Cyber Security News

A sophisticated malware operation has emerged from Brazil, leveraging advanced steganographic techniques to conceal malicious payloads within seemingly harmless image files. The Caminho loader, active since at least March 2025, represents a growing threat to organizations across South America, Africa, and Eastern Europe, delivering diverse malware families including REMCOS RAT, XWorm, and Katz Stealer through […]

The post New Caminho Malware Loader Uses LSB Steganography and to Hide .NET Payloads Within Image Files appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations worldwide about active exploitation of a critical remote code execution (RCE) vulnerability in Microsoft’s Windows Server Update Services (WSUS). Tracked as CVE-2025-59287, the flaw carries a CVSS score of 9.8, allowing unauthenticated attackers to execute arbitrary code with system-level privileges over a network, potentially […]

The post CISA Warns of Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild appeared first on Cyber Security News.

A sophisticated malware campaign targeting WordPress sites has emerged, utilizing PHP variable functions and cookie-based obfuscation to evade traditional security detection mechanisms. The attack represents an evolution in obfuscation techniques, where threat actors fragment malicious code across multiple HTTP cookies and dynamically reconstruct executable functions at runtime. This approach makes static analysis significantly more challenging, […]

The post New Malware Attack Using Variable Functions and Cookies to Evade and Hide Their Malicious Scripts appeared first on Cyber Security News.

An international ecosystem of sophisticated scam operations has emerged, targeting vulnerable populations through impersonation tactics and fraudulent financial aid promises. The campaign, dubbed “Vulnerability Vultures,” primarily focuses on older adults who represent lucrative targets for threat actors. According to the FBI’s Internet Crime Complaint Center, the 60-plus age group filed the highest number of complaints […]

The post Threat Actors Tricks Target Users Via Impersonation and Fictional Financial Aid Offers appeared first on Cyber Security News.

TransparentTribe, a Pakistani-nexus intrusion set active since at least 2013, has intensified its cyber espionage operations targeting Linux-based systems of Indian military and defense organizations. The campaign, initially documented in July 2025 by CYFIRMA with activity traced back to June 2025, has evolved significantly with the development of a sophisticated Golang-based remote access trojan dubbed […]

The post TransparentTribe Attack Linux-Based Systems of Indian Military Organizations to Deliver DeskRAT appeared first on Cyber Security News.

As the festive season approaches, organizations are witnessing a disturbing increase in targeted attacks on digital gift card systems. The Jingle Thief campaign, orchestrated by financially motivated threat actors based in Morocco, has emerged as a notorious campaign exploiting seasonal vulnerabilities to steal and monetize gift cards at scale. By leveraging tailored phishing and smishing […]

The post Jingle Thief Attackers Exploiting Festive Season with Weaponized Gift Card Attacks appeared first on Cyber Security News.

The cybersecurity landscape experienced a significant shift in July 2025 when threat actors associated with Warlock ransomware began exploiting a critical zero-day vulnerability in Microsoft SharePoint. Discovered on July 19, 2025, the ToolShell vulnerability, tracked as CVE-2025-53770, became a primary vector for deploying the notorious Warlock ransomware across multiple organizations globally. This exploitation marked a […]

The post Warlock Ransomware Actors Exploiting Sharepoint ToolShell Zero-Day Vulnerability in New Attack Wave appeared first on Cyber Security News.

A sophisticated Python-based remote access trojan has emerged in the gaming community, disguising itself as a legitimate Minecraft client to compromise unsuspecting users. The malware, identified as a multi-function RAT, leverages the Telegram Bot API as its command and control infrastructure, enabling attackers to exfiltrate stolen data and remotely interact with victim machines. By masquerading […]

The post New Python RAT Mimic as Legitimate Minecraft App Steals Sensitive Data from Users Computer appeared first on Cyber Security News.

The SideWinder advanced persistent threat group has emerged with a sophisticated new attack methodology that leverages ClickOnce applications to deploy StealerBot malware against diplomatic and governmental targets across South Asia. In September 2025, security researchers detected a targeted campaign affecting institutions in Sri Lanka, Pakistan, Bangladesh, and diplomatic missions based in India. The attacks represent […]

The post SideWinder Hacking Group Uses ClickOnce-Based Infection Chain to Deploy StealerBot Malware appeared first on Cyber Security News.

The Advanced Persistent Threat group MuddyWater, widely recognized as an Iran-linked espionage actor, has orchestrated a sophisticated phishing campaign targeting more than 100 government entities and international organizations across the Middle East, North Africa, and beyond. The operation, which became active in mid-August 2025, represents a significant escalation in the group’s tradecraft, introducing version 4 […]

The post MuddyWater Using New Malware Toolkit to Deliver Phoenix Backdoor Malware to International Organizations appeared first on Cyber Security News.

RedTiger is an open-source red-teaming tool repurposed by attackers to steal sensitive data from Discord users and gamers. Released in 2025 on GitHub, RedTiger bundles penetration-testing utilities, including network scanners and OSINT tools. But its infostealer module has gone rogue, with malicious payloads circulating online since early 2025. Netskope Threat Labs reported multiple variants targeting […]

The post New Red Teaming Tool RedTiger Attacking Gamers and Discord Accounts in the Wild appeared first on Cyber Security News.

Paris, France, October 24th, 2025, CyberNewsWire Arsen, the cybersecurity company dedicated to helping organizations defend against social engineering, today introduced its new Smishing Simulation module: a feature designed to let companies run realistic, large-scale SMS phishing simulations across their teams. Designed to address the growing wave of mobile-based attacks, the new module gives CISOs, MSSPs, […]

The post Arsen Launches Smishing Simulation to Help Companies Defend Against Mobile Phishing Threats appeared first on Cyber Security News.

A significant vulnerability in OpenAI’s newly released ChatGPT Atlas browser reveals that it stores unencrypted OAuth tokens in a SQLite database with overly permissive file settings on macOS, potentially allowing unauthorized access to user accounts. This flaw, discovered by Pete Johnson just days after the browser’s October 21, 2025, launch, bypasses standard encryption practices used […]

The post ChatGPT Atlas Stores OAuth Tokens Unencrypted Leads to Unauthorized Access to User Accounts appeared first on Cyber Security News.

At Pwn2Own Ireland 2025 hacking competition, cybersecurity researchers from Team Z3 have withdrawn their high-stakes demonstration of a potential zero-click remote code execution (RCE) vulnerability in WhatsApp, opting instead for a private coordinated disclosure to Meta. The event, held in Cork, Ireland, from October 21-23, featured a record-breaking $1 million bounty for such a WhatsApp […]

The post WhatsApp Exploit Privately Disclosed To Meta At The Pwn2Own Ireland appeared first on Cyber Security News.

Amazon Web Services (AWS), the backbone for countless websites and services, faced a severe outage last weekend that disrupted operations for millions. The incident, which unfolded in the early hours of October 20, 2025, exposed vulnerabilities in even the most robust systems and left users scrambling. The trouble began at 11:49 PM PDT on October […]

The post Amazon Uncovers Root Cause of Major AWS Outage That Brokes The Internet appeared first on Cyber Security News.

Email phishing attacks have reached a critical inflection point in 2025, as threat actors deploy increasingly sophisticated evasion techniques to circumvent traditional security infrastructure and user defenses. The threat landscape continues to evolve with the revival and refinement of established tactics that were once considered outdated, combined with novel delivery mechanisms that exploit gaps in […]

The post Threat Actors Advancing Email Phishing Attacks to Bypass Security Filters appeared first on Cyber Security News.

Microsoft has rolled out an out-of-band emergency patch for a remote code execution (RCE) vulnerability affecting the Windows Server Update Services (WSUS). Identified as CVE-2025-59287, the issue stems from the deserialization of untrusted data in a legacy serialization mechanism, allowing unauthorized attackers to execute arbitrary code over the network. The patch, released on October 23, […]

The post Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability appeared first on Cyber Security News.

Toys “R” Us Canada has alerted customers to a significant data breach that potentially exposed their personal information, marking another blow to consumer trust in retail data security. In emails dispatched to affected individuals this morning, the popular toy retailer revealed that unauthorized access to its databases occurred earlier this year, with stolen data surfacing […]

The post Toys “R” Us Canada Confirms Data Breach – Customers Personal Data Stolen appeared first on Cyber Security News.

Remcos, a commercial remote access tool marketed as legitimate surveillance software, has become the leading infostealer in malware campaigns during the third quarter of 2025, accounting for approximately 11 percent of detected cases. In a notable shift from traditional deployment methods, threat actors are now weaponizing this remote control and surveillance platform through sophisticated fileless […]

The post New Fileless Remcos Attacks Bypassing EDRs Malicious Code into RMClient appeared first on Cyber Security News.

The HP OneAgent software update has disconnected Windows devices from Microsoft Entra ID. As a result, users can no longer access their corporate identities. Version 1.2.50.9581 of the agent, pushed silently to HP’s Next Gen AI systems like the EliteBook X Flip G1i, deleted critical certificates, causing devices to drop their Entra join status overnight. […]

The post HP OneAgent Update Brokes Trust And Disconnect Devices From Entra ID appeared first on Cyber Security News.