Cyber Security News

The SideWinder advanced persistent threat group has emerged with a sophisticated new attack methodology that leverages ClickOnce applications to deploy StealerBot malware against diplomatic and governmental targets across South Asia. In September 2025, security researchers detected a targeted campaign affecting institutions in Sri Lanka, Pakistan, Bangladesh, and diplomatic missions based in India. The attacks represent […]

The post SideWinder Hacking Group Uses ClickOnce-Based Infection Chain to Deploy StealerBot Malware appeared first on Cyber Security News.

The Advanced Persistent Threat group MuddyWater, widely recognized as an Iran-linked espionage actor, has orchestrated a sophisticated phishing campaign targeting more than 100 government entities and international organizations across the Middle East, North Africa, and beyond. The operation, which became active in mid-August 2025, represents a significant escalation in the group’s tradecraft, introducing version 4 […]

The post MuddyWater Using New Malware Toolkit to Deliver Phoenix Backdoor Malware to International Organizations appeared first on Cyber Security News.

RedTiger is an open-source red-teaming tool repurposed by attackers to steal sensitive data from Discord users and gamers. Released in 2025 on GitHub, RedTiger bundles penetration-testing utilities, including network scanners and OSINT tools. But its infostealer module has gone rogue, with malicious payloads circulating online since early 2025. Netskope Threat Labs reported multiple variants targeting […]

The post New Red Teaming Tool RedTiger Attacking Gamers and Discord Accounts in the Wild appeared first on Cyber Security News.

Paris, France, October 24th, 2025, CyberNewsWire Arsen, the cybersecurity company dedicated to helping organizations defend against social engineering, today introduced its new Smishing Simulation module: a feature designed to let companies run realistic, large-scale SMS phishing simulations across their teams. Designed to address the growing wave of mobile-based attacks, the new module gives CISOs, MSSPs, […]

The post Arsen Launches Smishing Simulation to Help Companies Defend Against Mobile Phishing Threats appeared first on Cyber Security News.

A significant vulnerability in OpenAI’s newly released ChatGPT Atlas browser reveals that it stores unencrypted OAuth tokens in a SQLite database with overly permissive file settings on macOS, potentially allowing unauthorized access to user accounts. This flaw, discovered by Pete Johnson just days after the browser’s October 21, 2025, launch, bypasses standard encryption practices used […]

The post ChatGPT Atlas Stores OAuth Tokens Unencrypted Leads to Unauthorized Access to User Accounts appeared first on Cyber Security News.

At Pwn2Own Ireland 2025 hacking competition, cybersecurity researchers from Team Z3 have withdrawn their high-stakes demonstration of a potential zero-click remote code execution (RCE) vulnerability in WhatsApp, opting instead for a private coordinated disclosure to Meta. The event, held in Cork, Ireland, from October 21-23, featured a record-breaking $1 million bounty for such a WhatsApp […]

The post WhatsApp Exploit Privately Disclosed To Meta At The Pwn2Own Ireland appeared first on Cyber Security News.

Amazon Web Services (AWS), the backbone for countless websites and services, faced a severe outage last weekend that disrupted operations for millions. The incident, which unfolded in the early hours of October 20, 2025, exposed vulnerabilities in even the most robust systems and left users scrambling. The trouble began at 11:49 PM PDT on October […]

The post Amazon Uncovers Root Cause of Major AWS Outage That Brokes The Internet appeared first on Cyber Security News.

Email phishing attacks have reached a critical inflection point in 2025, as threat actors deploy increasingly sophisticated evasion techniques to circumvent traditional security infrastructure and user defenses. The threat landscape continues to evolve with the revival and refinement of established tactics that were once considered outdated, combined with novel delivery mechanisms that exploit gaps in […]

The post Threat Actors Advancing Email Phishing Attacks to Bypass Security Filters appeared first on Cyber Security News.

Microsoft has rolled out an out-of-band emergency patch for a remote code execution (RCE) vulnerability affecting the Windows Server Update Services (WSUS). Identified as CVE-2025-59287, the issue stems from the deserialization of untrusted data in a legacy serialization mechanism, allowing unauthorized attackers to execute arbitrary code over the network. The patch, released on October 23, […]

The post Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability appeared first on Cyber Security News.

Toys “R” Us Canada has alerted customers to a significant data breach that potentially exposed their personal information, marking another blow to consumer trust in retail data security. In emails dispatched to affected individuals this morning, the popular toy retailer revealed that unauthorized access to its databases occurred earlier this year, with stolen data surfacing […]

The post Toys “R” Us Canada Confirms Data Breach – Customers Personal Data Stolen appeared first on Cyber Security News.

Remcos, a commercial remote access tool marketed as legitimate surveillance software, has become the leading infostealer in malware campaigns during the third quarter of 2025, accounting for approximately 11 percent of detected cases. In a notable shift from traditional deployment methods, threat actors are now weaponizing this remote control and surveillance platform through sophisticated fileless […]

The post New Fileless Remcos Attacks Bypassing EDRs Malicious Code into RMClient appeared first on Cyber Security News.

The HP OneAgent software update has disconnected Windows devices from Microsoft Entra ID. As a result, users can no longer access their corporate identities. Version 1.2.50.9581 of the agent, pushed silently to HP’s Next Gen AI systems like the EliteBook X Flip G1i, deleted critical certificates, causing devices to drop their Entra join status overnight. […]

The post HP OneAgent Update Brokes Trust And Disconnect Devices From Entra ID appeared first on Cyber Security News.

Cybersecurity researchers have identified a sophisticated campaign where threat actors are leveraging compromised credentials to infiltrate Azure Blob Storage containers, targeting organizations’ critical code repositories and sensitive data. This emerging threat exploits misconfigured storage access controls to establish persistence and exfiltrate valuable intellectual property. The attack vector represents a significant shift in how threat actors […]

The post Threat Actors Attacking Azure Blob Storage to Compromise Organizational Repositories appeared first on Cyber Security News.

A new open-source tool called PDF Object Hashing is designed to detect malicious PDFs by analyzing their structural “fingerprints.” Released by Proofpoint, the tool empowers security teams to create robust threat detection rules based on unique object characteristics in PDF files. This innovation addresses the growing reliance of threat actors on PDFs for delivering malware, […]

The post New PDF Tool to Detect Malicious PDF Using PDF Object Hashing Technique appeared first on Cyber Security News.

A sophisticated information-stealing malware written in Golang has emerged, leveraging blockchain technology to establish covert command-and-control channels. SharkStealer represents a significant evolution in malware design, utilizing the BNB Smart Chain Testnet as a resilient dead-drop resolver for its C2 infrastructure. This novel approach demonstrates how threat actors exploit Web3 technologies to evade traditional detection mechanisms […]

The post SharkStealer Using EtherHiding Pattern to Resolves Communications With C2 Channels appeared first on Cyber Security News.

Microsoft 365 Exchange Online’s Direct Send feature, originally designed to enable legacy devices and applications to send emails without authentication, has become an exploitable pathway for cybercriminals conducting sophisticated phishing and business email compromise attacks. The feature allows multifunction printers, scanners, and older line-of-business applications to transmit messages by bypassing rigorous authentication and security checks, […]

The post Hackers Abuse Microsoft 365 Exchange Direct Send to Bypass Content Filters and Harvest Sensitive Data appeared first on Cyber Security News.

The Bitter APT group, also tracked as APT-Q-37 and known in China as 蔓灵花, has launched a sophisticated cyberespionage campaign targeting government agencies, military installations, and critical infrastructure across China and Pakistan. The threat actor has deployed weaponized Microsoft Office documents that exploit a previously unknown zero-day vulnerability in WinRAR archive software to install custom […]

The post Bitter APT Hackers Exploit WinRAR Zero-Day Via Weaponized Word Documents to Steal Sensitive Data appeared first on Cyber Security News.

SquareX released critical research exposing a new class of attack targeting AI browsers. The AI Sidebar Spoofing attack leverages malicious browser extensions to impersonate trusted AI sidebar interfaces, which is used to trick users into executing dangerous commands that can lead to credential theft, device hijacking, and password exfiltration. The research demonstrates how attackers can […]

The post AI Sidebar Spoofing Attack: SquareX Uncovers Malicious Extensions that Impersonate AI Browser Sidebars appeared first on Cyber Security News.

A new technique allows hackers to extract encrypted authentication tokens from Microsoft Teams on Windows, enabling unauthorized access to chats, emails, and SharePoint files. In a blog post dated October 23, 2025, Brahim El Fikhi explains how these tokens, stored in a Chromium-like Cookies database, can be decrypted using Windows’ Data Protection API (DPAPI). This […]

The post Hackers Can Access Microsoft Teams Chat and Emails by Retrieving Access Tokens appeared first on Cyber Security News.

A sophisticated information-stealing malware known as Vidar Stealer has undergone a complete architectural transformation with the release of version 2.0, introducing advanced capabilities that enable it to bypass Chrome’s latest security protections through direct memory injection techniques. Released on October 6, 2025, by its developer “Loadbaks” on underground forums, this new iteration features a complete […]

The post Vidar Stealer Bypassing Browser Security Via Direct Memory Injection to Steal Login Credentials appeared first on Cyber Security News.