Cyber Security News

A financially motivated threat group dubbed Greedy Sponge has been systematically targeting Mexican financial institutions and organizations since 2021 with a heavily modified version of the AllaKore remote access trojan (RAT). The campaign represents a sophisticated evolution of cybercriminal tactics, combining traditional social engineering with advanced technical capabilities designed specifically for financial fraud operations. The […]

The post Greedy Sponge Hackers Attacking Financial Institutions With Modified Version of AllaKore RAT appeared first on Cyber Security News.

A sophisticated new phishing campaign has emerged, delivering the DeerStealer malware through weaponized .LNK shortcut files that exploit legitimate Windows binaries in a technique known as “Living off the Land” (LOLBin). The malware masquerades as a legitimate PDF document named “Report.lnk” while covertly executing a complex multi-stage attack chain that leverages mshta.exe, a legitimate Microsoft […]

The post DeerStealer Malware Delivered Via Weaponized .LNK Using LOLBin Tools appeared first on Cyber Security News.

A sophisticated supply chain attack has compromised several widely-used npm packages, including eslint-config-prettier and eslint-plugin-prettier, after threat actors successfully stole maintainer authentication tokens through a targeted phishing campaign. The attack leveraged a typosquatted domain, npnjs.com, designed to mimic the legitimate npmjs.org site and harvest developer credentials through convincing phishing emails. The malicious campaign represents a […]

The post Threat Actors Hijack Popular npm Packages to Steal The Project Maintainers’ npm Tokens appeared first on Cyber Security News.

A sophisticated phishing campaign has emerged targeting Node.js developers through a meticulously crafted attack that impersonates the official npm package registry. The malicious operation utilizes the typosquatted domain npnjs.com, substituting the letter “m” with “n” to create a nearly identical copy of the legitimate npmjs.com website. This attack demonstrates an alarming evolution in supply chain […]

The post Developers Beware of npm Phishing Email That Steal Your Login Credentials appeared first on Cyber Security News.

FortiGuard Labs has discovered a sophisticated new ransomware strain called NailaoLocker that represents a significant departure from conventional encryption malware. This Windows-targeting threat introduces the first documented use of China’s SM2 cryptographic standard in ransomware operations, marking a notable shift toward region-specific cryptographic implementations in cybercriminal activities. The malware’s name, derived from the Chinese word […]

The post NailaoLocker Ransomware Attacking Windows Systems Using Chinese SM2 Cryptographic Standard appeared first on Cyber Security News.

Cybercriminals have escalated their attack sophistication by utilizing legitimate cloud storage services to distribute advanced malware, as demonstrated in a recent campaign targeting a certified public accounting firm in the United States. The attack, discovered in May 2025, showcases how threat actors are exploiting trusted platforms like Zoho WorkDrive to bypass traditional security measures and […]

The post Threat Actors Leverage Zoho WorkDrive Folder to Deliver Obfuscated PureRAT Malware appeared first on Cyber Security News.

A critical configuration flaw in Microsoft’s AppLocker block list policy has been discovered, revealing how attackers could potentially bypass security restrictions through a subtle versioning error.  The issue centers on an incorrect MaximumFileVersion value that creates an exploitable gap in Microsoft’s application control framework, highlighting the importance of precise security policy implementation in enterprise environments. […]

The post Microsoft’s AppLocker Flaw Allows Malicious Apps to Run and Bypass Restrictions appeared first on Cyber Security News.

A single compromised password brought down KNP Logistics, putting 730 employees out of work and highlighting the devastating impact of cyber attacks on British businesses. One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work. KNP Logistics, a Northamptonshire […]

The post Weak Password Let Ransomware Gang Destroy 158-Year-Old Company appeared first on Cyber Security News.

A surveillance company has been detected exploiting a sophisticated SS7 bypass technique to track mobile phone users’ locations. The attack leverages previously unknown vulnerabilities in the TCAP (Transaction Capabilities Application Part) layer of SS7 networks to circumvent security protections implemented by mobile operators worldwide. Key Takeaways1. Malformed SS7 commands mask the IMSI to enable location […]

The post Surveillance Company Using SS7 Bypass Attack to Track the User’s Location Information appeared first on Cyber Security News.

The notorious Chinese-speaking cyberespionage group APT41 has expanded its operations into new territories, launching sophisticated attacks against government IT services across Africa using advanced Windows administration modules. This represents a significant geographical expansion for the group, which has previously concentrated its efforts on organizations across 42 countries in various sectors including telecommunications, energy, healthcare, and […]

The post APT41 Hackers Leveraging Atexec and WmiExec Windows Modules to Deploy Malware appeared first on Cyber Security News.

Dell Technologies has confirmed a security breach of its Customer Solution Centers platform by the World Leaks extortion group, marking another high-profile attack by the newly rebranded threat actor.  The incident, which occurred earlier this month, targeted Dell’s isolated product demonstration environment used for showcasing solutions to commercial customers.  Key Takeaways1. Dell data breach, synthetic […]

The post Dell Data Breach – Test Lab Platform Hacked by World Leaks Group appeared first on Cyber Security News.

CISA has issued an urgent warning about a critical zero-day remote code execution vulnerability affecting Microsoft SharePoint Server on-premises installations that threat actors are actively exploiting in the wild. The vulnerability, tracked as CVE-2025-53770, poses a significant security risk to organizations running SharePoint infrastructure and has prompted immediate action requirements from federal agencies, as well […]

The post CISA Warns of Microsoft SharePoint Server 0-Day RCE Vulnerability Exploited in Wild appeared first on Cyber Security News.

A critical remote code execution vulnerability has been discovered in Lighthouse Studio, one of the most widely deployed yet relatively unknown survey software platforms developed by Sawtooth Software. The flaw, designated CVE-2025-34300, affects the Perl CGI scripts that power web-based surveys, potentially exposing thousands of hosting servers to complete compromise by attackers who possess nothing […]

The post Lighthouse Studio RCE Vulnerability Let Attackers Gain Access to Hosting Servers appeared first on Cyber Security News.

A critical security vulnerability in Laravel’s Livewire framework has been discovered that could expose millions of web applications to remote code execution (RCE) attacks.  The flaw, designated as CVE-2025-54068, affects Livewire v3 versions from 3.0.0-beta.1 through 3.6.3, with a CVSS v4 score indicating high severity across confidentiality, integrity, and availability metrics.  The vulnerability originates from […]

The post Livewire Vulnerability Exposes Millions of Laravel Apps to Remote Code Execution Attacks appeared first on Cyber Security News.

A sophisticated new ransomware strain named KAWA4096 has emerged in the cybersecurity landscape, showcasing advanced evasion techniques and borrowing design elements from established threat actors. Named after the Japanese word for “river,” this malicious software first surfaced in June 2025 and has already claimed at least 11 victims across multiple regions, with the United States […]

The post New KAWA4096’s Ransomware Leverages Windows Management Instrumentation to Delete Shadow Copies appeared first on Cyber Security News.

India’s second-largest cryptocurrency exchange, CoinDCX, confirmed a sophisticated security breach on July 19, 2025, resulting in approximately $44.2 million being stolen from the platform. This incident marks another significant cyberattack on India’s crypto infrastructure, coming exactly one year after the devastating WazirX hack that cost investors $235 million. Key Takeaways1. CoinDCX lost $44.2 million to […]

The post CoinDCX Hacked – $44.2 million Wiped off From the Platform appeared first on Cyber Security News.

A critical vulnerability in Hewlett Packard Enterprise (HPE) Aruba Networking Instant On Access Points could allow attackers to bypass device authentication mechanisms completely.  The vulnerability, tracked as CVE-2025-37103, stems from hardcoded login credentials embedded within the devices’ software, presenting a severe security risk with a maximum CVSS score of 9.8.  Key Takeaways1. HPE Aruba Access […]

The post HPE Warns of Aruba Hardcoded Credentials Allowing Attackers to Bypass Device Authentication appeared first on Cyber Security News.

Microsoft has issued an urgent security advisory addressing critical zero-day vulnerabilities in on-premises SharePoint Server that attackers are actively exploiting.  The vulnerabilities, assigned as CVE-2025-53770 and CVE-2025-53771, pose immediate risks to organizations running SharePoint infrastructure and require immediate remediation. Key Takeaways1. Active zero-day attacks targeting on-premises SharePoint servers via CVE-2025-53770 and CVE-2025-53771.2. Apply security updates […]

The post Microsoft Released Emergency Security Update to Patch Critical SharePoint 0-Day Vulnerability appeared first on Cyber Security News.

A critical memory corruption vulnerability in the popular file archiver 7-Zip has been discovered that allows attackers to trigger denial of service conditions by crafting malicious RAR5 archive files. The vulnerability, tracked as CVE-2025-53816 and designated GHSL-2025-058, affects all versions of 7-Zip prior to version 25.00. Security researcher Jaroslav Lobačevski discovered the vulnerability from GitHub […]

The post New 7-Zip Vulnerability Enables Malicious RAR5 File to Crash Your System appeared first on Cyber Security News.

It’s been a busy seven days for security alerts. Google is addressing another actively exploited zero-day in Chrome, and VMware has rolled out key patches for its own set of vulnerabilities. We’ll also break down the methods behind a new FortiWeb hack and discuss the rising trend of attackers abusing Microsoft Teams for their campaigns. […]

The post Weekly Cybersecurity Newsletter: Chrome 0-Day, VMware Flaws Patched, Fortiweb Hack, Teams Abuse, and More appeared first on Cyber Security News.