Latest Cyber News

Abacus Dark Web Market Possible Exit Scam with the Bitcoin Payments They Hold - The marketplace’s operators appear to have disappeared with users’ cryptocurrency funds, marking another significant blow to the Western darknet ecosystem following the law enforcement seizure of Archetyp Market in June 2025. The ...
15 minutes ago Cybersecuritynews.com
New Attack Targeting Japanese Companies Exploiting Ivanti & Fortinet VPN Vulnerabilities - Once inside, attackers deploy various malware families including RokRAT, which enables data exfiltration to legitimate cloud storage services, and PlugX, utilized by the TELEBOYi attack group for command and control operations. A sophisticated cyber ...
21 minutes ago Cybersecuritynews.com CVE-2025-22457
Google fixes actively exploited sandbox escape zero day in Chrome - The security issue is described as an insufficient validation of untrusted input in ANGLE and GPU that affects Google Chrome versions before 138.0.7204.157. An attacker successfully exploiting it could perform a sandbox escape by using a specially ...
34 minutes ago Bleepingcomputer.com CVE-2025-7656
Albemarle County Hit By Ransomware Attack - Hackers Accessed Residents Personal Details - County officials confirmed that the malware deployment resulted in potential exposure of resident data, prompting immediate notification to the FBI, Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), and ...
1 hour ago Cybersecuritynews.com
Authorities Dismantled “Diskstation” Ransomware Attacking Synology NAS Devices Worldwide - The collaborative effort included cyber crime units from Italy, France, and Romania, each contributing expertise in different aspects of the investigation including digital forensics, cryptocurrency analysis, and cross-border legal procedures. The ...
1 hour ago Cybersecuritynews.com
Dark 101 Ransomware With Weaponized .NET Binary Disables Recovery Mode and Task Manager - Its primary objectives include encrypting personal files, eliminating backup copies and catalogs, disabling critical system recovery features, and blocking access to Task Manager to prevent user intervention. The malware demonstrates particular ...
1 hour ago Cybersecuritynews.com
Microsoft Details on How Security Copilot in Intune and Entra Helps Security and IT Teams - Cyber Security News - This new functionality allows IT administrators to interact with endpoint management data through natural language queries, fundamentally changing how teams extract insights and take action across multiple domains including devices, applications, ...
1 hour ago Cybersecuritynews.com
Node.js Vulnerabilities Exposes Windows App to Path Traversal and HashDoS Attacks - Security releases are now available for Node.js versions 20.x, 22.x, and 24.x, with patches addressing a path traversal bypass and a HashDoS attack vector that could significantly impact application security and performance. When processing file ...
1 hour ago Cybersecuritynews.com CVE-2025-27210
Former U.S. Soldier Pleads Guilty for Hacking Telecommunications Companies - Cameron John Wagenius, 21, who operated under the alias “kiberphant0m,” pleaded guilty to multiple federal charges related to a conspiracy that attempted to extract at least $1 million from victim organizations between April 2023 and ...
1 hour ago Cybersecuritynews.com
Federal IT contractor Agrees to Pay $14.75M Over False Cybersecurity Services Claim - Investigators say Hill’s pitch hinged on a bespoke endpoint-monitoring platform that quietly seeded a loader, nicknamed “ShadowQuill,” across federal enclaves, promising rapid threat hunting while actually funneling traffic to third-party ...
2 hours ago Cybersecuritynews.com Ra group
DShield Honeypot Scanning Reaches Record-High - 1,000,000+ Logs in a Day - The technical analysis reveals that the scanning campaigns originate from distributed subnet ranges, with notable activity from networks including 45.146.130.0/24, 179.60.146.0/24, and 185.93.89.0/24, each generating hundreds of thousands to millions ...
3 hours ago Cybersecuritynews.com
Iranian Threat Actors Attacking U.S. Critical Infrastructure Including Water Systems - Iranian cyber operatives have intensified their assault on American critical infrastructure, with Intelligence Group 13 emerging as a primary threat actor targeting water treatment facilities, electrical grids, and industrial control systems across ...
3 hours ago Cybersecuritynews.com
VMware ESXi and Workstation Vulnerabilities Let Attackers Execute Malicious Code on Host - Multiple severe vulnerabilities have been addressed affecting VMware ESXi, Workstation, Fusion, and Tools that could allow attackers to execute malicious code on host systems. However, on VMware Workstation and Fusion desktop platforms, successful ...
4 hours ago Cybersecuritynews.com
Octalyn Stealer Steals VPN Configurations, Passwords and Cookies in Structured Folders - A sophisticated new credential stealer disguised as a legitimate forensic toolkit has emerged on GitHub, targeting sensitive user data including VPN configurations, browser credentials, and cryptocurrency wallet information. The Octalyn Stealer, ...
4 hours ago Cybersecuritynews.com
North Korean Hackers Weaponized 67 Malicious npm Packages to Deliver XORIndex Malware - The loader’s evolution from basic prototypes to sophisticated malware demonstrates deliberate advancement in obfuscation techniques, progressing from simple remote code execution capabilities to comprehensive system profiling and multi-endpoint ...
5 hours ago Cybersecuritynews.com
BaitTrap - 17,000+ Fake News Websites Caught Promoting Investment Frauds - Cyber Security News - These malicious platforms masquerade as legitimate news outlets, publishing fabricated stories featuring well-known public figures and respected financial institutions to build trust and lure unsuspecting victims into high-risk financial scams ...
6 hours ago Cybersecuritynews.com
Hacktivist Groups Attacks on Critical ICS Systems to Steal Sensitive Data - The cybersecurity landscape has witnessed an alarming evolution in hacktivist operations, with threat actors increasingly shifting their focus from traditional DDoS attacks and website defacements to sophisticated industrial control system (ICS) ...
7 hours ago Cybersecuritynews.com
Google Chrome 0-day Vulnerability Actively Exploited in the Wild - Chrome typically updates automatically, but users can manually check for updates by navigating to Chrome’s settings menu and selecting “About Google Chrome.” Given the active exploitation of CVE-2025-6558, delaying this update could ...
7 hours ago Cybersecuritynews.com CVE-2025-6558
Ransomware Gangs Actively Expanding to Attack VMware and Linux Systems - The cybersecurity landscape has experienced a dramatic shift as ransomware operators increasingly target Linux and VMware environments, abandoning their traditional focus on Windows systems. The attackers’ ability to execute code using ...
13 hours ago Cybersecuritynews.com
North Korean Hackers Using Fake Zoom Invites to Attack Crypto Startups - Cyber Security News - North Korean threat actors have escalated their sophisticated cyber operations against cryptocurrency startups, deploying an evolved malware campaign that leverages fraudulent Zoom meeting invitations to infiltrate target organizations. According to ...
13 hours ago Cybersecuritynews.com
OpenAI's image model gets built-in style feature on ChatGPT - To help you easily create images in different styles, ChatGPT has been quietly updated with a new 'Style' feature, which allows you to select a predefined prompt and convert images into the desired state. OpenAI's image gen model, which is available ...
14 hours ago Bleepingcomputer.com
Abacus dark web drug market goes offline in suspected exit scam - TRM Labs reports that the market had enabled transactions of nearly $100 million worth of Bitcoin but the figure does not include Monero (XMR) cryptocurrency, which requires special conditions to track and accounts for at least two-thirds of all ...
14 hours ago Bleepingcomputer.com
Apache Tomcat Coyote Vulnerability Let Attackers Trigger DoS Attack - First noted in the National Vulnerability Database five days ago, the weakness stems from Coyote’s failure to enforce a hard cap on concurrent streams when an HTTP/2 client never acknowledges the server’s initial SETTINGS frame. Cyber Security ...
15 hours ago Cybersecuritynews.com CVE-2025-53506
NCSC Urges Organizations to Upgrade Microsoft Windows 11 to Defend Cyberattacks - The National Cyber Security Centre (NCSC) has issued a critical advisory urging organizations to prioritize upgrading to Windows 11 before the October 14, 2025 end-of-life deadline for Windows 10. Historical precedents demonstrate the devastating ...
15 hours ago Cybersecuritynews.com
Windows KB5064489 emergency update fixes Azure VM launch issues - Microsoft has released an emergency update to fix a bug that prevents Azure virtual machines from launching when the Trusted Launch setting is disabled and Virtualization-Based Security (VBS) is enabled. On Sunday, Microsoft released the ...
15 hours ago Bleepingcomputer.com
Google says ‘Big Sleep’ AI tool found bug hackers planned to use | The Record from Recorded Future News - Late last year, Google announced an AI agent called Big Sleep — a project that evolved out of work on vulnerability research assisted by large language models done by Google Project Zero and Google DeepMind. “The limited indicators were passed ...
15 hours ago Therecord.media
North Korean XORIndex malware hidden in 67 malicious npm packages - North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. The packages collectively count more than 17,000 downloads and ...
16 hours ago Bleepingcomputer.com
Police disrupt “Diskstation” ransomware gang attacking NAS devices - An international law enforcement action dismantled a Romanian ransomware gang known as 'Diskstation,' which encrypted the systems of several companies in the Lombardy region, paralyzing their businesses. Diskstation is a ransomware operation that ...
17 hours ago Bleepingcomputer.com
Threat Actors Mimic CNN, BBC, and CNBC Websites to Promote Investment Scams - Cybersecurity researchers have identified a sophisticated international fraud campaign that leverages impersonated news websites from major outlets including CNN, BBC, CNBC, News24, and ABC News to orchestrate large-scale investment scams. The ...
18 hours ago Cybersecuritynews.com
Konfety Android Malware on Google Play Uses ZIP Manipulation to Imitate Legitimate Apps - Zimperium’s zLabs security research team has identified a new and highly sophisticated variant of the Konfety Android malware that employs advanced evasion techniques to bypass security analysis tools and conduct fraudulent advertising ...
19 hours ago Cybersecuritynews.com
How SOC Teams Reduce MTTD And MTTR With Threat Context Enrichment  - ANY.RUN’s Threat Intelligence Lookup, with its foundation in real-world security investigations and seamless sandbox integration, offers SOC teams the comprehensive context needed to excel in today’s threat environment. ANY.RUN’s ...
19 hours ago Cybersecuritynews.com
Hackers Breaking Internet with 7.3 Tbps and 4.8 Billion Packets Per Second DDoS Attack - The second quarter of 2025 has marked a historic milestone with the largest DDoS attack ever recorded, demonstrating the evolving nature of digital threats and the critical importance of robust cybersecurity infrastructure. The Q2 2025 data reveals a ...
19 hours ago Cybersecuritynews.com
Louis Vuitton says customers in Turkey, South Korea and UK impacted by data breaches | The Record from Recorded Future News - A statement from Louis Vuitton South Korea said the breach involved names, contact information and other data provided by customers. Luxury brand Louis Vuitton said data breaches at its stores in Turkey, South Korea and the United Kingdom exposed the ...
20 hours ago Therecord.media Scattered Spider
GLOBAL GROUP RaaS Operators Enable AI-driven Negotiation Functionality - GLOBAL GROUP, operated by threat actor “$$$”, has claimed 17 victims across multiple countries since its June 2025 launch, demonstrating rapid operational scaling through automated systems and strategic partnerships with Initial Access ...
20 hours ago Cybersecuritynews.com
GitGuardian Launches MCP Server to Bring Secrets Security into Developer Workflows - GitGuardian, the leader in automated secrets detection and remediation, today announced the launch of its Model Context Protocol (MCP) Server, a powerful new infrastructure designed to bring AI-assisted secrets security directly into developer ...
20 hours ago Cybersecuritynews.com
Android malware Konfety uses malformed APKs to evade detection - In that case, SoumniBot declared an invalid compression method in AndroidManifest.xml, declared a fake file size and data overlay, and confused analysis tools with very large namespace strings. A new variant of the Konfety Android malware emerged ...
21 hours ago Bleepingcomputer.com
AsyncRAT New Forks Uncovered With New Features Ranging From Screamer to a USB Malware Spreader - The open-source nature of AsyncRAT, first released on GitHub in 2019, has spawned numerous sophisticated forks that incorporate enhanced evasion techniques, novel plugins, and specialized attack vectors that pose significant threats to cybersecurity ...
21 hours ago Cybersecuritynews.com
Authorities Arrested 14 Hackers in Connection With Large-Scale Tax Fraud Operation - The UK suspect faces multiple charges under various legislation, including fraud by false representation contrary to Section 2 of the Fraud Act (2006), possession of articles for fraud under Section 6 of the Fraud Act (2006), and unauthorised ...
21 hours ago Cybersecuritynews.com
2.3 Million Times Downloaded LaRecipe Tool Vulnerability Let Attackers Take Full Control Of Servers - Security researchers have confirmed that the flaw allows attackers to access sensitive environment variables, execute system commands, and potentially escalate their access depending on the server configuration. The vulnerability, identified as ...
21 hours ago Cybersecuritynews.com CVE-2025-53833
British Citizen Jailed for Islamophobic WiFi Hack at UK Train Stations - Wik utilized his company-issued laptop to modify the captive portal pages – the initial web pages users encounter when connecting to public WiFi networks – effectively conducting a man-in-the-middle attack on unsuspecting passengers. The ...
22 hours ago Cybersecuritynews.com
OpenAI's ChatGPT-powered browser is codenamed 'Aura' - Reuters previously reported that OpenAI is building a Chromium-based Chrome alternative that will use generative and agentic AI capabilities to transform the web browsing experience. In addition to a new browser, OpenAI is working on the GPT-5 model, ...
22 hours ago Bleepingcomputer.com
PoC Exploit Released for High-Severity Git CLI Arbitrary File Write Vulnerability - CVE-2025-48384, assigned a CVSS severity score of 8.1/10, allows attackers to achieve remote code execution through maliciously crafted repositories when users execute git clone –recursive commands. When an attacker crafts a malicious ...
23 hours ago Cybersecuritynews.com CVE-2025-48384
Hackers Leveraging AWS Lambda URLs Endpoints to Attack Governments Organizations - The execution flow of Lambda URL abuse shows how every beacon from an infected workstation blends into legitimate *.on.aws traffic, giving defenders little visual distinction from sanctioned cloud workloads. Their reverse-engineering revealed that ...
23 hours ago Cybersecuritynews.com
MITRE Launches AADAPT Framework to Detect and Respond Attacks on Asset Management Systems - MITRE Corporation has launched the Adversarial Actions in Digital Asset Payment Technologies (AADAPT™) framework, a comprehensive knowledge base designed to help organizations detect and respond to sophisticated attacks targeting digital asset ...
1 day ago Cybersecuritynews.com
Elmo's X Account Hacked: Sesame Street Character Used to Spread Racist and Antisemitic Messages - “Elmo’s X account was briefly compromised by an unknown hacker who posted disgusting messages, including antisemitic and racist posts,” a spokesperson told multiple news outlets. In a shocking incident that left parents and fans ...
1 day ago Cybersecuritynews.com
CISA Warns of Wing FTP Server Vulnerability Actively Exploited in Attacks - The vulnerability, tracked as CVE-2025-47812, poses significant risks to organizations using this popular file transfer solution and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog with an immediate remediation deadline. ...
1 day ago Cybersecuritynews.com CVE-2025-47812
Symantec Endpoint Management Suite Vulnerability Allows Malicious Code Execution Remotely - The flaw, designated CVE-2025-5333 with a severe CVSS v4.0 score of 9.5, affects multiple versions of the widely-deployed endpoint management solution and has prompted immediate mitigation recommendations from security experts. CVE-2025-5333 (CVSS ...
1 day ago Cybersecuritynews.com CVE-2025-5333
CBI Busts Noida Based Tech Support Scam Targeting UK & Australian Citizens - Operating with precise timing aligned to victim time zones, the fraudsters impersonated technical support staff from reputed multinational companies, particularly Microsoft Corporation, convincing unsuspecting victims that their devices had been ...
1 day ago Cybersecuritynews.com
Red Bull-Themed Phishing Attacks Steal Job Seekers Login Credentials - Cyber Security News - The Kusto-style query above, adapted from Evalian’s SOC rules, triangulates sender reputation, anomalous reply-to domains, malicious top-level infrastructure and the shared JARM signature, delivering high-fidelity alerts without drowning analysts ...
1 day ago Cybersecuritynews.com Hunters
20-year-old Vulnerability in Radio Remote Linking Protocol Let Hackers Control Train Brakes - Organizations should ensure control system devices are not accessible from the internet, implement proper network segmentation with firewalls, and use secure remote access methods like Virtual Private Networks (VPNs). CISA has issued a critical ...
1 day ago Cybersecuritynews.com CVE-2025-1727
UK launches vulnerability research program for external experts - NCSC will partner with skilled external vulnerability researchers who will be given objectives to identify flaws in specific products of interest, assess proposed mitigations, and finally disclose the flaws through the 'Equities Process' procedure. ...
1 day ago Bleepingcomputer.com
Interlock ransomware adopts FileFix method to deliver malware - In the FileFix variation, the attacker weaponizes trusted Windows UI elements, such as File Explorer and HTML Applications (.HTA), to trick users into executing malicious PowerShell or JavaScript code without displaying any security warnings. This ...
1 day ago Bleepingcomputer.com
Piracy sites for Nintendo Switch, PS4 games taken down by FBI | The Record from Recorded Future News - The European Union added Nsw2u to its Counterfeit and Piracy Watch List in May, writing in a report that video game industry stakeholders reported the site to law enforcement because of its role in platforming unauthorized copies of games. In 2021, ...
1 day ago Therecord.media
Wing FTP Server Vulnerability Actively Exploited - 2000+ Servers Exposed Online - Security researchers have confirmed active exploitation of a critical vulnerability in Wing FTP Server, just one day after technical details were publicly disclosed. Organizations operating Wing FTP Server installations should prioritize upgrading to ...
1 day ago Cybersecuritynews.com CVE-2025-47812
Threat Actors Attacking Gen Z Gamers With Weaponized Versions of Popular Games - Cyber Security News - The campaign, which has recorded over 19 million malware distribution attempts in a single year, demonstrates how cybercriminals are increasingly exploiting the digital native generation’s passion for gaming to execute large-scale data theft ...
1 day ago Cybersecuritynews.com
Gigabyte UEFI Firmware Vulnerability Let Attackers Execute Arbitrary Code in the SMM Environment - The vulnerabilities, disclosed by the Software Engineering Institute’s CERT Coordination Center on July 11, 2025, affect multiple Gigabyte systems and could enable attackers to bypass fundamental security protections, including Secure Boot and ...
1 day ago Cybersecuritynews.com CVE-2025-7027
Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot - Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls. The four vulnerabilities are in Gigabyte firmware ...
1 day ago Bleepingcomputer.com
Microsoft Details on Fixing Error “Identify Which Process Is Blocking a File in Windows” With Built-in Tools - Available through winget install Microsoft.Sysinternals.Handle, this tool accepts specific filename parameters using the syntax handle.exe <filename> to list all processes currently accessing the target file. The documentation also acknowledges ...
1 day ago Cybersecuritynews.com
New Forensic Technique Uncovers Hidden Trails Left by Hackers Exploiting RDP - Forensic tools reconstruct attacker screen activity from thousands of 64x64 pixel bitmap fragments stored in RDP cache files, revealing viewed files and commands. Investigators identify RDP attackers through Windows Event IDs 4624/4625 and unique ...
1 day ago Cybersecuritynews.com
KongTuke Attacking Windows Users With New Interlock RAT Variant Using FileFix Technique - A sophisticated malware campaign leveraging the KongTuke threat cluster has emerged, targeting Windows users through a novel FileFix technique that deploys an advanced PHP-based variant of the Interlock remote access trojan (RAT). Upon accessing an ...
1 day ago Cybersecuritynews.com
RenderShock 0-Click Vulnerability Executes Payloads via Background Process Without User Interaction - Security teams should implement comprehensive defenses, including disabling preview panes in Windows Explorer and Quick Look on macOS, blocking outbound SMB traffic (TCP 445) to untrusted networks, and enforcing macro blocking through Group Policy. ...
1 day ago Cybersecuritynews.com
Retired US Air Force Employee Pleads Guilty for Sharing Military Secrets on a Dating App - Messages like “Sweet Dave, the supply of weapons is completely classified, which is great!” and “You have a job in the Operations Center today, I remember, I’m sure there is a lot of interesting news there?” demonstrated ...
1 day ago Cybersecuritynews.com
Threat Actors Use Sophisticated Hacking Tools to Destroy Organizations Critical Infrastructure - That injector decrypts its next stage only after validating domain-specific indicators—SCADA vendor strings, PLC firmware revisions, and the presence of Siemens Step7 runtimes—thereby ensuring the worm activates solely inside high-value ...
1 day ago Cybersecuritynews.com
Romanian police arrest 13 scammers targeting UK’s tax authority | The Record from Recorded Future News - Thirteen people have been arrested in Romania and one in the U.K. in connection with a large-scale tax fraud operation that exploited stolen personal data to falsely claim millions of pounds, according to Britain’s tax authority. In a separate case ...
1 day ago Therecord.media
Louis Vuitton Hacked - Attackers Stolen Customers Personal Data - According to Dior’s statement, the unauthorized third-party attackers successfully infiltrated Louis Vuitton’s UK operational systems through what security experts classify as a SQL injection or credential stuffing attack. While the ...
2 days ago Cybersecuritynews.com
Hackers Weaponize Compiled HTML Help to Deliver Malicious Payload - Through this elegantly simple chain, legacy help files become Trojan horses, blending user interface tricks, trusted Windows binaries, and subtle network traffic to achieve a foothold that many security tools still underestimate. dmpdump analysts ...
2 days ago Cybersecuritynews.com
Hackers Allegedly Selling WinRAR 0-day Exploit on Dark Web Forums for $80,000 - A threat actor under the alias "zeroplayer" has sale a previously unknown remote code execution (RCE) zero-day exploit affecting the latest and earlier versions of WinRAR. Threat actor "zeroplayer" is selling a WinRAR RCE exploit on dark ...
2 days ago Cybersecuritynews.com CVE-2025-6218 BITTER
Top 10 Best Cloud VPN Providers in 2024 - With 2,200+ servers in 75+ countries, IPVanish provides reliable access to global content and strong privacy protections, including a strict no-logs policy and 256-bit AES encryption. With over 3,000 servers in 91 countries, PIA offers reliable ...
2 days ago Cybersecuritynews.com
Cybersecurity Isn’t Just For Experts Anymore: Why You Should Care - I learned how often things people didn’t know were dangerous, like a Bluetooth flaw in your headphones or a fake browser update, can take over their lives by reading more about security news. This is an interesting scenario because, in a world ...
2 days ago Cybersecuritynews.com
11 Best Cloud Access Security Broker Software (CASB) - 2025 - Netskope is widely recognized as a leader in cloud security, offering a comprehensive CASB solution that delivers deep visibility, advanced threat protection, and granular policy enforcement. The CASB solution provides rich visibility, control, and ...
2 days ago Cybersecuritynews.com
Grok-4 Jailbreaked With Combination of Echo Chamber and Crescendo Attack - The success rates indicate that current LLM safety measures may be inadequate against sophisticated multi-turn attack strategies that exploit conversational context rather than relying on overtly harmful input patterns. The research, published by ...
2 days ago Cybersecuritynews.com
Google Gemini for Workspace Vulnerability Lets Attackers Conceal Malicious Scripts in Emails - Cyber Security News - Security researchers have uncovered a significant vulnerability in Google Gemini for Workspace that enables threat actors to embed hidden malicious instructions within emails. The attack exploits the AI assistant’s “Summarize this ...
2 days ago Cybersecuritynews.com
Windows 10 KB5062554 update breaks emoji panel search feature - The search feature for the Windows 10 emoji panel is broken after installing the KB5062554 cumulative update released Tuesday, making it not possible to look up emojis by name or keyword. BleepingComputer can confirm that the search feature in ...
2 days ago Bleepingcomputer.com
Google Gemini flaw hijacks email summaries for phishing - Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links. As many users are likely to ...
2 days ago Bleepingcomputer.com
Weekly Cybersecurity Roundup: Key Vulnerabilities, Threats, and Data Breaches - Multiple critical vulnerabilities have been identified in Scriptcase, a low-code development platform, particularly in versions like 9.4.019 and 9.10.023. These flaws include arbitrary file uploads, path traversal, and cross-site scripting (XSS), ...
2 days ago Cybersecuritynews.com

Trending Cyber News (last 7 days)

AsyncRAT New Forks Uncovered With New Features Ranging From Screamer to a USB Malware Spreader - The open-source nature of AsyncRAT, first released on GitHub in 2019, has spawned numerous sophisticated forks that incorporate enhanced evasion techniques, novel plugins, and specialized attack vectors that pose significant threats to cybersecurity ...
21 hours ago Cybersecuritynews.com
CVE-2025-47812 - In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges ...
1 day ago CVE-2025-47812 CVE-2025-47813
Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record from Recorded Future News - Last year, a man behind a $110 million theft from defunct crypto platform Mango Markets was convicted in federal court despite having negotiated with the platform to return the funds. The person behind the theft began transferring the funds in $5 ...
4 days ago Therecord.media
GPUHammer - First Rowhammer Attack Targeting NVIDIA GPUs - Cybersecurity researchers at the University of Toronto have achieved a breakthrough in hardware-level attacks by successfully demonstrating GPUHammer, the first Rowhammer attack specifically targeting discrete NVIDIA GPUs. The research, which focuses ...
3 days ago Cybersecuritynews.com Inception
IT Giant Ingram Micro Restores Operations Following Ransomware Attack - The attack, first identified on July 5, 2025, represents one of the most notable ransomware incidents affecting a major technology distribution company this year, highlighting the sophisticated nature of modern cyber threats targeting critical supply ...
4 days ago Cybersecuritynews.com
Laravel APP_KEY Vulnerability Allows Remote Code Execution - Hundreds of Apps Affected - Over one-third of APP_KEY disclosures coincide with additional secret exposures, including database credentials (MongoDB, MySQL, PostgreSQL), cloud storage tokens (AWS S3, Digital Ocean Spaces), and payment platform keys (Stripe, PayPal). A critical ...
5 days ago Cybersecuritynews.com CVE-2018-15133
Hackers Actively Exploiting CitrixBleed 2 Vulnerability in the Wild - This pre-authentication flaw enables attackers to craft malicious requests that leak uninitialized memory from affected NetScaler ADC and Gateway devices, potentially exposing sensitive data, including session tokens, passwords, and configuration ...
5 days ago Cybersecuritynews.com CVE-2025-5777
AMD Warns of Transient Scheduler Attacks Affecting Wide Range of Chipsets - The vulnerabilities leverage timing-based side channels in AMD’s microarchitectural implementations, allowing attackers to infer sensitive information from system memory and processor states through carefully crafted speculative execution ...
5 days ago Cybersecuritynews.com CVE-2024-36350
Fortinet FortiWeb Fabric Connector Vulnerability Exploited to Execute Remote Code - A critical security vulnerability in Fortinet’s FortiWeb Fabric Connector has been discovered and exploited, allowing attackers to execute remote code on affected systems without authentication. Watchtower researchers analyzing the ...
4 days ago Cybersecuritynews.com
Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities - Cyber Security News - The group’s recent campaign has primarily leveraged critical vulnerabilities in Fortinet’s enterprise security appliances, specifically targeting CVE-2024-21762 and CVE-2024-55591 in unpatched FortiGate and FortiProxy devices. The ...
4 days ago Cybersecuritynews.com CVE-2024-21762 LockBit Qilin
OpenAI is to Launch a AI Web Browser in Coming Weeks - The new browser will feature integrated AI agent capabilities designed to autonomously handle various online tasks, positioning OpenAI as a direct competitor to traditional browser giants like Google Chrome while advancing the company’s vision ...
3 days ago Cybersecuritynews.com
Apache HTTP Server 2.4.64 Released With Patch for 8 Vulnerabilities - This latest update resolves a range of issues, including HTTP response splitting, server-side request forgery (SSRF), and denial of service vulnerabilities that could potentially compromise server security and performance. Apache HTTP Server 2.4.64 ...
5 days ago Cybersecuritynews.com CVE-2025-49812
FBI Atlanta Seizes Major Video Game Piracy Websites in International Operation - The Federal Bureau of Investigation’s Atlanta Field Office announced today the seizure of several major online criminal marketplaces that provided pirated versions of popular video games, dismantling a multi-million dollar piracy operation that ...
4 days ago Cybersecuritynews.com
Microsoft Eliminated High-Privilege Access to Enhance Microsoft 365 Security - The initiative also included implementing standardized monitoring systems to identify and report any remaining high-privilege access within Microsoft 365 applications, ensuring continuous compliance with the new security standards. Microsoft has ...
4 days ago Cybersecuritynews.com
Windows 10 KB5062554 update breaks emoji panel search feature - The search feature for the Windows 10 emoji panel is broken after installing the KB5062554 cumulative update released Tuesday, making it not possible to look up emojis by name or keyword. BleepingComputer can confirm that the search feature in ...
2 days ago Bleepingcomputer.com
GLOBAL GROUP RaaS Operators Enable AI-driven Negotiation Functionality - GLOBAL GROUP, operated by threat actor “$$$”, has claimed 17 victims across multiple countries since its June 2025 launch, demonstrating rapid operational scaling through automated systems and strategic partnerships with Initial Access ...
20 hours ago Cybersecuritynews.com
Arkana Ransomware Claimed to Have Stolen 2.2 Million Customer Records - What sets Arkana apart from traditional ransomware groups is their initial focus on psychological warfare and data exfiltration rather than immediate system encryption, utilizing their “Wall of Shame” tactics to publicly expose sensitive ...
4 days ago Cybersecuritynews.com Qilin
Hackers are exploiting critical RCE flaw in Wing FTP Server - Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public. The attacker sent malformed login requests with null-byte-injected ...
3 days ago Bleepingcomputer.com CVE-2025-47812
10 Best Digital Forensic Tools - 2025 - Belkasoft X is a modern digital forensics suite that excels at extracting and analyzing evidence from computers, mobile devices, and cloud services. Comparison Table: Top 10 Digital Forensic Investigation Tools 2024 Tool NameComputer ForensicsMobile ...
5 days ago Cybersecuritynews.com Axiom
D-Link 0-click Vulnerability Allows Remote Attackers to Crash the Server - A critical stack-based buffer overflow in the D-Link DIR-825 Rev.B 2.10 router firmware allows unauthenticated, zero-click remote attackers to crash the device’s HTTP server. Apply Firmware Update: D-Link must release a patched firmware version ...
4 days ago Cybersecuritynews.com
Indonesia extradites Russian accused of selling personal data on Telegram | The Record from Recorded Future News - Russian authorities allege Zverev operated an unnamed criminal network between 2018 and 2021 that profited from selling sensitive personal information sourced from databases belonging to Russia’s Interior Ministry (MVD), Federal Security Service ...
4 days ago Therecord.media
CISA Releases 13 New Industrial Control Systems Surrounding Vulnerabilities and Exploits - This comprehensive security alert encompasses multiple attack vectors targeting essential infrastructure components, ranging from network management systems to process control equipment used across manufacturing, energy, and transportation sectors. ...
4 days ago Cybersecuritynews.com
AWS Organizations Mis-scoped Managed Policy Let Hackers To Take Full AWS Organization Control - This oversight allows attackers who compromise a user or role in the management account with the vulnerable policy attached to register any account within the organization as a delegated administrator for sensitive services, effectively bypassing ...
4 days ago Cybersecuritynews.com
Google Gemini flaw hijacks email summaries for phishing - Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links. As many users are likely to ...
2 days ago Bleepingcomputer.com
Android malware Konfety uses malformed APKs to evade detection - In that case, SoumniBot declared an invalid compression method in AndroidManifest.xml, declared a fake file size and data overlay, and confused analysis tools with very large namespace strings. A new variant of the Konfety Android malware emerged ...
21 hours ago Bleepingcomputer.com
Albemarle latest Virginia county hit with ransomware | The Record from Recorded Future News - About two hours away, Gloucester County warned employees last week that it also suffered a ransomware attack in April that exposed Social Security numbers and other sensitive data. The county warned residents that it “appears likely” the hackers ...
4 days ago Therecord.media
Infostealers Actively Attacking macOS Users in The Wild to Steal Sensitive Data - Flashpoint Intel Team analysts identified four prominent strains dominating the current threat landscape: Atomic Stealer, recognized as the most prevalent Malware-as-a-Service offering; Poseidon Stealer, a sophisticated variant with connections to ...
4 days ago Cybersecuritynews.com
WordPress GravityForms Plugin Hacked to Include Malicious Code - A sophisticated supply chain attack has compromised the official GravityForms WordPress plugin, allowing attackers to inject malicious code that enables remote code execution on affected websites. The attack, discovered on July 11, 2025, represents a ...
3 days ago Cybersecuritynews.com Rocke
Critical WordPress Plugin Vulnerability Exposes 200k Websites to Site Takeover Attack - The vulnerability, assigned CVE-2025-6691 with a CVSS score of 8.8, allows unauthenticated attackers to delete arbitrary files on affected servers, including the crucial wp-config.php file that controls WordPress database connections. The SureForms ...
5 days ago Cybersecuritynews.com CVE-2025-6691
Russian Basketball Player Arrested over Alleged Ransomware Attack Claims - Le Monde reports that Daniil Kasatkin, a 26-year-old professional basketball player who most recently played for the Moscow team MBA-MAI, was arrested at Paris’s Roissy-Charles de Gaulle airport on June 21, 2025, following an international ...
5 days ago Cybersecuritynews.com
WordPress Gravity Forms developer hacked to push backdoored plugins - RocketGenius, the developer behind Gravity Forms, was informed of the issue, and a staff member told Patchstack that the malware affected only manual downloads and composer installation of the plugin. The popular WordPress plugin Gravity Forms ...
4 days ago Bleepingcomputer.com Rocke
CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch - The first warning of CitrixBleed 2 being exploited came from ReliaQuest on June 27. On July 7, security researchers at watchTowr and Horizon3 published proof-of-concept exploits (PoCs) for CVE-2025-5777, demonstrating how the flaw can ...
4 days ago Bleepingcomputer.com CVE-2025-5777
NVIDIA issues guidance to defend GDDR6 GPUs against Rowhammer - NVIDIA is warning users to activate the System Level Error-Correcting Code  mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory. Rowhammer represents a real security concern that could cause ...
4 days ago Bleepingcomputer.com
Airline executive agrees to dismiss litigation around alleged hack-for-hire scheme | The Record from Recorded Future News - The cases, which stretched across multiple continents and shed light on the shady world of corporate espionage and mercenary hackers, stemmed from a scheme allegedly orchestrated by an attorney at the law firm Dechert to hack into Azima’s accounts ...
4 days ago Therecord.media
Iranian APTs Hackers Actively Attacking Transportation and Manufacturing Sectors - This aggressive campaign has prompted urgent warnings from the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Homeland Security, highlighting the critical need for enhanced security measures across industrial and ...
4 days ago Cybersecuritynews.com MuddyWater OilRig APT3 APT33
Weekly Cybersecurity Roundup: Key Vulnerabilities, Threats, and Data Breaches - Multiple critical vulnerabilities have been identified in Scriptcase, a low-code development platform, particularly in versions like 9.4.019 and 9.10.023. These flaws include arbitrary file uploads, path traversal, and cross-site scripting (XSS), ...
2 days ago Cybersecuritynews.com
CVE-2025-49812 - In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine ...
6 days ago CVE-2024-43394
CISA Warns of CitrixBleed 2 Vulnerability Exploited in Attacks - The vulnerability, tracked as CVE-2025-5777, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog with an immediate remediation deadline of July 11, 2025. The vulnerability specifically affects deployments where NetScaler ...
4 days ago Cybersecuritynews.com CVE-2025-5777
Google Gemini for Workspace Vulnerability Lets Attackers Conceal Malicious Scripts in Emails - Cyber Security News - Security researchers have uncovered a significant vulnerability in Google Gemini for Workspace that enables threat actors to embed hidden malicious instructions within emails. The attack exploits the AI assistant’s “Summarize this ...
2 days ago Cybersecuritynews.com
Grok-4 Jailbreaked With Combination of Echo Chamber and Crescendo Attack - The success rates indicate that current LLM safety measures may be inadequate against sophisticated multi-turn attack strategies that exploit conversational context rather than relying on overtly harmful input patterns. The research, published by ...
2 days ago Cybersecuritynews.com
Four Hackers Arrested by UK Police for Attacks on M&S, Co-op and Harrods Stores - Digital devices confiscated for forensic analysis under the Computer Misuse Act, blackmail, money laundering, and organized crime charges. The charges under the Computer Misuse Act carry maximum sentences of 10 years imprisonment for unauthorized ...
5 days ago Cybersecuritynews.com
Russian pro basketball player arrested for alleged role in ransomware attacks - Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware gang. This description closely matches similar language used by the ...
5 days ago Bleepingcomputer.com Hunters
Windows 11 now uses JScript9Legacy engine for improved security - "To provide a more secure experience, beginning with Windows 11, version 24H2, JScript9Legacy is enabled by default to handle all scripting processes and operations that previously used JScript," announced Microsoft's Naveen Shankar. Microsoft ...
5 days ago Bleepingcomputer.com
SafePay Ransomware Leverages RDP and VPN for Intruding Into Organizations Network - The technical analysis reveals that SafePay employs classic yet highly effective tactics, including the disabling of endpoint protection systems, deletion of shadow copies, and systematic clearing of system logs to suppress detection and incident ...
5 days ago Cybersecuritynews.com LockBit
Multiple Schneider Electric Vulnerabilities Let Attackers Inject OS Commands - Schneider Electric has disclosed a critical set of six vulnerabilities affecting its EcoStruxure IT Data Center Expert software that could allow attackers to execute remote code and gain unauthorized system access. The vulnerabilities collectively ...
5 days ago Cybersecuritynews.com CVE-2025-50121
Android Packer Ducex Employs Serious Obfuscation Techniques and Detects Analysis Tools Presence - Unlike traditional malware deployment methods, Ducex employs a multi-layered approach that combines function encryption, string obfuscation, and sophisticated anti-analysis techniques. Security researchers have identified a highly complex packer ...
5 days ago Cybersecuritynews.com
11 Best Cloud Access Security Broker Software (CASB) - 2025 - Netskope is widely recognized as a leader in cloud security, offering a comprehensive CASB solution that delivers deep visibility, advanced threat protection, and granular policy enforcement. The CASB solution provides rich visibility, control, and ...
2 days ago Cybersecuritynews.com
PerfektBlue BlueTooth flaws impact Mercedes, Volkswagen, Skoda cars - Four vulnerabilities dubbed PerfektBlue and affecting the BlueSDK Bluetooth stack from OpenSynergy can be exploited to achieve remote code execution and potentially allow access to critical elements in vehicles from multiple vendors, ...
5 days ago Bleepingcomputer.com
Former Mexican president investigated over allegedly taking bribes from spyware industry | The Record from Recorded Future News - Mexican Attorney General Alejandro Gertz Manero announced Tuesday that he has launched a probe into allegations that former Mexican President Enrique Peña Nieto took bribes from Israeli businessmen who allegedly paid him as much as $25 million to ...
5 days ago Therecord.media
New ZuRu Malware Variant Attacking macOS Users Via Weaponized Termius App - This latest iteration, discovered in late May 2025, represents a significant evolution in the threat actor’s tactics, moving beyond their traditional Baidu search engine poisoning campaigns to directly compromise legitimate applications used by ...
5 days ago Cybersecuritynews.com