Cybersecurity News Aggregator | CyberSecurityBoard

Latest Cyber News

VMware Workstation auto-updates broken after Broadcom URL redirect - VMware Workstation users report that the software's automatic update functionality is broken after Broadcom redirected the download URL to its generic support page, triggering certificate errors. While VMware Workstation continues to function, this ...
4 hours ago Bleepingcomputer.com

OpenAI says Deep Research is coming to ChatGPT free "very soon" - As pointed out by Tibor Blaho on X, while discussing the Deep Research feature, Isa Fulford, Member of Technical Staff at OpenAI, confirmed that the company is testing Deep Research for free customers and will share more details soon. ...
6 hours ago Bleepingcomputer.com

Canadian hacker arrested for allegedly stealing data from Texas Republican Party | The Record from Recorded Future News - The Justice Department unsealed a September 2024 complaint and arrest warrant accusing Cottle of gaining access to the systems of Epik, a third-party hosting company for the websites for the Texas Republican Party and the Texas Right to Life ...
7 hours ago Therecord.media

Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders - "While threat actors would likely require physical device access to exploit the U-boot or Barebox vulnerabilities, in the case of GRUB2, the vulnerabilities could further be exploited to bypass Secure Boot and install stealthy bootkits or potentially ...
7 hours ago Bleepingcomputer.com

Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks - Victims clicking on the phishing links are redirected to fake landing pages impersonating state government toll and parking agencies or private entities, such as USPS, DHL, Royal Mail, FedEx, Revolut, Amazon, American Express, HSBC, E-ZPass, ...
8 hours ago Bleepingcomputer.com

Lazarus Group is No Longer Consider a Single APT Group, But Collection of Many Sub Groups - The cybersecurity landscape is witnessing a growing complexity in the attribution of Advanced Persistent Threat (APT) actors, particularly the North Korean-linked Lazarus group. For instance, Bureau325 and APT43 have been identified as entities that ...
9 hours ago Cybersecuritynews.com Kimsuky Lazarus Group

Hackers abuse WordPress MU-Plugins to hide malicious code - Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. However, because MU-plugins run on every page load and don't appear in the standard plugin list, ...
10 hours ago Bleepingcomputer.com

Cannon Printer Vulnerability Let Attackers Execute Arbitrary Code - The flaw, identified as CVE-2025-1268, carries a high-severity CVSS base score of 9.4, indicating significant security implications for users of affected Canon products. The vulnerability might not only disrupt printing operations but could ...
11 hours ago Cybersecuritynews.com CVE-2025-1268

North Korean hackers adopt ClickFix attacks to target crypto firms - Sekoia says that Lazarus impersonates numerous well-known companies in the latest campaign, including Coinbase, KuCoin, Kraken, Circle, Securitize, BlockFi, Tether, Robinhood, and Bybit, from which the North Korean threat actors recently stole a ...
11 hours ago Bleepingcomputer.com

Technical Analysis Published for OpenSSH's Agent Forwarding RCE Vulnerability - Security researchers have published a detailed technical analysis of a critical remote code execution (RCE) vulnerability (CVE-2023-38408) in OpenSSH’s agent forwarding feature that was disclosed in July 2023. According to Vicarius’s ...
11 hours ago Cybersecuritynews.com CVE-2023-38408

CrushFTP Vulnerability Exploited to Bypass Authentication - CrushFTP addressed this vulnerability in version 11.3.1 by adding a new security parameter s3_auth_lookup_password_supported set to false by default and implementing proper security checks in the authentication flow. A critical vulnerability ...
12 hours ago Cybersecuritynews.com CVE-2025-2825

Multiple Dell Unity Vulnerabilities Let Attackers Compromise Affected System - Dell Technologies has released a critical security update addressing multiple severe vulnerabilities in its Unity enterprise storage systems that could allow attackers to execute arbitrary commands as root, delete critical system files, and perform ...
12 hours ago Cybersecuritynews.com CVE-2024-49563

New Ubuntu Security Bypasses Allow Attackers to Exploit Kernel Vulnerabilities - Qualys offers its TruRisk Eliminate platform to automate defenses, providing pre-tested scripts to enforce kernel parameters and disable vulnerable profiles, integration with Qualys agents for centralized mitigation deployment and risk isolation for ...
13 hours ago Cybersecuritynews.com

Hewlett Packard RCE Vulnerability Allows Attackers to Bypass Authentication and Execute Remote Commands - A critical unauthenticated remote code execution vulnerability (CVE-2024-13804) has been discovered in HPE Insight Cluster Management Utility (CMU) v8.2, enabling attackers to bypass authentication mechanisms and execute commands with root privileges ...
14 hours ago Cybersecuritynews.com CVE-2024-13804

Earth Alux Hackers Employ VARGIET Malware to Attack Organizations - Initially targeting the Asia-Pacific region, the group expanded its operations to Latin America by mid-2024, primarily focusing on government, technology, logistics, manufacturing, telecommunications, IT services, and retail sectors in countries ...
15 hours ago Cybersecuritynews.com

ClickFake Interview - Lazarus Hackers Exploit Windows & macOS Users Fake Job Campaign - The ClickFake Interview campaign builds upon the tactics of Contagious Interview, which targeted software developers via fake job interviews conducted on platforms like LinkedIn or X (formerly Twitter). The Lazarus Group, a North Korean ...
15 hours ago Cybersecuritynews.com Lazarus Group

DarkCloud - An Advanced Stealer Malware Selling Via Telegram To Steal Data From Windows - Security researcher REXorVc0 identified DarkCloud’s extensive capabilities, noting that the malware employs a multi-stage infection process designed to evade detection. This technique allows DarkCloud to operate stealthily, evading most ...
16 hours ago Cybersecuritynews.com

Microsoft Removes bypassnro.cmd in Windows 11 Insider To Stop Users from Installing OS Without MS Account - Microsoft has taken a decisive step in its latest Windows 11 Insider Preview Build 26200.5516 by removing the bypassnro.cmd script, effectively closing a loophole that allowed users to install Windows 11 without connecting to the internet or signing ...
16 hours ago Cybersecuritynews.com

Konni RAT Exploit Windows Explorer To Launches a Multi-Stage Attack in Windows - The updated Konni variant specifically targets vulnerabilities in Windows Explorer’s file handling processes, enabling the malware to establish persistence and execute malicious code without triggering traditional security alerts. Organizations ...
17 hours ago Cybersecuritynews.com

Triton RAT Leveraging Telegram To Remotely Access & Control Systems - This malware enables attackers to remotely access and control compromised systems, with particular emphasis on harvesting Roblox credentials and security cookies that can bypass two-factor authentication. Triton further employs anti-analysis ...
18 hours ago Cybersecuritynews.com

Russian Hackers Using Russia-Based Bulletproof Network to Switch Network Infrastructure - Russian-aligned hacking groups UAC-0050 and UAC-0006 have been observed switching their network infrastructure through bulletproof hosting providers, enabling persistent campaigns against Ukrainian entities and their international allies. The complex ...
19 hours ago Cybersecuritynews.com

Threats Actors Hide Malware in Wordpress Websites to Execute Code Remotely - These include redirect scripts that send unsuspecting visitors to harmful domains, webshells that provide attackers with remote code execution capabilities, and spam injectors that manipulate website content to distribute unwanted material. Once ...
19 hours ago Cybersecuritynews.com

Hackers Used Weaponized Zoom Installer to Gain RDP Access & Deploy BlackSuit Ransomware - The attack began when an unsuspecting victim visited a malicious website mimicking Zoom’s official download page (zoommanager[.]com), where they downloaded what appeared to be a legitimate teleconferencing application installer. This tunneling ...
19 hours ago Cybersecuritynews.com Blacksuit

Daisy Cloud Hacker Group Exposed 30K Login Credentials Across a Wide Range of Services - The threat actors have been operating a sophisticated credential marketplace on Telegram since October 18, 2023, selling access to financial platforms, cloud services, government portals, and personal accounts at alarmingly accessible prices. A ...
19 hours ago Cybersecuritynews.com

20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
19 hours ago Cybersecuritynews.com

Critical PHP Vulnerability Let Hackers Bypass the Validation To Load Malicious Content - The flaw, tracked as CVE-2025-1219, involves the incorrect handling of the content-type header when a redirected resource is requested, leading to security risks such as document misinterpretation and validation bypass. CVE-2025-1219 highlights a ...
23 hours ago Cybersecuritynews.com CVE-2025-1219

How Each Pillar of the 1st Amendment is Under Attack – Krebs on Security - In an address to Congress this month, President Trump claimed he had “brought free speech back to America.” But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of ...
1 day ago Krebsonsecurity.com

TsarBot Android Malware Mimics 750 Banking & Finance Apps to Steal Credentials - Once installed, TsarBot uses overlay attacks by displaying fake login pages over legitimate applications, tricking users into entering sensitive information such as banking credentials, credit card details, and login passwords. Identified by Cyble ...
1 day ago Cybersecuritynews.com

Apache Tomcat Vulnerability (CVE-2025-24813) Exploited to Execute Code on Servers - The flaw exploits Apache Tomcat’s handling of partial PUT requests and path equivalence, allowing attackers to bypass security constraints and execute arbitrary code without authentication under specific conditions. Successful exploitation ...
1 day ago Cybersecuritynews.com

Microsoft tests new Windows 11 tool to remotely fix boot crashes - Microsoft has begun testing a new Windows 11 tool called Quick Machine Recovery, which is designed to remotely deploy fixes for buggy drivers and configurations that prevent the operating system from starting. When enabled and a new driver or ...
1 day ago Bleepingcomputer.com

Hackers Employ New ClickFix Captcha Technique to Deliver Ransomware - The integration of Qakbot with the ClickFix technique allows attackers to bypass traditional security measures by leveraging user interaction to execute malicious commands. A sophisticated social engineering technique known as ClickFix has emerged, ...
1 day ago Cybersecuritynews.com

New Crocodilus malware steals Android users’ crypto wallet keys - A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. “This social engineering trick guides the victim ...
1 day ago Bleepingcomputer.com

Microsoft's killing script used to avoid Microsoft Account in Windows 11 - A popular method to bypass a Microsoft Account during setup is to use a script named 'C:\windows\system32\oobe\BypassNRO.cmd.' When run during Windows 11 setup, it creates a Registry value that removes the requirement to connect to the ...
1 day ago Bleepingcomputer.com

Lotus Blossom APT Exploits WMI for Post-Exploitation Activities - The Lotus Blossom APT group’s sophisticated use of WMI, legitimate cloud platforms, and stealthy persistence mechanisms underscores the need for robust cybersecurity measures tailored to counter advanced threat actors. The Lotus Blossom Advanced ...
2 days ago Cybersecuritynews.com Lotus Blossom

CISA Warns of ESURGE Malware Exploiting Ivanti RCE Vulnerability - The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report (MAR-25993211-r1.v1) detailing the exploitation of a critical vulnerability in Ivanti Connect Secure devices (CVE-2025-0282). Additionally, CISA ...
2 days ago Cybersecuritynews.com CVE-2025-0282

U.S. seized $8.2 million in crypto linked to 'Romance Baiting' scams - The scam operation relied on typical tactics such as allowing initial small profit withdrawals to build trust, claiming "taxation" and "credit score" fees as pretexts for requesting more money, and then resorting to threats and intimidation once ...
2 days ago Bleepingcomputer.com

RamiGPT - AI Tool To Escalate Privilege & Gain Root Access Within a Minute - Arthur Howell, a cybersecurity analyst, noted: “Tools like RamiGPT redefine red-team exercises but demand strict ethical boundaries.” The GitHub repository explicitly restricts usage to authorized environments, emphasizing compliance with laws ...
2 days ago Cybersecuritynews.com

ClickFix Captcha - A Creative Technique That Allow Attackers Deliver Malware and Ransomware on Windows - This technique, known as ClickFix Captcha, exploits users’ trust in familiar web elements to bypass traditional security measures and deliver malicious payloads to Windows systems. The researchers noted the commands typically invoke PowerShell ...
2 days ago Cybersecuritynews.com

Gamaredon Hacker Group Using Weaponize LNK Files To Drop Remcos Backdoor on Windows - Cisco Talos researchers identified this campaign has been active since at least November 2024, with evidence suggesting Gamaredon is specifically targeting Ukrainian government organizations, critical infrastructure, and entities affiliated with ...
2 days ago Cybersecuritynews.com

46 New Vulnerabilities in Solar Inverters Systems Let Attackers Tamper Inverter Settings - Researchers have uncovered critical security flaws in global solar power infrastructure that could potentially allow malicious actors to seize control of solar inverters and manipulate power generation at scale. Research indicates over half of solar ...
2 days ago Cybersecuritynews.com

DeBackdoor - Framework to Detect Backdoor Attacks on Deep Models - In an era where deep learning models increasingly power critical systems from self-driving cars to medical devices, security researchers have unveiled DeBackdoor, an innovative framework designed to detect stealthy backdoor attacks before deployment. ...
2 days ago Cybersecuritynews.com

Red Team Activities Turns More Sophisticated With The Progress of Artificial Intelligence - Researchers (Mays Al-Azzawi, Dung Doan, Tuomo Sipola, Jari Hautamaki, Tero Kokkonen) noted that 56% of AI-driven cyberattacks now target the access and penetration phase of security systems, with CNN emerging as the most frequently utilized AI ...
2 days ago Cybersecuritynews.com

SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk - As browsers become the new endpoint, it is crucial for enterprises to reconsider their browser security strategy – just as EDRs were critical to defend against file-based ransomware, a browser-native solution with a deep understanding of ...
2 days ago Cybersecuritynews.com

Hackers Leveraging DNS MX Records To Dynamically Create Fake Logins Mimic as 100+ Brands - The phishing kit performs a DNS MX record lookup using DNS over HTTPS (DoH) services from Google or Cloudflare, allowing it to precisely identify the victim’s email service provider without maintaining an extensive domain mapping database. A ...
2 days ago Cybersecuritynews.com

Crocodilus - A New Android Malware Remotely Control Your Android Devices - Unlike predecessors such as Anatsa, Octo, and Hook, which incrementally refined their capabilities, Crocodilus emerges as a fully mature threat, integrating sophisticated features including overlay attacks, accessibility-based data harvesting, remote ...
2 days ago Cybersecuritynews.com

Fake Snow White Movie Attacking Viewers Device With New Malware - Veriti’s cybersecurity researchers discovered that the torrent contained a malicious file package designed to compromise devices and spread malware through peer-to-peer networks. A sophisticated Python-based Remote Access Trojan (RAT) leveraging ...
2 days ago Cybersecuritynews.com

Retail giant Sam’s Club investigates Clop ransomware breach claims - Clop's claims of a Sam's Club breach come after the ransomware gang also started extorting dozens of victims breached in a massive wave of data theft attacks targeting a zero-day vulnerability (CVE-2024-50623) in Cleo secure file transfer ...
3 days ago Bleepingcomputer.com CVE-2024-50623

OpenAI now pays researchers $100,000 for critical vulnerabilities - OpenAI launched its bug bounty program in April 2023 with payouts of up to $20,000 for researchers who report vulnerabilities, bugs, or security flaws in its product line via the Bugcrowd crowdsourced security platform. Artificial intelligence ...
3 days ago Bleepingcomputer.com

New Python-Based Discord RAT Attacking Users to Steal Login Credentials - Content == "Sending Command #2 - Password Stealer" and message.channel.id == channelid: username = os.getlogin() try: passwords = open(f"C:/Users/{username}/AppData/Local/Google/Chrome/User Data/Default/Login Data", "rb").read() await ...
3 days ago Cybersecuritynews.com

Phishing-as-a-service operation uses DNS-over-HTTPS for evasion - Once the victim reaches the final destination, the phishing kit loads and queries the victim’s email domain’s MX record using DoH via Google or Cloudflare. When the victim clicks a link in a phishing email, the kit is loaded on their ...
3 days ago Bleepingcomputer.com

Microsoft fixes button that restores classic Outlook client - Since the start of the year, it has fixed other Outlook issues, including one that led to Classic Outlook and Microsoft 365 applications crashing on Windows Server 2016 or Windows Server 2019 systems and another one that triggers classic Outlook ...
3 days ago Bleepingcomputer.com

New Ubuntu Linux security bypasses require manual mitigations - “Qualys TRU uncovered three distinct bypasses of these namespace restrictions, each enabling local attackers to create user namespaces with full administrative capabilities,” the researchers say. Three security bypasses have ...
3 days ago Bleepingcomputer.com

PJobRAT Android RAT as Dating & Instant Messaging Apps Attacking Military Personnel - Firebase Cloud Messaging (FCM) serves as the primary command channel, enabling the threat actor to trigger various functions through predefined commands like “ace_am_ace” (upload SMS), “chall” (run shell command), and ...
3 days ago Cybersecuritynews.com

Russian Hackers Mimic as CIA to Steal Ukraine Defense Intelligence Data - Silent Push threat researchers identified the operation, revealing it consists of four major phishing clusters impersonating not only the CIA but also the Russian Volunteer Corps, Legion Liberty, and “Hochuzhit” (an appeals hotline for ...
3 days ago Cybersecuritynews.com

Oracle Health breach compromises patient data at US hospitals - In a notice sent to impacted customers and seen by BleepingComputer, Oracle Health said it became aware of a breach of legacy Cerner data migration servers on February 20, 2025. Oracle Health has not yet publicly disclosed the incident, but in ...
3 days ago Bleepingcomputer.com

SHELBY Malware Steal Data Abusing GitHub for Command-and-control Server - A sophisticated new data theft malware strain dubbed “SHELBY” has emerged in the cybersecurity landscape, targeting primarily financial institutions and healthcare organizations across North America and Europe. This approach allows the ...
3 days ago Cybersecuritynews.com

Hackers Abuse MailChimp Email Marketing Platform via Phishing, and Social Engineering Tactics - What makes these attacks particularly concerning is that gaining access to a MailChimp account provides attackers with complete subscriber lists and contact information, the ability to send mass emails from a trusted domain, opportunities to ...
3 days ago Cybersecuritynews.com

PlayBoy Locker Ransomware Attacking Windows, NAS and ESXi Operating Systems - In a typical ransomware fashion, PlayBoy Locker drops a text file named “INSTRUCTIONS.txt” on infected systems, providing victims with contact information for ransom demands and further instructions. Broadcom analysts noted a troubling ...
3 days ago Cybersecuritynews.com

New FamousSparrow Malware Attacking Hotels & Engineering Companies to New Backdoor - Most notably, researchers found that one version of SparrowDoor is now modular, while another resembles what other security firms have called “CrowDoor” and attributed to the Earth Estries APT group, suggesting potential overlaps between ...
3 days ago Cybersecuritynews.com

Microsoft fixes Remote Desktop issues caused by Windows updates - "After installing the January 2025 Windows preview update (KB5050094) and later updates, users might experience unexpected disconnections with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS)," the company said in a ...
3 days ago Bleepingcomputer.com

RansomHub’s EDRKillShifter Link With Other Well-Established Ransomware Gang’s - New Research - In May 2024, RansomHub introduced EDRKillShifter, a custom endpoint detection and response killer designed to terminate security products by abusing vulnerable drivers, effectively blinding defensive systems before encryption begins. ESET researchers ...
3 days ago Cybersecuritynews.com BianLian Medusa Ransomhub LockBit

Threat Actors Hacked 150,000 Sites to Link Chinese Gambling Sites - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This campaign represents a significant threat to website integrity and user security, highlighting the need for enhanced ...
3 days ago Cybersecuritynews.com

Threat Actors Trick Hotel Staff With Fake Booking.com Email to Gain System Access - The attack leverages social engineering techniques and exploits the time-sensitive nature of hotel bookings to create a sense of urgency, compelling victims to take immediate action without proper security verification. The attack demonstrates how ...
3 days ago Cybersecuritynews.com

GLPI Open-source ITSM Tool Vulnerability Let Attackers Inject Malicious SQL Queries - A critical vulnerability in GLPI, a widely-used open-source IT Service Management (ITSM) platform tracked as CVE-2025-24799, enables unauthenticated attackers to perform SQL injection attacks through the inventory endpoint. Cyber Security News is a ...
3 days ago Cybersecuritynews.com CVE-2025-24799

Meta AI Will Begin Rolling Out Across 41 European Countries - The rollout, which covers 41 European countries and 21 overseas territories, marks Meta’s largest global expansion of Meta AI to date, though European users will initially access only a limited version of the technology. Unlike the US version ...
3 days ago Cybersecuritynews.com

Cloudflare Announces OpenPubkey SSH to Integrate Single Sign-on With SSH - As organizations increasingly adopt Zero Trust security models, technologies like OPKSSH that eliminate implicit trust in favor of explicit identity verification will become increasingly vital in secure infrastructure access. By bridging the gap ...
3 days ago Cybersecuritynews.com

Blacklock Ransomware Infrastructure Intruded to Uncover Their Planned Attacks - The ransomware group established a sophisticated operational structure, implementing affiliate networks and creating Data Leak Sites (DLS) on the TOR network where they published stolen information from victims unwilling to pay ransoms. Through ...
3 days ago Cybersecuritynews.com Dragonforce

Redcurl Actors New Ransomware Exclusively Attacking Hyper-V Servers - When victims open these attachments, Windows automatically mounts the IMG file as a virtual drive, displaying a file named “CV APPLICANT 7802-91542.SCR” that appears legitimate but harbors malicious intent. The malware establishes ...
3 days ago Cybersecuritynews.com

New Lucid PhAAS Platform Leveraging RCS & iMessage to Bypass Detections - The platform employs an automated attack delivery mechanism that deploys customizable phishing websites, primarily distributed through SMS-based lures that mimic legitimate organizations such as postal services, courier companies, and toll payment ...
3 days ago Cybersecuritynews.com

Mozilla Releases Urgent Patch for Windows Users Following Recently Exploited Chrome Zero-day - While Mozilla has not confirmed whether the Firefox vulnerability was exploited in the wild, the advisory notes that the “original vulnerability was being exploited in the wild,” likely referring to the Chrome zero-day. Mozilla researcher ...
3 days ago Cybersecuritynews.com

Weaponized Google Ads Attacking DeepSeek Users to Deliver Malware - The attack uses convincingly crafted fake advertisements that appear at the top of Google search results, mimicking legitimate DeepSeek ads but redirecting victims to malicious websites designed to distribute malware. Cybercriminals have launched a ...
3 days ago Cybersecuritynews.com

Kuala Lumpur Airport Suffered Cyberattack - Hackers Demanded US$10 Million Ransom - Despite conflicting reports about operational impacts, cybersecurity experts suggest the attack likely exploited network vulnerabilities to compromise critical airport systems, including flight information displays, check-in terminals, and baggage ...
3 days ago Cybersecuritynews.com

Tor Browser 14.0.8 Released Emergency Update for Windows Users - This Windows-only release addresses “very urgent” security vulnerabilities in Firefox, the browser framework underpinning Tor Browser, and users are strongly advised to update immediately to maintain their privacy and security while ...
3 days ago Cybersecuritynews.com

CISA Warns of Google Chrome Zero-day Vulnerability Exploited in the Wild - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding a critical zero-day vulnerability in Google Chrome that is actively being exploited in the wild. The vulnerability, identified as CVE-2025-2783, ...
4 days ago Cybersecuritynews.com CVE-2025-2783

Hijacked Microsoft Stream classic domain spams SharePoint sites - The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. Today, the Microsoft Streams classic domain, microsoftstream.com, ...
4 days ago Bleepingcomputer.com

Trending Cyber News (last 7 days)

Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit | The Record from Recorded Future News - Last June, Kaspersky discovered another espionage campaign, dubbed Operation Triangulation, that exploited two vulnerabilities in Apple devices. Russian security researchers discovered sophisticated new malware used in an espionage campaign targeting ...
4 days ago Therecord.media CVE-2025-2783

Alleged Snowflake hacker consents to extradition from Canada after US charges | The Record from Recorded Future News - Connor Riley Moucka, also known as Alexander Antonin Moucka, signed a consent order on Friday in Ontario Superior Court in Kitchener that would allow him to be transferred to U.S. custody to face multiple charges. Moucka allegedly spoke to news ...
6 days ago Therecord.media

Nearly $13 million stolen from Abracadabra Finance in crypto heist | The Record from Recorded Future News - The Treasury Department removed sanctions on Tornado Cash last week after a federal appeals court ruled the agency had exceeded its authority in trying to penalize the company for being used by North Korean hackers seeking to launder funds stolen ...
6 days ago Therecord.media

Malaysia PM says country rejected $10 million ransom demand after airport outages | The Record from Recorded Future News - Malaysia’s National Cyber Security Agency (NACSA) and Malaysia Airports released a joint statement Tuesday confirming that a cyberattack started causing disruptions on March 23. Computer outages at Malaysia’s Kuala Lumpur International Airport ...
6 days ago Therecord.media

CrushFTP warns users to patch unauthenticated access flaw immediately - In November 2023, CrushFTP customers were also warned to patch a critical remote code execution vulnerability (CVE-2023-43177) in the company's enterprise suite after Converge security researchers who reported the flaw released a proof-of-concept ...
6 days ago Bleepingcomputer.com CVE-2023-43177

New York's cyber chief on keeping cities and states safe from cyberattacks | The Record from Recorded Future News - And so we think that that'll continue to evolve the security posture of New York State in a way that first and foremost provides the public good, which is, if a government service is not secure, it can't be considered reliable. We're ...
5 days ago Therecord.media

Pakistan APT Hackers Create Weaponized IndiaPost Website to Attack Windows & Android Users - The attackers employed strategic infrastructure, including IP address 88[.]222[.]245[.]211, which resolves to the suspicious domain email[.]gov[.]in[.]gov-in[.]mywire[.]org, a known tactic of Pakistan-based APT groups attempting to impersonate Indian ...
4 days ago Cybersecuritynews.com APT3 Transparent Tribe

The 7 technology trends that could replace passwords - In passwords, this provides a secure way to let users prove that they know their own password, without any need to transmit their actual credentials – it is a cryptographic method that proves you know your password without needing to actually ...
5 days ago Bleepingcomputer.com

British company Advanced fined £3m by privacy regulator over ransomware attack | The Record from Recorded Future News - His comments followed a series of ransomware incidents affecting the healthcare sector last year, including one in which every single household in the Scottish region of Dumfries and Galloway received a letter warning residents that their data was ...
5 days ago Therecord.media LockBit

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials - Unofficial Patch - While security researchers are withholding specific exploitation details until Microsoft releases an official patch, they confirm the vulnerability allows for credential theft through malicious file interaction. Additionally, the ...
5 days ago Cybersecuritynews.com CVE-2025-21377

SectopRAT as Weaponized Cloudflare Turnstile Challenge Attacks Windows Users - The final stage delivers the full SectopRAT payload, which establishes a connection to attacker servers and begins monitoring user activity, capturing keystrokes, and exfiltrating valuable data including stored credentials, financial information, and ...
5 days ago Cybersecuritynews.com

Oracle customers confirm data stolen in alleged cloud breach is valid - Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor ...
5 days ago Bleepingcomputer.com

Russia arrests three for allegedly creating Mamont malware, tied to over 300 cybercrimes | The Record from Recorded Future News - Russian authorities have arrested three individuals suspected of developing the Mamont malware, a recently identified banking trojan targeting Android devices. Screenshot from a Russian Ministry of Internal Affairs video reportedly showing a raid on ...
4 days ago Therecord.media

New Windows zero-day leaks NTLM hashes, gets unofficial patch - In recent months, 0patch has reported three other zero-day vulnerabilities that Microsoft patched or has yet to address, including a Windows Theme bug (patched as CVE-2025-21308), a Mark of the Web bypass on Server 2012 (still a zero-day without an ...
6 days ago Bleepingcomputer.com CVE-2025-21308

New IOCONTROL Malware Attacking Critical Infrastructure to Gain Remote Access and Control - Initial attacks leveraged compromised credentials—part of a broader 33% year-over-year surge in credential theft—to infiltrate critical systems, enabling threat actors to establish persistent remote access, manipulate industrial processes, and ...
5 days ago Cybersecuritynews.com

Two Serbian journalists reportedly targeted with Pegasus spyware | The Record from Recorded Future News - In November 2023, Amnesty International and other digital freedom groups diagnosed a zero-click spyware attack on two Serbian civil society members on the eve of national elections. The text message sent to one of the journalists targeted last month ...
4 days ago Therecord.media

North Korean Kimsuky Hackers New Tactics & Malicious Scripts in Latest Attacks - The attack’s initial payload consists of four files: a heavily obfuscated VBScript (1.vbs), a PowerShell script (1.ps1), and two encoded text files (1.log and 2.log) that contain the actual malware components. Cyber Security News is a Dedicated ...
5 days ago Cybersecuritynews.com Kimsuky

New NPM Attack Infecting Local Packages With Cleverly Hidden Malicious Payload - These packages act as downloaders, injecting malicious code into locally installed versions of the legitimate ethers package, ultimately creating a reverse shell on the victim’s machine. The threat actor may have been attempting to ...
5 days ago Cybersecuritynews.com

YouTube Creators Under Attack via Brand Collaborators Requests Using Clickflix Technique - Cybercriminals initiate contact via email or social media, posing as marketing representatives from established brands offering lucrative deals that require the creator to review “campaign materials” hosted on compromised domains or cloud ...
5 days ago Cybersecuritynews.com

Microsoft: New Windows scheduled task will launch Office apps faster - "We are introducing a new Startup Boost task from the Microsoft Office installer to optimize performance and load-time of experiences within Office applications," Microsoft says on the Microsoft 365 message center. However, Microsoft says this ...
4 days ago Bleepingcomputer.com

Broadcom warns of authentication bypass in VMware Windows Tools - For instance, in November, Broadcom warned that attackers were exploiting two VMware vCenter Server vulnerabilities: a privilege escalation to root (CVE-2024-38813) and a critical remote code execution flaw (CVE-2024-38812) identified during China's ...
6 days ago Bleepingcomputer.com CVE-2024-38813

Windows 11 update breaks Veeam recovery, causes connection errors - As a temporary workaround, while Microsoft and Veeam are currently investigating this known issue and looking for a fix, users impacted by this issue are advised to recover their computer or data using Veeam Recovery Media generated from a ...
5 days ago Bleepingcomputer.com

New Sophisticated Malware CoffeeLoader Bypasses Endpoint Security to Deploy Rhadamanthys Shellcode - Cybersecurity researchers have uncovered a sophisticated new malware strain targeting macOS systems, dubbed “CoffeeLoader,” which employs advanced techniques to bypass endpoint security solutions and deliver Rhadamanthys shellcode ...
4 days ago Cybersecuritynews.com

Mozilla warns Windows users of critical Firefox sandbox escape flaw - In October, Mozilla also patched a zero-day vulnerability (CVE-2024-9680) in Firefox's animation timeline feature exploited by the Russian-based RomCom cybercrime group that let the attackers gain code execution in the web browser's sandbox. ...
4 days ago Bleepingcomputer.com CVE-2024-9680

Hackers Deliver Malware via Browser Extensions & Legitimate Tools to Bypass Security Controls - Quick Assist, a preinstalled Windows application designed for remote troubleshooting, requires victims to share a six-digit verification code with attackers posing as IT support personnel. Over the past six months, threat actors have refined ...
6 days ago Cybersecuritynews.com

Windows 11 January 2025 Preview Update Disconnects Remote Desktop Sessions - Microsoft’s January 2025 Windows preview update (KB5050094) for Windows 11 version 24H2 has caused significant issues with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS). The policy, named “Windows 11 24H2 ...
4 days ago Cybersecuritynews.com

Ingress NGINX Remote Code Execution Vulnerability Let Attacker Takeover Cluster - It enables attackers to inject arbitrary NGINX configuration directives, potentially leading to remote code execution. It enables attackers to bypass validation checks and inject arbitrary NGINX configurations, potentially leading to remote code ...
6 days ago Cybersecuritynews.com CVE-2025-1974

Hackers Exploit Windows MMC Zero-Day Vulnerability to Execute Malicious Code - As the security community continues to analyze the full scope of the Water Gamayun campaign, users are urged to stay informed and take immediate action to protect their systems from this significant threat. The Cybersecurity and Infrastructure ...
6 days ago Cybersecuritynews.com CVE-2025-26633

RedCurl cyberspies create ransomware to encrypt Hyper-V servers - A threat actor named 'RedCurl,' known for stealthy corporate espionage operations since 2018, is now using a ransomware encryptor designed to target Hyper-V virtual machines. While most ransomware operations focus on targeting VMware ESXi servers, ...
5 days ago Bleepingcomputer.com

Linux Kernel 6.14 Officially Released, What's New - Linux kernel 6.14 is a significant update that not only boosts gaming performance and AI integration but also enhances security, stability, and hardware support. This release brings enhancements in gaming performance, AI hardware support, filesystem ...
6 days ago Cybersecuritynews.com

EncryptHub linked to zero-day attacks targeting Windows systems - In attacks spotted by Trend Micro's researchers before reporting the flaw to Microsoft, EncryptHub (also known as Water Gamayun or Larva-208) used CVE-2025-26633 zero-day exploits to execute malicious code and exfiltrate data from compromised ...
6 days ago Bleepingcomputer.com CVE-2025-26633