Cyber Security News

A newly introduced feature in ChatGPT that allows it to connect with personal data applications can be exploited by attackers to exfiltrate private information from a user’s email account. The attack requires only the victim’s email address and leverages a malicious calendar invitation to hijack the AI agent. On Wednesday, OpenAI announced that ChatGPT would […]

The post ChatGPT’s New Support for MCP Tools Let Attackers Exfiltrate All Private Details From Email appeared first on Cyber Security News.

The notorious APT-C-24 threat actor group, commonly known as Sidewinder or Rattlesnake, has evolved its attack methodology by deploying sophisticated LNK file-based phishing campaigns targeting government, energy, military, and mining sectors across South Asia. Active since 2012, this advanced persistent threat organization has shifted away from its traditional exploitation of Microsoft Office vulnerabilities, instead embracing […]

The post Sidewinder Hacker Group Weaponizing LNK File to Execute Malicious Scripts appeared first on Cyber Security News.

New AI-powered penetration testing framework Villager combines Kali Linux toolsets with DeepSeek AI models to fully automate cyber attack workflows. Initially developed by the Chinese-based group Cyberspike, this tool has rapidly gained traction since its July 2025 release on the Python Package Index, accumulating over 10,000 downloads within its first two months of availability. Cybersecurity […]

The post AI-powered Pentesting Tool ‘Villager’ Combines Kali Linux Tools with DeepSeek AI for Automated Attacks appeared first on Cyber Security News.

A sudden and definitive statement emerged from the “Scattered LAPSUS$ Hunters 4.0” Telegram channel on September 8, signaling an abrupt end to their public operations. After months of high-profile campaigns targeting major corporations and critical infrastructure, the collective declared a permanent retreat. News of this unexpected decision reverberated through the cybersecurity community, prompting analysts to […]

The post Scattered LAPSUS$ Hunters 4.0 Announced That Their Going Dark Permanently appeared first on Cyber Security News.

Since its first appearance earlier this year, the ToneShell backdoor has demonstrated a remarkable capacity for adaptation, toyed with by the Mustang Panda group to maintain an enduring foothold in targeted environments. This latest variant, discovered in early September, arrives concealed within sideloaded DLLs alongside legitimate executables. Delivered via compressed archives purporting to contain innocuous […]

The post New ToneShell Backdoor With New Features Leverage Task Scheduler COM Service for Persistence appeared first on Cyber Security News.

Samsung has released its September 2025 security update, addressing a critical zero-day vulnerability that is being actively exploited in the wild. The patch resolves a total of 25 Samsung Vulnerabilities and Exposures (SVEs), alongside fixes from Google and Samsung Semiconductor, to safeguard Galaxy devices against a range of security threats. Users are strongly urged to […]

The post Samsung Zero-Day Vulnerability Actively Exploited to Execute Remote Code appeared first on Cyber Security News.

Within mere hours of its public unveiling, the K2 Think model experienced a critical compromise that has sent ripples throughout the cybersecurity community. The newly launched reasoning system, developed by MBZUAI in partnership with G42, was designed to offer unprecedented transparency by exposing its internal decision-making process for compliance and audit purposes. However, this very […]

The post K2 Think AI Model Jailbroken Within Hours After The Release appeared first on Cyber Security News.

In late July 2025, a series of ransomware samples surfaced on VirusTotal under filenames referencing the notorious Petya and NotPetya attacks. Unlike its predecessors, this new threat—dubbed HybridPetya by ESET analysts—exhibited capabilities that extended beyond conventional userland execution, directly targeting UEFI firmware on vulnerable systems. Through a specially crafted cloak.dat archive and the exploitation of […]

The post New HybridPetya Weaponizing UEFI Vulnerability to Bypass Secure Boot on Outdated Systems appeared first on Cyber Security News.

The Cybersecuritynews researcher team uncovered a sophisticated social engineering campaign that is exploiting the public’s need for free internet access, using deceptive Wi-Fi portals to trick users into downloading and executing PowerShell-based malware. Dubbed the “Clickfix” attack, this method turns a user’s own browser actions against them to compromise their system under the guise of […]

The post New Clickfix Attack Promises “Free WiFi” But Delivers Powershell-Based Malware appeared first on Cyber Security News.

A new kernel address leak vulnerability has been discovered in the latest versions of Windows 11 (24H2) and Windows Server 2022 (24H2). The flaw, identified as CVE-2025-53136, was ironically introduced by a Microsoft patch intended to fix a separate vulnerability, CVE-2024-43511. According to Crowdfense, the new bug undermines recent security enhancements in Windows, providing a […]

The post Microsoft Patch for Old Flaw Reveals New Kernel Address Leak Vulnerability in Windows 11/Server 2022 24H2 appeared first on Cyber Security News.

A new, sophisticated malware campaign has been uncovered that leverages Microsoft’s Azure Functions for its command-and-control (C2) infrastructure, a novel technique that complicates detection and takedown efforts. According to the Dmpdump report, the malware, first identified from a file uploaded to VirusTotal on August 28, 2025, from Malaysia, employs a multi-stage infection process involving DLL […]

The post New Malware Using Azure Functions For Hosting Command And Control Infrastructure appeared first on Cyber Security News.

To ensure the security of sensitive internet data, it takes more than encryption; it requires clear principles, careful design, and evidential support. Naman Jain is a Senior Software Development Engineer and a leading practitioner in secure systems for fintech and digital payments. At Amazon, he has led the architecture of an enterprise tokenization and sensitive […]

The post Business speed, lasting security: Conversation with Amazon’s Senior Software Development Engineer Naman Jain appeared first on Cyber Security News.

Cyber attackers constantly refine their evasion methods. That’s what makes threats, including phishing, increasingly hard to detect and investigate. Kits like Tycoon 2FA regularly evolve with new tricks added to their arsenal. They slip past defenses and compromise companies, demonstrating great adaptivity in modern cyber threats.  Let’s review three key evasion techniques of Tycoon 2FA […]

The post PhishKit Evasion Tactics: What You Need to Pay Attention to Right Now  appeared first on Cyber Security News.

A novel speculative execution attack named VMSCAPE allows a malicious virtual machine (VM) to breach its security boundaries and steal sensitive data, like cryptographic keys, directly from its host system. The vulnerability, identified as CVE-2025-40300, affects a wide range of modern processors, including all current generations of AMD Zen (1 through 5) and Intel’s Coffee […]

The post New VMScape Spectre-BTI Attack Exploits Isolation Gaps in AMD and Intel CPUs appeared first on Cyber Security News.

In early May 2025, security teams began observing a sudden rise in post-exploitation activity leveraging an open-source command-and-control framework known as AdaptixC2. Originally developed to assist penetration testers, this framework offers a range of capabilities—file system manipulation, process enumeration, and covert channel tunneling—that have now been adopted by malicious actors. The framework’s modular design and […]

The post Threat Actors Leveraging Open-Source AdaptixC2 in Real-World Attacks appeared first on Cyber Security News.

In early March 2025, security teams first observed an unprecedented L7 DDoS botnet targeting web applications across multiple sectors. The botnet, rapidly expanding from an initial 1.33 million compromised devices, employed HTTP GET floods to exhaust server resources and circumvent traditional rate limiting. By mid-May, the threat escalated as the botnet grew to 4.6 million […]

The post L7 DDoS Botnet Hijacked 5.76M Devices to Launch Massive Attacks appeared first on Cyber Security News.

The Salesloft Drift data breaches of August 2025 stand as one of the most significant supply chain attacks in SaaS history, demonstrating how a single compromised integration can cascade into widespread organizational exposure. This sophisticated campaign, staged by the threat actor UNC6395, exploited OAuth token vulnerabilities to access sensitive data from over 700 organizations, including […]

The post Lessons from Salesforce/Salesloft Drift Data Breaches – Detailed Case Study appeared first on Cyber Security News.

Four Kenyan filmmakers became victims of sophisticated surveillance when FlexiSPY spyware was covertly installed on their devices while in police custody, according to forensic analysis conducted by the University of Toronto’s Citizen Lab. The incident occurred on or around May 21, 2025, after authorities seized the devices during arrests connected to allegations surrounding the BBC […]

The post Kenyan Filmmakers Installed With FlexiSPY Spyware That Monitors Messages and Social Media appeared first on Cyber Security News.

A previously unknown advanced persistent threat (APT) group has unleashed a new fileless malware framework, dubbed EggStreme, in a highly targeted espionage campaign against strategic organizations. Emerging in early 2024, EggStreme exploits the legitimate Windows Mail executable (WinMail[.]exe) to sideload a malicious library, allowing attackers to achieve in-memory code execution without writing decrypted payloads to […]

The post New EggStreme Malware With Fileless Capabilities Leverages DLL Sideloading to Execute Payloads appeared first on Cyber Security News.

In early May 2025, cybersecurity researchers began tracking a novel Remote Access Trojan (RAT) targeting Chinese-speaking users via phishing sites hosted on GitHub Pages. Masked as legitimate installers for popular applications, the initial ZIP archives contained malicious executables engineered to bypass sandbox and virtual machine defenses. Once executed, the first-stage shellcode performs time stability analysis […]

The post kkRAT Employs Network Communication Protocol to Steal Clipboard Contents appeared first on Cyber Security News.