Latest Cyber News

RansomHub ransomware uses new Betruger ‘multi-function’ backdoor - The malware's capabilities include a wide range of capabilities that overlap with features commonly found in malicious tools dropped before deploying ransomware payloads, including keylogging, network scanning, privilege escalation, credential ...
1 hour ago Bleepingcomputer.com Ransomhub
UK urges critical orgs to adopt quantum cryptography by 2035 - The UK's National Cyber Security Centre (NCSC) has published specific timelines on migrating to post-quantum cryptography (PQC), dictating that critical organizations should complete migration by 2035. The NCSC's PQC migration guidance primarily ...
1 hour ago Bleepingcomputer.com
WordPress security plugin WP Ghost vulnerable to remote code execution bug - Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. However, as revealed by Patchstack, the security tool itself is vulnerable to ...
2 hours ago Bleepingcomputer.com CVE-2025-26909
GitHub Action supply chain attack exposed secrets in 218 repos - The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the supply chain attack. According to data shared by ...
3 hours ago Bleepingcomputer.com
Rooted (Jailbroken) Mobile Devices 3.5 Times More Vulnerable to Cyber Attacks - While manufacturers have introduced more customization options and tighter security protocols to reduce these practices, rooted and jailbroken devices continue to pose serious security threats especially in enterprise environments. Security experts ...
3 hours ago Cybersecuritynews.com
Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix - In recent weeks, Microsoft removed another safeguard hold preventing AutoCAD users from installing the Windows 11 2024 Update due to launch and crash issues and released a BIOS update to fix blue screen issues on some ASUS devices blocking Windows 11 ...
3 hours ago Bleepingcomputer.com
Is it time to retire 'one-off' pen tests for continuous testing? - Verizon's 2024 Data Breach Investigation Report highlights why such gaps in security testing matter: exploited vulnerabilities in web applications rank as the third most common attack vector for data breaches, only trailing phishing and ...
3 hours ago Bleepingcomputer.com
Hackers Exploiting Multiple Cisco Smart Licensing Utility Vulnerability  - Johannes Ullrich, Dean of Research at SANS, noted the irony that “it’s always fun to see how cheap IoT devices and expensive enterprise security software share similar basic vulnerabilities” – both often containing hardcoded ...
3 hours ago Cybersecuritynews.com CVE-2024-20439
IBM AIX Vulnerability Let Attackers Execute Arbitrary Commands - Critical security vulnerabilities in IBM AIX operating systems could allow unauthorized remote attackers to execute arbitrary commands, potentially compromising the entire system. This flaw could allow remote attackers to execute arbitrary commands ...
4 hours ago Cybersecuritynews.com
HellCat hackers go on a worldwide Jira hacking spree - The Swiss company did not provide technical details about the breach but targeting the Jira ticketing system has become a common attack method for the HellCat hackers. Rey, a member of the HellCat hacking group, told BleepingComputer that they stole ...
4 hours ago Bleepingcomputer.com
New Steganographic Malware Exploits JPEG Files to Distribute Infostealers - A sophisticated malware campaign employing steganographic techniques has recently been identified, targeting users through seemingly innocent JPEG image files. The attack leverages hidden malicious code embedded within image files that, when ...
4 hours ago Cybersecuritynews.com
RansomHub Affiliate Deploying New Custom Backdoor Dubbed 'Betruger' For Persistence - RansomHub, as a RaaS provider, enables affiliates to leverage sophisticated tools like Betruger, potentially lowering the barrier to entry for conducting complex ransomware attacks. These include adaptive-based protections such as ACM.Ps-RgPst!g1 and ...
4 hours ago Cybersecuritynews.com Ransomhub
Microsoft Attributes Recent Outage of Outlook Web to Code Error in Recent Update - The tech giant has attributed the issue to a problematic code change in a recent update, which left thousands of users unable to access their accounts and use essential communication tools. We’re working to revert the recent code change and ...
5 hours ago Cybersecuritynews.com
How Threat Hunters Enrich Indicators With Context  - Threat intelligence platforms and SOC teams collect vast amounts of information on cyber incidents and attacks, such as IP addresses, file hashes, and domain names. In cyber threat intelligence, data alone is a ruler without direction only with ...
5 hours ago Cybersecuritynews.com
North Korean IT Workers Exploiting GitHub to Attack Organizations Worldwide - A sophisticated network of suspected North Korean IT workers has been discovered leveraging GitHub to create false identities and secure remote employment opportunities in Japan and the United States. Companies are urged to implement stronger ...
5 hours ago Cybersecuritynews.com
Dell Warns of Multiple Secure Connect Gateway Vulnerabilities Let Compromise System - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Attackers could exploit this through phishing or UI redressing attacks to manipulate container persistence settings, ...
5 hours ago Cybersecuritynews.com
Babuk2 Ransomware Issuing Fake Extortion Demands With Data from Old Breaches - The Babuk2 ransomware group has been caught issuing extortion demands based on false claims and recycled data from previous breaches. The administrator, known as Bjorka, has been active on various forums and Telegram, with a history of involvement in ...
5 hours ago Cybersecuritynews.com
Paragon Spyware Exploited WhatsApp Zero-day Vulnerability to Attack High-value Targets - Researchers have uncovered extensive evidence linking Israeli firm Paragon Solutions to a sophisticated spyware operation that exploited a zero-day vulnerability in WhatsApp to target journalists and civil society members. The investigation confirmed ...
5 hours ago Cybersecuritynews.com
Zero-Hour Phishing Attacks Exploiting Browser Vulnerabilities Increases by 130% - These sophisticated attacks leverage unpatched security flaws in popular browsers to deploy malicious payloads before security teams can implement countermeasures, leaving users and organizations extremely vulnerable in the critical first hours of an ...
6 hours ago Cybersecuritynews.com CVE-2023-45812
CISA Warns of SAP NetWeaver Directory Traversal Vulnerability Exploited in Attacks - The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in SAP NetWeaver to its Known Exploited Vulnerabilities (KEV) catalog, urging organizations to immediately mitigate the risk. The vulnerability, identified ...
6 hours ago Cybersecuritynews.com CVE-2017-12637
Dragon RaaS Leading 'Five Families' Crimeware With New Initial Access & Exploitation Methods - A sophisticated Ransomware-as-a-Service (RaaS) operation known as ‘Dragon’ has emerged as the dominant force within the notorious “Five Families” of crimeware, implementing advanced initial access techniques and exploitation ...
6 hours ago Cybersecuritynews.com
CISA Warns of Edimax IP Camera OS Command Injection Vulnerability Exploited in Attacks - “Successful exploitation of this vulnerability could allow an attacker to send specially crafted requests to achieve remote code execution on the device,” reads CISA’s advisory. The vulnerability, tracked as CVE-2025-1316, allows ...
6 hours ago Cybersecuritynews.com CVE-2025-1316
CISA Warns of NAKIVO Backup Vulnerability Exploited in Attacks - PoC Released - “This unauthenticated arbitrary file read vulnerability essentially provides attackers with the ability to access any file on the target system, including critical configuration files and credentials,” explained security researchers at ...
6 hours ago Cybersecuritynews.com CVE-2024-48248
Beware Tax Payers! Scammers Taking Advantage of Tax Season as Filing Deadline Draws Near - “Scammers are relentless, and they use the guise of tax season to try tricking taxpayers into falling into a variety of traps,” warns Terry Lemons, IRS communications senior adviser. Perhaps most concerning is the rise in tax-related ...
7 hours ago Cybersecuritynews.com
Signal Messenger Leveraged for Targeted Attacks on Employees of Defense Industry - The attackers are using the popular Signal messenger app to distribute malicious archives that purportedly contain meeting reports, exploiting the trusted nature of the platform to bypass security measures. Security researchers warn that the use of ...
7 hours ago Cybersecuritynews.com
Babuk Ransomware Group Claims Attack on Telecommunication Firm Orange - The ease with which Babuk breached Orange’s systems raises questions about the company’s threat detection capabilities and the security of its infrastructure. The Babuk group confirmed that they exploited a zero-day vulnerability in ...
8 hours ago Cybersecuritynews.com
Malware Operation 'DollyWay' Hacked 20,000+ WordPress Sites Globally - The DollyWay malware primarily targets WordPress sites, leveraging a network of compromised sites to redirect visitors to scam pages through traffic broker networks. It injects redirect scripts into sites using files like wp-content/counts.php. These ...
9 hours ago Cybersecuritynews.com
Critical Veeam Backup & Replication Vulnerability Allows Malicious Remote Code Execution - Veeam Backup & Replication, with its large deployment footprint across enterprise environments, represents a significant target for cybercriminals, particularly ransomware operators seeking to disable recovery options before launching attacks. As ...
9 hours ago Cybersecuritynews.com
Spyware Maker SpyX Data Breach Exposes Nearly 2 Million Users Personal Data - “The vast majority of the email addresses are associated with SpyX,” confirmed Hunt, who classified the breach as “sensitive” in HIBP, allowing only affected individuals to verify if their information was compromised. The ...
9 hours ago Cybersecuritynews.com
Linux Kernel Out-of-bounds Write Vulnerability Let Attackers Escalate Privileges - Designated as CVE-2025-0927, this out-of-bounds write vulnerability in the Linux kernel’s HFS+ filesystem driver affects systems running kernels up to version 6.12.0, with Ubuntu 22.04 with Linux Kernel 6.5.0-18-generic confirmed vulnerable. A ...
10 hours ago Cybersecuritynews.com CVE-2025-0927
Kali Linux 2025.1a New Tool & Upates to Desktop Environments - Continuing the tradition of annual theme updates with the year’s first release, Kali Linux 2025.1a boasts a modern interface with enhancements to the boot menu, login screen, and desktop wallpapers for both Kali and Kali Purple editions. With ...
15 hours ago Cybersecuritynews.com
DOGE to Fired CISA Staff: Email Us Your Personal Data – Krebs on Security - On Monday, The New York Times reported that U.S. Secret Service agents at the White House were briefly on alert last month when a trusted captain of Elon Musk’s “Department of Government Efficiency” (DOGE) visited the roof of the ...
16 hours ago Krebsonsecurity.com
Malware campaign 'DollyWay' breached 20,000 WordPress sites - A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. DollyWay v3 is an advanced redirection operation that targets vulnerable WordPress ...
18 hours ago Bleepingcomputer.com
Kali Linux 2025.1a released with 1 new tool, annual theme refresh - Kali Linux has released version 2025.1a, the first version of 2025, with one new tool, desktop changes, and a theme refresh. With the year's first version, the Kali Team introduces a theme update consisting of new wallpapers and changes to the boot ...
19 hours ago Bleepingcomputer.com
Pennsylvania education union data breach hit 500,000 people - PSEA says the stolen information varies by individual and consists of personal, financial, and health data, including driver's license or state IDs, social security numbers, account PINs, security codes, payment card information, passport ...
20 hours ago Bleepingcomputer.com Rhysida
Ukrainian military targeted in new Signal spear-phishing attacks - Ukraine's Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country's army forces. In February 2025, ...
21 hours ago Bleepingcomputer.com
Microsoft Exchange Online outage affects Outlook web users - Two weeks ago, Redmond linked a weekend Microsoft 365 outage impacting Outlook and Exchange Online authentication to a "code issue." A subsequent advisory revealed that users still experienced issues accessing calendars and email messages using the ...
22 hours ago Bleepingcomputer.com
New Arcane infostealer infects YouTube, Discord users via game cheats - A newly discovered information-stealing malware called Arcane is stealing extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers. The campaign distributing Arcane Stealer relies ...
1 day ago Bleepingcomputer.com
Microsoft fixes Windows update bug that uninstalled Copilot - More recently, Microsoft started rolling out a new native Copilot app to Windows Insiders via the Microsoft Store and announced a press-to-talk feature enabling users to interact with Copilot using their voice when holding the Alt + Spacebar keyboard ...
1 day ago Bleepingcomputer.com
Click Profit blocked by the FTC over alleged e-commerce scams - Click Profit is an online business paltform promoted on social media and through websites that claims to help consumers generate passive income by setting up and managing e-commerce stores on Amazon, Walmart, and other platforms. The US Federal Trade ...
1 day ago Bleepingcomputer.com
Hackers Leveraging RMM Tools To Maintain Persistence To Infiltrate And Move Through Networks - Cybersecurity experts have identified a persistent trend of threat actors exploiting legitimate remote monitoring and management (RMM) software to infiltrate networks, maintain access, and facilitate lateral movement. These legitimate tools, which ...
1 day ago Cybersecuritynews.com
ANY.RUN Now Let SOC/DFIR Team Analse Android APK Malware With Sandbox - ANY.RUN, the interactive malware analysis platform has announced full support for Android OS in its cloud-based sandbox environment, enabling security teams to investigate Android malware with unprecedented accuracy and efficiency. With this new ...
1 day ago Cybersecuritynews.com Hunters
Threat Actors Exploiting Legacy Drivers to Bypass TLS Certificate Validation - They utilize a modified TrueSight.sys driver to bypass Microsoft’s driver blocking system, enabling them to forcibly terminate security processes such as antivirus and endpoint detection and response (EDR) systems. A sophisticated attack ...
1 day ago Cybersecuritynews.com
vUS Sperm Donor Giant California Cryobank Hacked - Customers' Personal Data Exposed - The cyber intrusion, which occurred on April 20, 2024, but remained undetected until October 4, 2024, has triggered mandatory breach notifications to affected individuals across multiple states, with formal notices sent to customers on March 14, ...
1 day ago Cybersecuritynews.com
WhatsApp patched zero-click flaw exploited in Paragon spyware attacks - Citizen Lab also mapped out the server infrastructure used by Paragon to deploy the Graphite spyware implants on targets' devices, finding potential links to multiple government customers, including Australia, Canada, Cyprus, Denmark, Israel, and ...
1 day ago Bleepingcomputer.com
41% of Success Logins Across Websites Involves Compromised Passwords - Password reuse continues to be one of the most significant security vulnerabilities in 2025, with alarming new data showing nearly half of all successful website logins involve previously exposed credentials. This widespread practice of recycling ...
1 day ago Cybersecuritynews.com
Attackers Embedding Malicious Word file into a PDF to Evade Detections - A sophisticated attack vector dubbed “MalDoc in PDF” allows threat actors to bypass traditional security scanning by embedding malicious Word documents into PDF files. These files appear benign when analyzed with standard PDF security ...
1 day ago Cybersecuritynews.com
Half a million people impacted by Pennsylvania State Education Association data breach | The Record from Recorded Future News - The organization published breach notices in several states and on its website, warning its current and former members as well as their dependants that hackers broke into their systems last year and stole state IDs, Social Security numbers, financial ...
1 day ago Therecord.media Rhysida
Beware of Fake GitHub "Security Alerts" Let Hackers Hijack Your Account Logins - The attackers have created GitHub accounts with deceptive names like “GitHub Notification” and proceed to open issues on well-known security repositories with the alarming title “Security Alert: Unusual Access Attempt”. ...
1 day ago Cybersecuritynews.com
Critical AMI BMC Vulnerability Allows Attackers To Bypass Authentication Remotely - Security researchers have discovered a new critical vulnerability in AMI’s MegaRAC software that enables attackers to bypass authentication remotely. Their investigation revealed the flaw exists in the host-interface-support-module.lua file ...
1 day ago Cybersecuritynews.com CVE-2024-54085
Cloudflare Launches Cloudforce One Threat Platform to Analyze IoCs, IP, Hashes, & Domains - By providing contextual information about cyber threats instead of isolated indicators, Cloudflare’s Cloudforce One threat events platform represents a significant advancement in operational threat intelligence, enabling security teams to ...
1 day ago Cybersecuritynews.com
New AI Jailbreak Technique Bypasses Security Measures to Write Malware for Google Chrome - The 2025 Cato CTRL™ Threat Report, published on March 18, details how a threat intelligence researcher with zero malware coding experience successfully manipulated leading generative AI platforms including OpenAI’s ChatGPT, Microsoft Copilot, ...
1 day ago Cybersecuritynews.com
Arcane Stealer Via YouTube Videos Steal Data From Network Utilities Including VPN & FileZilla - Security experts advise users to be extremely cautious when downloading supposed game cheats or cracks from YouTube videos, particularly those that require extracting password-protected archives or running batch files. The malware, discovered in late ...
1 day ago Cybersecuritynews.com
Hackers Abuse Cobalt Strike, SQLMap & Other Tools to Target Organizations' Web Applications - These attacks specifically utilize Cobalt Strike, a legitimate adversary simulation tool designed for security professionals, and SQLMap, an open-source utility that automates the detection and exploitation of SQL injection vulnerabilities. The ...
1 day ago Cybersecuritynews.com
Threat Actors Exploiting DLL Side-Loading Vulnerability in Google Chrome to Execute Malicious Payloads - Cybersecurity researchers have identified a concerning new attack vector where threat actors are actively exploiting a vulnerability in Google Chrome version 133.0.6943.126 through DLL side-loading techniques. This sophisticated attack allows ...
1 day ago Cybersecuritynews.com
MirrorFace Hackers Customized AsyncRAT Execution Chain to Run Within Windows Sandbox - The threat actor delivers multiple files to the compromised machine: legitimate 7-Zip executable and library files (7z.exe and 7z.dll), a password-protected archive containing AsyncRAT (disguised as setup.exe), a batch script that unpacks and ...
1 day ago Cybersecuritynews.com
PHP RCE Vulnerability Actively Exploited in Wild to Attack Windows-based Systems - Security researchers at Bitdefender Labs have detected a significant surge in exploitation attempts targeting a critical PHP vulnerability that allows attackers to execute malicious code on Windows-based systems. The vulnerability, tracked as ...
1 day ago Cybersecuritynews.com CVE-2024-4577
Hackers Leveraging Azure App Proxy Pre-authentication to Access Orgs Private Network Resources - However, security researchers at TrustedSec have discovered that when administrators configure the pre-authentication option to “Passthrough” instead of the default “Microsoft Entra ID” setting, they effectively remove the ...
1 day ago Cybersecuritynews.com
CISA Warns of Supply-Chain Attack Targeting Widely-Used GitHub Action Vulnerability - This incident serves as a critical reminder of the importance of implementing robust security practices when utilizing third-party code in CI/CD pipelines, especially as supply chain attacks continue to target trusted development tools. “CISA ...
1 day ago Cybersecuritynews.com CVE-2025-30066
Microsoft to End Support for Windows 10, No More Security Updates! - “After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10,” states the notification being distributed to users. After this date, the tech ...
1 day ago Cybersecuritynews.com
VPN Vulnerabilities Emerges As The Key Tool for Threat Actors to Attack Organizations - Two particularly concerning vulnerabilities continue to plague organizations worldwide: CVE-2018-13379, a path traversal vulnerability in Fortinet’s FortiGate SSL VPN devices, and CVE-2022-40684, an authentication bypass flaw affecting Fortinet ...
1 day ago Cybersecuritynews.com CVE-2018-13379
Sophisticated Attack Via Booking Websites Installs LummaStealer Malware - Security researchers expect LummaStealer attacks to continue increasing in the coming months as attackers refine their social engineering techniques to exploit travelers seeking online booking services. The campaign, discovered in early 2025, tricks ...
1 day ago Cybersecuritynews.com
Critical Synology Vulnerability Let Attackers Remote Execute Arbitrary Code - CVE-2024-10445: An improper certificate validation vulnerability in the update functionality with a CVSS score of 4.3 that enables adjacent attackers to write limited files. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber ...
1 day ago Cybersecuritynews.com CVE-2024-10445
Windows File Explorer Vulnerability Let Attackers Perform Network Spoofing - PoC Released - Security researchers have released a proof-of-concept exploit demonstrating this high-severity flaw, which Microsoft patched in its March 2025 updates. Security experts recommend keeping all Microsoft products updated and implementing additional ...
1 day ago Cybersecuritynews.com
Hackers Allegedly Selling Firewall Access to Canon Inc on Hacking Forums - According to security monitoring firm ThreatMon, the advertisement appeared on a popular dark web marketplace, claiming to provide administrator-level access to the Japanese camera giant’s network infrastructure. With root access to firewall ...
1 day ago Cybersecuritynews.com
Hacker Weaponizing Hard Disk Image Files To Deliver VenomRAT - The attack chain continues as the malware drops additional files into the StartUp folder and connects to Pastebin.com where command and control server information is stored. This configuration file contains an AES encryption key ...
1 day ago Cybersecuritynews.com
CISA Warns of Fortinet FortiOS Authentication Bypass Vulnerability - “An Authentication Bypass Using an Alternate Path or Channel vulnerability affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests,” states the Fortinet advisory. The ...
1 day ago Cybersecuritynews.com CVE-2025-24472
Sperm donation giant California Cryobank warns of a data breach - The investigation has determined that the attack exposed varying personal data for customers, including names, bank accounts and routing numbers, Social Security numbers, driver's license numbers, payment card numbers, and/or health insurance ...
1 day ago Bleepingcomputer.com
GitHub Action hack likely led to another in cascading supply chain attack - Last week, a supply chain attack on the tj-actions/changed-files GitHub Action caused malicious code to write CI/CD secrets to the workflow logs for 23,000 repositories. A cascading supply chain attack that began with the compromise of the ...
1 day ago Bleepingcomputer.com
Western Alliance Bank notifies 21,899 customers of data breach - The bank first revealed in a February SEC filing that the attackers exploited a zero-day vulnerability in the third-party software (disclosed by the vendor on October 27, 2024) to hack a limited number of Western Alliance systems and exfiltrate files ...
1 day ago Bleepingcomputer.com CVE-2024-50623
Municipalities in four states are struggling with cyberattacks limiting services | The Record from Recorded Future News - The attack on Cleveland Municipal Court was claimed on Tuesday by the Qilin ransomware gang — a group responsible for other recent attacks on local governments, as well as critical healthcare entities in the U.K. The court did not respond to ...
1 day ago Therecord.media Qilin
Western Alliance Bank says nearly 22,000 impacted by file transfer software breach | The Record from Recorded Future News - The Clop gang — which has conducted global data theft campaigns targeting file sharing tools MOVEit, GoAnywhere and Accellion over the last five years — initially named 66 companies in the fall of 2024 but has slowly been releasing the names of ...
1 day ago Therecord.media
Malicious Android 'Vapor' apps on Google Play installed 60 million times - Although all of these apps have since been removed from Google Play, there's a significant risk that Vapor will return through new apps as the threat actors have already demonstrated the ability to bypass Google's review process. Bitdefender ...
2 days ago Bleepingcomputer.com
New Clearfake Variant Leverages Fake reCAPTCHA To Trick Users Deliver Malicious PowerShell Code - The infection flow begins with injected JavaScript on compromised websites, which retrieves malicious code from blockchain smart contracts, ultimately leading to the display of fake security challenges. The latest variant, discovered in December ...
2 days ago Cybersecuritynews.com
8-Year Old Windows Shortcut Zero-Day Exploited by 11 State-Sponsored Groups - Some North Korean threat actors, such as Earth Manticore (APT37) and Earth Imp (Konni), have been using extremely large .lnk files – with sizes up to 70.1 MB – containing excessive whitespace and junk content to further evade detection. ...
2 days ago Cybersecuritynews.com APT37 APT3

Trending Cyber News (last 7 days)

Windows Notepad to get AI text summarization in Windows 11 - Microsoft is now testing an AI-powered text summarization feature in Notepad and a Snipping Tool "Draw & Hold" feature that helps draw perfect shapes. Today, it also added a "Draw & Hold" feature in Snipping Tool version 11.2502.18.0 to help ...
6 days ago Bleepingcomputer.com
Alleged Russian LockBit developer extradited from Israel, appears in New Jersey court | The Record from Recorded Future News - Since December, Justice Department officials have sought Panev’s extradition after a criminal complaint was unsealed last year accusing him of acting as a developer of the LockBit ransomware from 2019 to at least February 2024. The dual ...
6 days ago Therecord.media LockBit
New Context Compliance Attack Jailbreaks Most of The Major AI Models - Rather than requiring complex prompt engineering or computationally expensive optimization, CCA works through a basic three-step process: initiating a conversation about a sensitive topic, injecting a fabricated assistant response into the ...
6 days ago Cybersecuritynews.com
New SuperBlack ransomware exploits Fortinet auth bypass flaws - A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. When Fortinet first disclosed CVE-2024-55591 on ...
6 days ago Bleepingcomputer.com LockBit CVE-2024-55591
Ransomware attack takes down health system network in Micronesia | The Record from Recorded Future News - One of the four states that make up the Pacific nation of Micronesia is battling against ransomware hackers who have forced all of the computers used by its government health agency offline. On Wednesday, the Department of Health Services for the ...
6 days ago Therecord.media
New Campaign Attacking PyPI Users to Steal Sensitive Data Including Cloud Tokens - This latest attack vector involves several malicious packages disguised as time-related utilities, which are actually designed to steal sensitive information including cloud access tokens, API keys, and other credentials. In February 2025, security ...
6 days ago Cybersecuritynews.com
Ransomware gang creates tool to automate VPN brute-force attacks - Büyükkaya says Black Basta has been using the automated BRUTED platform since 2023 to conduct large-scale credential-stuffing and brute-force attacks on edge network devices. The Black Basta ransomware operation created an automated ...
6 days ago Bleepingcomputer.com Black Basta
SuperBlack Actors Exploiting Two Fortinet Vulnerabilities to Deploy Ransomware - The attackers consistently created local system administrator accounts with names designed to blend in with legitimate services, including “forticloud-tech,” “fortigate-firewall,” and “adnimistrator” (a deliberate ...
6 days ago Cybersecuritynews.com LockBit CVE-2024-55591
Cisco IOS XR vulnerability lets attackers crash BGP on routers - The same week, CISA tagged a remote command execution security flaw impacting Cisco RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers as actively exploited in attacks and ordered U.S. federal agencies to secure any vulnerable devices by March ...
6 days ago Bleepingcomputer.com CVE-2025-20115
Hackers Allegedly Selling 3.17 Million Records of Honda Cars India Customers - The hacker’s post on the forum claims to possess detailed records of Honda Cars India customers, with 2,866,348 mobile numbers and 1,907,053 email addresses among the compromised data. While Honda Cars India has yet to issue an official ...
6 days ago Cybersecuritynews.com
Microsoft Warns of Cyber Attack Mimic Booking .com To Deliver Password Stealing Malware - Security analysts at Microsoft noted that this campaign employs a technique called “ClickFix,” which displays fake error messages instructing users to execute commands that download malware. The addition of ClickFix to their tactics shows ...
6 days ago Cybersecuritynews.com
10 Best Cyber Attack Simulation Tools - 2025 - Cyber attack simulation tools help organizations identify vulnerabilities, test security defenses, and improve their cybersecurity posture by simulating real-world attacks. The Cyber Attack Simulation tools act like a continuous and automated process ...
6 days ago Cybersecuritynews.com
DeepSeek R1 Jailbreaked To Develop Malware, Such As A Keylogger And Ransomware - Cyber Security News - These findings suggest that while DeepSeek R1 doesn’t provide turnkey malware solutions, it significantly lowers the technical barrier for creating harmful software, potentially accelerating malicious actors’ capabilities in developing ...
5 days ago Cybersecuritynews.com
Decrypting Linux/ESXi Akira Ransomware Files Without Paying Ransomware - The researcher has published the full source code and methodology on GitHub, providing a potential lifeline for organizations affected by this specific ransomware strain active since late 2023. According to the researcher, the malware uses the ...
6 days ago Cybersecuritynews.com Akira
Coinbase phishing email tricks users with fake wallet migration - A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. Instead, the phishing email includes a recovery phrase, which ...
5 days ago Bleepingcomputer.com
New Akira ransomware decryptor cracks encryptions keys using GPUs - Nugroho developed the decryptor after being asked for help from a friend, deeming the encrypted system solvable within a week, based on how Akira generates encryption keys using timestamps. Akira ransomware dynamically generates unique encryption ...
5 days ago Bleepingcomputer.com Akira
Critical ruby-saml Vulnerabilities Let Attackers Bypass Authentication - Security researchers from GitHub Security Lab have identified parser differential vulnerabilities (CVE-2025-25291 and CVE-2025-25292) affecting ruby-saml versions up to 1.17.0, which could allow attackers to impersonate any user within affected ...
6 days ago Cybersecuritynews.com CVE-2025-25291
AWS SNS Abused To Exfiltrate Data & Phishing Attack - The attacks leverage legitimate AWS functionality to create SNS topics, subscribe external email addresses, and publish sensitive data through API calls that appear as normal AWS service usage. Elastic Security Labs provided hunting queries that ...
5 days ago Cybersecuritynews.com
United States Charges Developer of LockBit Ransomware Group - Technical analysis of LockBit 3.0, also known as “LockBit Black,” reveals sophisticated execution techniques, including command execution, batch scripts, and extensive use of the Native Windows API and PowerShell to interface with system ...
6 days ago Cybersecuritynews.com LockBit
Cisco Warns of IOS XR Software Vulnerability Let Attackers Trigger DoS condition - According to Cisco’s security advisory released on March 12, 2025, an attacker could exploit this vulnerability by sending crafted BGP update messages to trigger memory corruption, which may force the BGP process to restart and result in a ...
6 days ago Cybersecuritynews.com CVE-2025-20115
Suspected LockBit ransomware dev extradited to United States - Panev remained an active member of LockBit ransomware's core team until February 2024, when an international law enforcement operation led by the UK's National Crime Agency (NCA) and the FBI severely disrupted the cybercrime organization. Panev has ...
6 days ago Bleepingcomputer.com LockBit Inception
Week-long Exchange Online outage causes email failures, delays - Two weeks ago, the company linked a weekend Microsoft 365 outage affecting Outlook and Exchange Online authentication to another "code issue." A subsequent advisory revealed that Exchange Online users still had issues accessing calendars and email ...
5 days ago Bleepingcomputer.com
CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
6 days ago Cybersecuritynews.com CVE-2024-5594
Lazarus Hackers Exploiting IIS Servers to Deploy ASP-based Web Shells - Unlike previous iterations that used the password “1234qwer,” the latest variant employs “2345rdx” as its authentication mechanism, indicating an evolution in their operational security measures. The continued evolution of ...
6 days ago Cybersecuritynews.com Lazarus Group
Black Basta Ransomware Attack Edge Network Devices With Automated Brute Force Attacks - After gaining initial access through compromised edge devices, Black Basta actors follow a structured attack chain deploying post-exploitation frameworks like Cobalt Strike or Brute Ratel to establish command-and-control channels, extract ...
6 days ago Cybersecuritynews.com Black Basta
Microsoft apologizes for removing VSCode extensions used by millions - Microsoft has reinstated the 'Material Theme – Free' and 'Material Theme Icons – Free' extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn't actually malicious. According to Astorino, the ...
6 days ago Bleepingcomputer.com
Western Alliance Bank says nearly 22,000 impacted by file transfer software breach | The Record from Recorded Future News - The Clop gang — which has conducted global data theft campaigns targeting file sharing tools MOVEit, GoAnywhere and Accellion over the last five years — initially named 66 companies in the fall of 2024 but has slowly been releasing the names of ...
1 day ago Therecord.media
Municipalities in four states are struggling with cyberattacks limiting services | The Record from Recorded Future News - The attack on Cleveland Municipal Court was claimed on Tuesday by the Qilin ransomware gang — a group responsible for other recent attacks on local governments, as well as critical healthcare entities in the U.K. The court did not respond to ...
1 day ago Therecord.media Qilin
Hackers Attacking Exposed Jupyter Notebooks To Deliver Cryptominer - Analysts at Cado Security Labs identified this attack through their honeypot systems, noting that the campaign represents a new vector for cryptomining attacks that hasn’t been previously reported, despite sharing similarities with earlier ...
5 days ago Cybersecuritynews.com
New Steganographic Malware Attack via JPG File Delivers Multiple Password Stealing Malwares - Security researchers have discovered that this sophisticated attack leverages the practice of hiding malicious payloads within seemingly harmless image files, exploiting steganography—a technique historically used for concealing messages or content ...
3 days ago Cybersecuritynews.com
Sperm donation giant California Cryobank warns of a data breach - The investigation has determined that the attack exposed varying personal data for customers, including names, bank accounts and routing numbers, Social Security numbers, driver's license numbers, payment card numbers, and/or health insurance ...
1 day ago Bleepingcomputer.com
Zero-Hour Phishing Attacks Exploiting Browser Vulnerabilities Increases by 130% - These sophisticated attacks leverage unpatched security flaws in popular browsers to deploy malicious payloads before security teams can implement countermeasures, leaving users and organizations extremely vulnerable in the critical first hours of an ...
6 hours ago Cybersecuritynews.com CVE-2023-45812
Microsoft: March Windows updates mistakenly uninstall Copilot - ​Microsoft says the March 2025 Windows cumulative updates automatically and mistakenly remove the AI-powered Copilot digital assistant from some Windows 10 and Windows 11 systems. More recently, Microsoft announced that it's rolling out a new ...
3 days ago Bleepingcomputer.com
Top Cybersecurity Tools of 2025 To Managing Remote Device Threats - Microsoft Defender for Endpoint is an enterprise-grade security solution that protects remote devices through AI-driven threat detection, automated response mechanisms, and seamless integration with Microsoft’s security ecosystem. By leveraging ...
5 days ago Cybersecuritynews.com
RedCurl APT leveraging Active Directory Explorer & 7-Zip To Archive Exfiltrated Data - Cyber Security News - “The victim sees a single file, ‘CV Applicant *.scr’ which is the legitimate signed Adobe executable ‘ADNotificationManager.exe’. After the victim opens the file, the EarthKapre loader (netutils.dll) is side ...
4 days ago Cybersecuritynews.com
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts - Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The attacks are similar to those reported years ago, indicating that OAuth apps ...
4 days ago Bleepingcomputer.com
GitHub restores code following malicious changes to tj-actions tool | The Record from Recorded Future News - On Friday, cybersecurity firm StepSecurity warned of a security incident impacting the tj-actions/changed-files GitHub Action, a popular tool used to track file changes and trigger other actions depending on those alterations. Mureinik told Recorded ...
2 days ago Therecord.media CVE-2025-30066
Half a million people impacted by Pennsylvania State Education Association data breach | The Record from Recorded Future News - The organization published breach notices in several states and on its website, warning its current and former members as well as their dependants that hackers broke into their systems last year and stole state IDs, Social Security numbers, financial ...
1 day ago Therecord.media Rhysida
100+ Auto Dealers Hacked With A ClickFix Webpage Leads To SectopRAT Malware Installation - The attack leveraged a shared video service specifically used by auto dealerships, injecting malicious code that redirected unsuspecting users to fraudulent webpages designed to install the dangerous SectopRAT remote access trojan on their systems. ...
4 days ago Cybersecuritynews.com
Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches - Threat actors have exploited a PHP CGI remote code execution (RCE) vulnerability, enabling unauthorized access and potential system compromise. Commvault patched a critical webserver vulnerability that could allow attackers to deploy malicious ...
4 days ago Cybersecuritynews.com CVE-2024-31317 BianLian Medusa
PoC Exploit Released for Use-after-free Linux Kernel Vulnerability - Security researchers have publicly released a proof-of-concept (PoC) exploit for CVE-2024-36904, a critical use-after-free vulnerability in the Linux kernel that has remained undetected for seven years. System administrators should prioritize ...
2 days ago Cybersecuritynews.com CVE-2024-36904
New BitM Attack Lets Hackers Steal User Sessions Within Seconds - BitM signifies a major shift in cyber threats, using browser functionalities to evade traditional security measures. This method exploits web browser functionalities to hijack authenticated sessions, posing a significant threat to organizations ...
2 days ago Cybersecuritynews.com
New Sophisticated Phishing Attack Exploiting Microsoft 365 Infrastructure To Attack Users - What makes this attack particularly dangerous is that traditional email authentication mechanisms cannot detect it since emails originate from legitimate Microsoft domains and pass all standard email security checks, directing victims to voice-based ...
2 days ago Cybersecuritynews.com
Blockchain gaming platform WEMIX hacked to steal $6.1 million - During a press conference held yesterday, WEMIX's CEO Kim Seok-Hwan confirmed the incident occurred on February 28, 2025, explaining that the delay in issuing a public announcement wasn't an attempt to cover it up, but rather a conscious choice to ...
2 days ago Bleepingcomputer.com
New Clearfake Variant Leverages Fake reCAPTCHA To Trick Users Deliver Malicious PowerShell Code - The infection flow begins with injected JavaScript on compromised websites, which retrieves malicious code from blockchain smart contracts, ultimately leading to the display of fake security challenges. The latest variant, discovered in December ...
2 days ago Cybersecuritynews.com
Western Alliance Bank notifies 21,899 customers of data breach - The bank first revealed in a February SEC filing that the attackers exploited a zero-day vulnerability in the third-party software (disclosed by the vendor on October 27, 2024) to hack a limited number of Western Alliance systems and exfiltrate files ...
1 day ago Bleepingcomputer.com CVE-2024-50623
GitHub Action hack likely led to another in cascading supply chain attack - Last week, a supply chain attack on the tj-actions/changed-files GitHub Action caused malicious code to write CI/CD secrets to the workflow logs for 23,000 repositories. A cascading supply chain attack that began with the compromise of the ...
1 day ago Bleepingcomputer.com
Manage Engine Analytics Vulnerability Allows User Account Takeover - During analysis, security experts determined that the vulnerability could be exploited to intercept and manipulate authentication processes, potentially leading to complete account takeover scenarios. Cyber Security News is a Dedicated News Platform ...
3 days ago Cybersecuritynews.com CVE-2025-1724
Google Released Open Source Version of OSV-Scanner Tool for Vulnerability Scanning - Originally launched in December 2022, OSV-Scanner has become an essential tool for open-source security, providing developers with easy access to vulnerability information relevant to their projects. Developers across various programming languages ...
2 days ago Cybersecuritynews.com
8-Year Old Windows Shortcut Zero-Day Exploited by 11 State-Sponsored Groups - Some North Korean threat actors, such as Earth Manticore (APT37) and Earth Imp (Konni), have been using extremely large .lnk files – with sizes up to 70.1 MB – containing excessive whitespace and junk content to further evade detection. ...
2 days ago Cybersecuritynews.com APT37 APT3