Cyber Security News

A new wave of cyberattacks targeting organizations using SonicWall firewalls has been actively deploying Akira ransomware since late July 2025. Security researchers at Arctic Wolf Labs detected a surge in this activity, which remains ongoing. Threat actors are gaining initial access through malicious SSL VPN logins, successfully bypassing multi-factor authentication (MFA), and then rapidly moving […]

The post Threat Actors Exploiting SonicWall Firewalls to Deploy Akira Ransomware Using Malicious Logins appeared first on Cyber Security News.

The cybersecurity landscape continues to evolve as three of the most notorious English-speaking cybercrime groups—LAPSUS$, Scattered Spider, and ShinyHunters—have been found to share significant operational connections, tactical overlaps, and direct collaboration since 2023. These relationships have created what security experts now describe as a highly adaptive cybercrime ecosystem that poses an advanced persistent threat to […]

The post Researchers Uncovered Connections Between LAPSUS$, Scattered Spider, and ShinyHunters Hacker Groups appeared first on Cyber Security News.

LummaStealer has emerged as one of the most prolific information-stealing malware families in recent years, targeting victims across multiple industry verticals including telecommunications, healthcare, banking, and marketing. The sophisticated malware gained widespread notoriety in early 2025 when cybercriminals extensively deployed it in coordinated campaigns worldwide. Although law enforcement operations in May 2025 temporarily disrupted its […]

The post LummaStealer Technical Details Uncovered Using ML-Based Detection Approach appeared first on Cyber Security News.

A 17-year-old suspect who surrendered over his alleged role in the 2023 cyberattacks against two major Las Vegas casino operators was released to his parents under strict supervision.  During his initial hearing before Family Court Judge Dee Smart Butler in Las Vegas, the teenager originally from the Chicago area was ordered to remain in Clark […]

The post 17-year-old Hacker Responsible for Vegas Casinos Hack has Been Released appeared first on Cyber Security News.

A sophisticated new threat has emerged in the cybersecurity landscape that represents a significant evolution in malware development. The LAMEHUG malware family, first identified by CERT-UA in July 2025, marks a concerning advancement in cyber attack methodology by integrating artificial intelligence directly into its operational framework. Unlike traditional malware that relies on static, pre-programmed instructions, […]

The post LLM-Based LAMEHUG Malware Dynamically Generate Commands for Reconnaissance and Data Theft appeared first on Cyber Security News.

GitLab has disclosed multiple high-severity Denial-of-Service (DoS) vulnerabilities that could allow unauthenticated attackers to crash self-managed GitLab instances.  These flaws impact Community Edition (CE) and Enterprise Edition (EE) versions prior to 18.4.1, 18.3.3, and 18.2.7, and exploit both HTTP endpoints and GraphQL APIs.  Administrators must upgrade immediately to prevent service interruptions and potential data loss. […]

The post GitLab High-Severity Vulnerabilities Let Attackers Crash Instances appeared first on Cyber Security News.

A critical, perfect 10.0 CVSS score vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution was actively exploited as a zero-day at least a week before the company released a patch. The vulnerability, tracked as CVE-2025-10035, is a command injection flaw that allows for unauthenticated remote code execution. Security firm watchTowr reported credible evidence of […]

The post Fortra GoAnywhere Vulnerability Exploited as 0-Day Before Patch appeared first on Cyber Security News.

The macOS threat landscape has witnessed a significant escalation with the discovery of a new variant of the XCSSET malware targeting app developers. First observed in late September 2025, this variant builds upon earlier versions by introducing enhanced stealth techniques, expanded exfiltration capabilities, and robust persistence mechanisms. Attackers continue to leverage infected Xcode projects—the cornerstone […]

The post New Variant of The XCSSET Malware Attacking macOS App Developers appeared first on Cyber Security News.

The first-ever malicious Model-Context-Prompt (MCP) server discovered in the wild, a trojanized npm package named postmark-mcp that has been secretly exfiltrating sensitive data from users’ emails. The package, downloaded approximately 1,500 times per week, contained a backdoor that copied every email processed by the tool to a server controlled by the attacker. This incident highlights […]

The post First-Ever Malicious MCP Server Found in the Wild Steals Emails via AI Agents appeared first on Cyber Security News.

CISA has issued an Emergency Directive mandating immediate action to mitigate two critical zero-day vulnerabilities, CVE-2025-20333 and CVE-2025-20362, actively exploited against Cisco Adaptive Security Appliances (ASA) and select Firepower platforms.  The vulnerabilities allow unauthenticated remote code execution and privilege escalation, enabling advanced threat actors to modify read-only memory (ROM) for persistence through reboot and system upgrades.  Exploit Cisco ASA […]

The post CISA Warns of Cisco Firewall 0-Day Vulnerabilities Actively Exploited in the Wild appeared first on Cyber Security News.

In late 2024, a new wave of cyber espionage emerged targeting global telecommunications infrastructure. Operating under the moniker Salt Typhoon, this Chinese state-sponsored group has focused its efforts on routers, firewalls, VPN gateways, and lawful intercept systems within major telecom providers. By embedding bespoke firmware implants and leveraging living-off-the-land binaries, Salt Typhoon has achieved persistent […]

The post Chinese State-Sponsored Hackers Attacking Telecommunications Infrastructure to Harvest Sensitive Data appeared first on Cyber Security News.

Active Directory (AD) remains the foundation of authentication and authorization in Windows environments. Threat actors targeting the NTDS.dit database can harvest every domain credential, unlock lateral movement, and achieve full domain compromise.  Attackers leveraged native Windows utilities to dump and exfiltrate NTDS.dit, bypassing standard defenses.  The adversary in this case obtained DOMAIN ADMIN privileges via a […]

The post Hackers Compromise Active Directory to Steal NTDS.dit that Leads to Full Domain Compromise appeared first on Cyber Security News.

Cybercriminals have launched a sophisticated supply chain attack targeting cryptocurrency developers through malicious Rust crates designed to steal digital wallet keys. Two fraudulent packages, faster_log and async_println, have infiltrated the Rust package registry by impersonating the legitimate fast_log logging library, embedding malicious code that scans source files for Solana and Ethereum private keys before exfiltrating […]

The post New Malicious Rust Crates Impersonating fast_log to Steal Solana and Ethereum Wallet Keys appeared first on Cyber Security News.

Cisco warns of a Critical remote code execution flaw in web services across multiple Cisco platforms.  Tracked as CVE-2025-20363 (CWE-122), this vulnerability carries a CVSS 3.1 Base Score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) and impacts ASA, FTD, IOS, IOS XE, and IOS XR Software. Cisco Input Validation Flaw (CVE-2025-20363) The flaw stems from improper validation of user-supplied […]

The post Critical Cisco Vulnerability Let Remote Attackers Execute Arbitrary Code on Firewalls and Routers appeared first on Cyber Security News.

Cybersecurity authorities are urging organizations to take immediate action following the discovery of a sophisticated espionage campaign targeting Cisco Adaptive Security Appliance (ASA) firewalls. In a significant update, Cisco and the UK’s National Cyber Security Centre (NCSC) have revealed that a state-sponsored threat actor is exploiting a zero-day vulnerability (CVE-2025-20333) in Cisco ASA 5500-X series […]

The post Hackers Exploiting Cisco ASA Zero-Day to Deploy RayInitiator and LINE VIPER Malware appeared first on Cyber Security News.

Cisco has issued an emergency security advisory warning of active exploitation of a critical zero-day vulnerability in its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software platforms.  The vulnerability, tracked as CVE-2025-20333, carries a maximum CVSS score of 9.9 and enables authenticated remote attackers to execute arbitrary code with root […]

The post Cisco ASA 0-Day RCE Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.

In mid-2024, cybersecurity professionals began observing a surge of targeted intrusions against government, defense, and technology organizations worldwide. These incidents were linked to a previously uncharacterized threat group later christened RedNovember, which leverages open-source and commodity tools to deploy a stealthy Go-based backdoor. Initial compromises often stemmed from the exploitation of Internet-facing devices—including VPN appliances, […]

The post RedNovember Hackers Attacking Government and Technology Organizations to Deploy Backdoor appeared first on Cyber Security News.

Cybercriminals are increasingly turning to artificial intelligence to enhance their attack capabilities, as demonstrated in a sophisticated phishing campaign recently uncovered by security researchers. The campaign represents a significant evolution in malware obfuscation techniques, utilizing AI-generated code to disguise malicious payloads within seemingly legitimate business documents. This development marks a concerning shift in the threat […]

The post Hackers Leverage AI-Generated Code to Obfuscate Its Payload and Evade Traditional Defenses appeared first on Cyber Security News.

A sophisticated phishing campaign has emerged targeting maintainers of packages on the Python Package Index (PyPI), employing domain confusion tactics to steal authentication credentials from unsuspecting developers. The attack leverages fraudulent emails designed to mimic official PyPI communications, directing recipients to malicious domains that closely resemble the legitimate PyPI infrastructure. The phishing operation utilizes carefully […]

The post New Phishing Attack Targeting PyPI Maintainers to Steal Login Credentials appeared first on Cyber Security News.

Living Security, a global leader in Human Risk Management (HRM), today announced the full speaker lineup for the Human Risk Management Conference (HRMCon 2025), taking place October 20, 2025, at Austin’s Q2 Stadium and virtually worldwide. The announcement follows findings from the newly published 2025 State of Human Cyber Risk Report, produced by the Cyentia […]

The post Living Security Unveils HRMCon 2025 Speakers as Report Finds Firms Detect Just 19% of Human Risk appeared first on Cyber Security News.