Cyber Security News

A sophisticated new wave of cyberattacks attributed to North Korea’s notorious APT37 (Reaper) group is leveraging advanced malware hidden within JPEG image files to compromise Microsoft Windows systems, signaling a dangerous evolution in evasion tactics and fileless attack techniques. Security researchers at Genians Security Center (GSC) recently identified a new variant of the infamous RoKRAT […]

The post APT37 Hackers Weaponizes JPEG Files to Attack Windows Systems Leveraging “mspaint.exe” appeared first on Cyber Security News.

Welcome to this week’s edition of Cybersecurity News Recap! In this issue, we bring you the latest updates and critical developments across the threat landscape. Stay ahead of risks with key insights on newly discovered Chrome and Gemini vulnerabilities, the surge of sophisticated Linux malware, and an in-depth look at the emerging “man-in-the-prompt” attack tactic targeting […]

The post Cybersecurity News Recap – Chrome, Gemini Vulnerabilities, Linux Malware, and Man-in-the-Prompt Attack appeared first on Cyber Security News.

A sophisticated Linux backdoor dubbed Plague has emerged as an unprecedented threat to enterprise security, evading detection across all major antivirus engines while establishing persistent SSH access through manipulation of core authentication mechanisms. Discovered by cybersecurity researchers at Nextron Systems, this malware represents a paradigm shift in Linux-targeted attacks, exploiting Pluggable Authentication Modules (PAM) to […]

The post New Undectable Plague Malware Attacking Linux Servers to Gain Persistent SSH Access appeared first on Cyber Security News.

A suspected zero-day vulnerability in SonicWall firewall devices that the Akira ransomware group is actively exploiting. The flaw allows attackers to gain initial access to corporate networks through SonicWall’s SSL VPN feature, leading to subsequent ransomware deployment. In late July 2025, security researchers observed a significant increase in ransomware attacks leveraging SonicWall devices. The evidence […]

The post SonicWall Firewall Devices 0-day Vulnerability Actively Exploited by Akira Ransomware appeared first on Cyber Security News.

A sophisticated cyber espionage campaign targeting software developers has infiltrated two of the world’s largest open source package repositories, with North Korea’s notorious Lazarus Group successfully deploying 234 malicious packages across npm and PyPI ecosystems. Between January and July 2025, this state-sponsored operation exposed over 36,000 potential victims to advanced malware designed for long-term surveillance […]

The post Lazarus Hackers Weaponized 234 Packages Across npm and PyPI to Infect Developers appeared first on Cyber Security News.

A new ransomware threat has emerged as one of the most aggressive cybercriminal operations of 2025, with SafePay ransomware claiming responsibility for over 265 successful attacks spanning multiple continents. The group, which first appeared in September 2024 with limited activity targeting just over 20 victims, has dramatically escalated its operations since early 2025, establishing itself […]

The post SafePay Ransomware Infected 260+ Victims Across Multiple Countries appeared first on Cyber Security News.

The ransomware landscape experienced a significant shift in the second quarter of 2025 as Qilin ransomware emerged as the dominant threat following the unexpected collapse of RansomHub, previously the most prolific ransomware-as-a-service operation. This transition has reshaped the cybercriminal ecosystem, with Qilin capitalizing on the vacuum left by RansomHub’s abrupt cessation of operations in early […]

The post Qilin Ransomware Surging Following The Fall of dominant RansomHub RaaS appeared first on Cyber Security News.

LockBit ransomware operators have adopted an increasingly sophisticated approach to evade detection by leveraging DLL sideloading techniques that exploit the inherent trust placed in legitimate applications. This stealthy method involves tricking legitimate, digitally signed applications into loading malicious Dynamic Link Libraries instead of their intended components, allowing cybercriminals to execute ransomware payloads while masquerading as […]

The post LockBit Operators Using Stealthy DLL Sideloading Technique to Load Malicious App as Legitimate One appeared first on Cyber Security News.

A sophisticated malware-as-a-service operation orchestrated by Chinese-speaking threat actors has successfully compromised over 11,000 Android devices worldwide through the deployment of PlayPraetor, a powerful Remote Access Trojan designed for on-device fraud. The campaign represents a significant escalation in mobile banking malware operations, with the botnet expanding at an alarming rate of over 2,000 new infections […]

The post 11,000 Android Devices Hacked by Chinese Threats Actors to Deploy PlayPraetor Malware appeared first on Cyber Security News.

Cybercriminals have discovered a sophisticated new attack vector by exploiting Microsoft 365’s Direct Send feature to deliver phishing campaigns that masquerade as legitimate internal communications. This emerging threat leverages a legitimate Microsoft service designed for multifunction printers and legacy applications, turning it into a weapon for social engineering attacks that bypass traditional email security controls. […]

The post Hackers Abuse Microsoft 365’s Direct Send Feature to Deliver Internal Phishing Attacks appeared first on Cyber Security News.

A newly identified threat actor designated Storm-2603 has emerged as a sophisticated adversary in the ransomware landscape, leveraging advanced custom malware to circumvent endpoint security protections through innovative techniques. The group first gained attention during Microsoft’s investigation into the “ToolShell” campaign, which exploited multiple SharePoint Server vulnerabilities including CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771. Unlike established […]

The post Storm-2603 Using Custom Malware That Leverages BYOVD to Tamper with Endpoint Protections appeared first on Cyber Security News.

A sophisticated cyberespionage campaign targeting foreign embassies in Moscow has been uncovered, revealing the deployment of a custom malware strain designed to manipulate digital trust mechanisms. The Russian state-sponsored threat group Secret Blizzard has been orchestrating an adversary-in-the-middle operation since at least 2024, utilizing their position within internet service provider infrastructure to deploy the ApolloShadow […]

The post Secret Blizzard Group’s ApolloShadow Malware Install Root Certificates on Devices to Trust Malicious Sites appeared first on Cyber Security News.

Cybercriminals are increasingly sophisticated in their phishing attacks, with threat actors now leveraging compromised email accounts from trusted sources to bypass security controls and enhance campaign legitimacy. Recent incident response data reveals phishing remains a dominant attack vector, accounting for one-third of all security engagements in Q2 2025, despite declining from the previous quarter’s 50 […]

The post Threat Actors Leverage Compromised Email Accounts for Targeted Phishing Attacks appeared first on Cyber Security News.

Trend Micro’s Zero Day Initiative (ZDI) announces an unprecedented $1,000,000 bounty for a zero-click remote code execution (RCE) exploit targeting WhatsApp at the upcoming Pwn2Own Ireland 2025 competition.  This record-breaking reward, co-sponsored by Meta, represents the largest single payout in the contest’s history and underscores the critical importance of securing the world’s most popular messaging […]

The post $1,000,000 for WhatsApp 0-Click RCE Exploit at Pwn2Own Ireland 2025 appeared first on Cyber Security News.

CISA released two high-severity Industrial Control Systems (ICS) advisories on July 31, 2025, highlighting critical vulnerabilities in widely deployed industrial equipment that could enable remote attackers to manipulate critical infrastructure systems.  The flaws affect seismic monitoring devices and virtualized industrial systems used across global critical manufacturing sectors. Key Takeaways1. CISA issued advisories for Güralp seismic […]

The post CISA Issues ICS Advisories for Rockwell Automation Using VMware, and Güralp Seismic Monitoring Systems appeared first on Cyber Security News.

The latest wave of credential-phishing campaigns has revealed an unexpectedly convenient ally for threat actors: the very e-mail security suites meant to protect users. First observed in late July 2025, multiple phishing clusters began embedding malicious URLs inside the legitimate link-wrapping services of Proofpoint’s Protect platform (https://urldefense.proofpoint.com/v2/url?u=) and Intermedia’s LinkSafe (https://safe.intermedia.net/?u=). Because corporate filters already […]

The post Threat Actors Abuse Proofpoint’s and Intermedia’s Link Wrapping Features to Hide Phishing Payloads appeared first on Cyber Security News.

Microsoft has significantly enhanced its .NET bounty program, announcing substantial updates that expand the program’s scope, streamline award structures, and provide greater incentives for cybersecurity researchers.  The enhanced program now offers rewards of up to $40,000 USD for identifying critical vulnerabilities within the .NET ecosystem, representing a major commitment to strengthening the security framework of […]

The post Microsoft Upgrades .NET Bounty Program with Rewards to Researchers Up to $40,000 appeared first on Cyber Security News.

ChatGPT shared conversations are being indexed by major search engines, effectively turning private exchanges into publicly discoverable content accessible to millions of users worldwide. The issue first came to light through investigative reporting by Fast Company, which revealed that nearly 4,500 ChatGPT conversations were appearing in Google search results. The discovery was made using a […]

The post Search Engines are Indexing ChatGPT Conversations! – Here is our OSINT Research appeared first on Cyber Security News.

A sophisticated attack technique was uncovered where cybercriminals exploit free trials of Endpoint Detection and Response (EDR) software to disable existing security protections on compromised systems.  This method, dubbed BYOEDR (Bring Your Own EDR), represents a concerning evolution in defense evasion tactics that leverage legitimate security tools as weapons against themselves. Key Takeaways1. Attackers use […]

The post Hackers Weaponizing Free Trials of EDR to Disable Existing EDR Protections appeared first on Cyber Security News.

Palo Alto Networks’ Unit 42 threat research team has introduced a groundbreaking systematic approach to threat actor attribution, addressing longstanding challenges in cybersecurity intelligence analysis. The Unit 42 Attribution Framework, unveiled on July 31, 2025, transforms what has traditionally been considered “more art than science” into a structured methodology for analyzing and categorizing cyber threats. […]

The post Unit 42 Unveils Attribution Framework to Classify Threat Actors Based on Activity appeared first on Cyber Security News.