Cyber Security News

The first-ever malicious Model-Context-Prompt (MCP) server discovered in the wild, a trojanized npm package named postmark-mcp that has been secretly exfiltrating sensitive data from users’ emails. The package, downloaded approximately 1,500 times per week, contained a backdoor that copied every email processed by the tool to a server controlled by the attacker. This incident highlights […]

The post First-Ever Malicious MCP Server Found in the Wild Steals Emails via AI Agents appeared first on Cyber Security News.

CISA has issued an Emergency Directive mandating immediate action to mitigate two critical zero-day vulnerabilities, CVE-2025-20333 and CVE-2025-20362, actively exploited against Cisco Adaptive Security Appliances (ASA) and select Firepower platforms.  The vulnerabilities allow unauthenticated remote code execution and privilege escalation, enabling advanced threat actors to modify read-only memory (ROM) for persistence through reboot and system upgrades.  Exploit Cisco ASA […]

The post CISA Warns of Cisco Firewall 0-Day Vulnerabilities Actively Exploited in the Wild appeared first on Cyber Security News.

In late 2024, a new wave of cyber espionage emerged targeting global telecommunications infrastructure. Operating under the moniker Salt Typhoon, this Chinese state-sponsored group has focused its efforts on routers, firewalls, VPN gateways, and lawful intercept systems within major telecom providers. By embedding bespoke firmware implants and leveraging living-off-the-land binaries, Salt Typhoon has achieved persistent […]

The post Chinese State-Sponsored Hackers Attacking Telecommunications Infrastructure to Harvest Sensitive Data appeared first on Cyber Security News.

Active Directory (AD) remains the foundation of authentication and authorization in Windows environments. Threat actors targeting the NTDS.dit database can harvest every domain credential, unlock lateral movement, and achieve full domain compromise.  Attackers leveraged native Windows utilities to dump and exfiltrate NTDS.dit, bypassing standard defenses.  The adversary in this case obtained DOMAIN ADMIN privileges via a […]

The post Hackers Compromise Active Directory to Steal NTDS.dit that Leads to Full Domain Compromise appeared first on Cyber Security News.

Cybercriminals have launched a sophisticated supply chain attack targeting cryptocurrency developers through malicious Rust crates designed to steal digital wallet keys. Two fraudulent packages, faster_log and async_println, have infiltrated the Rust package registry by impersonating the legitimate fast_log logging library, embedding malicious code that scans source files for Solana and Ethereum private keys before exfiltrating […]

The post New Malicious Rust Crates Impersonating fast_log to Steal Solana and Ethereum Wallet Keys appeared first on Cyber Security News.

Cisco warns of a Critical remote code execution flaw in web services across multiple Cisco platforms.  Tracked as CVE-2025-20363 (CWE-122), this vulnerability carries a CVSS 3.1 Base Score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) and impacts ASA, FTD, IOS, IOS XE, and IOS XR Software. Cisco Input Validation Flaw (CVE-2025-20363) The flaw stems from improper validation of user-supplied […]

The post Critical Cisco Vulnerability Let Remote Attackers Execute Arbitrary Code on Firewalls and Routers appeared first on Cyber Security News.

Cybersecurity authorities are urging organizations to take immediate action following the discovery of a sophisticated espionage campaign targeting Cisco Adaptive Security Appliance (ASA) firewalls. In a significant update, Cisco and the UK’s National Cyber Security Centre (NCSC) have revealed that a state-sponsored threat actor is exploiting a zero-day vulnerability (CVE-2025-20333) in Cisco ASA 5500-X series […]

The post Hackers Exploiting Cisco ASA Zero-Day to Deploy RayInitiator and LINE VIPER Malware appeared first on Cyber Security News.

Cisco has issued an emergency security advisory warning of active exploitation of a critical zero-day vulnerability in its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software platforms.  The vulnerability, tracked as CVE-2025-20333, carries a maximum CVSS score of 9.9 and enables authenticated remote attackers to execute arbitrary code with root […]

The post Cisco ASA 0-Day RCE Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.

In mid-2024, cybersecurity professionals began observing a surge of targeted intrusions against government, defense, and technology organizations worldwide. These incidents were linked to a previously uncharacterized threat group later christened RedNovember, which leverages open-source and commodity tools to deploy a stealthy Go-based backdoor. Initial compromises often stemmed from the exploitation of Internet-facing devices—including VPN appliances, […]

The post RedNovember Hackers Attacking Government and Technology Organizations to Deploy Backdoor appeared first on Cyber Security News.

Cybercriminals are increasingly turning to artificial intelligence to enhance their attack capabilities, as demonstrated in a sophisticated phishing campaign recently uncovered by security researchers. The campaign represents a significant evolution in malware obfuscation techniques, utilizing AI-generated code to disguise malicious payloads within seemingly legitimate business documents. This development marks a concerning shift in the threat […]

The post Hackers Leverage AI-Generated Code to Obfuscate Its Payload and Evade Traditional Defenses appeared first on Cyber Security News.

A sophisticated phishing campaign has emerged targeting maintainers of packages on the Python Package Index (PyPI), employing domain confusion tactics to steal authentication credentials from unsuspecting developers. The attack leverages fraudulent emails designed to mimic official PyPI communications, directing recipients to malicious domains that closely resemble the legitimate PyPI infrastructure. The phishing operation utilizes carefully […]

The post New Phishing Attack Targeting PyPI Maintainers to Steal Login Credentials appeared first on Cyber Security News.

Living Security, a global leader in Human Risk Management (HRM), today announced the full speaker lineup for the Human Risk Management Conference (HRMCon 2025), taking place October 20, 2025, at Austin’s Q2 Stadium and virtually worldwide. The announcement follows findings from the newly published 2025 State of Human Cyber Risk Report, produced by the Cyentia […]

The post Living Security Unveils HRMCon 2025 Speakers as Report Finds Firms Detect Just 19% of Human Risk appeared first on Cyber Security News.

A critical vulnerability chain in Salesforce’s Agentforce AI platform, which could have allowed external attackers to steal sensitive CRM data. The vulnerability, dubbed ForcedLeak by Noma Labs, which discovered it, carries a CVSS score of 9.4 and was executed through a sophisticated indirect prompt injection attack. This discovery highlights the expanded and fundamentally different attack surface presented […]

The post Salesforce AI Agent Vulnerability Allows Let Attackers Exfiltration Sensitive Data appeared first on Cyber Security News.

Cybercriminals have orchestrated a sophisticated phishing campaign exploiting GitHub’s notification system to impersonate the prestigious startup accelerator Y Combinator, targeting developers’ cryptocurrency wallets through fake funding opportunity notifications. The attack leverages GitHub’s issue tracking system to mass-distribute phishing notifications, bypassing traditional email security filters by using the platform’s legitimate notification infrastructure.  Threat actors created multiple […]

The post Hackers Leverage GitHub Notifications to Mimic as Y Combinator to Steal Funds from Wallets appeared first on Cyber Security News.

A recent wave of attacks leveraging malicious Windows shortcut files (.LNK) has put security teams on high alert. Emerging in late August 2025, this new LNK malware distribution exploits trusted Microsoft binaries to bypass endpoint protections and execute payloads without raising suspicions. Delivered primarily via spear-phishing emails and compromised websites, the shortcut files appear innocuous, […]

The post New LNK Malware Uses Windows Binaries to Bypass Security Tools and Execute Malware appeared first on Cyber Security News.

Following a major law enforcement disruption in February 2024, the notorious LockBit ransomware group has resurfaced, marking its sixth anniversary with the release of a new version: LockBit 5.0. Trend Micro has identified and analyzed binaries for Windows, Linux, and VMware ESXi, confirming the group’s continued focus on cross-platform attacks that can cripple entire enterprise […]

The post New LockBit 5.0 Ransomware Variant Attacking Windows, Linux, and ESXi Systems appeared first on Cyber Security News.

A critical path traversal flaw in ZendTo has been assigned CVE-2025-34508 researchers discovered that versions 6.15–7 and prior enable authenticated users to manipulate file paths and retrieve sensitive data from the host system.  This issue underscores the persistent risk in web-based file transfer applications. Path Traversal Vulnerability (CVE-2025-34508) ZendTo is a PHP-driven dropoff or pickup […]

The post ZendTo Vulnerability Let Attackers Bypass Security Controls and Access Sensitive Data appeared first on Cyber Security News.

SetupHijack, an open-source research utility, has emerged as a powerful method for red teaming and security research by targeting race conditions and insecure file handling within Windows installer and update mechanisms.  By polling world-writable directories such as %TEMP%, %APPDATA%, and %USERPROFILE%\Downloads, the tool intercepts installer‐dropped payloads before they execute with elevated privileges, enabling full SYSTEM […]

The post SetupHijack Tool Exploits Race Conditions and Insecure File Handling in Windows Installer Processes appeared first on Cyber Security News.

BRICKSTORM has surfaced as a highly evasive backdoor targeting organizations within the technology and legal industries, exploiting trust relationships to infiltrate critical networks. First detected in mid-2025, this malware leverages multi-stage loaders and covert communication channels to avoid detection. Early victims reported unusual latency in remote desktop sessions, prompting deeper forensic investigations. As the campaign […]

The post New BRICKSTORM Stealthy Backdoor Attacking Tech and Legal Sectors appeared first on Cyber Security News.

In recent weeks, security researchers have observed a surge in targeted attacks attributed to the COLDRIVER advanced persistent threat (APT) group. This adversary has introduced a new PowerShell-based backdoor, dubbed BAITSWITCH, which exhibits sophisticated command-and-control techniques while blending into legitimate Windows processes. Initial sightings trace back to late July 2025, when intrusion attempts against government […]

The post COLDRIVER APT Group Uses ClickFix To Deliver a New PowerShell-Based Backdoor BAITSWITCH appeared first on Cyber Security News.