Cyber Security News

The Shai Hulud 2.0 worm, first detected on November 24, 2025, has compromised nearly 1,200 organizations, including major banks, government bodies, and Fortune 500 technology firms. While initial reports described it as a simple npm supply chain attack that flooded GitHub with spam repositories, new analysis reveals a far more sophisticated operation. Entro Security researchers […]

The post Shai Hulud 2.0 Compromises 1,200+ Organizations, Exposing Critical Runtime Secrets appeared first on Cyber Security News.

A sophisticated, complex new cyber offensive has emerged from the “Scattered Lapsus$ Hunters,” a threat collective that has aggressively shifted toward exploiting supply-chain vulnerabilities. This latest campaign targets Zendesk, a critical customer support platform, effectively turning a trusted business tool into a launchpad for corporate spying. The attackers have successfully registered over 40 typosquatted domains, […]

The post Scattered Lapsus$ Hunters Registered 40+ Domains Mimicking Zendesk Environments appeared first on Cyber Security News.

Hidden vulnerabilities in legacy code often create unseen risks for modern development environments. One such issue recently surfaced within the Python ecosystem, where outdated bootstrap scripts associated with the zc.buildout tool expose users to domain takeover attacks. These scripts, designed to automate the installation of package dependencies, contain hardcoded references to external domains that are […]

The post Vulnerable Codes in Legacy Python Packages Enables Attacks on Python Package Index Via Domain Compromise appeared first on Cyber Security News.

Digital calendars have become indispensable tools for managing personal and professional schedules. Users frequently subscribe to external calendars for public holidays, sports schedules, or community events to keep their agendas up to date. While these subscriptions offer convenience, they create a persistent connection between a user’s device and an external server. If the domain hosting […]

The post Over 390 Abandoned iCalendar Sync Domains Could Expose ~4 Million Devices to Security Risks appeared first on Cyber Security News.

Alisa Viejo, CA, USA, November 27th, 2025, CyberNewsWire Gartner has recognized One Identity as a Visionary in the 2025 Gartner Magic Quadrant for Privileged Access Management (PAM).  In a rapidly transforming market, innovation and demonstrated performance continue to shape expectations. The placement as a Visionary reflects what the company observes across its customer and partner ecosystem, […]

The post One Identity Safeguard Named a Visionary in the 2025 Gartner Magic Quadrant for PAM appeared first on Cyber Security News.

New API capabilities and AI-powered Threat Encyclopedia eliminate manual audit preparation, providing real-time compliance evidence and instant threat intelligence Quttera today announced major enhancements to its Web Malware Scanner API that transform static security scanning into automated compliance evidence. The update introduces real-time evidence streaming and compliance mapping, directly addressing the manual burden of audit […]

The post Quttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0V appeared first on Cyber Security News.

The software supply chain is under siege from “Shai Hulud v2,” a sophisticated malware campaign that has compromised 834 packages across the npm and Maven ecosystems. This new wave specifically targets GitHub Actions workflows, exploiting pull_request_target triggers to inject malicious code into widely used libraries. The attack has impacted major projects like PostHog, Zapier, and […]

The post Shai Hulud v2 Exploits GitHub Actions Workflows as Attack Vector to Steal Secrets appeared first on Cyber Security News.

The “Korean Leaks” campaign has emerged as one of the most sophisticated supply chain attacks targeting South Korea’s financial sector in recent memory. This operation combined the capabilities of the Qilin Ransomware-as-a-Service (RaaS) group with potential involvement from North Korean state-affiliated actors known as Moonstone Sleet. The attackers leveraged a compromised Managed Service Provider (MSP) […]

The post Qilin RaaS Exposed 1 Million Files and 2 TB of Data Linked to Korean MSP Breach appeared first on Cyber Security News.

GitLab’s Vulnerability Research team has uncovered a large-scale supply chain attack spreading a destructive malware variant through the npm ecosystem. The malware, an evolved version of “Shai-Hulud,” contains a dangerous feature that threatens to destroy user data if attackers lose control of their infrastructure. The malware spreads through infected npm packages using a multi-stage process. […]

The post Dead Man’s Switch – Widespread npm Supply Chain Attack Driving Malware Attacks appeared first on Cyber Security News.

An urgent security update for its DGX Spark AI workstation after discovering 14 vulnerabilities in the system’s firmware that could allow attackers to execute malicious code and launch denial-of-service attacks. The most severe flaw has a CVSS score of 9.3 and affects all DGX Spark devices running versions before the new OTA0 update. The vulnerabilities […]

The post NVIDIA DGX Spark Vulnerabilities Let Attackers Execute Malicious Code and DoS Attacks appeared first on Cyber Security News.

KawaiiGPT emerges as an accessible, open-source tool that mimics the controversial WormGPT, providing unrestricted AI assistance via jailbroken large language models. Hosted on GitHub with over 188 stars and 52 forks, it requires no API keys and installs quickly on Linux or Termux environments.​ Users can deploy KawaiiGPT in minutes by updating packages, installing Python […]

The post KawaiiGPT – Free WormGPT Variant Leveraging DeepSeek, Gemini, and Kimi-K2 AI Models appeared first on Cyber Security News.

A major security threat has emerged targeting software developers worldwide. North Korean state-sponsored threat actors, operating under the “Contagious Interview” campaign, are systematically spreading malicious packages across npm, GitHub, and Vercel infrastructure to deliver OtterCookie malware. This sophisticated multi-stage operation demonstrates how threat actors have adapted their tools to target modern JavaScript and Web3 development […]

The post North Korean Hackers Exploiting npm, GitHub, and Vercel to Deliver OtterCookie Malware appeared first on Cyber Security News.

GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE) to address multiple high-severity vulnerabilities. The patches, rolled out in versions 18.6.1, 18.5.3, and 18.4.5, fix security flaws that could allow attackers to bypass authentication, steal user credentials, or crash servers through Denial-of-Service (DoS) attacks. Security experts and GitLab administrators are being urged […]

The post Gitlab Patches Multiple Vulnerabilities that Enable Authentication Bypass and DoS Attacks appeared first on Cyber Security News.

Since its release in October, Battlefield 6 has become one of the year’s most anticipated game launches. However, cybercriminals have quickly seized on this popularity to distribute malicious software. Attackers have created fake cracked versions of the game and fraudulent game trainers, spreading them across torrent websites and underground forums to target unsuspecting players and […]

The post Hackers Exploiting Fake Battlefield 6 Popularity to Deploy Stealers and C2 Agents appeared first on Cyber Security News.

A threat actor operating under the alias ResearcherX has posted what they claim to be a full‑chain zero‑day exploit targeting Apple’s recently released iOS 26 operating system. The listing, which appeared on a prominent dark web marketplace, alleges that the exploit leverages a critical memory‑corruption vulnerability within the iOS Message Parser. If proven genuine, this […]

The post Threat Actors Allegedly Listed iOS 26 Full‑Chain 0‑Day Exploit on Dark Web appeared first on Cyber Security News.

Cybercriminals are successfully targeting Apple users through a sophisticated social engineering scheme that tricks victims into running harmful commands on their computers. The threat, called FlexibleFerret, is attributed to North Korean operators and represents a continuing evolution of the Contagious Interview campaign that has been active throughout 2025. The malware primarily spreads through fake job […]

The post Hackers Tricks macOS Users to Execute Command in Terminal to Deliver FlexibleFerret Malware appeared first on Cyber Security News.

A new Malware-as-a-Service (MaaS) threat named “Olymp Loader” appeared in June 2025, aggressively advertised on underground hacker forums like XSS and HackForums. Advertised by an operator known as “OLYMPO,” this malware is marketed as a sophisticated tool written entirely in Assembly language. This marketing strategy aims to attract cybercriminals by claiming high performance and resistance […]

The post New Malware-as-a-Service Olymp Loader Advertised on Hacker Forums with It’s Anti-analysis and Detection Features appeared first on Cyber Security News.

A significant gap in Microsoft Teams’ B2B guest access allows attackers to bypass Defender for Office 365 protections, creating unprotected zones for phishing and malware delivery. At Cybersecurity News, we recently highlighted how Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks. This architectural issue, highlighted by Ontinue, stems from […]

The post Microsoft Teams Guest Chat Vulnerability Exposes Users to Malware Attack appeared first on Cyber Security News.

A newly discovered critical vulnerability in the Next.js framework allows attackers to crash self-hosted servers using a single HTTP request, requiring negligible resources to execute. Discovered by researchers at Harmony Intelligence, the denial-of-service (DoS) flaw affects widespread versions of the framework, including the latest 15.x branch prior to the patch.​ The vulnerability resides in the […]

The post New Unauthenticated DoS Vulnerability Crashes Next.js Servers with a Single Request appeared first on Cyber Security News.

The Democratic People’s Republic of Korea (DPRK) has intensified its global cyber operations, systematically violating United Nations Security Council resolutions through large-scale cyberattacks, cryptocurrency theft, and cross-border money laundering schemes. According to the Multilateral Sanctions Monitoring Team (MSMT) report, North Korean hackers stole at least USD 1.19 billion in cryptocurrency during 2024 and an additional […]

The post North Korean Hackers Evade UN Sanctions Leveraging Cyber Capabilities, IT Workers and Crypto Activities appeared first on Cyber Security News.