Cyber Security News

A new technique enables attackers to exploit antivirus software by injecting harmful code directly into the antivirus processes. This approach makes it easier for them to evade detection and compromise the security that antivirus software is designed to provide. This method, detailed by cybersecurity researcher Two Seven One Three on X (@TwoSevenOneT), involves cloning protected […]

The post Hackers Can Inject Malicious Code into Antivirus to Create a Backdoor appeared first on Cyber Security News.

Critical flaws uncovered in the network communication between Microsoft Defender for Endpoint (DFE) and its cloud services, allowing post-breach attackers to bypass authentication, spoof data, disclose sensitive information, and even upload malicious files to investigation packages. These vulnerabilities, detailed in a recent analysis by InfoGuard Labs, highlight ongoing risks in endpoint detection and response (EDR) […]

The post Microsoft Defender Vulnerabilities Allow Attackers to Bypass Authentication and Upload Malicious Files appeared first on Cyber Security News.

Microsoft has rolled out a fix in its latest preview builds to resolve a notorious glitch with the “update and shut down” feature. This long-standing issue, which has haunted the operating system for years, tricked users into believing their PCs were powering off when updates were pending, only for the machines to restart unexpectedly and disrupt sleep cycles with noisy fans. The bug emerged shortly after Windows 11’s launch in 2021 and quickly became a source of […]

The post Microsoft Fixes Long-standing Windows 11 ‘Update and Shut down’ Bug appeared first on Cyber Security News.

Clicking on a malicious link can quickly turn your device into a security risk. Just seconds after clicking, your browser might start downloading malware, taking advantage of weaknesses, or sending you to fake websites that try to steal your personal information. The crucial moments following this action determine whether you’ll successfully contain the threat or […]

The post 5 Immediate Steps to be Followed After Clicking on a Malicious Link appeared first on Cyber Security News.

A massive, coordinated botnet campaign is actively targeting Remote Desktop Protocol (RDP) services across the United States. Security firm GreyNoise reported on October 8, 2025, that it has been tracking a significant wave of attacks originating from over 100,000 unique IP addresses spanning more than 100 countries. The operation appears to be centrally controlled, with […]

The post Hackers Attacking Remote Desktop Protocol Services from 100,000+ IP Addresses appeared first on Cyber Security News.

Along with the release of Kali Linux 2025.3, a major update introduces an innovative tool that combines artificial intelligence and cybersecurity: the llm-tools-nmap. A new experimental plugin, llm-tools-nmap, has been released, providing Simon Willison’s command-line Large Language Model (LLM) tool with network scanning capabilities. This package integrates the powerful and widely used Nmap security scanner, enabling […]

The post New Kali Tool llm-tools-nmap Uses Nmap For Network Scanning Capabilities appeared first on Cyber Security News.

ChaosBot surfaced in late September 2025 as a sophisticated Rust-based backdoor targeting enterprise networks. Initial investigations revealed that threat actors gained entry by exploiting compromised CiscoVPN credentials coupled with over-privileged Active Directory service accounts. Once inside, ChaosBot was stealthily deployed via side-loading techniques using the legitimate Microsoft Edge component identity_helper.exe from the C:\Users\Public\Libraries directory. The […]

The post New Chaosbot Leveraging CiscoVPN and Active Directory Passwords to Execute Network Commands appeared first on Cyber Security News.

Threat actors have reemerged in mid-2025 leveraging previously disclosed vulnerabilities in SonicWall SSL VPN appliances to deploy Akira ransomware on enterprise networks. Beginning in July, multiple incidents of initial access via unpatched SonicWall devices were reported across North America and EMEA. Attackers exploited CVE-2024-40766, an access control flaw in SonicOS versions up to 7.0.1-5035, enabling […]

The post Threat Actors Exploiting SonicWall SSL VPN Devices in Wild to Deploy Akira Ransomware appeared first on Cyber Security News.

Menlo Park, USA, October 10th, 2025, CyberNewsWire AccuKnox, a leader in Zero Trust Cloud Native Application Protection Platforms (CNAPP), is proud to announce that Nanoprecise has selected AccuKnox to enhance its cloud security, governance, and compliance framework. Nanoprecise is a pioneer predictive maintenance and condition monitoring, and leverages Artificial Intelligence and IoT technologies to deliver […]

The post Nanoprecise partners with AccuKnox to strengthen its Zero Trust Cloud Security and Compliance Posture appeared first on Cyber Security News.

Socket’s Threat Research Team has uncovered a sophisticated phishing campaign involving 175 malicious npm packages that collectively accumulated over 26,000 downloads. The campaign, dubbed “Beamglea” based on consistent artifacts across all packages, represents a novel abuse of npm’s public registry and the unpkg.com CDN to host redirect scripts targeting 135+ industrial, technology, and energy companies […]

The post 175 Malicious npm Packages With 26,000 Downloads Attacking Technology, and Energy Companies Worldwide appeared first on Cyber Security News.

Since its emergence in early 2025, RondoDox has rapidly become one of the most pervasive IoT-focused botnets in operation, targeting a wide range of network-connected devices—from consumer routers to enterprise CCTV systems and web servers. Its modular design allows operators to deploy tailored exploit modules against over 50 distinct vulnerabilities, enabling swift compromise of disparate […]

The post RondoDox Botnet Exploits 50+ Vulnerabilities to Attack Routers, CCTV Systems and Web Servers appeared first on Cyber Security News.

Microsoft Defender for Endpoint is incorrectly flagging specific versions of SQL Server as having reached their end-of-life, causing potential confusion for system administrators. The issue, tracked under advisory DZ1168079, stems from a code bug and affects the Threat and Vulnerability Management feature within the Microsoft Defender XDR suite. The bug impacts explicitly organizations running SQL […]

The post Microsoft Defender Incorrectly Flags SQL Server Software as End-of-life appeared first on Cyber Security News.

A critical vulnerability in GitHub Copilot Chat, rated 9.6 on the CVSS scale, could have allowed attackers to exfiltrate source code and secrets from private repositories silently. The exploit combined a novel prompt injection technique with a clever bypass of GitHub’s Content Security Policy (CSP), granting the attacker significant control over a victim’s Copilot instance, […]

The post Critical GitHub Copilot Vulnerability Let Attackers Exfiltrate Source Code From Private Repos appeared first on Cyber Security News.

A sophisticated Android spyware campaign dubbed ClayRat has emerged as one of the most concerning mobile threats of 2025, masquerading as popular applications including WhatsApp, Google Photos, TikTok, and YouTube to infiltrate devices and steal sensitive user data. The malware demonstrates remarkable adaptability and persistence, with threat actors continuously evolving their tactics to bypass security […]

The post New Android Malware ClayRat Mimic as WhatsApp, Google Photos to Attack Users appeared first on Cyber Security News.

Cybersecurity researchers have identified what is believed to be the earliest known instance of malware that leverages a Large Language Model (LLM) to generate malicious code at runtime. Dubbed ‘MalTerminal’ by SentinelLABS, the malware uses OpenAI’s GPT-4 to dynamically create ransomware code and reverse shells, presenting a new and formidable challenge for detection and threat […]

The post LLM-enabled MalTerminal Malware Leverages GPT-4 to Generate Ransomware Code appeared first on Cyber Security News.

Emerging from a recent wave of targeted campaigns, SnakeKeylogger has surfaced as a potent infostealer that capitalizes on PowerShell and social engineering. The malware’s operators craft convincing spear-phishing e-mails under aliases such as “CPA-Payment Files,” impersonating reputable financial and research firms. Recipients encounter ISO or ZIP attachments containing a seemingly innocuous BAT script. Once executed, […]

The post SnakeKeylogger via Weaponized E-mails Leverage PowerShell to Exfiltrate Sensitive Data appeared first on Cyber Security News.

A sophisticated financially motivated threat actor known as Storm-2657 has been orchestrating elaborate “payroll pirate” attacks targeting US universities and other organizations, Microsoft Threat Intelligence has revealed. These attacks represent a concerning evolution in cybercriminal tactics, where hackers compromise employee accounts to gain unauthorized access to human resources systems and redirect salary payments to attacker-controlled […]

The post Microsoft Warns of Hackers Compromising Employee Accounts to Steal Salary Payments appeared first on Cyber Security News.

An active in-the-wild exploitation of a zero-day vulnerability in Gladinet CentreStack and Triofox products. Tracked as CVE-2025-11371, the unauthenticated Local File Inclusion (LFI) flaw allows attackers to achieve remote code execution (RCE) on affected systems. The vulnerability is currently unpatched, but a mitigation has been provided. Organizations using the affected software are strongly urged to […]

The post Gladinet CentreStack And Triofox 0-Day RCE Vulnerability Actively Exploited In Attacks appeared first on Cyber Security News.

The cybersecurity landscape faces a new and significant threat as the notorious CL0P ransomware group has launched a large-scale extortion campaign targeting Oracle E-Business Suite (EBS) environments. Starting September 29, 2025, security researchers began tracking a sophisticated operation where threat actors claimed affiliation with the CL0P extortion brand and initiated a high-volume email campaign targeting […]

The post Google Warns of CL0P Ransomware Group Actively Exploiting Oracle E-Business Suite Zero-Day appeared first on Cyber Security News.

International law enforcement agencies have seized the latest clearnet domain of the notorious cybercrime marketplace, BreachForums. The domain, breachforums[.]hn, now displays a seizure notice from the U.S. Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI), alongside French authorities, including the Brigade de Lutte Contre la Cybercriminalité (BL2C) and the Parquet de Paris […]

The post Authorities Seize BreachForums New Clearnet Cybercrime Marketplace Domain appeared first on Cyber Security News.