Cyber Security News

A critical remote code execution vulnerability in Erlang/OTP’s SSH daemon has been actively exploited in the wild, with cybercriminals targeting operational technology networks across multiple industries. CVE-2025-32433, carrying the maximum CVSS score of 10.0, allows unauthenticated attackers to execute arbitrary commands on vulnerable systems by sending specially crafted SSH connection protocol messages to open SSH […]

The post Erlang/OTP SSH RCE Vulnerability Exploited in the Wild to Attack Across OT Networks appeared first on Cyber Security News.

UAC‑0099, a sophisticated threat actor group that has been active since at least 2022, continues to pose a significant cybersecurity threat through its evolving cyber-espionage campaigns targeting Ukrainian government agencies, military organizations, and defense-industrial entities. The group has demonstrated remarkable adaptability across three major operational phases spanning 2023 to 2025, systematically refining its toolkit while […]

The post UAC‑0099 Tactics, Techniques, Procedures and Attack Methods Unveiled appeared first on Cyber Security News.

Meta has introduced a groundbreaking feature that fundamentally transforms Instagram from a traditional photo-sharing platform into a comprehensive real-time location broadcasting system. The new “Map” functionality represents a significant architectural shift in social media design, enabling users to continuously transmit their whereabouts to selected contacts whenever they launch the application. Unlike conventional posting mechanisms where […]

The post Meta’s New Feature Transforms Instagram to a New Real-Time Location Broadcaster appeared first on Cyber Security News.

A sophisticated Visual Basic Script (VBS) malware dubbed “Silent Watcher” has emerged as a persistent threat targeting Windows systems, demonstrating advanced data exfiltration capabilities through Discord webhooks. This stealer, part of the Cmimai malware family, represents a concerning evolution in information-stealing tactics that leverage legitimate communication platforms to bypass traditional security measures. The malware operates […]

The post Silent Watcher Attacking Windows Systems and Exfiltrate Data Using Discord Webhook appeared first on Cyber Security News.

CastleLoader, a sophisticated malware loader that emerged in early 2025, has successfully compromised 469 devices out of 1,634 infection attempts since May 2025, achieving an alarming 28.7% infection rate. This versatile threat has primarily targeted U.S. government entities through advanced phishing campaigns that exploit user trust in legitimate platforms and services. The malware employs two […]

The post CastleLoader Malware Infected Over 400+ Devices Using Cloudflare-Themed ClickFix Phishing Attack appeared first on Cyber Security News.

In early August 2025, cybersecurity teams in Türkiye observed a new, highly evasive Java‐based loader that slipped past every public sandbox, antivirus solution, and even enterprise EDR/XDR platforms. This threat—codenamed SoupDealer—surfaced as a phishing campaign distributing a three‐stage loader via files such as TEKLIFALINACAKURUNLER.jar. Deployed through targeted spearphishing, the initial .jar file only unpacks its […]

The post SoupDealer Malware Bypasses Every Sandbox, AV’s and EDR/XDR in Real-World Incidents appeared first on Cyber Security News.

In recent weeks, a flurry of sponsored listings promising preorders for Tesla’s anticipated Optimus robots began appearing at the top of Google search results. These advertisements directed unsuspecting users to counterfeit microsites mimicking Tesla’s design, purporting to accept $250 “non-refundable” deposits for early access to the robotics platform. What seemed at first glance to be […]

The post Hackers Poison Google Paid Ads With Fake Tesla Websites to Deliver Malware appeared first on Cyber Security News.

A critical vulnerability was uncovered that transforms ordinary Linux-powered webcams into weaponized BadUSB attack tools, enabling remote hackers to inject malicious keystrokes and compromise target systems without detection.  The research, presented at DEF CON 2025, demonstrates the first known case where attackers can remotely weaponize USB devices already connected to computers, marking a significant evolution […]

The post Hackers Weaponized Linux Webcams as Attack Tools to Inject Keystrokes and Launch Attacks appeared first on Cyber Security News.

The cybersecurity landscape faces an unprecedented threat as artificial intelligence coding assistants inadvertently transform into reconnaissance tools for malicious actors. A recent investigation reveals how developers’ interactions with AI tools like Claude CLI and GitHub Copilot are creating comprehensive attack blueprints that eliminate the traditional barriers to sophisticated cyber intrusions. Modern AI coding assistants store […]

The post AI Coding Assistant Creating a Perfect Blueprints for Attackers appeared first on Cyber Security News.

In recent months, security researchers have observed a novel phishing campaign targeting macOS users under the guise of a CAPTCHA verification process. This attack, dubbed “ClickFix,” leverages a blend of social engineering and operating system detection to coax victims into executing malicious commands directly in their terminals. By mimicking legitimate Cloudflare-style checks, the malware avoids […]

The post ClickFix Malware Attacks macOS Users to Steal Login Credentials appeared first on Cyber Security News.

ClickFix has emerged as one of the most dangerous and rapidly growing cybersecurity threats of 2025, representing a sophisticated evolution in social engineering attacks. This deceptive technique has surged by an unprecedented 517% in the first half of 2025, becoming the second most common attack vector after phishing and accounting for nearly 8% of all […]

The post What is ClickFix Attack – How Hackers are Using it to Attack User Device With Malware appeared first on Cyber Security News.

Cary, United States, August 11th, 2025, CyberNewsWire Hands-on cybersecurity and IT training leader recognized for innovation in practical, work-ready education INE has been selected for Training Industry’s 2025 Top 20 Online Learning Library Companies list, recognizing the company’s leadership in cybersecurity training, cybersecurity certifications, and IT training that emphasizes hands-on, practical learning experiences. Training Industry evaluated […]

The post INE Named to Training Industry’s 2025 Top 20 Online Learning Library List appeared first on Cyber Security News.

A critical zero-day vulnerability has been identified in WinRAR that cybercriminals are actively exploiting through sophisticated phishing campaigns to distribute RomCom malware.  The flaw, designated as CVE-2025-8088, represents a significant security threat with a CVSS v3.1 score of 8.4, enabling attackers to execute arbitrary code on victims’ systems through malicious archive files. Key Takeaways1. WinRAR […]

The post WinRAR 0-Day in Phishing Attacks to Deploy RomCom Malware appeared first on Cyber Security News.

Researchers have compromised OpenAI’s latest GPT-5 model using sophisticated echo chamber and storytelling attack vectors, revealing critical vulnerabilities in the company’s most advanced AI system.  The breakthrough demonstrates how adversarial prompt engineering can bypass even the most robust safety mechanisms, raising serious concerns about enterprise deployment readiness and the effectiveness of current AI alignment strategies. […]

The post GPT-5 Jailbreaked With Echo Chamber and Storytelling Attacks appeared first on Cyber Security News.

A newly disclosed security vulnerability in the popular 7-Zip file compression software has raised significant concerns in the cybersecurity community. CVE-2025-55188, discovered and reported by security researcher Landon on August 9, 2025, allows attackers to perform arbitrary file writes during archive extraction, potentially leading to code execution on vulnerable systems. The vulnerability affects all versions […]

The post 7-Zip Arbitrary File Write Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

LAS VEGAS — At the DEF CON 33 security conference, researchers Yair and Shahak Morag of SafeBreach Labs unveiled a new class of denial-of-service (DoS) attacks, dubbed the “Win-DoS Epidemic.” The duo presented their findings, which include four new Windows DoS vulnerabilities and one zero-click distributed denial-of-service (DDoS) flaw. The discovered flaws, all of which […]

The post New ‘Win-DoS’ Zero-Click Vulnerabilities Turns Windows Server/Endpoint, Domain Controllers Into DDoS Botnet appeared first on Cyber Security News.

Tech giant Google has officially acknowledged a significant data breach affecting its corporate Salesforce database, with the company completing email notifications to affected users as of August 8, 2025. Google revealed on August 5 that one of its corporate Salesforce instances was compromised in June 2025 by the notorious cybercriminal group known as ShinyHunters, officially […]

The post Google Confirms Data Breach – Notifying Users Affected By the Cyberattack appeared first on Cyber Security News.

Darknet markets, operating beyond the reach of traditional payment processors and legal systems, rely on escrow systems to secure cryptocurrency transactions between buyers and vendors.  These systems, using multisignature wallets and automated release mechanisms, aim to ensure transaction security and facilitate dispute resolution. However, vulnerabilities in centralized dispute processes and the persistent threat of exit […]

The post Darknet Market Escrow Systems is Vulnerable to Administrator Exit Scams appeared first on Cyber Security News.

A critical vulnerability in OpenAI’s ChatGPT Connectors feature allows attackers to exfiltrate sensitive data from connected Google Drive accounts without any user interaction beyond the initial file sharing. The attack, dubbed “AgentFlayer,” represents a new class of zero-click exploits targeting AI-powered enterprise tools. The vulnerability was disclosed by cybersecurity researchers Michael Bargury from Zenity and […]

The post ChatGPT Connectors ‘0-click’ Vulnerability Let Attackers Exfiltrate Data From Google Drive appeared first on Cyber Security News.

A critical vulnerability in the Linux kernel, identified as CVE-2025-38236, has exposed a flaw that could allow attackers to escalate privileges from within the Chrome renderer sandbox on Linux systems.  Google Project Zero researcher Jann Horn discovered the bug affects Linux kernel versions 6.9 and above, stemming from the obscure MSG_OOB (out-of-band) feature in UNIX […]

The post New Linux Kernel Vulnerability Directly Exploited from Chrome Renderer Sandbox Via Rare Linux Socket Feature appeared first on Cyber Security News.