Cyber Security News

North Korean threat actors are evolving their attack strategies by leveraging developer-focused tools as infection vectors. Recent security discoveries reveal that Kimsuky, a nation-state group operating since 2012, has been utilizing JavaScript-based malware to infiltrate systems and establish persistent command and control infrastructure. The threat group traditionally focuses on espionage operations against government entities, think […]

The post Threat Actors May Abuse VS Code Extensions to Deploy Ransomware and Use GitHub as C2 Server appeared first on Cyber Security News.

The cybercrime landscape has undergone a dramatic transformation in 2025, with artificial intelligence emerging as a cornerstone technology for malicious actors operating in underground forums. According to Google’s Threat Intelligence Group (GTIG), the underground marketplace for illicit AI tools has matured significantly this year, with multiple offerings of multifunctional tools designed to support various stages […]

The post List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities appeared first on Cyber Security News.

Security researchers have uncovered a sophisticated new malware family targeting enterprise environments through a supply chain compromise. The malware, tracked as Airstalk, represents a significant shift in how attackers exploit legitimate enterprise management tools to evade detection and maintain persistent access to compromised systems. This discovery highlights the growing vulnerability of business process outsourcing organizations […]

The post Airstalk Malware Leverages AirWatch API MDM Platform to Establish Covert C2 Communication appeared first on Cyber Security News.

ValleyRAT has emerged as a sophisticated multi-stage remote access trojan targeting Windows systems, with particular focus on Chinese-language users and organizations. First observed in early 2023, this malware employs a carefully orchestrated infection chain that progresses through multiple components—downloader, loader, injector, and final payload—making detection and removal significantly challenging for security teams. The threat actors […]

The post Multi-Staged ValleyRAT Uses WeChat and DingTalk to Attack Windows Users appeared first on Cyber Security News.

A sophisticated Remote Access Trojan labeled EndClient RAT has emerged as a significant threat targeting human rights defenders in North Korea, marking another escalation in advanced malware operations attributed to the Kimsuky threat group. This newly discovered malware represents a concerning shift in attack sophistication, utilizing stolen code-signing certificates to evade antivirus protections and bypass […]

The post New EndClient RAT Attacking Users by Leveraging Stolen Code-Signing to Bypass AV Detections appeared first on Cyber Security News.

The Gootloader malware campaign has resurfaced with sophisticated evasion techniques that allow it to bypass automated security analysis. This persistent threat has been targeting victims for over five years using legal-themed search engine optimization poisoning tactics. The malware operators deploy thousands of unique keywords across more than 100 compromised websites to lure unsuspecting users into […]

The post Gootloader is Back with New ZIP File Trickery that Decive the Malicious Payload appeared first on Cyber Security News.

SonicWall, a global cybersecurity company, confirmed that state-sponsored hackers were behind a recent incident involving unauthorized access to firewall backup files. The breach began in early September, when the company detected suspicious activity involving the download of backup firewall configuration files stored in a cloud environment. Upon discovery, SonicWall quickly activated its incident response plan, […]

The post SonicWall Confirms State-Sponsored Hackers Behind the Massive Firewall Backup Breach appeared first on Cyber Security News.

A critical remote code execution (RCE) flaw in three official extensions for Anthropic’s Claude Desktop. These vulnerabilities, affecting the Chrome, iMessage, and Apple Notes connectors, stem from unsanitized command injection and carry a high severity score of CVSS 8.9. Published and promoted directly by Anthropic at the top of their extension marketplace, the flaws could […]

The post Critical RCE Vulnerabilities in Claude Desktop Let Attackers Execute Malicious Code appeared first on Cyber Security News.

On November 3, 2025, blockchain security monitoring systems detected a sophisticated exploit targeting Balancer V2’s ComposableStablePool contracts. An attacker executed a precision loss vulnerability to drain $128.64 million across six blockchain networks in under 30 minutes. The attack leveraged a rounding error in the _upscaleArray function combined with carefully crafted batchSwap operations, allowing the attacker […]

The post Checkpoint Details on How Attackers Drained $128M from Balancer Pools Within 30 Minutes appeared first on Cyber Security News.

Cisco has disclosed multiple critical vulnerabilities in Unified Contact Center Express (CCX) that allow unauthenticated remote attackers to execute malicious code and escalate privileges. The vulnerabilities affect the Java Remote Method Invocation (RMI) process and authentication mechanisms, potentially compromising entire contact center deployments. RCE and Authentication Bypass Vulnerability The primary vulnerability, CVE-2025-20354, has a critical […]

The post Cisco Unified Contact Center Express Vulnerabilities Let Remote Attacker Execute Malicious Code appeared first on Cyber Security News.

European organizations are facing an unprecedented wave of ransomware attacks as cybercriminals increasingly integrate artificial intelligence tools into their operations. Since January 2024, big game hunting threat actors have named approximately 2,100 Europe-based victims on more than 100 dedicated leak sites, representing a 13% year-over-year increase in attacks. The region now accounts for nearly 22% […]

The post Ransomware Attack on European Organizations Surge as Hackers Leveraging AI-Tools for Attacks appeared first on Cyber Security News.

A privilege escalation flaw in Windows Cloud Files Mini Filter Driver has been discovered, allowing local attackers to bypass file write protections and inject malicious code into system processes. Security researchers have uncovered CVE-2025-55680, a high-severity privilege-escalation vulnerability in the Windows Cloud Files Mini Filter Driver. The flaw exists in the Cloud Files Filter (cldsync.sys) […]

The post Windows Cloud Files Mini Filter Driver Vulnerability Exploited to Escalate Privileges appeared first on Cyber Security News.

October 2025 marked a notable escalation in cyber threats, with phishing campaigns and ransomware variants exploiting trusted cloud services to target corporate credentials and critical infrastructure. Attackers increasingly abused platforms like Google, Figma, and ClickUp for credential theft, while LockBit’s latest iteration extended its reach to virtualized environments. These incidents, analyzed by cybersecurity firms such […]

The post October Sees Rise in Phishing and Ransomware Attacks, Including TyKit and Google Careers Scams appeared first on Cyber Security News.

A critical security vulnerability in the AI Engine WordPress plugin has put more than 100,000 active installations at risk of privilege escalation attacks. The flaw, tracked as CVE-2025-11749 with a CVSS score of 9.8, allows unauthenticated attackers to extract bearer tokens and gain complete administrative control over vulnerable WordPress sites. Security researcher Emiliano Versini discovered […]

The post AI Engine WordPress Plugin Exposes 100,000 WordPress Sites to Privilege Escalation Attacks appeared first on Cyber Security News.

Seven critical vulnerabilities in OpenAI’s ChatGPT, affecting both GPT-4o and the newly released GPT-5 models, that could allow attackers to steal private user data through stealthy, zero-click exploits. These flaws exploit indirect prompt injections, enabling hackers to manipulate the AI into exfiltrating sensitive information from user memories and chat histories without any user interaction beyond […]

The post HackedGPT – 7 New Vulnerabilities in GPT-4o and GPT-5 Enables 0-Click Attacks appeared first on Cyber Security News.

A sophisticated threat actor known as Curly COMrades has deployed an innovative attack methodology that leverages legitimate Windows virtualization features to establish covert, long-term access to victim networks. The campaign, which began in early July 2025, represents a significant evolution in adversary tactics as threat actors increasingly seek methods to bypass endpoint detection and response […]

The post Curly COMrades Hacker Group Using New Tools to Create Hidden Remote Access on Compromised Windows 10 appeared first on Cyber Security News.

Any individual heavily depends on data as their most critical asset: from memorable photos to important work documents, everything must be safeguarded properly. Why? Simply because you can never predict what might happen to your data: you could lose your laptop with thousands of stored projects or accidentally delete entire folders containing your child’s photos.  The good news is […]

The post Guide to Choosing the Best Free Backup Software for Secure, Reliable Cloud Backup appeared first on Cyber Security News.

The notorious FIN7 threat group, also known by the nickname Savage Ladybug, continues to pose a significant risk to enterprise environments through an increasingly refined Windows SSH backdoor campaign. The group has been actively deploying this sophisticated backdoor mechanism to establish persistent remote access and facilitate data exfiltration operations. First documented in 2022, the malware […]

The post FIN7 Hackers Using Windows SSH Backdoor to Establish Stealthy Remote Access and Persistence appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a dangerous OS command injection vulnerability affecting Control Web Panel (CWP), formerly known as CentOS Web Panel. The vulnerability, tracked as CVE-2025-48703, enables unauthenticated remote attackers to execute arbitrary commands on vulnerable systems with minimal prerequisites. CVE-2025-48703 represents a significant security risk […]

The post CISA Warns of Control Web Panel OS Command Injection Vulnerability Exploited in Attacks appeared first on Cyber Security News.

DragonForce, a ransomware-as-a-service operation active since 2023, has dramatically evolved into what researchers now describe as a structured cybercriminal cartel, leveraging the publicly leaked Conti v3 source code to establish a formidable threat infrastructure. The group initially relied on the LockBit 3.0 builder for developing encryptors before transitioning to a customized Conti v3 codebase, giving […]

The post DragonForce Cartel Emerges From the Leaked Source Code of Conti v3 Ransomware appeared first on Cyber Security News.