Cyber Security News

LockBit 5.0 made its debut in late September 2025, marking a significant upgrade for one of the most notorious ransomware-as-a-service (RaaS) groups. With roots tracing back to the ABCD ransomware in 2019, LockBit rapidly grew in sophistication, consistently updating its tactics despite facing aggressive law enforcement efforts and affiliate panel leaks. The latest version is […]

The post New Analysis Uncovers LockBit 5.0 Key Capabilities and Two-Stage Execution Model appeared first on Cyber Security News.

Russian-based threat actors are distributing a sophisticated Android Remote Access Trojan through underground channels, offering it as a subscription service to other criminals. The malware, identified as Fantasy Hub, enables attackers to conduct widespread surveillance operations on compromised mobile devices, stealing sensitive communications and personal information from unsuspecting users. The spyware’s capabilities extend far beyond […]

The post New Android Malware ‘Fantasy Hub’ Intercepts SMS Messages, Contacts and Call Logs appeared first on Cyber Security News.

Microsoft’s upcoming Teams update, set for targeted releases in early November 2025 and worldwide by January 2026, will allow users to initiate chats with only an email address, even if the recipient isn’t a Teams user. This feature raises security concerns among experts. The invitee joins as a guest via email, enabling seamless external communication […]

The post Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks appeared first on Cyber Security News.

A sophisticated supply-chain attack has emerged targeting Windows systems through compromised npm packages, marking a critical vulnerability in open-source software distribution. Between October 21 and 26, 2025, threat actors published 17 malicious npm packages containing 23 releases designed to deliver Vidar infostealer malware. The campaign exploited the trust developers place in package registries, leveraging legitimate-appearing […]

The post 15+ Weaponized npm Packages Attacking Windows Systems to Deliver Vidar Malware appeared first on Cyber Security News.

A sophisticated phishing campaign is actively targeting hotel establishments and their guests through compromised Booking.com accounts, according to research uncovered by security experts. The campaign, dubbed “I Paid Twice” due to evidence of victims paying twice for their reservations, has been operating since at least April 2025 and remains active as of October 2025. The […]

The post New Phising Attack Targeting Travellers from Hotel’s Compromised Booking.com Account appeared first on Cyber Security News.

China-linked threat actors have intensified their focus on influencing American governmental decision-making processes by targeting organizations involved in shaping international policy. In April 2025, a sophisticated intrusion into a U.S. non-profit organization revealed the persistent efforts of these attackers to establish long-term network access and gather intelligence related to policy matters. The threat actors demonstrated […]

The post Chinese Hackers Organization Influence U.S. Government Policy on International Issues appeared first on Cyber Security News.

Security researchers have successfully evaded Elastic EDR’s call stack signature detection by exploiting a technique involving “call gadgets” to bypass the security tool’s behavioral analysis. The Almond research builds on Elastic’s transparent approach to security, as the company publicly shares its detection logic and allows researchers to test against their protections. Elastic EDR relies heavily […]

The post Researchers Evaded Elastic EDR’s Call Stack Signatures by Exploiting Call Gadgets appeared first on Cyber Security News.

Amazon has disclosed a significant security vulnerability in its WorkSpaces client for Linux that could allow unauthorized users to extract valid authentication tokens and gain unauthorized access to other users’ WorkSpaces. The vulnerability, tracked as CVE-2025-12779, affects multiple client versions and poses a direct threat to organizations relying on Amazon’s desktop-as-a-service platform for remote work […]

The post Amazon WorkSpaces For Linux Vulnerability Let Attackers Extract Valid Authentication Token appeared first on Cyber Security News.

OPNsense has released an update focused on eliminating security vulnerabilities and improving firewall performance. The latest version includes third-party security updates, firewall improvements, and fixes that make the system more reliable for network administrators and security professionals. The development team has made eliminating unsafe shell usage a primary focus. This is important because shell execution […]

The post FreeBSD-based OPNsense Firewall Released for Security Issues and Improvements appeared first on Cyber Security News.

NVIDIA has patched a critical vulnerability in its App for Windows that could allow local attackers to execute arbitrary code and escalate privileges on affected systems. Tracked as CVE-2025-23358, the flaw exists in the installer component. It poses a significant security risk to Windows users running the application. The vulnerability stems from a search path […]

The post NVIDIA NVApp for Windows Vulnerability Let Attackers Execute Malicious Code appeared first on Cyber Security News.

A critical vulnerability in Cisco Identity Services Engine (ISE) could allow remote attackers to crash the system through a crafted sequence of RADIUS requests. The flaw CVE-2024-20399, lies in how ISE handles repeated authentication failures from rejected endpoints, creating a denial-of-service condition that forces unexpected system restarts. The vulnerability stems from a logic error in […]

The post Cisco Identity Services Engine Vulnerability Allows Attackers to Restart ISE Unexpectedly appeared first on Cyber Security News.

The Russia-aligned Sandworm threat group has intensified its destructive cyberattacks against Ukrainian organizations, deploying sophisticated data wiper malware designed to cripple critical infrastructure and economic operations. Unlike traditional cyberespionage campaigns, Sandworm’s recent operations focus exclusively on destruction, targeting governmental entities, energy providers, logistics companies, and the grain sector with malicious tools named ZEROLOT and Sting. […]

The post Sandworm Hackers Attacking Ukranian Organizations with Data Wiper Malwares appeared first on Cyber Security News.

The emergence of advanced AI browsing platforms such as OpenAI’s Atlas and Perplexity’s Comet has created a sophisticated challenge for digital publishers worldwide. These tools leverage agentic capabilities designed to execute complex, multistep tasks that fundamentally transform how content is accessed and consumed online. Unlike traditional search engines, AI browsers can navigate paywalls and content […]

The post AI Browsers Bypass Content PayWall Mimicking as a Human-User appeared first on Cyber Security News.

The cybersecurity landscape continues to evolve as new ransomware variants emerge from the remnants of previous campaigns. Midnight ransomware represents one such development, drawing substantial inspiration from the notorious Babuk ransomware family that first appeared in early 2021. Like its predecessor, Midnight employs sophisticated encryption techniques and targeted file selection strategies to maximize damage across […]

The post Midnight Ransomware Decrypter Flaws Opens the Door to File Recovery appeared first on Cyber Security News.

A previously unidentified Iranian threat actor has emerged with sophisticated social engineering tactics aimed at academics and foreign policy experts across the United States. Operating between June and August 2025, this campaign demonstrates the evolving landscape of state-sponsored cyber espionage, where attackers blend traditional phishing techniques with legitimate remote management tools to compromise high-value targets. […]

The post Iranian Hackers Targeting Academics and Foreign Policy Experts Using RMM Tools appeared first on Cyber Security News.

North Korean threat actors are evolving their attack strategies by leveraging developer-focused tools as infection vectors. Recent security discoveries reveal that Kimsuky, a nation-state group operating since 2012, has been utilizing JavaScript-based malware to infiltrate systems and establish persistent command and control infrastructure. The threat group traditionally focuses on espionage operations against government entities, think […]

The post Threat Actors May Abuse VS Code Extensions to Deploy Ransomware and Use GitHub as C2 Server appeared first on Cyber Security News.

The cybercrime landscape has undergone a dramatic transformation in 2025, with artificial intelligence emerging as a cornerstone technology for malicious actors operating in underground forums. According to Google’s Threat Intelligence Group (GTIG), the underground marketplace for illicit AI tools has matured significantly this year, with multiple offerings of multifunctional tools designed to support various stages […]

The post List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities appeared first on Cyber Security News.

Security researchers have uncovered a sophisticated new malware family targeting enterprise environments through a supply chain compromise. The malware, tracked as Airstalk, represents a significant shift in how attackers exploit legitimate enterprise management tools to evade detection and maintain persistent access to compromised systems. This discovery highlights the growing vulnerability of business process outsourcing organizations […]

The post Airstalk Malware Leverages AirWatch API MDM Platform to Establish Covert C2 Communication appeared first on Cyber Security News.

ValleyRAT has emerged as a sophisticated multi-stage remote access trojan targeting Windows systems, with particular focus on Chinese-language users and organizations. First observed in early 2023, this malware employs a carefully orchestrated infection chain that progresses through multiple components—downloader, loader, injector, and final payload—making detection and removal significantly challenging for security teams. The threat actors […]

The post Multi-Staged ValleyRAT Uses WeChat and DingTalk to Attack Windows Users appeared first on Cyber Security News.

A sophisticated Remote Access Trojan labeled EndClient RAT has emerged as a significant threat targeting human rights defenders in North Korea, marking another escalation in advanced malware operations attributed to the Kimsuky threat group. This newly discovered malware represents a concerning shift in attack sophistication, utilizing stolen code-signing certificates to evade antivirus protections and bypass […]

The post New EndClient RAT Attacking Users by Leveraging Stolen Code-Signing to Bypass AV Detections appeared first on Cyber Security News.