Cyber Security News

A sophisticated supply chain attack has emerged targeting developers through a malicious Go module package that masquerades as a legitimate SSH brute forcing tool while covertly stealing credentials for cybercriminal operations. The package, named “golang-random-ip-ssh-bruteforce,” presents itself as a fast SSH brute forcer but contains hidden functionality that exfiltrates successful login credentials to a Telegram […]

The post Malicious Go Module Package as Fast SSH Brute Forcer Exfiltrates Passwords via Telegram appeared first on Cyber Security News.

A sophisticated South Asian Advanced Persistent Threat (APT) group has been conducting an extensive espionage campaign targeting military personnel and defense organizations across Sri Lanka, Bangladesh, Pakistan, and Turkey. The threat actors have deployed a multi-stage attack framework combining targeted phishing operations with novel Android malware to compromise the mobile devices of military-adjacent individuals. The […]

The post South Asian APT Hackers Using Novel Tools to Compromise Phones of Military-Adjacent Members appeared first on Cyber Security News.

The National Institute of Standards and Technology (NIST) has unveiled a comprehensive concept paper outlining proposed NIST SP 800-53 Control Overlays for Securing AI Systems, marking a significant milestone in establishing standardized cybersecurity frameworks for artificial intelligence applications.  Released on August 14, 2025, this initiative addresses the growing need for structured risk management approaches in […]

The post NIST Releases Control Overlays to Manage Cybersecurity Risks in Use and Developments of AI Systems appeared first on Cyber Security News.

Telecommunications giant Colt Technology Services has confirmed that customer data was compromised in a sophisticated cyber attack that began on August 12, 2025.  The company disclosed that threat actors accessed sensitive files containing customer information and subsequently posted document titles on the dark web, prompting immediate containment measures and law enforcement notification. Key Takeaways1. Colt […]

The post Colt Confirms Customer Data Stolen in Ransomware Attack appeared first on Cyber Security News.

A critical vulnerability in Microsoft Azure’s API Connection infrastructure enabled attackers to compromise resources across different Azure tenants worldwide.  The flaw, which earned Gulbrandsrud a $40,000 bounty and a Black Hat presentation slot, exploited Azure’s shared API Management (APIM) instance architecture to gain unauthorized access to Key Vaults, Azure SQL databases, and third-party services like […]

The post Azure’s Default API Connection Vulnerability Enables Full Cross-Tenant Compromise appeared first on Cyber Security News.

Cybersecurity researchers have identified a sophisticated social engineering technique called ClickFix that has been rapidly gaining traction among threat actors since early 2024. This deceptive attack method targets both Windows and macOS devices, tricking users into executing malicious commands through seemingly legitimate technical troubleshooting procedures. The technique has been observed in campaigns affecting thousands of […]

The post Microsoft Warns of Hackers Using ClickFix Technique to Attack Windows and macOS Devices appeared first on Cyber Security News.

Linux environments, long considered bastions of security, are facing a sophisticated new threat that challenges traditional assumptions about operating system safety. A recently discovered malware campaign exploits an ingenious attack vector that weaponizes RAR archive filenames to deliver the VShell backdoor, demonstrating how attackers are evolving beyond conventional exploitation techniques to target scripting patterns and […]

The post New Linux Malware With Weaponized RAR Archive Deploys VShell Backdoor appeared first on Cyber Security News.

The Anatsa banking trojan, also known as TeaBot, continues to evolve as one of the most sophisticated Android malware threats targeting financial institutions worldwide. First discovered in 2020, this malicious software has demonstrated remarkable persistence in infiltrating Android devices through the official Google Play Store, where it masquerades as legitimate document reading applications to steal […]

The post Anatsa Malware Attacking Android Devices to Steal Login Credentials and Monitor Keystrokes appeared first on Cyber Security News.

Artificial intelligence systems can automatically generate functional exploits for newly published Common Vulnerabilities and Exposures (CVEs) in just 10-15 minutes at approximately $1 per exploit.  This breakthrough significantly compresses the traditional “grace period” that defenders typically rely on to patch vulnerabilities before working exploits become available. The research, conducted by security experts Efi Weiss and […]

The post AI Systems Can Generate Working Exploits for Published CVEs in 10-15 Minutes appeared first on Cyber Security News.

A critical vulnerability in OpenAI’s latest flagship model, ChatGPT-5, allows attackers to sidestep its advanced safety features using simple phrases. The flaw, dubbed “PROMISQROUTE” by researchers at Adversa AI, exploits the cost-saving architecture that major AI vendors use to manage the immense computational expense of their services. The vulnerability stems from an industry practice that […]

The post ChatGPT-5 Downgrade Attack Let Hackers Bypass AI Security With Just a Few Words appeared first on Cyber Security News.

A stealthy campaign emerged in early March 2025 that capitalized on a critical remote code execution flaw in GeoServer (CVE-2024-36401) to compromise publicly exposed geospatial servers. Attackers exploited JXPath query injection within Apache Commons libraries, allowing arbitrary code execution through crafted XML requests. This vector enabled the silent deployment of customized executables that leveraged legitimate […]

The post Threat Actors Gaining Access to Victims’ Machines and Monetizing Access to Their Bandwidth appeared first on Cyber Security News.

Cybersecurity researchers have observed a surge in phishing campaigns leveraging QR codes to deliver malicious payloads. This emerging threat, often dubbed “quishing,” exploits the opaque nature of QR codes to conceal harmful URLs that redirect victims to credential-harvesting sites or malware downloads. Unlike traditional phishing links that can be flagged by email gateways, QR codes […]

The post Hackers Weaponize QR Codes Embedded with Malicious Links to Steal Sensitive Information appeared first on Cyber Security News.

Cybercriminals have discovered a new avenue for malicious activities by exploiting Lovable, an AI-powered website creation platform, to develop sophisticated phishing campaigns and malware delivery systems. The platform, designed to democratize web development through natural language prompts, has inadvertently become a tool for threat actors seeking to create convincing fraudulent websites with minimal technical expertise. […]

The post Threat Actors Abuse AI Website Creation App to Deliver Malware appeared first on Cyber Security News.

In recent weeks, the cybersecurity community has witnessed the rapid emergence of Warlock, a novel ransomware strain that weaponizes unpatched Microsoft SharePoint servers to infiltrate enterprise networks. Initial analysis reveals that threat actors exploit publicly exposed SharePoint instances via specially crafted HTTP POST requests, deploying web shells that grant remote code execution within the target […]

The post Warlock Ransomware Exploiting SharePoint Vulnerabilities to Gain Access and Steal Credentials appeared first on Cyber Security News.

Security researchers have uncovered a novel malware delivery chain in recent weeks that leverages the Internet Archive’s legitimate infrastructure to host obfuscated payloads. The attack begins with a seemingly innocuous JScript file delivered via malspam, which in turn invokes a PowerShell loader. This PowerShell script reaches out to the Internet Archive (archive.org) to retrieve a […]

The post Internet Archive Abused for Hosting Stealthy JScript Loader Malware appeared first on Cyber Security News.

Mozilla has released Firefox 142 to address multiple high-severity security vulnerabilities that could allow attackers to execute arbitrary code remotely on affected systems.  The security advisory, published on August 19, 2025, reveals nine distinct vulnerabilities ranging from sandbox escapes to memory safety bugs, with several classified as high-impact threats capable of enabling remote code execution […]

The post Mozilla High Severity Vulnerabilities Enables Remote Code Execution appeared first on Cyber Security News.

A sophisticated cyber espionage campaign attributed to APT MuddyWater has emerged targeting Chief Financial Officers and finance executives across Europe, North America, South America, Africa, and Asia. The threat actors are deploying a multi-stage phishing operation that masquerades as legitimate recruitment communications from Rothschild & Co, leveraging Firebase-hosted phishing pages with custom CAPTCHA challenges to […]

The post APT MuddyWater Attacking CFOs Leveraging OpenSSH, Enables RDP, and Scheduled Task appeared first on Cyber Security News.

A critical pre-handshake vulnerability in the LSQUIC QUIC implementation that allows remote attackers to crash servers through memory exhaustion attacks.  The vulnerability, designated CVE-2025-54939 and dubbed “QUIC-LEAK,” affects the second most widely used QUIC implementation globally, potentially impacting over 34% of HTTP/3-enabled websites that rely on LiteSpeed technologies. Key Takeaways1. CVE-2025-54939 allows remote DoS via […]

The post New QUIC-LEAK Vulnerability Let Attackers Exhaust Server Memory and Trigger DoS Attack appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated new threat campaign that leverages a seemingly legitimate PDF editor application to transform infected devices into residential proxies. The malicious software, distributed under the guise of productivity tools, represents an evolving approach by threat actors who are increasingly exploiting trusted software categories to establish persistent network access and monetize […]

The post Threat Actors Weaponize PDF Editor With New Torjan to Turn Device Into Proxy appeared first on Cyber Security News.

The Kali Linux team has announced a significant enhancement of its Vagrant image build process, streamlining development and simplifying deployment for users. In a move to unify its infrastructure, the team has transitioned from HashiCorp’s Packer to DebOS for generating its pre-configured Vagrant virtual machines. The release also includes a handy cheat sheet to get […]

The post Kali Vagrant Rebuilt Released – Pre-configured DebOS VMs via Command Line appeared first on Cyber Security News.