Cybersecurity News Aggregator | CyberSecurityBoard

Latest Cyber News

Microsoft Entra ID Vulnerability Let Attackers Escalate Privileges - Security researchers at Datadog discovered that service principals (SPs) assigned the Cloud Application Administrator role, Application Administrator role, or Application.ReadWrite.All permission can escalate their privileges by hijacking the ...
2 hours ago Cybersecuritynews.com

Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks - Security researcher Kevin Beaumont has previously stated that repeated POST requests to /doAuthentication.do in NetScaler logs is a good indication that someone is attempting to exploit the flaw, especially when the request includes a Content-Length: ...
8 hours ago Bleepingcomputer.com CVE-2025-5777

VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin - VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025. These vulnerabilities were demonstrated as zero-days during the Pwn2Own ...
10 hours ago Bleepingcomputer.com CVE-2025-41239

Microsoft Teams voice calls abused to push Matanbuchus malware - The Matanbuchus malware loader has been seen being distributed through social engineering over Microsoft Teams calls impersonating IT helpdesk. Last year, DarkGate malware operators abused Microsoft Teams to deliver their loader onto ...
10 hours ago Bleepingcomputer.com

Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier - By the time defenders detected anomalous network traffic, the attackers had exfiltrated more than 47 TB of technical data, including drone design schematics, production logs, and employee records. With years of experience under his belt in Cyber ...
12 hours ago Cybersecuritynews.com

Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices - The BadBox 2.0 malware botnet is a cybercrime operation that utilizes infected Android Open Source Project (AOSP) devices, including smart TVs, streaming boxes, and other connected devices that lack security protections, such as Google Play ...
12 hours ago Bleepingcomputer.com

Chinese State-Sponsored Hackers Attacking Semiconductor Industry with Weaponized Cobalt Strike - A sophisticated Chinese state-sponsored cyber espionage campaign has emerged targeting Taiwan’s critical semiconductor industry, employing weaponized Cobalt Strike beacons and advanced social engineering tactics. The campaign represents a ...
12 hours ago Cybersecuritynews.com

LameHug malware uses AI LLM to craft Windows data-theft commands in real-time - These AI-generated commands were used by LameHug to collect system information and save it to a text file (info.txt), recursively search for documents on key Windows directories (Documents, Desktop, Downloads), and exfiltrate the data using SFTP or ...
13 hours ago Bleepingcomputer.com Fancy Bear APT28

Russian vodka producer reports disruptions after ransomware attack | The Record from Recorded Future News - More than 2,000 WineLab liquor stores across Russia have remained shut for three days following a ransomware attack on their parent company, one of Russia’s largest alcohol producers. Novabev Group is a major Russian producer and distributor of ...
13 hours ago Therecord.media

Researchers Uncover on How Hacktivist Groups Gaining Attention and Selecting Targets - Recent analysis reveals that hacktivist groups have developed sophisticated methods for maximizing their visibility and impact, often targeting high-profile entities such as social media platforms, government agencies, and critical infrastructure. ...
14 hours ago Cybersecuritynews.com

H2Miner Attacking Linux, Windows, and Containers to Mine Monero - Once inside, the botnet deploys tailored loader scripts— ce.sh on Linux and 1.ps1 on Windows— that terminate competing miners, disable endpoint protection, and fetch the XMRig binary from 78.153.140.66. Containers are not spared: spr.sh scans ...
14 hours ago Cybersecuritynews.com

Hackers Exploiting Blind Spots in DNS Records to Store and Deliver Malware - A sophisticated new attack vector where malicious actors are hiding malware inside DNS records, exploiting a critical blind spot in most organizations’ security infrastructure. During analysis of DNS records from 2021-2022, security researchers ...
14 hours ago Cybersecuritynews.com

4M+ Internet-Exposed Systems at Risk From Tunneling Protocol Vulnerabilities - Researchers have uncovered critical security vulnerabilities affecting millions of computer servers and routers worldwide, stemming from the insecure implementation of fundamental internet tunneling protocols. Their investigation revealed that over ...
15 hours ago Cybersecuritynews.com

Hacker steals $27 million in BigONE exchange crypto breach - Blockchain crime investigator ZachXBT commented on the incident, underlining BigONE’s role in processing significant volumes of proceeds coming from romance baiting and investment scams, saying that such hacks may help bring “a natural ...
15 hours ago Bleepingcomputer.com

Thai officials restore Ministry of Labor website after hack, defacement | The Record from Recorded Future News - The website for Thailand’s Ministry of Labor has been restored after hackers defaced the site and allegedly stole government data. When the group defaced the Ministry of Labor website, they claimed to have been active in the organization’s ...
15 hours ago Therecord.media Dragonforce Ransomhub Qilin

Chinese hackers breached National Guard to steal network configurations - The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and administrator credentials that could be used to ...
16 hours ago Bleepingcomputer.com

Massistant Chinese Mobile Forensic Tooling Gain Access to SMS Messages, Images, Audio and GPS Data - During laboratory testing, Lookout researchers identified hard-coded shell commands (setprop service.adb.tcp.port 5555 followed by stop adbd && start adbd) that reopen ADB in TCP mode, a feature quietly advertised on Meiya Pico’s commercial ...
16 hours ago Cybersecuritynews.com

Max severity Cisco ISE bug allows pre-auth command execution, patch now - A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices. ...
16 hours ago Bleepingcomputer.com CVE-2025-20337

Armenian, Ukrainian nationals among Ryuk ransomware actors facing US hacking charges | The Record from Recorded Future News - Armenian national Karen Serobovich Vardanyan, 33, was extradited from Ukraine last month and now faces up to five years in prison for his role in Ryuk, prosecutors said on Wednesday. The DOJ said if convicted, Vardanyan faces a maximum sentence of ...
16 hours ago Therecord.media

UNG0002 Actors Deploys Weaponize LNK Files Using ClickFix Fake CAPTCHA Verification Pages - The malicious campaign employs a multi-stage infection chain beginning with weaponized LNK files embedded within CV-themed decoy documents, progressing through VBScript execution, batch processing, and culminating in PowerShell-based payload ...
17 hours ago Cybersecuritynews.com

Armenian Hacker Extradited to U.S. After Ransomware Attacks on Tech Firms - An Armenian national has been extradited from Ukraine to the United States to face federal charges for his alleged involvement in a series of Ryuk ransomware attacks and an extortion conspiracy that targeted U.S. companies, including a technology ...
17 hours ago Cybersecuritynews.com

UK Retailer Co-op Confirms 6.5 Million Members' Data Stolen in Massive Cyberattacks - While no financial or transaction data was accessed, the attack has prompted widespread concern about cybersecurity vulnerabilities in the retail sector and led to the arrests of four suspects by the National Crime Agency (NCA). In response to the ...
18 hours ago Cybersecuritynews.com

UK NCA officer jailed for stealing bitcoin from darknet criminal he previously helped investigate | The Record from Recorded Future News - “Once he had stolen the cryptocurrency, Paul Chowles sought to muddy the waters and cover his tracks by transferring the Bitcoin into mixing services to help hide the trail of money,” added Johnson. However, following an investigation by ...
18 hours ago Therecord.media

Iranian Threat Actors Leveraging AI-Crafted Emails to Target Cybersecurity Researchers and Academics - The campaign, primarily attributed to APT35 (also known as Charming Kitten and Magic Hound), represents a marked evolution in Iranian cyber warfare tactics, moving beyond traditional surveillance operations to more sophisticated, high-trust social ...
18 hours ago Cybersecuritynews.com Magic Hound APT3

Elite Russian university launches degree program on sanctions evasion | The Record from Recorded Future News - One of Moscow’s top universities has launched a new master’s program aimed at training students to navigate Western sanctions imposed on Russia following its invasion of Ukraine. According to Illia Vitiuk, former head of cybersecurity at the SBU, ...
18 hours ago Therecord.media

FCC wants to ban Chinese tech from undersea cables | The Record from Recorded Future News - The rules package will include “a range of measures to protect submarine cables against foreign adversaries—apply a presumption of denial for certain foreign adversary controlled license applicants, limiting capacity leasing agreements to such ...
18 hours ago Therecord.media

1-Click Oracle Cloud Code Editor RCE Vulnerability Lets Attackers Upload Malicious Files - The vulnerability, now remediated, affected Code Editor’s integrated services, including Resource Manager, Functions, and Data Science, demonstrating how seemingly isolated cloud development tools can become attack vectors. The vulnerability ...
19 hours ago Cybersecuritynews.com

Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The Record from Recorded Future News - The $2.17 billion stolen so far this year already surpasses the losses seen in all of 2024, and is the highest number seen in the first six months of a year since the company began tracking the figures in 2022. Chainalysis researchers noted several ...
20 hours ago Therecord.media

GhostContainer Malware Hacking Exchange Servers in the Wild Using N-day Vulnerability - GhostContainer C2 Commands and Functionality Command IDFunctionality0Get the system architecture type (e.g., x86 or x64).1Run received data as shellcode.2Execute a command line.3Load .NET byte code in a child thread.4Send a GET request.5Download and ...
20 hours ago Cybersecuritynews.com

Hackers Exploit DNS Queries for C2 Operations and Data Exfiltration, Bypassing Traditional Defenses - Other notable tools include Iodine (24% detection rate), which tunnels IPv4 traffic over DNS and has been used by nation-state actors, and Sliver (12% detection rate), a cross-platform C2 framework with advanced DNS tunneling capabilities. Infoblox ...
20 hours ago Cybersecuritynews.com

Critical SharePoint RCE Vulnerability Exploited Using Malicious XML Payload Within Web Part - The vulnerability highlights the critical importance of secure deserialization practices in enterprise applications and the need for comprehensive security reviews of complex application frameworks like SharePoint. According to the Viettel Security ...
21 hours ago Cybersecuritynews.com

PyPI Bans Inbox.ru Domains Following Massive 1,500+ Fake Project Uploads - The attack, which began on June 9, 2025, involved the creation of more than 250 user accounts that systematically flooded the repository with empty packages designed to exploit package confusion vulnerabilities. The campaign demonstrated a methodical ...
21 hours ago Cybersecuritynews.com

Hackers Started Exploiting CitrixBleed 2 Vulnerability Before Public PoC Disclosure - On July 9, the Cybersecurity and Infrastructure Security Agency (CISA) corroborated GreyNoise findings and added CVE-2025-5777 to the Known Exploited Vulnerabilities (KEV) catalog. By integrating threat intelligence sources directly into security ...
21 hours ago Cybersecuritynews.com CVE-2025-5777

Europol Disrupted "NoName057(16)" Hacking Group’s Infrastructure of 100+ Servers Worldwide - The joint operation, dubbed “Eastwood,” coordinated by Europol involved 12 countries and resulted in multiple arrests, warrants, and the neutralization of a sophisticated distributed denial-of-service (DDoS) attack network that had been ...
22 hours ago Cybersecuritynews.com

Threat Actors Weaponized 28+ New npm Packages to Infect Users With Protestware Scripts - The persistence mechanism stores an initiation timestamp in localStorage using the key ‘swal-initiation’, calculating elapsed time since first visit to determine payload activation, ensuring repeat users experience the full protestware ...
22 hours ago Cybersecuritynews.com

Threat Actors Weaponizing SVG Files to Embed Malicious JavaScript - As the attachments bypass signature checks, the first line of defence fails; Ontinue analysts identified the wave after correlating near-identical SVGs sent to B2B service providers and SaaS vendors, all containing distinct Base64 tracking strings ...
22 hours ago Cybersecuritynews.com

Cisco Unified Intelligence Center Vulnerability Allows Remote Attackers to Upload Arbitrary Files - Tracked as CVE-2025-20274 and assigned a CVSS Base Score of 6.3, the weakness stems from insufficient server-side validation of file uploads, enabling adversaries to store malicious payloads and execute arbitrary commands at the root level on ...
23 hours ago Cybersecuritynews.com CVE-2025-20274

Microsoft Congratulates MSRC's Most Valuable Security Researchers - Each valid vulnerability report undergoes rigorous evaluation by Microsoft’s security team, with points awarded based on the Common Vulnerability Scoring System (CVSS) and Microsoft’s internal risk assessment protocols. The Microsoft ...
23 hours ago Cybersecuritynews.com

SonicWall SMA Devices 0-Day RCE Vulnerability Exploited to Deploy OVERSTEP Ransomware - Google Threat Intelligence analysts noted that once the shell is active the intruder exports the device’s configuration, quietly injects malicious rules, and uploads a base64-encoded binary into the persistent /cf partition. The Shell commands ...
23 hours ago Cybersecuritynews.com

Infostealers Distributed with Crack Apps Emerges as Top Attack Vector For June 2025 - Network defenders should monitor for anomalous connections to known cloud-storage services immediately after new executable launches, deploy YARA rules targeting password-protected archives shipped via search-engine links, and validate unsigned ...
1 day ago Cybersecuritynews.com

Hackers Using 607 Malicious Domains to Deliver APK Malware That Enables Remote Command Execution - The malicious domains, primarily hosted in Chinese language, utilize typosquatting techniques with variations like “teleqram,” “telegramapp,” and “apktelegram” to deceive unsuspecting users. The attack vector ...
1 day ago Cybersecuritynews.com

Lenovo Vantage Vulnerabilities Allow Attackers to Escalate Privileges as SYSTEM User - Although Lenovo’s July update raises the add-ins to VantageCoreAddin 1.0.0.199 and LenovoSystemUpdateAddin 1.0.24.32, security teams should push the patch urgently, audit registry ACLs for lingering abuse, and consider removing or restricting ...
1 day ago Cybersecuritynews.com CVE-2025-6230

Cloudflare Confirms Recent 1.1.1.1 DNS Outage Caused by BGP Attack or Hijack - Cloudflare’s widely used 1.1.1.1 DNS resolver service experienced a significant 62-minute global outage on July 14, 2025, affecting millions of users worldwide from 21:52 UTC to 22:54 UTC. Contrary to initial speculation, the company has ...
1 day ago Cybersecuritynews.com

Critical Cisco ISE Vulnerability Allows Remote Attacker to Execute Commands as Root User - Cisco has disclosed multiple critical security vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow unauthenticated remote attackers to execute arbitrary commands with root privileges on ...
1 day ago Cybersecuritynews.com

Co-op confirms data of 6.5 million members stolen in cyberattack - UK retailer Co-op has confirmed that personal data of 6.5 million members was stolen in the massive cyberattack in April that shut down systems and caused food shortages in its grocery stores. BleepingComputer was told that the attack was linked to ...
1 day ago Bleepingcomputer.com Dragonforce Scattered Spider

Threat Actors Weaponize WordPress Websites to Redirect Visitors to Malicious Websites - The malware, first reported in July 2025, represents a significant evolution in web-based threats, utilizing advanced obfuscation techniques and stealthy persistence methods to redirect unsuspecting visitors to malicious domains while simultaneously ...
1 day ago Cybersecuritynews.com

U.S. Army soldier pleads guilty to extorting 10 tech, telecom firms - 18, 2024, Cameron John Wagenius, 21, used online accounts associated with the nickname “kiberphant0m” and conspired with others to defraud at least 10 victim organizations by obtaining login credentials for the organizations’ ...
1 day ago Bleepingcomputer.com

Chinese 'Salt Typhoon' Hackers Hijacked US National Guard Network for Nearly a Year - Chinese state-sponsored hackers known as Salt Typhoon successfully infiltrated and maintained persistent access to a U.S. state’s Army National Guard network for nearly ten months, from March 2024 through December 2024, according to a ...
1 day ago Cybersecuritynews.com

Louis Vuitton says regional data breaches tied to same cyberattack - Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and Turkey stem from the same security incident, which is believed to be linked to the ShinyHunters extortion group. "Despite all security measures ...
1 day ago Bleepingcomputer.com Hunters

Microsoft Teams Call Weaponized to Deploy and Execute Matanbuchus Ransomware - During these fraudulent support sessions, attackers activate Quick Assist and instruct victims to run PowerShell commands that ultimately deploy the Matanbuchus 3.0 loader, marking a significant evolution in the malware’s delivery mechanisms. ...
1 day ago Cybersecuritynews.com

Dark Partners Hackers Group Wiping Crypto Wallets With Fake Ai Tools and VPN Services - A sophisticated cybercrime group dubbed “Dark Partners” has emerged as a significant threat to cryptocurrency users worldwide, orchestrating large-scale theft campaigns through an extensive network of fake websites impersonating AI tools, ...
1 day ago Cybersecuritynews.com

International operation disrupts pro-Russian hacker group NoName057(16) | The Record from Recorded Future News - In July 2023, Spanish police arrested three alleged members of the group suspected of participating in DDoS attacks targeting public institutions and strategic sectors in Spain and other NATO countries. European and U.S. law enforcement have ...
1 day ago Therecord.media

Cloudflare says 1.1.1.1 outage not caused by attack or BGP hijack - To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration. Cloudflare also points out that the ...
1 day ago Bleepingcomputer.com

Amid border dispute, Thailand goes after Cambodian tycoon over alleged cyber scam ties | The Record from Recorded Future News - According to the Bangkok Post, police raided two houses in Sa Kaeo province belonging to two women who authorities say help manage a high-rise scam compound in the Cambodian border city of Poipet. On July 8, Thai police raided 19 properties allegedly ...
1 day ago Therecord.media

Top 3 CISO Challenges And How To Solve Them - How do you lead a security team when threats evolve faster than your tools? It’s a challenge many CISOs face daily. As ANY.RUN runs in a fully interactive environment, we can follow the entire chain, from the initial email to the credential ...
1 day ago Cybersecuritynews.com

Fortinet FortiWeb Instances Hacked with Webshells Following Public PoC Exploits - Dozens of Fortinet FortiWeb instances have been compromised with webshells in a widespread hacking campaign, according to the threat monitoring organization The Shadowserver Foundation. The flaw, discovered by security researcher Kentaro Kawane of ...
1 day ago Cybersecuritynews.com CVE-2025-25257

MacOS Malware NimDoor Weaponizing Zoom SDK Update to Steal Keychain Credentials - Upon execution, NimDoor triggers a multi-stage infection deploying two distinct Mach-O binaries: a C++ binary responsible for payload decryption and data theft operations, and a Nim-compiled “installer” that establishes persistence ...
1 day ago Cybersecuritynews.com

SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware - It is unclear how the hackers obtained initial access, but researchers investigating UNC6148 attacks noticed that the threat actor already had local administrator credentials on the targeted appliance. With shell access on the appliance, the threat ...
1 day ago Bleepingcomputer.com Abyss Hunters

Italian police dismantle Romanian ransomware gang targeting nonprofits, film companies | The Record from Recorded Future News - Italian police have dismantled a Romanian ransomware gang that targeted civil rights groups, design and film production companies, as well as international nonprofits in northern Italy, authorities said this week. The group, known as ...
1 day ago Therecord.media

SquidLoader Using Sophisticated Malware With Near-Zero Detection to Swim Under Radar - With the payload decrypted, Stage 2 walks the Process Environment Block to locate ntdll.dll and kernel32.dll, dynamically resolves scores of APIs, and stores their addresses—plus thread, PEB, and TEB metadata—in a custom stack structure whose ...
1 day ago Cybersecuritynews.com

New Fortinet FortiWeb hacks likely linked to public RCE exploits - Multiple Fortinet FortiWeb instances recently infected with web shells are believed to have been compromised using public exploits for a recently patched remote code execution (RCE) flaw tracked as CVE-2025-25257. "An improper neutralization of ...
1 day ago Bleepingcomputer.com CVE-2025-25257

Windows Server 2025 Golden dMSA Attack Enables Authentication Bypass and Password Generation - The vulnerability, dubbed “Golden dMSA,” exploits a fundamental weakness in the newly introduced delegated Managed Service Accounts (dMSAs) that reduces complex cryptographic protections to a trivial brute-force attack requiring only ...
1 day ago Cybersecuritynews.com

Europol disrupts pro-Russian NoName057(16) DDoS hacktivist group - An international law enforcement operation dubbed "Operation Eastwood" has targeted the infrastructure and members of the pro-Russian hacktivist group NoName057(16), responsible for distributed denial-of-service (DDoS) attacks across Europe, ...
1 day ago Bleepingcomputer.com

Senate panel passes Intelligence Authorization Act that takes aim at telecom hacks | The Record from Recorded Future News - Last year, the Biden administration and members of the Intelligence panel suggested the danger posed by the breach of U.S. networks by the Chinese hacking group known as Salt Typhoon should spur a regulatory push for minimum cybersecurity standards ...
1 day ago Therecord.media

Google's AI Tool Big Sleep Uncovered Critical SQLite 0-Day Vulnerability and Blocks Active Exploitation - Google’s revolutionary AI-powered security tool, Big Sleep, has achieved a groundbreaking milestone by discovering and preventing the exploitation of a critical SQLite 0-day vulnerability, marking the first time an artificial intelligence agent ...
1 day ago Cybersecuritynews.com

curl 8.15.0 Released With 233 Bugfixes and 334 Commits - Update Now - curl 8.15.0 is the 269th release featuring 233 bugfixes and 334 commits over a 42-day development cycle, focusing on stability improvements rather than new features. This update brings 233 documented bugfixes and represents 334 commits from the ...
1 day ago Cybersecuritynews.com

Gmail Message Used to Trigger Code Execution in Claude and Bypass Protections - According to the Golan Yosef of Pynt, the attack centers on the MCP (Model Context Protocol) architecture, specifically targeting three key components: the Gmail MCP server as an untrusted content source, the Shell MCP server as the execution target, ...
1 day ago Cybersecuritynews.com

Oracle Critical Security Update - 309 Vulnerabilities with 145 Remotely Exploitable Patched - This quarterly security update represents one of the most comprehensive patches in recent history, targeting critical flaws in database systems, middleware, cloud applications, and enterprise software that could potentially expose organizations to ...
1 day ago Cybersecuritynews.com CVE-2025-30762

21-year-old former US soldier pleads guilty to hacking, extorting telecoms | The Record from Recorded Future News - Court documents for both cases say Wagenius accessed sensitive telecom records before extorting the companies, threatening to release the stolen data unless he and his co-conspirators were paid ransoms. Wagenius and his co-conspirators threatened to ...
1 day ago Therecord.media

Vim Command Line Text Editor Vulnerability Let Attackers Overwrite Sensitive Files - Published on July 15, 2025, this path traversal vulnerability poses significant risks to system security, though exploitation requires direct user interaction. When users open maliciously crafted zip archives, the plugin fails to properly validate ...
1 day ago Cybersecuritynews.com CVE-2025-53906

Grok 4 benchmark results: Tops math, ranks second in coding - Gemini 2.5 Pro and Claude still remain the best models for coding, but that might change when xAI ships Grok 4 Code in August. Grok 4 is a huge leap from Grok 3, but how good is it compared to other models in the market, such as Gemini 2.5 Pro? We ...
1 day ago Bleepingcomputer.com

Hackers Use Polyglot Files to Bypass Email Filters to Deliver Malicious Emails - With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. PhantomRemote—the custom payload embedded inside the DLL—provides command execution, file download and system inventory over ...
1 day ago Cybersecuritynews.com

Abacus Dark Web Market Possible Exit Scam with the Bitcoin Payments They Hold - The marketplace’s operators appear to have disappeared with users’ cryptocurrency funds, marking another significant blow to the Western darknet ecosystem following the law enforcement seizure of Archetyp Market in June 2025. The ...
1 day ago Cybersecuritynews.com

New Attack Targeting Japanese Companies Exploiting Ivanti & Fortinet VPN Vulnerabilities - Once inside, attackers deploy various malware families including RokRAT, which enables data exfiltration to legitimate cloud storage services, and PlugX, utilized by the TELEBOYi attack group for command and control operations. A sophisticated cyber ...
1 day ago Cybersecuritynews.com CVE-2025-22457

Google fixes actively exploited sandbox escape zero day in Chrome - The security issue is described as an insufficient validation of untrusted input in ANGLE and GPU that affects Google Chrome versions before 138.0.7204.157. An attacker successfully exploiting it could perform a sandbox escape by using a specially ...
1 day ago Bleepingcomputer.com CVE-2025-7656

Trending Cyber News (last 7 days)

AsyncRAT New Forks Uncovered With New Features Ranging From Screamer to a USB Malware Spreader - The open-source nature of AsyncRAT, first released on GitHub in 2019, has spawned numerous sophisticated forks that incorporate enhanced evasion techniques, novel plugins, and specialized attack vectors that pose significant threats to cybersecurity ...
2 days ago Cybersecuritynews.com

Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record from Recorded Future News - Last year, a man behind a $110 million theft from defunct crypto platform Mango Markets was convicted in federal court despite having negotiated with the platform to return the funds. The person behind the theft began transferring the funds in $5 ...
6 days ago Therecord.media

Android malware Konfety uses malformed APKs to evade detection - In that case, SoumniBot declared an invalid compression method in AndroidManifest.xml, declared a fake file size and data overlay, and confused analysis tools with very large namespace strings. A new variant of the Konfety Android malware emerged ...
2 days ago Bleepingcomputer.com

GLOBAL GROUP RaaS Operators Enable AI-driven Negotiation Functionality - GLOBAL GROUP, operated by threat actor “$$$”, has claimed 17 victims across multiple countries since its June 2025 launch, demonstrating rapid operational scaling through automated systems and strategic partnerships with Initial Access ...
2 days ago Cybersecuritynews.com

OpenAI is to Launch a AI Web Browser in Coming Weeks - The new browser will feature integrated AI agent capabilities designed to autonomously handle various online tasks, positioning OpenAI as a direct competitor to traditional browser giants like Google Chrome while advancing the company’s vision ...
5 days ago Cybersecuritynews.com

GPUHammer - First Rowhammer Attack Targeting NVIDIA GPUs - Cybersecurity researchers at the University of Toronto have achieved a breakthrough in hardware-level attacks by successfully demonstrating GPUHammer, the first Rowhammer attack specifically targeting discrete NVIDIA GPUs. The research, which focuses ...
5 days ago Cybersecuritynews.com Inception

Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities - Cyber Security News - The group’s recent campaign has primarily leveraged critical vulnerabilities in Fortinet’s enterprise security appliances, specifically targeting CVE-2024-21762 and CVE-2024-55591 in unpatched FortiGate and FortiProxy devices. The ...
6 days ago Cybersecuritynews.com CVE-2024-21762 LockBit Qilin

AMD Warns of Transient Scheduler Attacks Affecting Wide Range of Chipsets - The vulnerabilities leverage timing-based side channels in AMD’s microarchitectural implementations, allowing attackers to infer sensitive information from system memory and processor states through carefully crafted speculative execution ...
6 days ago Cybersecuritynews.com CVE-2024-36350

Fortinet FortiWeb Fabric Connector Vulnerability Exploited to Execute Remote Code - A critical security vulnerability in Fortinet’s FortiWeb Fabric Connector has been discovered and exploited, allowing attackers to execute remote code on affected systems without authentication. Watchtower researchers analyzing the ...
6 days ago Cybersecuritynews.com

IT Giant Ingram Micro Restores Operations Following Ransomware Attack - The attack, first identified on July 5, 2025, represents one of the most notable ransomware incidents affecting a major technology distribution company this year, highlighting the sophisticated nature of modern cyber threats targeting critical supply ...
6 days ago Cybersecuritynews.com

Arkana Ransomware Claimed to Have Stolen 2.2 Million Customer Records - What sets Arkana apart from traditional ransomware groups is their initial focus on psychological warfare and data exfiltration rather than immediate system encryption, utilizing their “Wall of Shame” tactics to publicly expose sensitive ...
6 days ago Cybersecuritynews.com Qilin

Microsoft Eliminated High-Privilege Access to Enhance Microsoft 365 Security - The initiative also included implementing standardized monitoring systems to identify and report any remaining high-privilege access within Microsoft 365 applications, ensuring continuous compliance with the new security standards. Microsoft has ...
6 days ago Cybersecuritynews.com

Windows 10 KB5062554 update breaks emoji panel search feature - The search feature for the Windows 10 emoji panel is broken after installing the KB5062554 cumulative update released Tuesday, making it not possible to look up emojis by name or keyword. BleepingComputer can confirm that the search feature in ...
4 days ago Bleepingcomputer.com

CISA Releases 13 New Industrial Control Systems Surrounding Vulnerabilities and Exploits - This comprehensive security alert encompasses multiple attack vectors targeting essential infrastructure components, ranging from network management systems to process control equipment used across manufacturing, energy, and transportation sectors. ...
6 days ago Cybersecuritynews.com

FBI Atlanta Seizes Major Video Game Piracy Websites in International Operation - The Federal Bureau of Investigation’s Atlanta Field Office announced today the seizure of several major online criminal marketplaces that provided pirated versions of popular video games, dismantling a multi-million dollar piracy operation that ...
6 days ago Cybersecuritynews.com

Apache HTTP Server 2.4.64 Released With Patch for 8 Vulnerabilities - This latest update resolves a range of issues, including HTTP response splitting, server-side request forgery (SSRF), and denial of service vulnerabilities that could potentially compromise server security and performance. Apache HTTP Server 2.4.64 ...
6 days ago Cybersecuritynews.com CVE-2025-49812

Indonesia extradites Russian accused of selling personal data on Telegram | The Record from Recorded Future News - Russian authorities allege Zverev operated an unnamed criminal network between 2018 and 2021 that profited from selling sensitive personal information sourced from databases belonging to Russia’s Interior Ministry (MVD), Federal Security Service ...
6 days ago Therecord.media

Albemarle latest Virginia county hit with ransomware | The Record from Recorded Future News - About two hours away, Gloucester County warned employees last week that it also suffered a ransomware attack in April that exposed Social Security numbers and other sensitive data. The county warned residents that it “appears likely” the hackers ...
6 days ago Therecord.media

AWS Organizations Mis-scoped Managed Policy Let Hackers To Take Full AWS Organization Control - This oversight allows attackers who compromise a user or role in the management account with the vulnerable policy attached to register any account within the organization as a delegated administrator for sensitive services, effectively bypassing ...
6 days ago Cybersecuritynews.com

Hackers are exploiting critical RCE flaw in Wing FTP Server - Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public. The attacker sent malformed login requests with null-byte-injected ...
5 days ago Bleepingcomputer.com CVE-2025-47812

Google Gemini flaw hijacks email summaries for phishing - Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links. As many users are likely to ...
4 days ago Bleepingcomputer.com

D-Link 0-click Vulnerability Allows Remote Attackers to Crash the Server - A critical stack-based buffer overflow in the D-Link DIR-825 Rev.B 2.10 router firmware allows unauthenticated, zero-click remote attackers to crash the device’s HTTP server. Apply Firmware Update: D-Link must release a patched firmware version ...
6 days ago Cybersecuritynews.com

Infostealers Actively Attacking macOS Users in The Wild to Steal Sensitive Data - Flashpoint Intel Team analysts identified four prominent strains dominating the current threat landscape: Atomic Stealer, recognized as the most prevalent Malware-as-a-Service offering; Poseidon Stealer, a sophisticated variant with connections to ...
6 days ago Cybersecuritynews.com

WordPress GravityForms Plugin Hacked to Include Malicious Code - A sophisticated supply chain attack has compromised the official GravityForms WordPress plugin, allowing attackers to inject malicious code that enables remote code execution on affected websites. The attack, discovered on July 11, 2025, represents a ...
5 days ago Cybersecuritynews.com Rocke

Russian Basketball Player Arrested over Alleged Ransomware Attack Claims - Le Monde reports that Daniil Kasatkin, a 26-year-old professional basketball player who most recently played for the Moscow team MBA-MAI, was arrested at Paris’s Roissy-Charles de Gaulle airport on June 21, 2025, following an international ...
6 days ago Cybersecuritynews.com

Airline executive agrees to dismiss litigation around alleged hack-for-hire scheme | The Record from Recorded Future News - The cases, which stretched across multiple continents and shed light on the shady world of corporate espionage and mercenary hackers, stemmed from a scheme allegedly orchestrated by an attorney at the law firm Dechert to hack into Azima’s accounts ...
6 days ago Therecord.media

Weekly Cybersecurity Roundup: Key Vulnerabilities, Threats, and Data Breaches - Multiple critical vulnerabilities have been identified in Scriptcase, a low-code development platform, particularly in versions like 9.4.019 and 9.10.023. These flaws include arbitrary file uploads, path traversal, and cross-site scripting (XSS), ...
4 days ago Cybersecuritynews.com

CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch - The first warning of CitrixBleed 2 being exploited came from ReliaQuest on June 27. On July 7, security researchers at watchTowr and Horizon3 published proof-of-concept exploits (PoCs) for CVE-2025-5777, demonstrating how the flaw can ...
6 days ago Bleepingcomputer.com CVE-2025-5777

NVIDIA issues guidance to defend GDDR6 GPUs against Rowhammer - NVIDIA is warning users to activate the System Level Error-Correcting Code mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory. Rowhammer represents a real security concern that could cause ...
6 days ago Bleepingcomputer.com

WordPress Gravity Forms developer hacked to push backdoored plugins - RocketGenius, the developer behind Gravity Forms, was informed of the issue, and a staff member told Patchstack that the malware affected only manual downloads and composer installation of the plugin. The popular WordPress plugin Gravity Forms ...
6 days ago Bleepingcomputer.com Rocke

Google Gemini for Workspace Vulnerability Lets Attackers Conceal Malicious Scripts in Emails - Cyber Security News - Security researchers have uncovered a significant vulnerability in Google Gemini for Workspace that enables threat actors to embed hidden malicious instructions within emails. The attack exploits the AI assistant’s “Summarize this ...
4 days ago Cybersecuritynews.com

Grok-4 Jailbreaked With Combination of Echo Chamber and Crescendo Attack - The success rates indicate that current LLM safety measures may be inadequate against sophisticated multi-turn attack strategies that exploit conversational context rather than relying on overtly harmful input patterns. The research, published by ...
4 days ago Cybersecuritynews.com

Albemarle County Hit By Ransomware Attack - Hackers Accessed Residents Personal Details - County officials confirmed that the malware deployment resulted in potential exposure of resident data, prompting immediate notification to the FBI, Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), and ...
1 day ago Cybersecuritynews.com

Iranian APTs Hackers Actively Attacking Transportation and Manufacturing Sectors - This aggressive campaign has prompted urgent warnings from the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Homeland Security, highlighting the critical need for enhanced security measures across industrial and ...
6 days ago Cybersecuritynews.com MuddyWater OilRig APT3 APT33

CISA Warns of CitrixBleed 2 Vulnerability Exploited in Attacks - The vulnerability, tracked as CVE-2025-5777, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog with an immediate remediation deadline of July 11, 2025. The vulnerability specifically affects deployments where NetScaler ...
6 days ago Cybersecuritynews.com CVE-2025-5777

11 Best Cloud Access Security Broker Software (CASB) - 2025 - Netskope is widely recognized as a leader in cloud security, offering a comprehensive CASB solution that delivers deep visibility, advanced threat protection, and granular policy enforcement. The CASB solution provides rich visibility, control, and ...
4 days ago Cybersecuritynews.com