Cyber Security News

A sophisticated malware campaign has been identified, utilizing PipeMagic, a highly modular backdoor deployed by the financially motivated threat actor Storm-2460.  This advanced malware masquerades as a legitimate open-source ChatGPT Desktop Application while exploiting the zero-day vulnerability CVE-2025-29824 in Windows Common Log File System (CLFS) to deploy ransomware across multiple sectors globally. Key Takeaways1. PipeMagic […]

The post PipeMagic Malware Mimic as ChatGPT App Exploits Windows Vulnerability to Deploy Ransomware appeared first on Cyber Security News.

Enterprise security strategies have evolved dramatically to address modern threats, yet SSH keys—critical cryptographic credentials that provide direct access to mission-critical systems—remain largely ungoverned and poorly managed across organizations. Despite their fundamental role in securing remote access to servers, cloud infrastructure, and automated processes, SSH keys represent one of the most significant blind spots in […]

The post SSH Keys Are Crucial for Secure Remote Access but Often Remain a Blind Spot in Enterprise Security appeared first on Cyber Security News.

A sophisticated new threat campaign has emerged targeting cryptocurrency developers through malicious npm packages designed to steal sensitive credentials and wallet information. The attack, dubbed “Solana-Scan” by researchers, specifically targets the Solana cryptocurrency ecosystem by masquerading as legitimate software development kits and scanning tools. The campaign centers around multiple malicious npm packages, including “solana-pump-test” and […]

The post Crypto Developers Attacked With Malicious npm Packages to Steal Login Details appeared first on Cyber Security News.

CISA has issued a critical warning regarding a high-severity OS command injection vulnerability in Trend Micro Apex One Management Console that threat actors are actively exploiting in the wild.  The vulnerability, tracked as CVE-2025-54948 and classified under CWE-78, poses significant risks to organizations running on-premise installations of the enterprise security platform. Key Takeaways1. CISA confirms […]

The post CISA Warns of Trend Micro Apex One OS Command Injection Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A sophisticated attack campaign uncovered where cybercriminals are weaponizing Cisco’s own security infrastructure to conduct phishing attacks.  The attackers are exploiting Cisco Safe Links technology, designed to protect users from malicious URLs, to evade detection systems and bypass network filters by leveraging the trust associated with Cisco’s security brand. Key Takeaways1. Attackers use legitimate Cisco […]

The post Hackers Exploit Cisco Secure Links to Evade Link Scanners and Bypass Network Filters appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated malware campaign exploiting Microsoft Help Index Files (.mshi) to deliver the notorious PipeMagic backdoor, marking a significant evolution in the threat actors’ tactics since the malware’s first detection in 2022. The campaign, which has targeted organizations across Saudi Arabia and Brazil throughout 2025, demonstrates the attackers’ continued refinement of […]

The post Threat Actors Abuse Microsoft Help Index File to Execute PipeMagic Malware appeared first on Cyber Security News.

The U.S. Department of Justice (DoJ) announced the seizure of over $2.8 million in cryptocurrency, $70,000 in cash, and a luxury vehicle linked to Zeppelin ransomware operations.  The warrants were unsealed on August 14, 2025, in federal courts across Virginia, California, and Texas.  Authorities allege that the assets belong to Ianis Aleksandrovich Antropenko, who has […]

The post DoJ Seizes $2.8 Million in Crypto From Zeppelin Ransomware Operators appeared first on Cyber Security News.

A sophisticated supply chain attack targeting Python developers has emerged through a seemingly innocuous package named termncolor, which conceals a multi-stage malware operation designed to establish persistent access on compromised systems. The malicious package, distributed through the Python Package Index (PyPI), masquerades as a legitimate terminal color utility while secretly deploying advanced backdoor capabilities that […]

The post Weaponized Python Package Termncolor Attacking Leverages Windows Run Key to Maintain Persistence appeared first on Cyber Security News.

Cybersecurity researchers have identified an alarming trend where threat actors are increasingly leveraging Telegram’s Bot API infrastructure as a covert communication channel for data exfiltration. This sophisticated attack methodology combines traditional phishing techniques with legitimate messaging services to bypass conventional security controls and establish persistent command-and-control operations. The malicious campaigns utilize fake login pages crafted […]

The post Threats Actors Using Telegram as The Communication Channel to Exfiltrate The Stolen Data appeared first on Cyber Security News.

A series of critical vulnerabilities across multiple internal Intel websites allowed for the complete exfiltration of the company’s global employee database and access to confidential supplier information. The flaws, stemming from basic security oversights, exposed the personal details of over 270,000 Intel employees and workers. The investigation from Eaton Works revealed that at least four […]

The post Intel Websites Exploited to Hack Every Intel Employee and View Confidential Data appeared first on Cyber Security News.

Bragg Gaming Group has confirmed a significant cybersecurity incident that compromised the company’s internal IT infrastructure early Saturday morning, August 16, 2025.  The online gaming technology provider discovered unauthorized network intrusion attempts that successfully breached their security perimeter, prompting immediate activation of incident response protocols. Key Takeaways1. Bragg Gaming Group experienced a cybersecurity breach with […]

The post Bragg Confirms Cyber Attack – Hackers Accessed Internal IT Systems appeared first on Cyber Security News.

A sophisticated new cybercriminal technique known as “ghost-tapping” has emerged as a significant threat to contactless payment systems, enabling Chinese-speaking threat actors to exploit stolen payment card details linked to mobile wallet services such as Apple Pay and Google Pay. This innovative attack vector leverages Near Field Communication (NFC) relay tactics to facilitate retail fraud, […]

The post New Ghost-tapping Attacks Steal Customers’ Cards Linked to Services Like Apple Pay and Google Pay appeared first on Cyber Security News.

A critical vulnerability in the Linux kernel’s netfilter ipset subsystem has been discovered that allows local attackers to escalate privileges to root-level access.  The flaw, identified in the bitmap:ip implementation within the ipset framework, stems from insufficient range validation when processing CIDR notation in IP address ranges.  This missing bounds check enables attackers to trigger […]

The post Linux Kernel Netfilter Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

San Francisco, CA – August 12, 2025 — Addressing the growing demand for data privacy in financial workflows, X-VPN has rolled out an update to its mobile application, now offering free users the ability to manually choose from 26 server regions globally. In addition, the previously paywalled Kill Switch feature is now unlocked for all […]

The post X-VPN’s August Update Lets Mobile Users Choose Servers in 26 Regions with Military-Grade AES-256 Encryption appeared first on Cyber Security News.

APT SideWinder, also known as Rattlesnake, Razor Tiger, and T-APT-04, is a nation-state advanced persistent threat (APT) group active since at least 2012 and believed to originate from India. Noted for targeting military, government, and strategic business entities, particularly in South Asia, SideWinder’s operational footprint has recently expanded to critical infrastructure in the Middle East […]

The post APT SideWinder Actor Profile – Recent Attacks, Tactics, Techniques, and Procedures appeared first on Cyber Security News.

Over 1,000 exposed and unpatched N-able N-central Remote Monitoring and Management (RMM) servers are vulnerable to two newly disclosed zero-day vulnerabilities – CVE-2025-8875 and CVE-2025-8876.  As of August 15, 2025, exactly 1,077 unique IPs have been identified as running outdated N-central versions, presenting a significant risk to managed service providers (MSPs) and their clients.  These […]

The post 1000+ Exposed N-able N-central RMM Servers Unpatched for 0-Day Vulnerabilities appeared first on Cyber Security News.

Oracle has announced the release of VirtualBox 7.2, a major update to the popular open-source virtualization platform that introduces significant enhancements for Windows 11/Arm virtualization, comprehensive GUI improvements, and numerous bug fixes.  Released on August 14, 2025, this version marks a substantial advancement in cross-platform virtualization capabilities, particularly targeting the growing Arm-based computing ecosystem while […]

The post VirtualBox 7.2 Released With Support for Windows 11/Arm VMs and 50 Bug Fixes appeared first on Cyber Security News.

A critical security vulnerability has been discovered in Rockwell Automation’s ControlLogix Ethernet communication modules, potentially allowing remote attackers to execute arbitrary code on industrial control systems.  The vulnerability, tracked as CVE-2025-7353, affects multiple ControlLogix Ethernet modules and carries a maximum CVSS score of 9.8, indicating severe security implications for industrial automation environments.  Key Takeaways1. Critical […]

The post Rockwell ControlLogix Ethernet Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

Use-after-free (UAF) vulnerabilities represent one of the most critical and prevalent security threats in modern software systems, particularly affecting applications written in memory-unsafe languages like C and C++. These vulnerabilities occur when a program continues to use a memory location after it has been freed, creating opportunities for attackers to manipulate program execution flow, corrupt […]

The post What is Use-After-Free Vulnerability? – Impact and Mitigation appeared first on Cyber Security News.

Workday, a leading provider of enterprise cloud applications for finance and human resources, has confirmed it was the target of a sophisticated social engineering campaign that resulted in a data breach via a third-party Customer Relationship Management (CRM) platform. The company emphasized that the incident did not compromise customer data or tenants. In a recent […]

The post HR Giant Workday Discloses Data Breach After Hackers Compromise Third-Party CRM appeared first on Cyber Security News.