Cyber Security News

CastleLoader, a rapidly evolving loader discovered in 2025, has surged across underground networks by weaponizing Cloudflare-themed “Clickfix” phishing pages and doctored GitHub repositories to compromise Windows hosts. The malware masquerades as benign developer resources, browser updates, or meeting portals, luring unsuspecting users into copying a seemingly innocent PowerShell command that promises to “verify” or “repair” […]

The post New CastleLoader Attack Using Cloudflare-Themed Clickfix Technique to Infect Windows Computers appeared first on Cyber Security News.

A sophisticated Russian-aligned threat actor known as Hive0156 has intensified its cyber espionage campaigns against Ukrainian government and military organizations, deploying the notorious Remcos Remote Access Trojan through carefully crafted social engineering attacks. The group has demonstrated remarkable persistence in targeting Ukraine’s defense infrastructure throughout 2025, utilizing weaponized Microsoft LNK files and PowerShell scripts as […]

The post Hive0156 Hackers Attacking Government and Military Organizations to Deploy Remcos RAT appeared first on Cyber Security News.

Spoofed Microsoft SharePoint notifications have been a familiar lure for corporate users, but a wave of campaigns traced between March and July 2025 shows a sharp uptick in both volume and sophistication. The operators register look-alike domains such as “sharepoint-online-docs-secure[.]co” and “files-share-portal-m365[.]io,” then embed them in convincing e-mails that pass SPF and DKIM checks, slipping […]

The post Rise in Phishing Activity Using Spoofed SharePoint Domains With Sneaky2FA Techniques appeared first on Cyber Security News.

A major win against cybercrime happened this week, as authorities from around the world teamed up to take down key websites run by the BlackSuit ransomware gang. If you visit the group’s data leak site or their negotiation portal now, you’ll only see a large notice stating that the site has been seized by law […]

The post BlackSuit Ransomware’s Data Leak and Negotiation Portal Seized appeared first on Cyber Security News.

The Dropping Elephant advanced persistent threat group has launched a sophisticated cyber-espionage campaign targeting Turkish defense contractors, particularly companies manufacturing precision-guided missile systems. This malicious operation represents a significant evolution in the group’s capabilities, employing a complex five-stage execution chain that cleverly disguises malicious payloads as legitimate conference invitations related to unmanned vehicle systems. The […]

The post Elephant APT Group Attacking Defense Industry Leveraging VLC Player, and Encrypted Shellcode appeared first on Cyber Security News.

A malicious pull request slipped through Amazon’s review process and into version 1.84.0 of the Amazon Q extension for Visual Studio Code, briefly arming the popular AI assistant with instructions to wipe users’ local files and AWS resources. The rogue code discovered included a system prompt directing the agent to “restore the system to a […]

The post Hackers Injected Destructive System Commands in Amazon’s AI Coding Agent appeared first on Cyber Security News.

Two high-severity vulnerabilities in TP-Link VIGI network video recorder (NVR) systems could allow attackers to execute arbitrary commands on affected devices.  The security flaws, identified as CVE-2025-7723 and CVE-2025-7724, impact the VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 models, posing significant risks to surveillance infrastructure security. Key Takeaways1. Two serious vulnerabilities let attackers run commands […]

The post TP-Link Network Video Recorder Vulnerability Let Attackers Execute Arbitrary Commands appeared first on Cyber Security News.

A critical zero-day vulnerability in Microsoft SharePoint servers has become a playground for threat actors across the cybercriminal spectrum, with attacks ranging from opportunistic hackers to sophisticated nation-state groups since mid-July 2025. On July 19, 2025, Microsoft confirmed that vulnerabilities collectively known as “ToolShell” were being actively exploited in the wild. The exploit chain comprises […]

The post SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups appeared first on Cyber Security News.

The newly revealed LAMEHUG campaign signals a watershed moment for cyber-def: Russian state-aligned APT28 has fused a large language model (LLM) directly into live malware, allowing each infected host to receive tailor-made shell commands on the fly. By invoking the Qwen2.5-Coder-32B-Instruct model through Hugging Face’s public API, the attackers sidestep traditional static payload constraints and […]

The post First Known LLM-Powered Malware From APT28 Hackers Integrates AI Capabilities into Attack Methodology appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated malware campaign where threat actors are exploiting Hangul Word Processor (.hwp) documents to distribute the notorious RokRAT malware. This marks a significant shift from the malware’s traditional distribution method through malicious shortcut (LNK) files, demonstrating the evolving tactics of advanced persistent threat groups. The attack campaign utilizes carefully crafted […]

The post Threat Actors Weaponizing .hwp Files to Deliver RokRAT Malware appeared first on Cyber Security News.

The pro-Russian hacktivist group NoName057(16) has orchestrated a massive distributed denial-of-service campaign targeting over 3,700 unique hosts across thirteen months, according to new research published on July 22, 2025. The group, which emerged in March 2022 shortly after Russia’s full-scale invasion of Ukraine, has maintained an unprecedented operational tempo by launching attacks against an average […]

The post NoName057(16)’s Hackers Attacked 3,700 Unique Devices Over Last Thirteen Months appeared first on Cyber Security News.

CitrixBleed 2 (CVE-2025-5777) erupted in 2025 when researchers uncovered an out-of-bounds read in Citrix NetScaler ADC and Gateway that lets an unauthenticated request siphon memory straight from the appliance. The flaw is triggered by a malformed POST sent to /p/u/doAuthentication.do, leaking session cookies, MFA tokens, and even plaintext passwords to anyone who asks—no exploit chain […]

The post Splunk Details on How to Detect, Mitigate and Respond to CitrixBleed 2 Attack appeared first on Cyber Security News.

WhoFi surfaced last on the public repository ArXiv, stunning security teams with a proof-of-concept that turns ordinary 2.4 GHz routers into covert biometric scanners. Unlike camera-based systems, this neural pipeline fingerprints the unique way a body distorts Wi-Fi channel state information (CSI), letting an attacker identify someone from the opposite side of a plaster wall, […]

The post New AI-Powered Wi-Fi Biometrics WhoFi Tracks Humans Behind Walls with 95.5% Accuracy appeared first on Cyber Security News.

Researchers have developed a new Metasploit exploit module targeting critical zero-day vulnerabilities in Microsoft SharePoint Server that are being actively exploited in the wild.  The module, designated as pull request #20409 in the Metasploit Framework repository, addresses CVE-2025-53770 and CVE-2025-53771, which enable unauthenticated remote code execution (RCE) attacks against vulnerable SharePoint installations. Key Takeaways1. SharePoint […]

The post Metasploit Module Released For Actively Exploited SharePoint 0-Day Vulnerabilities appeared first on Cyber Security News.

Threat researchers are warning of twin Chinese-nexus espionage operations—“Operation Chat” and “Operation PhantomPrayers”—that erupted in the weeks preceding the Dalai Lama’s 90th birthday, exploiting heightened traffic to Tibetan-themed websites to seed Windows hosts with sophisticated backdoors. By compromising a legitimate greeting page and quietly swapping its hyperlink, attackers funneled visitors to look-alike domains under niccenter[.]net, […]

The post Chinese Hackers Attacking Windows Systems in Targeted Campaign to Deploy Ghost RAT and PhantomNet Malwares appeared first on Cyber Security News.

GitLab has released critical security patches addressing multiple vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with versions 18.2.1, 18.1.3, and 18.0.5 now available for immediate deployment.  The release includes fixes for six distinct security vulnerabilities, including two high-severity cross-site scripting (XSS) issues that pose significant risks to Kubernetes proxy functionality.  Key […]

The post GitLab Security Update – Patch for Multiple Vulnerabilities in Community and Enterprise Edition appeared first on Cyber Security News.

Cybercriminals have evolved their social engineering tactics with a sophisticated malware campaign that exploits users’ trust in financial institutions. The latest threat involves a malicious LNK file masquerading as a credit card security email authentication popup, specifically targeting unsuspecting users through deceptive filename conventions like card_detail_20250610.html.lnk. This attack represents a concerning shift in malware distribution […]

The post Weaponized LNK File Disguised as Credit Card Security Email Steals User Data appeared first on Cyber Security News.

The brief lull following May’s multinational takedown of the Lumma Stealer infrastructure proved deceptive. Within weeks, telemetry again lit up with fresh command-and-control (C2) beacons, revealing that the information-stealing malware had swapped overt marketplace promotion for quieter channels while expanding its victim base. In its new incarnation, Lumma is most often packaged inside counterfeit installers […]

The post Lumma Stealer Via Fake Cracked Software Steals Login Credentials and Private Files appeared first on Cyber Security News.

An investigation led by the French Police and Paris Prosecutor, in close cooperation with their Ukrainian counterparts and Europol, has resulted in the arrest of the suspected administrator of xss[.]is, one of the world’s most influential Russian-speaking cybercrime platforms. The forum, which had more than 50,000 registered users, served as a key marketplace for stolen […]

The post Key Administrator of World’s Most Popular XSS Dark Web Cybercrime Platform Arrested appeared first on Cyber Security News.

A fresh strain of the long-running macOS.ZuRu family has surfaced, hiding inside a doctored of the popular Termius SSH client and quietly turning developer workstations into remote footholds. First seen in late May 2025, the 248 MB rogue disk image looks and behaves like the genuine installer but stealthily inserts a 25 MB Mach-O binary […]

The post New ZuRu Malware Variant Weaponizes Termius SSH Client to Attack macOS Users appeared first on Cyber Security News.