Cyber Security News

A sophisticated new ransomware operation dubbed BlackLock has emerged as a significant threat to organizations worldwide, demonstrating advanced cross-platform capabilities and targeting diverse computing environments.  Originally operating under the name “El Dorado” since March 2024, the group rebranded to BlackLock in September 2024, establishing itself as a formidable player in the ransomware landscape with victims […]

The post BlackLock Ransomware Attacking Windows, Linux, and VMware ESXi Environments appeared first on Cyber Security News.

This week in cybersecurity, researchers exposed hidden alliances between ransomware groups, the rise of AI-powered phishing platforms, and large-scale vulnerabilities affecting telecom and enterprise systems. Major data breaches at financial services and luxury brands highlighted insider threats and supply chain risks, while arrests of Scattered Spider hackers signaled rare law enforcement wins. From botnets hijacking […]

The post Cybersecurity Newsletter Weekly – Shai Halud Attack, Ivanti Exploits, FinWise, BMW Data Leak, and More appeared first on Cyber Security News.

A new proof-of-concept tool named EDR-Freeze has been developed, capable of placing Endpoint Detection and Response (EDR) and antivirus solutions into a suspended “coma” state. According to Zero Salarium, the technique leverages a built-in Windows function, offering a stealthier alternative to the increasingly popular Bring Your Own Vulnerable Driver (BYOVD) attacks used by threat actors […]

The post New EDR-Freeze Tool That Puts EDRs and Antivirus Into A Coma State appeared first on Cyber Security News.

A major cyberattack on a popular aviation software provider has caused significant disruptions at key European airports, including London’s Heathrow, Brussels, and Berlin, resulting in hundreds of flight delays and cancellations on Saturday. The attack disabled electronic check-in and baggage drop systems, forcing airport staff to revert to manual processing and leaving thousands of passengers […]

The post Heathrow and Other European Airports Hit by Cyberattack, Several Flights Delayed appeared first on Cyber Security News.

AI-powered malware, known as ‘MalTerminal’, uses OpenAI’s GPT-4 model to dynamically generate malicious code, including ransomware and reverse shells, marking a significant shift in how threats are developed and deployed. This discovery follows the recent analysis of PromptLock, another AI-driven malware, indicating a clear trend toward adversaries weaponizing large language models (LLMs). This discovery was […]

The post First-ever AI-powered ‘MalTerminal’ Malware Uses OpenAI GPT-4 to Generate Ransomware Code appeared first on Cyber Security News.

The cybersecurity landscape in 2025 has been marked by an unprecedented surge in zero-day vulnerabilities actively exploited by threat actors. According to recent data, more than 23,600 vulnerabilities were published in the first half of 2025 alone, representing a 16% increase over 2024. This alarming trend has seen sophisticated threat actors, including nation-state groups and […]

The post Top Zero-Day Vulnerabilities Exploited in the Wild in 2025 appeared first on Cyber Security News.

A threat actor has been observed advertising a new Remote Access Trojan (RAT) on underground forums, marketing it as a fully undetectable (FUD) alternative to the legitimate remote access tool, ScreenConnect. The malware is being sold with a suite of advanced features designed to bypass modern security defenses, signaling a growing trend in sophisticated, ready-to-use […]

The post Threat Actors Selling New Undetectable RAT as ’ScreenConnect FUD Alternative’ appeared first on Cyber Security News.

New York, New York, September 19th, 2025, CyberNewsWire BreachLock, the global leader in offensive security, has been recognized as a Sample Vendor for Penetration Testing as a Service (PTaaS) in the 2025 Gartner Hype Cycle for Application Security. The company was also recognized as a sample vendor for Adversarial Exposure Validation (AEV) in the Gartner […]

The post BreachLock Named Sample Vendor for PTaaS and AEV in Two New 2025 Gartner® Reports appeared first on Cyber Security News.

Phishing campaigns have long relied on social engineering to dupe unsuspecting users, but recent developments have elevated these attacks to a new level of sophistication. Attackers now harness advanced content-generation platforms to craft highly personalized emails and webpages, blending genuine corporate branding with contextually relevant messages. These platforms analyze public social media profiles, corporate press […]

The post Phishing Attacks Using AI-Powered Platforms to Misleads Users and Evades Security Tools appeared first on Cyber Security News.

In today’s rapidly evolving digital landscape, APIs (Application Programming Interfaces) have become the backbone of online business, connecting services, and enabling new customer experiences. However, as the API footprint grows, so does the attack surface making robust API security testing a critical pillar of enterprise cyber defense in 2025. Whether you’re a security analyst, DevSecOps […]

The post Top 10 Best API Security Testing Tools in 2025 appeared first on Cyber Security News.

A critical authentication bypass vulnerability has emerged in Nokia’s CloudBand Infrastructure Software (CBIS) and Nokia Container Service (NCS) Manager API, designated as CVE-2023-49564. This high-severity flaw, scoring 9.6 on the CVSS v3.1 scale, enables unauthorized attackers to circumvent authentication mechanisms through specially crafted HTTP headers, potentially granting complete access to restricted API endpoints without valid […]

The post Nokia CBIS/NCS Manager API Vulnerability Let Attackers Bypass Authentication appeared first on Cyber Security News.

In early 2025, cybersecurity researchers observed an unprecedented collaboration between two Russian APT groups targeting Ukrainian organizations. Historically, Gamaredon has focused on broad spear-phishing campaigns against government and critical infrastructure, while Turla has specialized in high-value cyberespionage using sophisticated implants. Their joint operations mark a significant escalation: Gamaredon gains initial access using its established toolkit, […]

The post Russian Hacking Groups Gamaredon and Turla Attacking Organizations to Deploy Kazuar Backdoor appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding sophisticated malware campaigns targeting Ivanti Endpoint Manager Mobile (EPMM) systems. Cybercriminals are actively exploiting two critical vulnerabilities, CVE-2025-4427 and CVE-2025-4428, to deploy advanced persistent threats that enable complete system compromise and arbitrary code execution on targeted servers. The attack campaign emerged shortly […]

The post CISA Warns of Hackers Exploiting Ivanti Endpoint Manager Mobile Vulnerabilities to Deploy Malware appeared first on Cyber Security News.

ChatGPT agents can be manipulated into bypassing their own safety protocols to solve CAPTCHA, raising significant concerns about the robustness of both AI guardrails and widely used anti-bot systems. The SPLX findings show that through a technique known as prompt injection, an AI agent can be tricked into breaking its built-in policies, successfully solving not […]

The post ChatGPT Tricked Into Bypassing CAPTCHA Security and Enterprise Defenses appeared first on Cyber Security News.

The emergence of a new campaign weaponizing legitimate remote monitoring and management software has alarmed security teams worldwide. Attackers are distributing trojanized installers for ConnectWise ScreenConnect—now known as ConnectWise Control—to deliver dual payloads: the widely used AsyncRAT and a custom PowerShell-based RAT. By leveraging trusted software footprints and open directories, adversaries bypass signature-based defenses and […]

The post Beware of Weaponized ScreenConnect App That Delivers AsyncRAT and PowerShell RAT appeared first on Cyber Security News.

Cybersecurity researchers have identified a potential connection between two Yemen-based cybercriminal organizations, the Belsen Group and ZeroSevenGroup, following an extensive investigation into their operational patterns and attack methodologies. The discovery comes amid growing concerns about sophisticated network intrusion campaigns targeting critical infrastructure and enterprise systems across multiple continents. The Belsen Group first emerged in January […]

The post Researchers Uncover Link Between Belsen and ZeroSeven Cybercriminal Groups appeared first on Cyber Security News.

The emergence of the SystemBC botnet marks a significant evolution in proxy-based criminal infrastructure. Rather than co-opt residential devices for proxying, SystemBC operators have shifted to compromising large commercial Virtual Private Servers (VPS), enabling high-volume proxy services with minimal disruption to end users. In recent months, Lumen Technologies has observed an average of 1,500 newly […]

The post SystemBC Botnet Hacked 1,500 VPS Servers Daily to Hire for DDoS Attack appeared first on Cyber Security News.

A newly disclosed flaw in HubSpot’s open-source Jinjava template engine could allow attackers to bypass sandbox restrictions and achieve remote code execution (RCE) on thousands of websites relying on versions prior to 2.8.1.  Tracked as CVE-2025-59340 and rated Critical with a CVSS v3.1 score of 10.0, the issue stems from JavaType‐based deserialization, enabling threat actors […]

The post HubSpot’s Jinjava Engine Vulnerability Exposes Thousands of Websites to RCE Attacks appeared first on Cyber Security News.

Luxury jewelry brand Tiffany and Company has confirmed a data breach that resulted in the theft of customers’ personal information. The company is in the process of sending out notification letters to affected individuals, detailing the scope of the incident and the data that was compromised. According to the notification, Tiffany experienced a “cybersecurity issue” […]

The post Luxury Jewelry Creator Tiffany Confirms Data breach – Hackers Stolen Users Personal Information appeared first on Cyber Security News.

In recent months, security teams have observed the emergence of a sophisticated malware loader, dubbed CountLoader, which leverages weaponized PDF files to deliver ransomware payloads. First detected in late August 2025, CountLoader is linked to multiple Russian-speaking cybercriminal groups, including affiliates of LockBit, BlackBasta, and Qilin. By masquerading as legitimate documents—often impersonating Ukrainian law enforcement—this […]

The post New Malware Loader ‘CountLoader’ Weaponized PDF File to Deliver Ransomware appeared first on Cyber Security News.