typosquatting techniques with variations like “teleqram,” “telegramapp,” and “apktelegram” to deceive unsuspecting users. The attack vector ...
2 days ago Cybersecuritynews.com

SonicWall SMA Devices 0-Day RCE Vulnerability Exploited to Deploy OVERSTEP Ransomware - Google Threat Intelligence analysts noted that once the shell is active the intruder exports the device’s configuration, quietly injects malicious rules, and uploads a base64-encoded binary into the persistent /cf partition. The Shell commands ...
2 days ago Cybersecuritynews.com

Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot - Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls. The four vulnerabilities are in Gigabyte firmware ...
4 days ago Bleepingcomputer.com

Authorities Arrested 14 Hackers in Connection With Large-Scale Tax Fraud Operation - The UK suspect faces multiple charges under various legislation, including fraud by false representation contrary to Section 2 of the Fraud Act (2006), possession of articles for fraud under Section 6 of the Fraud Act (2006), and unauthorised ...
4 days ago Cybersecuritynews.com

Louis Vuitton says customers in Turkey, South Korea and UK impacted by data breaches | The Record from Recorded Future News - A statement from Louis Vuitton South Korea said the breach involved names, contact information and other data provided by customers. Luxury brand Louis Vuitton said data breaches at its stores in Turkey, South Korea and the United Kingdom exposed the ...
3 days ago Therecord.media Scattered Spider

Google's AI Tool Big Sleep Uncovered Critical SQLite 0-Day Vulnerability and Blocks Active Exploitation - Google’s revolutionary AI-powered security tool, Big Sleep, has achieved a groundbreaking milestone by discovering and preventing the exploitation of a critical SQLite 0-day vulnerability, marking the first time an artificial intelligence agent ...
3 days ago Cybersecuritynews.com

Louis Vuitton says regional data breaches tied to same cyberattack - Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and Turkey stem from the same security incident, which is believed to be linked to the ShinyHunters extortion group. "Despite all security measures ...
2 days ago Bleepingcomputer.com Hunters

MITRE Launches AADAPT Framework to Detect and Respond Attacks on Asset Management Systems - MITRE Corporation has launched the Adversarial Actions in Digital Asset Payment Technologies (AADAPT™) framework, a comprehensive knowledge base designed to help organizations detect and respond to sophisticated attacks targeting digital asset ...
4 days ago Cybersecuritynews.com

Hackers Leveraging AWS Lambda URLs Endpoints to Attack Governments Organizations - The execution flow of Lambda URL abuse shows how every beacon from an infected workstation blends into legitimate *.on.aws traffic, giving defenders little visual distinction from sanctioned cloud workloads. Their reverse-engineering revealed that ...
4 days ago Cybersecuritynews.com

GitGuardian Launches MCP Server to Bring Secrets Security into Developer Workflows - GitGuardian, the leader in automated secrets detection and remediation, today announced the launch of its Model Context Protocol (MCP) Server, a powerful new infrastructure designed to bring AI-assisted secrets security directly into developer ...
4 days ago Cybersecuritynews.com

Gmail Message Used to Trigger Code Execution in Claude and Bypass Protections - According to the Golan Yosef of Pynt, the attack centers on the MCP (Model Context Protocol) architecture, specifically targeting three key components: the Gmail MCP server as an untrusted content source, the Shell MCP server as the execution target, ...
3 days ago Cybersecuritynews.com

Top 10 Best Cloud VPN Providers in 2024 - With 2,200+ servers in 75+ countries, IPVanish provides reliable access to global content and strong privacy protections, including a strict no-logs policy and 256-bit AES encryption. With over 3,000 servers in 91 countries, PIA offers reliable ...
5 days ago Cybersecuritynews.com

British Citizen Jailed for Islamophobic WiFi Hack at UK Train Stations - Wik utilized his company-issued laptop to modify the captive portal pages – the initial web pages users encounter when connecting to public WiFi networks – effectively conducting a man-in-the-middle attack on unsuspecting passengers. The ...
4 days ago Cybersecuritynews.com

Dark 101 Ransomware With Weaponized .NET Binary Disables Recovery Mode and Task Manager - Its primary objectives include encrypting personal files, eliminating backup copies and catalogs, disabling critical system recovery features, and blocking access to Task Manager to prevent user intervention. The malware demonstrates particular ...
3 days ago Cybersecuritynews.com

Amid border dispute, Thailand goes after Cambodian tycoon over alleged cyber scam ties | The Record from Recorded Future News - According to the Bangkok Post, police raided two houses in Sa Kaeo province belonging to two women who authorities say help manage a high-rise scam compound in the Cambodian border city of Poipet. On July 8, Thai police raided 19 properties allegedly ...
2 days ago Therecord.media

Microsoft Teams Call Weaponized to Deploy and Execute Matanbuchus Ransomware - During these fraudulent support sessions, attackers activate Quick Assist and instruct victims to run PowerShell commands that ultimately deploy the Matanbuchus 3.0 loader, marking a significant evolution in the malware’s delivery mechanisms. ...
2 days ago Cybersecuritynews.com