Cyber Security News

A sophisticated new backdoor named SesameOp has emerged with a novel approach to command-and-control communications that fundamentally challenges traditional security assumptions. Discovered in July 2025 by Microsoft’s Incident Response and Detection and Response Team, this malware represents a significant shift in how threat actors exploit legitimate cloud services for covert operations. Rather than relying on […]

The post SesameOp Leveraging OpenAI Assistants API for Stealthy Communication with C2 Servers appeared first on Cyber Security News.

Zscaler, a leading cloud security company, has announced the acquisition of SPLX, an innovative AI security firm, to enhance its Zero Trust Exchange platform with advanced artificial intelligence protection capabilities. The acquisition aims to help organizations secure their AI investments throughout the entire development and deployment lifecycle. The integration of SPLX’s technology into Zscaler’s platform […]

The post Zscaler Acquires Enterprise AI Security Firm SPLX to Boost Zero Trust Exchange appeared first on Cyber Security News.

Cybercriminals have shifted their focus to a highly profitable target: the trucking and logistics industry. Over the past several months, a coordinated threat cluster has been actively compromising freight companies through deliberate attack chains designed to facilitate multi-million-dollar cargo theft operations. The emergence of this campaign represents a disturbing intersection of physical crime and digital […]

The post Threat Actors Leverage RMM Tools to Hack Trucking Companies and Steal Cargo Freight appeared first on Cyber Security News.

A critical remote code execution vulnerability affecting XWiki’s SolrSearch component has become the target of widespread exploitation attempts, prompting cybersecurity authorities to add it to their watchlist. The flaw allows attackers with minimal guest privileges to execute arbitrary commands on vulnerable systems, posing a significant security risk to organizations using this open-source enterprise wiki platform. […]

The post Hackers Actively Scanning Internet to Exploit XWiki Remote Code Execution Vulnerability appeared first on Cyber Security News.

Google has issued a critical security alert for Android devices, highlighting a severe zero-click vulnerability in the system’s core components that could allow attackers to execute malicious code remotely without any user interaction. Disclosed in the November 2025 Android Security Bulletin, this flaw affects multiple versions of the Android Open Source Project (AOSP) and underscores […]

The post Critical Android 0-Click Vulnerability in System Component Allows Remote Code Execution Attacks appeared first on Cyber Security News.

An ongoing malicious advertising campaign is weaponizing legitimate software downloads to deploy OysterLoader malware, previously identified as Broomstick and CleanUpLoader. This sophisticated initial access tool enables cybercriminals to establish footholds in corporate networks, ultimately serving as a delivery mechanism for the notorious Rhysida ransomware gang. The Rhysida ransomware operation has targeted enterprises since emerging from […]

The post Weaponized Putty and Teams Ads Deliver Malware Allowing Hackers to Access Network appeared first on Cyber Security News.

AMD has disclosed a critical vulnerability affecting its Zen 5 processor lineup that compromises the reliability of random number generation, a fundamental security feature in modern computing. The flaw, tracked as CVE-2025-62626, impacts the RDSEED instruction used by systems to generate cryptographically secure random numbers essential for encryption, authentication, and other security operations. The vulnerability […]

The post AMD Zen 5 Processors RDSEED Vulnerability Breaks Integrity With Randomness appeared first on Cyber Security News.

The Open VSX Registry and the Eclipse Foundation have completed their investigation into a significant security incident involving exposed developer tokens and malicious extensions. The comprehensive response reveals how the platform is strengthening defenses across the entire VS Code extension ecosystem following the breach. The security incident began when researchers at Wiz identified multiple extension […]

The post Open VSX Registry Addresses Leaked Tokens and Malicious Extensions in Wake of Security Scare appeared first on Cyber Security News.

Cybersecurity researchers and firewall monitoring services have detected a dramatic surge in reconnaissance activity targeting Windows Server Update Services (WSUS) infrastructure. Network sensors collected from security organizations, including data from Shadowserver, show a significant increase in scans directed at TCP ports 8530 and 8531 over the past week. While some scanning activity appears connected to […]

The post Hackers Actively Scanning for TCP Port 8530/8531 Linked to WSUS Vulnerability CVE-2025-59287 appeared first on Cyber Security News.

Apple released iOS 26.1 and iPadOS 26.1, addressing multiple vulnerabilities that could lead to privacy breaches, app crashes, and potential data leaks for iPhone and iPad users. The update targets devices starting from the iPhone 11 series and various iPad models, including the iPad Pro (3rd generation 12.9-inch and later), iPad Pro 11-inch (1st generation […]

The post Apple Patches Multiple Critical Vulnerabilities in iOS 26.1 and iPadOS 26.1 appeared first on Cyber Security News.

Identity compromise has become one of the most significant threats facing cloud infrastructure, particularly when attackers gain access to legitimate credentials. These valid access keys enable adversaries to bypass traditional security defenses, creating opportunities for widespread exploitation. Amazon Web Services environments have witnessed a surge in such attacks, with the Simple Email Service emerging as […]

The post New TruffleNet BEC Campaign Leverages AWS SES Using Stolen Credentials to Compromise 800+ Hosts appeared first on Cyber Security News.

Hackers can exploit Anthropic’s Claude AI to steal sensitive user data. By leveraging the model’s newly added network capabilities in its Code Interpreter tool, attackers can use indirect prompt injection to extract private information, such as chat histories, and upload it directly to their own accounts. This revelation, detailed in Rehberger’s October 2025 blog post, […]

The post Hackers Can Manipulate Claude AI APIs with Indirect Prompts to Steal User Data appeared first on Cyber Security News.

In a recent setback for Windows administrators, Microsoft’s October 2025 security update addressing a critical vulnerability in Windows Server Update Services (WSUS) has inadvertently broken hotpatching functionality on a subset of Windows Server 2025 systems. The flaw, tracked as CVE-2025-59287, allows remote code execution in WSUS environments, posing significant risks to enterprise update infrastructures. Microsoft […]

The post Microsoft Patch for WSUS Vulnerability has Broken Hotpatching on Windows Server 2025 appeared first on Cyber Security News.

A sophisticated phishing campaign has emerged, exploiting the trust placed in legitimate cloud hosting services. Threat actors are leveraging Cloudflare Pages and ZenDesk platforms to conduct large-scale credential theft operations targeting unsuspecting users. The campaign demonstrates a concerning trend where established infrastructure services become vectors for social engineering attacks. Security researchers have identified over 600 […]

The post Beware of New Phishing Attack that Abuses Cloudflare and ZenDesk Pages to Steal Logins appeared first on Cyber Security News.

Supply chain attacks targeting the JavaScript ecosystem have evolved into sophisticated operations combining domain manipulation with social engineering. On September 8, 2025, threat actors launched a coordinated phishing campaign aimed at compromising high-profile NPM developers. The attack successfully infiltrated the accounts of developer Josh Junon, known as “qix,” and targeted at least four other maintainers, […]

The post New Business Email Protection Technique Blocks the Phishing Email Behind NPM Breach appeared first on Cyber Security News.

A Ukrainian national accused of playing a key role in the notorious Conti ransomware operation has been extradited from Ireland to face federal charges in the United States. Oleksii Oleksiyovych Lytvynenko, 43, made his first court appearance in the Middle District of Tennessee following his transfer from Irish custody, where he had been held since […]

The post Conti Group Member Responsible for Deploying Ransomware Extradited to USA appeared first on Cyber Security News.

In October 2025, threat researchers at Cyble Research and Intelligence Labs uncovered a sophisticated cyber attack leveraging weaponized military documents to distribute an advanced SSH-Tor backdoor targeting defense sector personnel. The campaign centers on a deceptively simple delivery mechanism: a ZIP archive disguised as a Belarusian military document titled “ТЛГ на убытие на переподготовку.pdf” (TLG […]

The post Hackers Deliver SSH-Tor Backdoor Via Weaponized Military Documents in ZIP Files appeared first on Cyber Security News.

Proton has launched a new initiative called the Data Breach Observatory. This program reveals serious problems that exist on the internet. The cybersecurity company revealed that over 300 million stolen credentials are currently circulating on dark web cybercrime markets, putting businesses and individuals at unprecedented risk. This massive exposure highlights the growing underground economy built […]

The post Proton Exposes 300 Million Stolen Credentials Available for Sale on Dark Web Cybercrime Markets appeared first on Cyber Security News.

Microsoft has released a non-security update for Windows 11 versions 24H2 and 25H2 that introduces an unusual bug affecting one of the operating system’s most essential utilities. The update, designated as KB5067036, is causing Task Manager to continue running in the background even after users close the application. This issue has been officially acknowledged by […]

The post Windows 11 24H2/25H2 Update Causes Task Manager to be Active After Closure appeared first on Cyber Security News.

A sophisticated campaign targeting military personnel across Russia and Belarus has emerged, deploying a complex multi-stage infection chain that establishes covert remote access through Tor-based infrastructure. Operation SkyCloak represents a stealth-oriented intrusion effort aimed at the Russian Airborne Forces and Belarusian Special Forces, utilizing legitimate OpenSSH binaries and obfs4 bridges to mask communication channels while […]

The post New Operation SkyCloak Uses Powershell Tools and Hidden SSH Service to Unblock Traffic appeared first on Cyber Security News.