Tag: thehackersnews

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads Cybersecurity researchers have flagged a new phishing campaign that’s using fake voicemails and purchase orders to deliver a malware loader called UpCrypter. The campaign leverages “carefully crafted emails to deliver malicious URLs linked to convincing phishing pages,” Fortinet FortiGuard Labs researcher Cara Lin…

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its creator. “On the first successful login, the package sends the target IP address, username, and…

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets Cybersecurity researchers are calling attention to multiple campaigns that leverage known security vulnerabilities and expose Redis servers to various malicious activities, including leveraging the compromised devices as IoT botnets, residential proxies, or cryptocurrency mining infrastructure. The first set of attacks entails the exploitation of CVE-2024-36401…

Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage Cybersecurity researchers are calling attention to malicious activity orchestrated by a China-nexus cyber espionage group known as Murky Panda that involves abusing trusted relationships in the cloud to breach enterprise networks. “The adversary has also shown considerable ability to quickly weaponize N-day and…

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell. The “Linux-specific malware infection chain that starts with a spam email with a malicious RAR archive file,” Trellix researcher Sagar Bade said in a…

INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown INTERPOL on Friday announced that authorities from 18 countries across Africa have arrested 1,209 cybercriminals who targeted 88,000 victims. “The crackdown recovered $97.4 million and dismantled 11,432 malicious infrastructures, underscoring the global reach of cybercrime and the urgent need for cross-border cooperation,” the agency…

Automation Is Redefining Pentest Delivery Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn’t kept pace. Most organizations still rely on traditional reporting methods—static PDFs, emailed documents, and spreadsheet-based tracking. The problem? These outdated…

Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that’s being used to deliver via email spam campaigns an array of next-stage payloads ranging from information stealers to remote access trojans since November 2024. Some of the notable malware…

Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025 As security professionals, it’s easy to get caught up in a race to counter the latest advanced adversary techniques. Yet the most impactful attacks often aren’t from cutting-edge exploits, but from cracked credentials and compromised accounts. Despite widespread awareness of this threat vector,…

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that employs fake CAPTCHA pages as lures…

Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of vulnerabilities, identified in Commvault versions before 11.36.60, is as follows – CVE-2025-57788 (CVSS score: 6.9) – A vulnerability in…

Ex-Developer Jailed Four Years for Sabotaging Ohio Employer with Kill-Switch Malware A 55-year-old Chinese national has been sentenced to four years in prison and three years of supervised release for sabotaging his former employer’s network with custom malware and deploying a kill switch that locked out employees when his account was disabled. Davis Lu, 55,…

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage A Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in Cisco IOS and Cisco IOS XE software as a means to establish persistent access to target networks. Cisco Talos, which disclosed details of the…

🕵️ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do Do you know how many AI agents are running inside your business right now? If the answer is “not sure,” you’re not alone—and that’s exactly the concern. Across industries, AI agents are being set up every day. Sometimes by IT, but…

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card details under certain conditions. The technique has been dubbed Document Object Model (DOM)-based…

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300, resides in the ImageIO framework that could result…

Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative artificial intelligence (GenAI) model into carrying out intended actions by embedding the malicious instruction inside a fake CAPTCHA check on a web page. Described by…

U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback The U.K. government has apparently abandoned its plans to force Apple to weaken encryption protections and include a backdoor that would have enabled access to the protected data of U.S. citizens. U.S. Director of National Intelligence (DNI) Tulsi Gabbard, in a statement posted…

Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft. The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass authentication and achieve remote…

New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access trojan called GodRAT. The malicious activity involves the “distribution of malicious .SCR (screen saver) files disguised as financial documents via Skype messenger,”…

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper. But in an unusual twist, the unknown attackers have been observed patching the exploited vulnerability after securing initial…

DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet called RapperBot. Ethan Foltz of Eugene, Oregon, has been identified as the administrator of the service, the U.S. Department of Justice (DoJ)…

Wazuh for Regulatory Compliance Organizations handling various forms of sensitive data or personally identifiable information (PII) require adherence to regulatory compliance standards and frameworks. These compliance standards also apply to organizations operating in regulated sectors such as healthcare, finance, government contracting, or education. Some of these standards and frameworks include, but are not limited to:…

Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution. The package, named termncolor, realizes its nefarious functionality through a dependency package…

⚡ Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More Power doesn’t just disappear in one big breach. It slips away in the small stuff—a patch that’s missed, a setting that’s wrong, a system no one is watching. Security usually doesn’t fail all at once; it breaks slowly, then suddenly. Staying safe…

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware Cybersecurity researchers have lifted the lid on the threat actors’ exploitation of a now-patched security flaw in Microsoft Windows to deploy the PipeMagic malware in RansomExx ransomware attacks. The attacks involve the exploitation of CVE-2025-29824, a privilege escalation vulnerability impacting the Windows Common Log File System…

Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information stealer in attacks aimed at enterprises located in the U.S., Europe, Baltic countries, and the Asia-Pacific (APAC) region. “The Noodlophile campaign, active for over a year,…

ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure Cybersecurity researchers have detailed the inner workings of an Android banking trojan called ERMAC 3.0, uncovering serious shortcomings in the operators’ infrastructure. “The newly uncovered version 3.0 reveals a significant evolution of the malware, expanding its form injection and data theft capabilities to target…

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware The threat actor known as EncryptHub is continuing to exploit a now-patched security flaw impacting Microsoft Windows to deliver malicious payloads. Trustwave SpiderLabs said it recently observed an EncryptHub campaign that brings together social engineering and the exploitation of a vulnerability in the…

Zero Trust + AI: Privacy in the Age of Agentic AI We used to think of privacy as a perimeter problem: about walls and locks, permissions, and policies. But in a world where artificial agents are becoming autonomous actors — interacting with data, systems, and humans without constant oversight — privacy is no longer about…

U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Thursday renewed sanctions against Russian cryptocurrency exchange platform Garantex for facilitating ransomware actors and other cybercriminals by processing more than $100 million in transactions linked to illicit activities since 2019.…

Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools A Chinese-speaking advanced persistent threat (APT) actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term access within high-value victim environments. The activity has been attributed by Cisco Talos to an activity…

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow an attacker to execute arbitrary code on affected systems. The vulnerability, assigned the CVE identifier CVE-2025-20265 (CVSS score: 10.0), affects the RADIUS…

Simple Steps for Attack Surface Reduction Story teaser text: Cybersecurity leaders face mounting pressure to stop attacks before they start, and the best defense may come down to the settings you choose on day one. In this piece, Yuriy Tsibere explores how default policies like deny-by-default, MFA enforcement, and application Ringfencing ™ can eliminate entire…

New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication (NFC) to conduct relay attacks for facilitating fraudulent transactions in attacks targeting banking customers in Brazil. “PhantomCard relays NFC data from a victim’s banking card to…

Have You Turned Off Your Virtual Oven? You check that the windows are shut before leaving home. Return to the kitchen to verify that the oven and stove were definitely turned off. Maybe even circle back again to confirm the front door was properly closed. These automatic safety checks give you peace of mind because…

Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon’s Reach to Linux and macOS Japan’s CERT coordination center (JPCERT/CC) on Thursday revealed it observed incidents that involved the use of a command-and-control (C2) framework called CrossC2, which is designed to extend the functionality of Cobalt Strike to other platforms like Linux and Apple macOS for…

New HTTP/2 ‘MadeYouReset’ Vulnerability Enables Large-Scale DoS Attacks Multiple HTTP/2 implementations have been found susceptible to a new attack technique called MadeYouReset that could be explored to conduct powerful denial-of-service (DoS) attacks. “MadeYouReset bypasses the typical server-imposed limit of 100 concurrent HTTP/2 requests per TCP connection from a client. This limit is intended to mitigate…

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0. “An improper neutralization of special elements…

Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.  The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case…

New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks Cybersecurity researchers have discovered a new malvertising campaign that’s designed to infect victims with a multi-stage malware framework called PS1Bot. “PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems, including information theft, keylogging,…

CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.  N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers…

AI SOC 101: Key Capabilities Security Leaders Need to Know Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what turns out to be false positives, or switching between half a dozen tools to piece together context. The work…

Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses An ongoing data extortion campaign targeting Salesforce customers may soon turn its attention to financial services and technology service providers, as ShinyHunters and Scattered Spider appear to be working hand in hand, new findings show. “This latest wave of ShinyHunters-attributed attacks reveals a…

Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager Cybersecurity researchers are warning of a “significant spike” in brute-force traffic aimed at Fortinet SSL VPN devices. The coordinated activity, per threat intelligence firm GreyNoise, was observed on August 3, 2025, with over 780 unique IP addresses participating in the effort. As…

Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident. More troubling is the fact that other images have been built on top of…

Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those of advanced persistent threat (APT)…

New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks A previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage campaign designed to facilitate long-term access to target networks. “They repeatedly tried to extract the NTDS database from domain controllers…

6 Lessons Learned: Focusing Security Where Business Value Lives The Evolution of Exposure Management Most security teams have a good sense of what’s critical in their environment. What’s harder to pin down is what’s business-critical. These are the assets that support the processes the business can’t function without. They’re not always the loudest or most…

⚡ Weekly Recap: BadCam Attack, WinRAR 0-Day, EDR Killer, NVIDIA Flaws, Ransomware Attacks & More This week, cyber attackers are moving quickly, and businesses need to stay alert. They’re finding new weaknesses in popular software and coming up with clever ways to get around security. Even one unpatched flaw could let attackers in, leading to…

Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology (OT) networks. The vulnerability in question is CVE-2025-32433…

New TETRA Radio Encryption Flaws Expose Law Enforcement Communications Cybersecurity researchers have discovered a fresh set of security issues in the Terrestrial Trunked Radio (TETRA) communications protocol, including in its proprietary end-to-end encryption (E2EE) mechanism that exposes the system to replay and brute-force attacks, and even decrypt encrypted traffic. Details of the vulnerabilities – dubbed…

New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious botnet and use it to conduct powerful distributed denial-of-service (DDoS) attacks. The approach has been codenamed Win-DDoS by…

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability. Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that…

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation Cybersecurity researchers have presented new findings related to a now-patched security issue in Microsoft’s Windows Remote Procedure Call (RPC) communication protocol that could be abused by an attacker to conduct spoofing attacks and impersonate a known server. The vulnerability, tracked as CVE-2025-49760 (CVSS…

Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and produce illicit instructions. Generative artificial intelligence (AI) security platform NeuralTrust said it combined a known technique called Echo…

Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices. “This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system,” Eclypsium researchers Paul Asadoorian, Mickey Shkatov, and Jesse…

GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate popular cryptocurrency wallets and steal more than $1 million in digital assets. The published browser add-ons masquerade as MetaMask, TronLink, Exodus, and Rabby…

RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users and likely resell them on dark web forums like…

Leaked Credentials Up 160%: What Attackers Are Doing With Them When an organization’s credentials are leaked, the immediate consequences are rarely visible—but the long-term impact is far-reaching. Far from the cloak-and-dagger tactics seen in fiction, many real-world cyber breaches begin with something deceptively simple: a username and password. According to Verizon’s 2025 Data Breach Investigations…

AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims Cybersecurity researchers are drawing attention to a new campaign that’s using legitimate generative artificial intelligence (AI)-powered website building tools like DeepSite AI and BlackBox AI to create replica phishing pages mimicking Brazilian government agencies as part of a financially motivated campaign.…

CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully exploited, can allow remote attackers to crack open corporate identity systems and extract enterprise secrets and tokens from them.  The 14 vulnerabilities, collectively named Vault Fault,…

Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need Python is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn’t write. But in 2025, that trust comes with a serious risk. Every few weeks, we’re seeing fresh headlines…

SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content. “The core of their operation is a sophisticated Malware-as-a-Service (MaaS) model,…

The AI-Powered Security Shift: What 2025 Is Teaching Us About Cloud Defense Now that we are well into 2025, cloud attacks are evolving faster than ever and artificial intelligence (AI) is both a weapon and a shield. As AI rapidly changes how enterprises innovate, security teams are now tasked with a triple burden: Secure AI…

Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems. “At runtime the code silently spawns a shell, pulls a second-stage payload from an…

Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions. The vulnerability, tracked as CVE-2025-53786, carries a CVSS score of 8.0. Dirk-jan Mollema with Outsider…

Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild. The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have been…

Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools Microsoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort to advance malware detection efforts. The large language model (LLM)-powered autonomous malware classification system, currently a prototype, has been codenamed Project Ire by…

AI Slashes Workloads for vCISOs by 68% as SMBs Demand More – New Report Reveals As the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical for businesses of all sizes. To address this shift, SMBs have been urgently turning to vCISO services to keep up with escalating threats and compliance…

Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google’s official app storefronts under the guise of seemingly useful applications. These apps masquerade as VPNs, device…

Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft Cybersecurity researchers have demonstrated an “end-to-end privilege escalation chain” in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment. The attack technique has been codenamed ECScape by…

Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor Cursor that could result in remote code execution. The vulnerability, tracked as CVE-2025-54136 (CVSS score: 7.2), has been codenamed MCPoison by Check Point Research, owing to…

Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild. The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed…

ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections A combination of propagation methods, narrative sophistication, and evasion techniques enabled the social engineering tactic known as ClickFix to take off the way it did over the past year, according to new findings from Guardio Labs. “Like a real-world virus variant, this new ‘ClickFix’ strain quickly…

CISA Adds 3 D-Link Router Flaws to KEV Catalog After Active Exploitation Reports The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The high-severity vulnerabilities, which are from 2020 and…

AI Is Transforming Cybersecurity Adversarial Testing – Pentera Founder’s Vision When Technology Resets the Playing Field In 2015 I founded a cybersecurity testing software company with the belief that automated penetration testing was not only possible, but necessary. At the time, the idea was often met with skepticism, but today, with 1200+ of enterprise customers…

Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally Cybersecurity researchers are calling attention to a new wave of campaigns distributing a Python-based information stealer called PXA Stealer. The malicious activity has been assessed to be the work of Vietnamese-speaking cybercriminals who monetize the stolen data through a subscription-based underground ecosystem…

NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers A newly disclosed set of security flaws in NVIDIA’s Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers. “When chained together, these flaws can potentially allow…

SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported SonicWall said it’s actively investigating reports to determine if there is a new zero-day vulnerability following reports of a spike in Akira ransomware actors in late July 2025. “Over the past 72 hours, there has been a notable increase in both internally and externally…

Man-in-the-Middle Attack Prevention Guide Some of the most devastating cyberattacks don’t rely on brute force, but instead succeed through stealth. These quiet intrusions often go unnoticed until long after the attacker has disappeared. Among the most insidious are man-in-the-middle (MITM) attacks, where criminals exploit weaknesses in communication protocols to silently position themselves between two unsuspecting…

⚡ Weekly Recap: VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More Malware isn’t just trying to hide anymore—it’s trying to belong. We’re seeing code that talks like us, logs like us, even documents itself like a helpful teammate. Some threats now look more like developer tools than exploits. Others borrow trust…

New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year. “The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access,”…

CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks. Palo Alto Networks Unit 42 said it observed multiple incidents in the region, including one aimed at critical telecommunications infrastructure between…

Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, that could result in remote code execution (RCE). The vulnerability, tracked as CVE-2025-54135 (CVSS score: 8.6), has been addressed in version 1.3 released…

Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025. “In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN…

AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer “advanced license validation and registry optimization utilities for high-performance Node.js applications.” It was uploaded to npm by…

Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part of account takeover attacks. “The fake Microsoft 365 applications impersonate various companies, including RingCentral, SharePoint, Adobe,…

You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them Just as triathletes know that peak performance requires more than expensive gear, cybersecurity teams are discovering that AI success depends less on the tools they deploy and more on the data that powers them The…

Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM) attack at the Internet Service Provider (ISP) level and delivering a custom malware dubbed…

N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto The North Korea-linked threat actor known as UNC4899 has been attributed to attacks targeting two different organizations by approaching their employees via LinkedIn and Telegram. “Under the guise of freelance opportunities for software development work, UNC4899 leveraged social engineering…

Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials Cybersecurity researchers have disclosed details of a new phishing campaign that conceals malicious payloads by abusing link wrapping services from Proofpoint and Intermedia to bypass defenses. “Link wrapping is designed by vendors like Proofpoint to protect users by routing all clicked URLs through…

UNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for Fraud The financially motivated threat actor known as UNC2891 has been observed targeting Automatic Teller Machine (ATM) infrastructure using a 4G-equipped Raspberry Pi as part of a covert attack. The cyber-physical attack involved the adversary leveraging their physical access to install the Raspberry…

AI-Driven Trends in Endpoint Security: What the 2025 Gartner® Magic Quadrant™ Reveals Cyber threats and attacks like ransomware continue to increase in volume and complexity with the endpoint typically being the most sought after and valued target. With the rapid expansion and adoption of AI, it is more critical than ever to ensure the endpoint…

FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files for free. “Because the ransomware is now considered dead, we released the decryptor for public download,” Gen Digital researcher Ladislav Zezula said. FunkSec, which…

Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called JSCEAL that can capture data from credentials and wallets. The activity leverages thousands of malicious advertisements posted on…

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect…

Product Walkthrough: A Look Inside Pillar’s AI Security Platform In this article, we will provide a brief overview of Pillar Security’s platform to better understand how they are tackling AI security challenges. Pillar Security is building a platform to cover the entire software development and deployment lifecycle with the goal of providing trust in AI…

Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices. “The flaws, affecting the device’s ONVIF protocol and file upload handlers, allow unauthenticated attackers…

How the Browser Became the Main Cyber Battleground Until recently, the cyber attacker methodology behind the biggest breaches of the last decade or so has been pretty consistent: Compromise an endpoint via software exploit, or social engineering a user to run malware on their device;  Find ways to move laterally inside the network and compromise…