Cyber Security News

A method to silently exfiltrate Windows secrets and credentials, evading detection from most Endpoint Detection and Response (EDR) solutions. This technique allows attackers who have gained an initial foothold on a Windows machine to harvest credentials for lateral movement across a network without triggering common security alerts. How Windows Manages Secrets The Local Security Authority […]

The post Hackers Can Exfiltrate Windows Secrets and Credentials Silently by Evading EDR Detection appeared first on Cyber Security News.

A sophisticated China-nexus threat actor designated MURKY PANDA has emerged as a significant cybersecurity concern, conducting extensive cyberespionage operations against government, technology, academic, legal, and professional services entities across North America since late 2024. This advanced persistent threat group demonstrates exceptional capabilities in cloud environment exploitation and trusted-relationship compromises, marking a concerning evolution in state-sponsored […]

The post Chinese MURKY PANDA Attacking Government and Professional Services Entities appeared first on Cyber Security News.

Cybercriminals are increasingly leveraging Virtual Private Server (VPS) infrastructure to orchestrate sophisticated attacks against Software-as-a-Service (SaaS) platforms, exploiting the anonymity and clean reputation of these hosting services to bypass traditional security controls. A coordinated campaign identified in early 2025 demonstrated how threat actors systematically abuse VPS providers like Hyonix, Host Universal, Mevspace, and Hivelocity to […]

The post Hackers Abuse VPS Servers To Compromise Software-as-a-service (SaaS) Accounts appeared first on Cyber Security News.

CISA has issued an urgent warning regarding a critical zero-day vulnerability affecting Apple’s iOS, iPadOS, and macOS operating systems that threat actors are actively exploiting.  The vulnerability, tracked as CVE-2025-43300, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling that immediate action is required from organizations and individual users to protect their systems […]

The post CISA Warns of Apple iOS, iPadOS, and macOS 0-day Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A sophisticated traffic direction system known as Help TDS has been weaponizing compromised websites since 2017, transforming legitimate sites into gateways for elaborate tech support scams. The operation specializes in deploying PHP code templates that redirect unsuspecting visitors to fraudulent Microsoft Windows security alert pages designed to deceive users into believing their systems are compromised. […]

The post Help TDS Weaponize Legitimate Sites’ PHP Code Templates With Fake Microsoft Windows Security Alert Pages appeared first on Cyber Security News.

A sophisticated HTTP request smuggling attack that exploits inconsistent parsing behaviors between front-end proxy servers and back-end application servers.  This newly discovered technique leverages malformed chunked transfer encoding extensions to bypass established security controls and inject unauthorized secondary requests into web applications. Key Takeaways1. Exploits malformed HTTP chunked encoding to create front-end/back-end parsing discrepancies.2. Bypasses […]

The post New HTTP Smuggling Attack Technique Let Hackers Inject Malicious Requests appeared first on Cyber Security News.

A sophisticated cryptojacking campaign has emerged, exploiting misconfigured Redis servers across multiple continents to deploy cryptocurrency miners while systematically dismantling security defenses. The threat actor behind this operation, designated TA-NATALSTATUS, has been active since 2020 but has significantly escalated their activities throughout 2025, targeting exposed Redis instances with alarming success rates across major economies. The […]

The post New Cryptojacking Attack Exploits Redis Servers to Install Miners and Disable Defenses appeared first on Cyber Security News.

The Lumma information stealer has evolved from its 2022 origins into one of the most sophisticated malware-as-a-service (MaaS) ecosystems in the cybercriminal landscape. Operating through a vast network of affiliates, Lumma has established itself as the dominant infostealer platform, accounting for approximately 92% of stolen credential listings on major underground marketplaces by late 2024. The […]

The post Lumma Affiliates Using Advanced Evasion Tools Designed to Ensure Stealth and Continuity appeared first on Cyber Security News.

A sophisticated new ransomware strain named BQTLOCK has emerged in the cyberthreat landscape since mid-July 2025, operating under a comprehensive Ransomware-as-a-Service (RaaS) model that democratizes access to advanced encryption capabilities for cybercriminals. The malware, associated with ‘ZerodayX’, the alleged leader of the pro-Palestinian hacktivist group Liwaa Mohammed, represents a concerning evolution in ransomware distribution and […]

The post BQTLOCK Ransomware Operates as RaaS With Advanced Evasion Techniques appeared first on Cyber Security News.

A sophisticated supply chain attack has emerged targeting developers through a malicious Go module package that masquerades as a legitimate SSH brute forcing tool while covertly stealing credentials for cybercriminal operations. The package, named “golang-random-ip-ssh-bruteforce,” presents itself as a fast SSH brute forcer but contains hidden functionality that exfiltrates successful login credentials to a Telegram […]

The post Malicious Go Module Package as Fast SSH Brute Forcer Exfiltrates Passwords via Telegram appeared first on Cyber Security News.

A sophisticated South Asian Advanced Persistent Threat (APT) group has been conducting an extensive espionage campaign targeting military personnel and defense organizations across Sri Lanka, Bangladesh, Pakistan, and Turkey. The threat actors have deployed a multi-stage attack framework combining targeted phishing operations with novel Android malware to compromise the mobile devices of military-adjacent individuals. The […]

The post South Asian APT Hackers Using Novel Tools to Compromise Phones of Military-Adjacent Members appeared first on Cyber Security News.

The National Institute of Standards and Technology (NIST) has unveiled a comprehensive concept paper outlining proposed NIST SP 800-53 Control Overlays for Securing AI Systems, marking a significant milestone in establishing standardized cybersecurity frameworks for artificial intelligence applications.  Released on August 14, 2025, this initiative addresses the growing need for structured risk management approaches in […]

The post NIST Releases Control Overlays to Manage Cybersecurity Risks in Use and Developments of AI Systems appeared first on Cyber Security News.

Telecommunications giant Colt Technology Services has confirmed that customer data was compromised in a sophisticated cyber attack that began on August 12, 2025.  The company disclosed that threat actors accessed sensitive files containing customer information and subsequently posted document titles on the dark web, prompting immediate containment measures and law enforcement notification. Key Takeaways1. Colt […]

The post Colt Confirms Customer Data Stolen in Ransomware Attack appeared first on Cyber Security News.

A critical vulnerability in Microsoft Azure’s API Connection infrastructure enabled attackers to compromise resources across different Azure tenants worldwide.  The flaw, which earned Gulbrandsrud a $40,000 bounty and a Black Hat presentation slot, exploited Azure’s shared API Management (APIM) instance architecture to gain unauthorized access to Key Vaults, Azure SQL databases, and third-party services like […]

The post Azure’s Default API Connection Vulnerability Enables Full Cross-Tenant Compromise appeared first on Cyber Security News.

Cybersecurity researchers have identified a sophisticated social engineering technique called ClickFix that has been rapidly gaining traction among threat actors since early 2024. This deceptive attack method targets both Windows and macOS devices, tricking users into executing malicious commands through seemingly legitimate technical troubleshooting procedures. The technique has been observed in campaigns affecting thousands of […]

The post Microsoft Warns of Hackers Using ClickFix Technique to Attack Windows and macOS Devices appeared first on Cyber Security News.

Linux environments, long considered bastions of security, are facing a sophisticated new threat that challenges traditional assumptions about operating system safety. A recently discovered malware campaign exploits an ingenious attack vector that weaponizes RAR archive filenames to deliver the VShell backdoor, demonstrating how attackers are evolving beyond conventional exploitation techniques to target scripting patterns and […]

The post New Linux Malware With Weaponized RAR Archive Deploys VShell Backdoor appeared first on Cyber Security News.

The Anatsa banking trojan, also known as TeaBot, continues to evolve as one of the most sophisticated Android malware threats targeting financial institutions worldwide. First discovered in 2020, this malicious software has demonstrated remarkable persistence in infiltrating Android devices through the official Google Play Store, where it masquerades as legitimate document reading applications to steal […]

The post Anatsa Malware Attacking Android Devices to Steal Login Credentials and Monitor Keystrokes appeared first on Cyber Security News.

Artificial intelligence systems can automatically generate functional exploits for newly published Common Vulnerabilities and Exposures (CVEs) in just 10-15 minutes at approximately $1 per exploit.  This breakthrough significantly compresses the traditional “grace period” that defenders typically rely on to patch vulnerabilities before working exploits become available. The research, conducted by security experts Efi Weiss and […]

The post AI Systems Can Generate Working Exploits for Published CVEs in 10-15 Minutes appeared first on Cyber Security News.

A critical vulnerability in OpenAI’s latest flagship model, ChatGPT-5, allows attackers to sidestep its advanced safety features using simple phrases. The flaw, dubbed “PROMISQROUTE” by researchers at Adversa AI, exploits the cost-saving architecture that major AI vendors use to manage the immense computational expense of their services. The vulnerability stems from an industry practice that […]

The post ChatGPT-5 Downgrade Attack Let Hackers Bypass AI Security With Just a Few Words appeared first on Cyber Security News.

A stealthy campaign emerged in early March 2025 that capitalized on a critical remote code execution flaw in GeoServer (CVE-2024-36401) to compromise publicly exposed geospatial servers. Attackers exploited JXPath query injection within Apache Commons libraries, allowing arbitrary code execution through crafted XML requests. This vector enabled the silent deployment of customized executables that leveraged legitimate […]

The post Threat Actors Gaining Access to Victims’ Machines and Monetizing Access to Their Bandwidth appeared first on Cyber Security News.