Cybersecurity News Aggregator | CyberSecurityBoard

Latest Cyber News

Fake Semrush ads used to steal SEO professionals’ Google accounts - Because Semrush integrates with Google Analytics and Google Search Console, customers often link valuable Google accounts containing sensitive business data—like revenue metrics, marketing strategies, and customer behavior, all attractive ...
1 hour ago Bleepingcomputer.com

Microsoft: Exchange Online bug mistakenly quarantines user emails - Customers have been reporting experiencing similar problems over the last two days, including having issues accessing the Quarantine Review page when using Microsoft Defender for 365 for email protection and ...
2 hours ago Bleepingcomputer.com

Russian Seller Offering Record Breaking $4,000,000 for Telegram 0-Day Exploits - A Russian exploit brokerage firm, Operation Zero, has publicly announced bounties of up to $4 million for zero-day vulnerabilities in Telegram, signaling heightened state-sponsored interest in compromising the popular messaging app. The same ...
2 hours ago Cybersecuritynews.com

US Treasury removes sanctions on Tornado Cash after appellate court loss | The Record from Recorded Future News - In November, the federal appeals court ruled that the executive branch’s authority to “block ‘property’ in which a foreign ‘national’ or ‘person’ has an ‘interest’” did not apply in the case of Tornado Cash because its immutable ...
3 hours ago Therecord.media Lazarus Group

US removes sanctions against Tornado Cash crypto mixer - The U.S. Department of Treasury announced today that it has removed sanctions against Tornado Cash, a cryptocurrency mixer used by North Korean Lazarus hackers to launder hundreds of millions stolen in multiple crypto heists. In August 2023, the ...
3 hours ago Bleepingcomputer.com

Researchers Unboxed FIN7's Stealthy Python-based Anubis Backdoor - The Python-based malware, dubbed “Anubis Backdoor,” represents an evolution in the group’s tactics, techniques, and procedures (TTPs) that have historically caused billions in damages globally. Cyber Security News is a Dedicated ...
3 hours ago Cybersecuritynews.com FIN7

Attackers Using Weaponized CAPTCHA’s to Execute PowerShell Commands & Install Malware - A growing attack trend since the second half of 2024 involves threat actors using fake CAPTCHA challenges to trick users into executing malicious PowerShell commands and infecting their systems with dangerous malware. When users interact with these ...
3 hours ago Cybersecuritynews.com

Researchers Details macOS Vulnerability That Exposes System Passwords - Gregory explained that this vulnerability could allow unauthorized users or applications to bypass existing security protocols, effectively extracting data from the Keychain without requiring user consent or authentication. This vulnerability ...
4 hours ago Cybersecuritynews.com

JumpServer Vulnerabilities Let Attacker Bypass Authentication & Gain Complete Control - A series of critical vulnerabilities discovered in JumpServer, an open-source Privileged Access Management (PAM) tool developed by Fit2Cloud, has raised significant security concerns. The centralized nature of JumpServer makes these vulnerabilities ...
4 hours ago Cybersecuritynews.com CVE-2023-43650

Steam pulls game demo infecting Windows with info-stealing malware - Valve has removed from its Steam store the game title 'Sniper: Phantom's Resolution' following multiple users reporting that the demo installer infected their systems with information stealing malware. Users that installed the game have likely ...
5 hours ago Bleepingcomputer.com

Over 150 US Government Database Servers Exposed to the Internet - New Report - Over 150 government database servers normally hidden behind layers of security are now directly exposed to the Internet, leaving Americans’ data vulnerable to cyberattacks. The database vulnerabilities have been analyzed across Azure Government ...
6 hours ago Cybersecuritynews.com

Veeam RCE Vulnerability Let Any Domain User Hack the Backup Servers - A remote code execution (RCE) vulnerability in Veeam Backup & Replication could allow any domain user to compromise backup servers with SYSTEM-level privileges. The findings, assigned CVE-2025-23120, affect Veeam Backup & Replication ...
6 hours ago Cybersecuritynews.com CVE-2025-23120

Albabat Ransomware Attacking Windows, Linux & macOS by Leveraging GitHub - Trend Micro researchers identified that these newer variants retrieve their configuration data through the GitHub REST API using a specific “User-Agent” string labeled “Awesome App,” allowing operators to modify ransomware ...
7 hours ago Cybersecuritynews.com

Hackers Actively Exploiting Apache Tomcat Servers Exploiting CVE-2025-24813 - Patch Now - The vulnerability, first disclosed on March 10, 2025, has already seen exploitation attempts beginning just 30 hours after the public release of proof-of-concept (PoC) code. GreyNoise Intelligence has identified four unique IP addresses that have ...
7 hours ago Cybersecuritynews.com CVE-2025-24813

UAT-5918 Hackers Exploiting Exposed Web and Application Servers N-Day Vulnerabilities - Security researchers have detected a significant increase in these exploitation attempts over the past two weeks, with attackers leveraging vulnerabilities that have existing patches but remain undeployed on vulnerable systems. Security teams have ...
8 hours ago Cybersecuritynews.com CVE-2024-4321

Hackers Exploiting Checkpoint’s Driver in BYOVD Attack to Bypass Windows Security - Originally released in 2016, this driver became the target of a Bring Your Own Vulnerable Driver (BYOVD) attack, allowing attackers to elevate privileges and bypass critical Windows security features such as Memory Integrity and extract sensitive ...
9 hours ago Cybersecuritynews.com

MEDUSA Ransomware Using Malicious ABYSSWORKER Driver to Disable EDR - Elastic Security Labs analysts noted that this driver is specifically designed to target and silence different EDR vendors, effectively removing a critical layer of defense against ransomware attacks. One particularly troubling aspect of the ...
9 hours ago Cybersecuritynews.com Abyss Silence Medusa

Infosys Agrees to $17.5 Million Settlement Following 2023 Data Breach - The cyber incident resulted in significant financial implications for Infosys, including loss of contracted revenues and approximately $38 million in costs related to remediation, restoration, communication efforts, investigative processes, analysis, ...
9 hours ago Cybersecuritynews.com

Hellcat Ransomware Group Hacked Ascom Technical Ticketing System - The attack represents the latest in a global hacking spree targeting Jira servers, with Hellcat employing their signature method of exploiting compromised credentials to gain unauthorized access to sensitive corporate infrastructure. Jira, a project ...
9 hours ago Cybersecuritynews.com

Cloudflare to Close All HTTP Ports for APIs, Enforces HTTPS Connection - “A better approach is to refuse the underlying cleartext connection by closing the network ports used for plaintext HTTP, and that’s exactly what we’re going to do for our customers,” stated Cloudflare in their announcement ...
10 hours ago Cybersecuritynews.com

VanHelsing Ransomware Attacking Windows Systems With New Evasion Technique & File Extension - A new ransomware strain named VanHelsing has emerged, targeting Windows systems with sophisticated encryption techniques and advanced evasion tactics. Cyfirma researchers discovered that VanHelsing employs a double extortion strategy, not only ...
10 hours ago Cybersecuritynews.com

Threat Actors Leveraging Reddit Posts To Actively Spread AMOS and Lumma Stealers - The malicious actors are distributing two dangerous data stealers—AMOS for macOS users and Lumma Stealer for Windows users—through seemingly helpful posts on cryptocurrency trading subreddits. The scammers employ social engineering tactics by ...
10 hours ago Cybersecuritynews.com

Chinese FishMonger APT Operated by I‑SOON Attacking Government Entities & NGOs - ESET researchers identified distinctive patterns in FishMonger’s attack chain, including the use of template injection in Microsoft Office documents and a custom backdoor called “SilentBreeze” that establishes command and control ...
11 hours ago Cybersecuritynews.com

CISA Releases Five Industrial Control Systems Advisories Covering Vulnerabilities & Exploits - The Cybersecurity and Infrastructure Security Agency (CISA) released five Industrial Control Systems (ICS) advisories on March 20, 2025, providing critical information about security vulnerabilities affecting industrial control systems across ...
12 hours ago Cybersecuritynews.com CVE-2025-2480

Apple Faces Federal Lawsuit Over Delayed Apple Intelligence Features - Tech giant Apple is once again in the legal spotlight as a class-action lawsuit filed in U.S. District Court in San Jose accuses the company of false advertising and unfair competition related to its highly touted Apple Intelligence features. The ...
13 hours ago Cybersecuritynews.com

Caido v0.47.0 Released - A Powerful Burp Suite Alternative Web Pentesting Tool - This release introduces a slew of exciting features, a revamped user experience, and critical bug fixes, further solidifying its place in the toolkit of security researchers and penetration testers. Shortly after the main release, Caido v0.47.1 was ...
14 hours ago Cybersecuritynews.com

Veeam RCE bug lets domain users hack backup servers, patch now - Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. Ransomware gangs have told BleepingComputer in the past that Veeam ...
19 hours ago Bleepingcomputer.com CVE-2025-23120

Former Michigan football coach indicted in hacks of athlete databases of more than 100 colleges | The Record from Recorded Future News - Prosecutors claimed Weiss "cracked the encryption" protecting passwords used by athletes themselves — a tactic he learned through "research that he did on the internet." He also searched through data breaches to find leaked ...
21 hours ago Therecord.media

CISA tags NAKIVO backup flaw as actively exploited in attacks - The US-based backup and ransomware recovery software vendor silently patched the security flaw with the release of Backup & Replication v11.0.0.88174 in November, almost two months after being notified of the issue by cybersecurity company ...
21 hours ago Bleepingcomputer.com CVE-2024-48248

VSCode extensions found downloading early-stage ransomware - It is notable that the extensions were uploaded onto the VSCode Marketplace on October 27, 2024 (ahban.cychelloworld) and February 17, 2025 (ahban.shiba), bypassing safety review processes and remaining on Microsoft's store for an extensive ...
23 hours ago Bleepingcomputer.com

Critical Cisco Smart Licensing Utility flaws now exploited in attacks - Cisco patched this security flaw (tracked as CVE-2024-20439) in September, describing it as "an undocumented static user credential for an administrative account" that can let unauthenticated attackers log into unpatched systems remotely with admin ...
1 day ago Bleepingcomputer.com CVE-2024-20439

RansomHub ransomware uses new Betruger ‘multi-function’ backdoor - The malware's capabilities include a wide range of capabilities that overlap with features commonly found in malicious tools dropped before deploying ransomware payloads, including keylogging, network scanning, privilege escalation, credential ...
1 day ago Bleepingcomputer.com Ransomhub

UK urges critical orgs to adopt quantum cryptography by 2035 - The UK's National Cyber Security Centre (NCSC) has published specific timelines on migrating to post-quantum cryptography (PQC), dictating that critical organizations should complete migration by 2035. The NCSC's PQC migration guidance primarily ...
1 day ago Bleepingcomputer.com

WordPress security plugin WP Ghost vulnerable to remote code execution bug - Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. However, as revealed by Patchstack, the security tool itself is vulnerable to ...
1 day ago Bleepingcomputer.com CVE-2025-26909

GitHub Action supply chain attack exposed secrets in 218 repos - The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the supply chain attack. According to data shared by ...
1 day ago Bleepingcomputer.com

Rooted (Jailbroken) Mobile Devices 3.5 Times More Vulnerable to Cyber Attacks - While manufacturers have introduced more customization options and tighter security protocols to reduce these practices, rooted and jailbroken devices continue to pose serious security threats especially in enterprise environments. Security experts ...
1 day ago Cybersecuritynews.com

Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix - In recent weeks, Microsoft removed another safeguard hold preventing AutoCAD users from installing the Windows 11 2024 Update due to launch and crash issues and released a BIOS update to fix blue screen issues on some ASUS devices blocking Windows 11 ...
1 day ago Bleepingcomputer.com

Is it time to retire 'one-off' pen tests for continuous testing? - Verizon's 2024 Data Breach Investigation Report highlights why such gaps in security testing matter: exploited vulnerabilities in web applications rank as the third most common attack vector for data breaches, only trailing phishing and ...
1 day ago Bleepingcomputer.com

Hackers Exploiting Multiple Cisco Smart Licensing Utility Vulnerability - Johannes Ullrich, Dean of Research at SANS, noted the irony that “it’s always fun to see how cheap IoT devices and expensive enterprise security software share similar basic vulnerabilities” – both often containing hardcoded ...
1 day ago Cybersecuritynews.com CVE-2024-20439

IBM AIX Vulnerability Let Attackers Execute Arbitrary Commands - Critical security vulnerabilities in IBM AIX operating systems could allow unauthorized remote attackers to execute arbitrary commands, potentially compromising the entire system. This flaw could allow remote attackers to execute arbitrary commands ...
1 day ago Cybersecuritynews.com

HellCat hackers go on a worldwide Jira hacking spree - The Swiss company did not provide technical details about the breach but targeting the Jira ticketing system has become a common attack method for the HellCat hackers. Rey, a member of the HellCat hacking group, told BleepingComputer that they stole ...
1 day ago Bleepingcomputer.com

New Steganographic Malware Exploits JPEG Files to Distribute Infostealers - A sophisticated malware campaign employing steganographic techniques has recently been identified, targeting users through seemingly innocent JPEG image files. The attack leverages hidden malicious code embedded within image files that, when ...
1 day ago Cybersecuritynews.com

RansomHub Affiliate Deploying New Custom Backdoor Dubbed 'Betruger' For Persistence - RansomHub, as a RaaS provider, enables affiliates to leverage sophisticated tools like Betruger, potentially lowering the barrier to entry for conducting complex ransomware attacks. These include adaptive-based protections such as ACM.Ps-RgPst!g1 and ...
1 day ago Cybersecuritynews.com Ransomhub

Microsoft Attributes Recent Outage of Outlook Web to Code Error in Recent Update - The tech giant has attributed the issue to a problematic code change in a recent update, which left thousands of users unable to access their accounts and use essential communication tools. We’re working to revert the recent code change and ...
1 day ago Cybersecuritynews.com

How Threat Hunters Enrich Indicators With Context - Threat intelligence platforms and SOC teams collect vast amounts of information on cyber incidents and attacks, such as IP addresses, file hashes, and domain names. In cyber threat intelligence, data alone is a ruler without direction only with ...
1 day ago Cybersecuritynews.com

North Korean IT Workers Exploiting GitHub to Attack Organizations Worldwide - A sophisticated network of suspected North Korean IT workers has been discovered leveraging GitHub to create false identities and secure remote employment opportunities in Japan and the United States. Companies are urged to implement stronger ...
1 day ago Cybersecuritynews.com

Dell Warns of Multiple Secure Connect Gateway Vulnerabilities Let Compromise System - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Attackers could exploit this through phishing or UI redressing attacks to manipulate container persistence settings, ...
1 day ago Cybersecuritynews.com

Babuk2 Ransomware Issuing Fake Extortion Demands With Data from Old Breaches - The Babuk2 ransomware group has been caught issuing extortion demands based on false claims and recycled data from previous breaches. The administrator, known as Bjorka, has been active on various forums and Telegram, with a history of involvement in ...
1 day ago Cybersecuritynews.com

Paragon Spyware Exploited WhatsApp Zero-day Vulnerability to Attack High-value Targets - Researchers have uncovered extensive evidence linking Israeli firm Paragon Solutions to a sophisticated spyware operation that exploited a zero-day vulnerability in WhatsApp to target journalists and civil society members. The investigation confirmed ...
1 day ago Cybersecuritynews.com

Zero-Hour Phishing Attacks Exploiting Browser Vulnerabilities Increases by 130% - These sophisticated attacks leverage unpatched security flaws in popular browsers to deploy malicious payloads before security teams can implement countermeasures, leaving users and organizations extremely vulnerable in the critical first hours of an ...
1 day ago Cybersecuritynews.com CVE-2023-45812

CISA Warns of SAP NetWeaver Directory Traversal Vulnerability Exploited in Attacks - The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in SAP NetWeaver to its Known Exploited Vulnerabilities (KEV) catalog, urging organizations to immediately mitigate the risk. The vulnerability, identified ...
1 day ago Cybersecuritynews.com CVE-2017-12637

Dragon RaaS Leading 'Five Families' Crimeware With New Initial Access & Exploitation Methods - A sophisticated Ransomware-as-a-Service (RaaS) operation known as ‘Dragon’ has emerged as the dominant force within the notorious “Five Families” of crimeware, implementing advanced initial access techniques and exploitation ...
1 day ago Cybersecuritynews.com

CISA Warns of Edimax IP Camera OS Command Injection Vulnerability Exploited in Attacks - “Successful exploitation of this vulnerability could allow an attacker to send specially crafted requests to achieve remote code execution on the device,” reads CISA’s advisory. The vulnerability, tracked as CVE-2025-1316, allows ...
1 day ago Cybersecuritynews.com CVE-2025-1316

CISA Warns of NAKIVO Backup Vulnerability Exploited in Attacks - PoC Released - “This unauthenticated arbitrary file read vulnerability essentially provides attackers with the ability to access any file on the target system, including critical configuration files and credentials,” explained security researchers at ...
1 day ago Cybersecuritynews.com CVE-2024-48248

Beware Tax Payers! Scammers Taking Advantage of Tax Season as Filing Deadline Draws Near - “Scammers are relentless, and they use the guise of tax season to try tricking taxpayers into falling into a variety of traps,” warns Terry Lemons, IRS communications senior adviser. Perhaps most concerning is the rise in tax-related ...
1 day ago Cybersecuritynews.com

Signal Messenger Leveraged for Targeted Attacks on Employees of Defense Industry - The attackers are using the popular Signal messenger app to distribute malicious archives that purportedly contain meeting reports, exploiting the trusted nature of the platform to bypass security measures. Security researchers warn that the use of ...
1 day ago Cybersecuritynews.com

Babuk Ransomware Group Claims Attack on Telecommunication Firm Orange - The ease with which Babuk breached Orange’s systems raises questions about the company’s threat detection capabilities and the security of its infrastructure. The Babuk group confirmed that they exploited a zero-day vulnerability in ...
1 day ago Cybersecuritynews.com

Malware Operation 'DollyWay' Hacked 20,000+ WordPress Sites Globally - The DollyWay malware primarily targets WordPress sites, leveraging a network of compromised sites to redirect visitors to scam pages through traffic broker networks. It injects redirect scripts into sites using files like wp-content/counts.php. These ...
1 day ago Cybersecuritynews.com

Critical Veeam Backup & Replication Vulnerability Allows Malicious Remote Code Execution - Veeam Backup & Replication, with its large deployment footprint across enterprise environments, represents a significant target for cybercriminals, particularly ransomware operators seeking to disable recovery options before launching attacks. As ...
1 day ago Cybersecuritynews.com

Spyware Maker SpyX Data Breach Exposes Nearly 2 Million Users Personal Data - “The vast majority of the email addresses are associated with SpyX,” confirmed Hunt, who classified the breach as “sensitive” in HIBP, allowing only affected individuals to verify if their information was compromised. The ...
1 day ago Cybersecuritynews.com

Linux Kernel Out-of-bounds Write Vulnerability Let Attackers Escalate Privileges - Designated as CVE-2025-0927, this out-of-bounds write vulnerability in the Linux kernel’s HFS+ filesystem driver affects systems running kernels up to version 6.12.0, with Ubuntu 22.04 with Linux Kernel 6.5.0-18-generic confirmed vulnerable. A ...
1 day ago Cybersecuritynews.com CVE-2025-0927

Kali Linux 2025.1a New Tool & Upates to Desktop Environments - Continuing the tradition of annual theme updates with the year’s first release, Kali Linux 2025.1a boasts a modern interface with enhancements to the boot menu, login screen, and desktop wallpapers for both Kali and Kali Purple editions. With ...
1 day ago Cybersecuritynews.com

DOGE to Fired CISA Staff: Email Us Your Personal Data – Krebs on Security - On Monday, The New York Times reported that U.S. Secret Service agents at the White House were briefly on alert last month when a trusted captain of Elon Musk’s “Department of Government Efficiency” (DOGE) visited the roof of the ...
1 day ago Krebsonsecurity.com

Malware campaign 'DollyWay' breached 20,000 WordPress sites - A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. DollyWay v3 is an advanced redirection operation that targets vulnerable WordPress ...
1 day ago Bleepingcomputer.com

Kali Linux 2025.1a released with 1 new tool, annual theme refresh - Kali Linux has released version 2025.1a, the first version of 2025, with one new tool, desktop changes, and a theme refresh. With the year's first version, the Kali Team introduces a theme update consisting of new wallpapers and changes to the boot ...
1 day ago Bleepingcomputer.com

Pennsylvania education union data breach hit 500,000 people - PSEA says the stolen information varies by individual and consists of personal, financial, and health data, including driver's license or state IDs, social security numbers, account PINs, security codes, payment card information, passport ...
1 day ago Bleepingcomputer.com Rhysida

Ukrainian military targeted in new Signal spear-phishing attacks - Ukraine's Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country's army forces. In February 2025, ...
1 day ago Bleepingcomputer.com

Microsoft Exchange Online outage affects Outlook web users - Two weeks ago, Redmond linked a weekend Microsoft 365 outage impacting Outlook and Exchange Online authentication to a "code issue." A subsequent advisory revealed that users still experienced issues accessing calendars and email messages using the ...
1 day ago Bleepingcomputer.com

New Arcane infostealer infects YouTube, Discord users via game cheats - A newly discovered information-stealing malware called Arcane is stealing extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers. The campaign distributing Arcane Stealer relies ...
2 days ago Bleepingcomputer.com

Microsoft fixes Windows update bug that uninstalled Copilot - More recently, Microsoft started rolling out a new native Copilot app to Windows Insiders via the Microsoft Store and announced a press-to-talk feature enabling users to interact with Copilot using their voice when holding the Alt + Spacebar keyboard ...
2 days ago Bleepingcomputer.com

Click Profit blocked by the FTC over alleged e-commerce scams - Click Profit is an online business paltform promoted on social media and through websites that claims to help consumers generate passive income by setting up and managing e-commerce stores on Amazon, Walmart, and other platforms. The US Federal Trade ...
2 days ago Bleepingcomputer.com

Hackers Leveraging RMM Tools To Maintain Persistence To Infiltrate And Move Through Networks - Cybersecurity experts have identified a persistent trend of threat actors exploiting legitimate remote monitoring and management (RMM) software to infiltrate networks, maintain access, and facilitate lateral movement. These legitimate tools, which ...
2 days ago Cybersecuritynews.com

ANY.RUN Now Let SOC/DFIR Team Analse Android APK Malware With Sandbox - ANY.RUN, the interactive malware analysis platform has announced full support for Android OS in its cloud-based sandbox environment, enabling security teams to investigate Android malware with unprecedented accuracy and efficiency. With this new ...
2 days ago Cybersecuritynews.com Hunters

Threat Actors Exploiting Legacy Drivers to Bypass TLS Certificate Validation - They utilize a modified TrueSight.sys driver to bypass Microsoft’s driver blocking system, enabling them to forcibly terminate security processes such as antivirus and endpoint detection and response (EDR) systems. A sophisticated attack ...
2 days ago Cybersecuritynews.com

vUS Sperm Donor Giant California Cryobank Hacked - Customers' Personal Data Exposed - The cyber intrusion, which occurred on April 20, 2024, but remained undetected until October 4, 2024, has triggered mandatory breach notifications to affected individuals across multiple states, with formal notices sent to customers on March 14, ...
2 days ago Cybersecuritynews.com

Trending Cyber News (last 7 days)

DeepSeek R1 Jailbreaked To Develop Malware, Such As A Keylogger And Ransomware - Cyber Security News - These findings suggest that while DeepSeek R1 doesn’t provide turnkey malware solutions, it significantly lowers the technical barrier for creating harmful software, potentially accelerating malicious actors’ capabilities in developing ...
6 days ago Cybersecuritynews.com

New Akira ransomware decryptor cracks encryptions keys using GPUs - Nugroho developed the decryptor after being asked for help from a friend, deeming the encrypted system solvable within a week, based on how Akira generates encryption keys using timestamps. Akira ransomware dynamically generates unique encryption ...
6 days ago Bleepingcomputer.com Akira

Coinbase phishing email tricks users with fake wallet migration - A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. Instead, the phishing email includes a recovery phrase, which ...
6 days ago Bleepingcomputer.com

AWS SNS Abused To Exfiltrate Data & Phishing Attack - The attacks leverage legitimate AWS functionality to create SNS topics, subscribe external email addresses, and publish sensitive data through API calls that appear as normal AWS service usage. Elastic Security Labs provided hunting queries that ...
6 days ago Cybersecuritynews.com

Western Alliance Bank says nearly 22,000 impacted by file transfer software breach | The Record from Recorded Future News - The Clop gang — which has conducted global data theft campaigns targeting file sharing tools MOVEit, GoAnywhere and Accellion over the last five years — initially named 66 companies in the fall of 2024 but has slowly been releasing the names of ...
3 days ago Therecord.media

Municipalities in four states are struggling with cyberattacks limiting services | The Record from Recorded Future News - The attack on Cleveland Municipal Court was claimed on Tuesday by the Qilin ransomware gang — a group responsible for other recent attacks on local governments, as well as critical healthcare entities in the U.K. The court did not respond to ...
3 days ago Therecord.media Qilin

Hackers Attacking Exposed Jupyter Notebooks To Deliver Cryptominer - Analysts at Cado Security Labs identified this attack through their honeypot systems, noting that the campaign represents a new vector for cryptomining attacks that hasn’t been previously reported, despite sharing similarities with earlier ...
6 days ago Cybersecuritynews.com

Half a million people impacted by Pennsylvania State Education Association data breach | The Record from Recorded Future News - The organization published breach notices in several states and on its website, warning its current and former members as well as their dependants that hackers broke into their systems last year and stole state IDs, Social Security numbers, financial ...
2 days ago Therecord.media Rhysida

New Steganographic Malware Attack via JPG File Delivers Multiple Password Stealing Malwares - Security researchers have discovered that this sophisticated attack leverages the practice of hiding malicious payloads within seemingly harmless image files, exploiting steganography—a technique historically used for concealing messages or content ...
4 days ago Cybersecuritynews.com

Sperm donation giant California Cryobank warns of a data breach - The investigation has determined that the attack exposed varying personal data for customers, including names, bank accounts and routing numbers, Social Security numbers, driver's license numbers, payment card numbers, and/or health insurance ...
2 days ago Bleepingcomputer.com

Top Cybersecurity Tools of 2025 To Managing Remote Device Threats - Microsoft Defender for Endpoint is an enterprise-grade security solution that protects remote devices through AI-driven threat detection, automated response mechanisms, and seamless integration with Microsoft’s security ecosystem. By leveraging ...
6 days ago Cybersecuritynews.com

Microsoft: March Windows updates mistakenly uninstall Copilot - Microsoft says the March 2025 Windows cumulative updates automatically and mistakenly remove the AI-powered Copilot digital assistant from some Windows 10 and Windows 11 systems. More recently, Microsoft announced that it's rolling out a new ...
4 days ago Bleepingcomputer.com

RedCurl APT leveraging Active Directory Explorer & 7-Zip To Archive Exfiltrated Data - Cyber Security News - “The victim sees a single file, ‘CV Applicant *.scr’ which is the legitimate signed Adobe executable ‘ADNotificationManager.exe’. After the victim opens the file, the EarthKapre loader (netutils.dll) is side ...
5 days ago Cybersecuritynews.com

Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts - Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The attacks are similar to those reported years ago, indicating that OAuth apps ...
5 days ago Bleepingcomputer.com

GitHub restores code following malicious changes to tj-actions tool | The Record from Recorded Future News - On Friday, cybersecurity firm StepSecurity warned of a security incident impacting the tj-actions/changed-files GitHub Action, a popular tool used to track file changes and trigger other actions depending on those alterations. Mureinik told Recorded ...
3 days ago Therecord.media CVE-2025-30066

Blockchain gaming platform WEMIX hacked to steal $6.1 million - During a press conference held yesterday, WEMIX's CEO Kim Seok-Hwan confirmed the incident occurred on February 28, 2025, explaining that the delay in issuing a public announcement wasn't an attempt to cover it up, but rather a conscious choice to ...
3 days ago Bleepingcomputer.com

New Clearfake Variant Leverages Fake reCAPTCHA To Trick Users Deliver Malicious PowerShell Code - The infection flow begins with injected JavaScript on compromised websites, which retrieves malicious code from blockchain smart contracts, ultimately leading to the display of fake security challenges. The latest variant, discovered in December ...
3 days ago Cybersecuritynews.com

Western Alliance Bank notifies 21,899 customers of data breach - The bank first revealed in a February SEC filing that the attackers exploited a zero-day vulnerability in the third-party software (disclosed by the vendor on October 27, 2024) to hack a limited number of Western Alliance systems and exfiltrate files ...
2 days ago Bleepingcomputer.com CVE-2024-50623

New BitM Attack Lets Hackers Steal User Sessions Within Seconds - BitM signifies a major shift in cyber threats, using browser functionalities to evade traditional security measures. This method exploits web browser functionalities to hijack authenticated sessions, posing a significant threat to organizations ...
3 days ago Cybersecuritynews.com

PHP RCE Vulnerability Actively Exploited in Wild to Attack Windows-based Systems - Security researchers at Bitdefender Labs have detected a significant surge in exploitation attempts targeting a critical PHP vulnerability that allows attackers to execute malicious code on Windows-based systems. The vulnerability, tracked as ...
2 days ago Cybersecuritynews.com CVE-2024-4577

100+ Auto Dealers Hacked With A ClickFix Webpage Leads To SectopRAT Malware Installation - The attack leveraged a shared video service specifically used by auto dealerships, injecting malicious code that redirected unsuspecting users to fraudulent webpages designed to install the dangerous SectopRAT remote access trojan on their systems. ...
5 days ago Cybersecuritynews.com

Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches - Threat actors have exploited a PHP CGI remote code execution (RCE) vulnerability, enabling unauthorized access and potential system compromise. Commvault patched a critical webserver vulnerability that could allow attackers to deploy malicious ...
5 days ago Cybersecuritynews.com CVE-2024-31317 BianLian Medusa

Google Released Open Source Version of OSV-Scanner Tool for Vulnerability Scanning - Originally launched in December 2022, OSV-Scanner has become an essential tool for open-source security, providing developers with easy access to vulnerability information relevant to their projects. Developers across various programming languages ...
3 days ago Cybersecuritynews.com

PoC Exploit Released for Use-after-free Linux Kernel Vulnerability - Security researchers have publicly released a proof-of-concept (PoC) exploit for CVE-2024-36904, a critical use-after-free vulnerability in the Linux kernel that has remained undetected for seven years. System administrators should prioritize ...
3 days ago Cybersecuritynews.com CVE-2024-36904

ChatGPT Vulnerability Actively Exploited to Attack Financial & Government Orgs in US - According to research by cybersecurity firm Veriti, this vulnerability has already been weaponized in numerous real-world attacks, demonstrating how threat actors can leverage even moderate security flaws to compromise sophisticated AI systems. Cyber ...
3 days ago Cybersecuritynews.com CVE-2024-27564

New Sophisticated Phishing Attack Exploiting Microsoft 365 Infrastructure To Attack Users - What makes this attack particularly dangerous is that traditional email authentication mechanisms cannot detect it since emails originate from legitimate Microsoft domains and pass all standard email security checks, directing victims to voice-based ...
3 days ago Cybersecuritynews.com

8-Year Old Windows Shortcut Zero-Day Exploited by 11 State-Sponsored Groups - Some North Korean threat actors, such as Earth Manticore (APT37) and Earth Imp (Konni), have been using extremely large .lnk files – with sizes up to 70.1 MB – containing excessive whitespace and junk content to further evade detection. ...
3 days ago Cybersecuritynews.com APT37 APT3

GitHub Action hack likely led to another in cascading supply chain attack - Last week, a supply chain attack on the tj-actions/changed-files GitHub Action caused malicious code to write CI/CD secrets to the workflow logs for 23,000 repositories. A cascading supply chain attack that began with the compromise of the ...
2 days ago Bleepingcomputer.com

Manage Engine Analytics Vulnerability Allows User Account Takeover - During analysis, security experts determined that the vulnerability could be exploited to intercept and manipulate authentication processes, potentially leading to complete account takeover scenarios. Cyber Security News is a Dedicated News Platform ...
4 days ago Cybersecuritynews.com CVE-2025-1724

Wazuh Open Source SIEm Vulnerability Allows malicious Code Execution Remotely - The vulnerability, which carries a severe CVSS score of 9.9, impacts versions 4.4.0 through 4.9.0 and allows attackers with API access to execute arbitrary Python code on Wazuh servers. Wazuh has patched this vulnerability in version 4.9.1 by ...
4 days ago Cybersecuritynews.com CVE-2017-5638

Microsoft Warns of New StilachiRAT Stealing Remote Desktop Protocol Sessions Data - Microsoft has issued an urgent security advisory regarding a newly discovered malware strain called StilachiRAT, which specifically targets and exfiltrates data from Remote Desktop Protocol (RDP) sessions. Microsoft recommends organizations implement ...
3 days ago Cybersecuritynews.com

DocSwap Malware as Security Document Viewer Attacking Android Users Worldwide - A sophisticated malware campaign dubbed “DocSwap” has emerged targeting Android users globally by disguising itself as a legitimate document security and viewing application. S2W Security analysts noted that once installed, the malware ...
3 days ago Cybersecuritynews.com

Squid Werewolf Mimic as Recruiters Attacking Job Seekers To Exfiltrate Personal Data - To protect against such threats, security experts recommend implementing email security solutions, avoiding opening attachments from unknown senders, and deploying endpoint detection and response tools capable of identifying suspicious PowerShell ...
3 days ago Cybersecuritynews.com APT37 APT3

Bybit Hack - Sophisticated Multi-Stage Attack Details Revealed - The malicious code contained an activation condition targeting specific contract addresses, along with transaction validation tampering designed to bypass security checks. Sygnia researchers identified that the earliest malicious activity began on ...
3 days ago Cybersecuritynews.com Lazarus Group

CISA Warns of Fortinet FortiOS Authentication Bypass Vulnerability - “An Authentication Bypass Using an Alternate Path or Channel vulnerability affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests,” states the Fortinet advisory. The ...
2 days ago Cybersecuritynews.com CVE-2025-24472

Critical Vulnerabilities In Delphi Code Leads To Memory Corruption - Analysts at Include Security identified that despite its reputation for safety, Delphi code can be just as vulnerable to memory corruption issues as C/C++ when certain coding patterns are followed. Researchers have uncovered serious memory corruption ...
5 days ago Cybersecuritynews.com

Apple Adds RCS End-to-End Encryption for Sending Text Messages Using iPhone - This implementation ensures that messages and files remain confidential as they travel between clients, making RCS “the first large-scale messaging service to support interoperable E2EE between client implementations from different ...
4 days ago Cybersecuritynews.com

Chinese Volt Typhoon Hackers Exploiting Cisco & NetGear Routers To Compromise Organizations - Security researchers have identified Volt Typhoon deploying sophisticated techniques to compromise outdated Cisco RV320/325 and NetGear ProSafe routers, converting them into covert relay nodes for command-and-control operations. The Chinese ...
4 days ago Cybersecuritynews.com CVE-2024-39717 Volt Typhoon

Kentico Xperience CMS Authentication Bypass Vulnerability Leads to Remote Code Execution - The second bypass exploits a logical flaw in Microsoft’s obsolete Web Services Enhancement 3.0 library, where the system fails to validate tokens with the “SendNone” password option. By manipulating SOAP requests to use password ...
4 days ago Cybersecuritynews.com

OKX suspends DEX aggregator after Lazarus hackers try to launder funds - OKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers, who recently conducted a $1.5 billion crypto heist. OKX is a leading global ...
4 days ago Bleepingcomputer.com Lazarus Group

23,000 GitHub Repositories Targeted In Supply Chain Attack - In a massive security breach discovered this week, approximately 23,000 GitHub repositories have been compromised in what security experts are calling one of the largest supply chain attacks to date. Organizations should review their software supply ...
4 days ago Cybersecuritynews.com

Crypto Exchange OKX Suspends Tool Used by North Korean Hackers to Steal Funds - Cryptocurrency exchange OKX has temporarily suspended its decentralized exchange (DEX) aggregator service following allegations that North Korea’s state-sponsored Lazarus Group exploited it to launder funds stolen from the recent Bybit hack. The ...
3 days ago Cybersecuritynews.com Lazarus Group

Google Parent Alphabet in Talks to Acquire Cyber Security Group Wiz for $30bn - The company’s platform analyzes cloud infrastructure across major providers, including Amazon Web Services, Microsoft Azure, Google Cloud Platform, and others, to identify security vulnerabilities and risks. The acquisition would significantly ...
3 days ago Cybersecuritynews.com

Cloudflare to Implement Post-Quantum Cryptography to Defend Attacks from Quantum Computers - While not yet powerful enough to break conventional cryptography, experts warn of “harvest now, decrypt later” attacks where adversaries store encrypted data today to decrypt it once quantum technology matures. This approach provides ...
3 days ago Cybersecuritynews.com

Microsoft to End Support for Windows 10, No More Security Updates! - “After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10,” states the notification being distributed to users. After this date, the tech ...
2 days ago Cybersecuritynews.com

Hackers Leveraging Azure App Proxy Pre-authentication to Access Orgs Private Network Resources - However, security researchers at TrustedSec have discovered that when administrators configure the pre-authentication option to “Passthrough” instead of the default “Microsoft Entra ID” setting, they effectively remove the ...
2 days ago Cybersecuritynews.com

Arcane Stealer Via YouTube Videos Steal Data From Network Utilities Including VPN & FileZilla - Security experts advise users to be extremely cautious when downloading supposed game cheats or cracks from YouTube videos, particularly those that require extracting password-protected archives or running batch files. The malware, discovered in late ...
2 days ago Cybersecuritynews.com