Cyber Security News

The USB Army Knife is a versatile red-teaming tool for penetration testers that emulates a USB Ethernet adapter for traffic capture, enables custom attack interfaces, and functions as covert storage all in one compact device. This multi-functional firmware combines a variety of attack vectors into a single compact device, complete with a color LCD screen. […]

The post USB Army Knife – A Powerful Red Team Tool for Penetration Testers appeared first on Cyber Security News.

A sophisticated malware campaign dubbed “FinStealer” is actively targeting customers of a leading Indian bank through fraudulent mobile applications. The malware, identified as Trojan.rewardsteal/joxpk, employs advanced tactics to steal banking credentials and personal information from unsuspecting users. The malicious campaign operates through a suspicious website (motocharge[.]online) that distributes fake banking apps mimicking legitimate ones. CYFIRMA […]

The post FinStealer Malware Attacking Leading Indian Bank’s Mobile Users To Steal Login Credentials appeared first on Cyber Security News.

SEOUL, South Korea’s National Intelligence Service (NIS) has raised concerns over the Chinese AI app DeepSeek, accusing it of “excessively” collecting personal data and posing national security risks.  The NIS issued an advisory urging government agencies to adopt stringent security measures when dealing with the app, which has drawn scrutiny for its data handling practices […]

The post SouthKorea Spy Agency Says DeepSeek Excessively Collects Personal Data appeared first on Cyber Security News.

Eric Council Jr., a 25-year-old from Athens, Alabama, pleaded guilty on February 10, 2025, to charges stemming from the January 2024 hacking of the U.S. Securities and Exchange Commission’s (SEC) social media account on X (formerly Twitter).  The breach involved a fraudulent announcement that caused Bitcoin’s price to rise by more than $1,000 before dropping […]

The post Alabama Man Pleaded Guilty for Hacking U.S. Securities and Exchange Commission X Account appeared first on Cyber Security News.

January 2025 marked a significant month in the ransomware landscape, with Akira emerging as the leading threat. According to recent reports, Akira was responsible for 72 attacks globally, highlighting its rapid rise in prominence. This surge in activity is part of a broader trend where ransomware groups are becoming increasingly sophisticated in their tactics and […]

The post Akira Ransomware Leads The Number of Ransomware Attacks For January 2025 appeared first on Cyber Security News.

Progress has disclosed multiple critical security vulnerabilities affecting its LoadMaster product line, including the Multi-Tenant (MT) hypervisor.  These vulnerabilities, identified as CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, CVE-2024-56134, and CVE-2024-56135, allow attackers to execute arbitrary system commands or access sensitive files.  While no exploitation reports have surfaced, customers are strongly urged to update their systems immediately to mitigate […]

The post Progress LoadMaster Security Vulnerability let Attackers Execute Arbitrary System Commands  appeared first on Cyber Security News.

Gcore, the global edge AI, cloud, network, and security solutions provider, today announced the findings of its Q3-Q4 2024 Radar report into DDoS attack trends. DDoS attacks have reached unprecedented scale and disruption in 2024, and businesses need to act fast to protect themselves from this evolving threat. The report reveals a significant escalation in […]

The post Gcore Radar Report Reveals 56% Year-on-year Increase in DDoS Attacks appeared first on Cyber Security News.

Evan Frederick Light, a 22-year-old from Lebanon, Indiana, has been sentenced to 20 years in federal prison for orchestrating a sophisticated cyber intrusion that led to the theft of over $37 million in cryptocurrency.  The sentencing took place on February 6, 2025, and was announced by the U.S. Attorney Alison J. Ramsdell for the District […]

The post High School Dropout Sentenced to 20 Years for $38M Retirement Fund Hack appeared first on Cyber Security News.

Researchers have shed light recently on the sophisticated tactics, techniques, and procedures (TTPs) employed by North Korean hackers. This comprehensive analysis, spanning nearly three years, focuses on targeted digital threats against civil society organizations (CSOs) in South Korea. The research highlights the critical role of CSOs in identifying and mitigating these threats, leveraging direct engagement […]

The post Researchers Unveiled Tactics, Techniques, and Procedures Used by North Korean Hackers appeared first on Cyber Security News.

A recently discovered vulnerability in Ubuntu 22.04’s printing subsystem, specifically within the “ippusbxd” package, could have allowed attackers to execute arbitrary code on locked laptops. However, modern compiler features stepped in to mitigate the risk, preventing exploitation beyond a system crash. The vulnerability was identified during a code audit of the macOS printing subsystem, which […]

The post Ubuntu Printing Vulnerability Let Attackers Execute Arbitrary Code on Locked Laptops appeared first on Cyber Security News.

Apple has rolled out iOS 18.3.1 and iPadOS 18.3.1, addressing a Zero-day vulnerability exploited in targeted extremely sophisticated attacks by taking advantage of disabling the USB-restricted mode. Apple’s USB Restricted Mode is a security feature that prevents unauthorized access to data on an iOS device. It prevents USB accessories from connecting to a locked device after a […]

The post Apple 0-Day Vulnerability Exploited in “Extremely Sophisticated” Attacks in the Wild appeared first on Cyber Security News.

In a significant breakthrough against global cybercrime, Thai authorities announced today the arrest of four European nationals linked to the notorious 8Base ransomware group. The operation, codenamed “Phobos Aetor,” culminated in the seizure of the group’s dark web infrastructure and the apprehension of two men and two women accused of orchestrating ransomware attacks that affected […]

The post 8Base Ransomware Dark Web Site Seized, Four Operators Arrested appeared first on Cyber Security News.

A critical security vulnerability, CVE-2024-52875, has been identified in GFI KerioControl firewalls, affecting versions 9.2.5 through 9.4.5. This flaw, which can be exploited for remote code execution (RCE), has already drawn significant attention from cybercriminals, with thousands of unpatched systems worldwide now at risk. The vulnerability resides in several unauthenticated URI paths of the KerioControl […]

The post 12,000+ KerioControl Firewall Instances Vulnerable to 1-Click RCE Exploit appeared first on Cyber Security News.

Cybersecurity experts have observed a significant increase in the use of the NetSupport Remote Access Trojan (RAT) in recent months, a malicious tool that allows attackers to gain full control over compromised systems. This surge in activity has been linked to the “ClickFix” Initial Access Vector (IAV), a sophisticated social engineering technique that tricks users […]

The post NetSupport RAT Grant Attackers Full Access To Victims Systems appeared first on Cyber Security News.

A critical server-side request forgery (SSRF) vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to harvest user credentials and impersonate victims across multiple services, including Power Apps, Power Automate, Copilot Studio, and Copilot 365. The patched flaw posed severe risks to organizations relying on SharePoint for data management and collaboration. The vulnerability, if exploited, […]

The post Microsoft SharePoint Connector Vulnerability Let Attackers Steal User’s Credentials appeared first on Cyber Security News.

GitHub has unveiled a groundbreaking update to its AI-powered coding assistant, GitHub Copilot, with the introduction of Agent Mode.  This new feature, available in preview for Visual Studio Code (VS Code) Insiders, empowers developers to autonomously complete complex coding tasks by combining advanced AI capabilities with workflow automation.  Alongside this, GitHub announced the general availability […]

The post GitHub Copilot’s New Agent Mode Let Developers Autonomously Complete Coding Tasks appeared first on Cyber Security News.

A recent analysis of over 1 million malware samples unveiled a trend where adversaries increasingly exploit the Application Layer of the Open System Interconnection (OSI) model to conduct stealthy Command-and-Control (C2) operations.  By leveraging trusted Application Layer Protocols, attackers are embedding malicious activities within legitimate network traffic, making detection by traditional security measures challenging. The […]

The post 1M+ Malware Samples Analysis Reveal Application Layer Abused for Stealthy C2 appeared first on Cyber Security News.

With the release of DeepSeek-V3 on December 25, 2024, the number of LLMjacking attacks in the cybersecurity space has significantly increased. Within hours of its launch, malicious actors had compromised the model, integrating it into OpenAI Reverse Proxy (ORP) systems to exploit stolen credentials and monetize unauthorized access.  This rapid exploitation highlights the evolving sophistication […]

The post LLM Hijackers Gained Stolen Access to DeepSeek-V3 Model Very Next Day After Release appeared first on Cyber Security News.

QR codes have become an integral part of our digital lives, offering quick access to websites, services, and even payment systems. However, their widespread use has also made them a prime target for scammers. A new threat, known as “quishing,” involves using fake QR codes to redirect users to fraudulent websites, steal personal data, and […]

The post Quishing via QR Codes Emerging As a Top Attack Vector Used by Hackers appeared first on Cyber Security News.

In a significant shift in the ransomware landscape, payments to attackers have decreased by approximately 35% year-over-year. This decline is attributed to increased law enforcement actions, improved international collaboration, and a growing trend among victims to refuse ransom demands. Here below we have mentioned all the key developments in 2024:- Shifts in Ransomware Tactics As […]

The post Ransomware Payments Dropped By 35%, As Victims Refusing To Pay appeared first on Cyber Security News.