Cyber Security News

A malvertising campaign using sponsored results on Microsoft’s search platform delivered a weaponized PuTTY that established persistence, enabled hands-on keyboard control, and executed Kerberoasting to target Active Directory service accounts. According to an investigation published by LevelBlue’s MDR SOC and corroborated by independent research tracking Oyster/Broomstick backdoor activity tied to trojanized admin tools distributed via […]

The post Weaponized PuTTY Via Bing Ads Exploit Kerberos and Attack Active Directory Services appeared first on Cyber Security News.

Android droppers have evolved from niche installers for heavyweight banking Trojans into universal delivery frameworks, capable of deploying even rudimentary spyware or SMS stealers. Initially, droppers served banking malware families that required elevated Accessibility permissions to harvest credentials. These small applications appeared innocuous at first glance, often masquerading as utility or government apps in high-risk […]

The post Threat Actors Adapting Android Droppers Even to Deploy Simple Malware to Stay Future-Proof appeared first on Cyber Security News.

A stealthy espionage campaign emerged in early 2025 targeting diplomats and government entities in Southeast Asia and beyond. At the heart of this operation lies STATICPLUGIN, a downloader meticulously disguised as a legitimate Adobe plugin update. Victims encountered a captive portal hijack that redirected browsers to malicious domains, where an HTTPS-secured landing page prompted users […]

The post Chinese UNC6384 Hackers Leverages Valid Code Signing Certificates to Evade Detection appeared first on Cyber Security News.

CISA has issued a critical alert regarding three newly identified vulnerabilities being actively exploited by threat actors. On August 25, 2025, CISA added these high-risk Common Vulnerabilities and Exposures (CVEs) to its Known Exploited Vulnerabilities (KEV) Catalog, signaling immediate concern for federal agencies and private organizations alike. Key Takeaways1. CISA added two Citrix Session Recording […]

The post CISA Warns of Citrix RCE and Privilege Escalation Vulnerabilities Exploited in Attacks appeared first on Cyber Security News.

A massive coordinated scanning campaign targeting Microsoft Remote Desktop Protocol (RDP) services, with threat actors deploying over 30,000 unique IP addresses to probe for vulnerabilities in Microsoft RD Web Access and RDP Web Client authentication portals.  The campaign represents one of the largest coordinated RDP reconnaissance operations observed in recent years, signaling potential preparation for […]

The post Hackers Actively Scanning to Exploit Microsoft Remote Desktop Protocol Services From 30,000+ IPs appeared first on Cyber Security News.

A sophisticated campaign of cyber sabotage unfolded against Iran’s maritime communications infrastructure in late August 2025, cutting off dozens of vessels from vital satellite links and navigation aids. Rather than targeting each ship individually—a logistical nightmare across international waters—the attackers infiltrated Fanava Group, the IT provider responsible for satellite communications to Iran’s sanctioned tanker fleets. […]

The post Hackers Sabotage Iranian Ships Using Maritime Communications Terminals in Its MySQL Database appeared first on Cyber Security News.

Cybersecurity researchers have observed a surge in deceptive sites masquerading as YouTube video download services to deliver Proxyware malware in recent weeks. Victims seeking to grab videos in MP4 format are redirected through ad pages that sporadically present a download link for a seemingly legitimate utility called “WinMemoryCleaner.” Behind this innocuous facade, however, lies a […]

The post Proxyware Malware Mimic as YouTube Video Download Site Delivers Malicious Javascripts appeared first on Cyber Security News.

In recent weeks, cybersecurity investigators have uncovered a novel campaign in which hackers leverage seemingly benign potentially unwanted program (PUP) advertisements to deliver stealthy Windows malware. The lure typically begins with ads promoting free PDF tools or desktop assistants that redirect victims to spoofed download sites. Once users click through, a scheduled task silently retrieves […]

The post Hackers Using PUP Advertisements to Silently Drop Windows Malware appeared first on Cyber Security News.

In recent months, cybersecurity researchers have observed a surge in targeted campaigns by a sophisticated Chinese APT group leveraging commercial proxy and VPN services to mask their attack infrastructure. The emergence of this tactic coincides with a broader shift toward commoditized anonymization platforms that blend threat actor traffic with legitimate user activity. Initial compromise vectors […]

The post Chinese APT Hackers Using Proxy and VPN Service to Anonymize Infrastructure appeared first on Cyber Security News.

In recent months, security teams have observed the emergence of a highly versatile Android backdoor, Android.Backdoor.916.origin, masquerading as a legitimate antivirus application. Distributed via private messaging services under the guise of “GuardCB,” its icon closely mimics the emblem of the Central Bank of the Russian Federation against a shield background. Although the interface displays only […]

The post New Android Spyware Disguised as an Antivirus Attacking Business Executives appeared first on Cyber Security News.

In late June 2025, a significant operational dump from North Korea’s Kimsuky APT group surfaced on a dark-web forum, exposing virtual machine images, VPS infrastructure, customized malware and thousands of stolen credentials. This leak offers an unprecedented window into the group’s espionage toolkit, revealing how Kimsuky conducts phishing campaigns, maintains persistence and evades detection within […]

The post Kimsuky APT Data Leak – GPKI Certificates, Rootkits and Cobalt Strike Personal Uncovered appeared first on Cyber Security News.

A sophisticated Android malware campaign has resurfaced, exploiting deceptive websites that perfectly mimic legitimate Google Play Store application pages to distribute the notorious SpyNote Remote Access Trojan (RAT). This malicious operation targets unsuspecting users by creating static HTML clones of popular Android application install pages, complete with copied CSS styling and JavaScript functionality designed to […]

The post Beware of Website Mimicking Google Play Store Pages to Deliver Android Malware appeared first on Cyber Security News.

As students return to campus and online learning platforms, cybercriminals are increasingly leveraging artificial intelligence to create sophisticated scams targeting the education sector. These AI-enhanced attacks have become more convincing and harder to detect, making them particularly dangerous for students, parents, and educational institutions. The integration of machine learning algorithms, natural language processing, and deepfake […]

The post 5 Common Back-to-School Online Scams Powered Using AI and How to Avoid Them appeared first on Cyber Security News.

A novel adaptation of the ClickFix social engineering technique has been identified, leveraging invisible prompt injection to weaponize AI summarization systems in email clients, browser extensions, and productivity platforms.  By embedding malicious step-by-step instructions within hidden HTML elements—using CSS obfuscation methods such as zero-width characters, white-on-white text, tiny font sizes, and off-screen positioning—attackers can poison […]

The post Threat Actors Weaponizes AI Generated Summaries With Malicious Payload to Execute Ransomware appeared first on Cyber Security News.

A critical security vulnerability has been discovered in Zendesk’s Android SDK implementation that allows attackers to perform mass account takeovers without any user interaction.  The flaw, which earned a $3,000 bug bounty payout, stems from predictable token generation mechanisms that enable unauthorized access to all Zendesk support tickets across affected organizations. Key Takeaways1. Predictable JWT […]

The post 0-Click Zendesk Account Takeover Vulnerability Enables Access to all Zendesk Tickets appeared first on Cyber Security News.

A large-scale phishing campaign was conducted by threat actors who abused Google Classroom to distribute over 115,000 malicious emails to more than 13,500 organizations globally. The campaign uncovered by Check Point unfolded in five distinct waves between August 6 and August 12, 2025, and weaponized the trusted educational platform to bypass conventional security filters. The […]

The post Hackers Leverage Google Classroom for 115,000+ Phishing Emails Targeting 13,500+ Organizations appeared first on Cyber Security News.

A newly observed malware campaign has emerged targeting a broad range of network appliances, including routers from DrayTek, TP-Link, Raisecom, and Cisco. Throughout July 2025, threat researchers observed a stealthy loader spread by exploiting unauthenticated command injection flaws in embedded web services. Initial compromise is achieved through straightforward HTTP requests, which silently deliver a downloader […]

The post New Stealthy Malware Exploiting Cisco, TP-Link and Other Routers to Gain Remote Control appeared first on Cyber Security News.

A comprehensive security analysis of vtenext CRM version 25.02 has revealed multiple critical vulnerabilities that allow unauthenticated attackers to bypass authentication mechanisms through three distinct attack vectors, ultimately leading to remote code execution on target systems.  The Italian CRM solution, utilized by numerous small and medium enterprises across Italy, faces significant security exposure despite attempted […]

The post Multiple vtenext Vulnerabilities Let Attackers Bypass Authentication and Execute Remote Codes appeared first on Cyber Security News.

Microsoft is rolling out a significant new administrative control feature in mid-September 2025 that will enable IT administrators to manage organization-wide sharing permissions for user-built Copilot agents.  The feature addresses growing enterprise concerns about governance and security in AI agent deployment across organizations. Key Takeaways1. Microsoft is introducing a tenant-level feature for managing Copilot agent […]

The post New Microsoft 365 Admin Feature Let Admins Control Link Creation Policies appeared first on Cyber Security News.

Incident response Tools or incident management software are essential security solutions to protect businesses and enterprises from cyber attacks. Our reliance on the internet is growing, and so make a threat to businesses, despite increased investments and expertise in cyber security. More data breaches and cyberattacks exist on organizations, governments, and individuals than ever before. […]

The post Top 15 Best Security Incident Response Tools In 2025 appeared first on Cyber Security News.