Cyber Security News

A likely zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) VPNs and firewall appliances is being actively exploited in the wild, enabling attackers to bypass multi-factor authentication (MFA) and deploy ransomware within hours of the initial breach. Security firms, including Huntress, Arctic Wolf, and Sophos, have reported a recent surge in high-severity incidents targeting these […]

The post SonicWall VPNs Actively Exploited for 0-Day Vulnerability to Bypass MFA and Deploy Ransomware appeared first on Cyber Security News.

A sophisticated new attack method that exploits AI models’ tendency to comply with legal-sounding text, successfully bypassing safety measures in popular development tools. A study by Pangea AI Security has revealed a novel prompt injection technique dubbed “LegalPwn” that weaponizes legal disclaimers, copyright notices, and terms of service to manipulate large language models (LLMs) into […]

The post New LegalPwn Attack Exploits Gemini, ChatGPT and other AI Tools into Executing Malicious Code via Disclaimers appeared first on Cyber Security News.

Mozilla has issued an urgent security alert to its developer community following the detection of a sophisticated phishing campaign specifically targeting AMO (addons.mozilla.org) accounts. The company’s security team, led by Scott DeVaney, reported on August 1, 2025, that cybercriminals are actively attempting to compromise developer credentials through deceptive emails claiming account updates are required to […]

The post Mozilla Warns of Phishing Attacks Targeting Add-on Developers Account appeared first on Cyber Security News.

A critical security vulnerability affecting multiple FUJIFILM printer models could allow attackers to trigger denial-of-service (DoS) conditions through malicious network packets.  The vulnerability, tracked as CVE-2025-48499, was announced on August 4, 2025, and affects various DocuPrint and Apoes printer series. Key Takeaways1. CVE-2025-48499 allows attackers to crash FUJIFILM DocuPrint and Apeos printers.2. Printers freeze and […]

The post FUJIFILM Printers Vulnerability Let Attackers Trigger DoS Condition appeared first on Cyber Security News.

Researchers exploited CVE-2025-38001—a previously unknown Use-After-Free (UAF) vulnerability in the Linux HFSC queuing discipline—to compromise all Google kernelCTF instances (LTS, COS, and mitigation) as well as fully patched Debian 12 systems.  Their work netted an estimated $82,000 in cumulative bounties and underscores the continuing importance of in-depth code auditing beyond automated fuzzing. Key Takeaways1. NETEM’s […]

The post Researchers Exploited Google kernelCTF Instances And Debian 12 With A 0-Day appeared first on Cyber Security News.

Since mid-2022, Chinese military-industrial networks have reportedly been the target of highly sophisticated cyber intrusions attributed to US intelligence agencies. These campaigns exploited previously unknown vulnerabilities to install stealthy malware, maintain prolonged access, and exfiltrate sensitive defense data. Initially identified following an NSA breach at Northwestern Polytechnical University, the latest incidents uncovered by CNCERT illustrate […]

The post CNCERT Accuses of US Intelligence Agencies Attacking Chinese Military-Industrial Units appeared first on Cyber Security News.

A critical security vulnerability has been discovered in the NestJS framework’s development tools that enables remote code execution (RCE) attacks against JavaScript developers.  The flaw, identified as CVE-2025-54782, affects the @nestjs/devtools-integration package and allows malicious websites to execute arbitrary code on developers’ local machines through sophisticated sandbox escape techniques. Key Takeaways1. Critical RCE flaw in […]

The post NestJS Framework Vulnerability Let Attackers Execute Arbitrary Code in Developers Machine appeared first on Cyber Security News.

A significant security breach has compromised Microsoft’s PlayReady Digital Rights Management (DRM) system, exposing critical certificates that protect premium streaming content across major platforms including Netflix, Amazon Prime Video, and Disney+. The leak, which surfaced on GitHub through an account named “Widevineleak,” has triggered immediate responses from both Microsoft and affected streaming services, highlighting the […]

The post Microsoft PlayReady DRM Used by Netflix, Amazon, and Disney+ Leaked Online appeared first on Cyber Security News.

The cybersecurity landscape continues to evolve as threat actors develop increasingly sophisticated methods to compromise Windows systems. A new ransomware variant known as Interlock has emerged as a significant threat, leveraging the deceptive ClickFix social engineering technique to execute malicious commands on victim machines. This malware represents a concerning evolution in ransomware deployment tactics, combining […]

The post Interlock Ransomware Employs ClickFix Technique to Run Malicious Commands on Windows Machines appeared first on Cyber Security News.

A sophisticated new wave of cyberattacks attributed to North Korea’s notorious APT37 (Reaper) group is leveraging advanced malware hidden within JPEG image files to compromise Microsoft Windows systems, signaling a dangerous evolution in evasion tactics and fileless attack techniques. Security researchers at Genians Security Center (GSC) recently identified a new variant of the infamous RoKRAT […]

The post APT37 Hackers Weaponizes JPEG Files to Attack Windows Systems Leveraging “mspaint.exe” appeared first on Cyber Security News.

Welcome to this week’s edition of Cybersecurity News Recap! In this issue, we bring you the latest updates and critical developments across the threat landscape. Stay ahead of risks with key insights on newly discovered Chrome and Gemini vulnerabilities, the surge of sophisticated Linux malware, and an in-depth look at the emerging “man-in-the-prompt” attack tactic targeting […]

The post Cybersecurity News Recap – Chrome, Gemini Vulnerabilities, Linux Malware, and Man-in-the-Prompt Attack appeared first on Cyber Security News.

A sophisticated Linux backdoor dubbed Plague has emerged as an unprecedented threat to enterprise security, evading detection across all major antivirus engines while establishing persistent SSH access through manipulation of core authentication mechanisms. Discovered by cybersecurity researchers at Nextron Systems, this malware represents a paradigm shift in Linux-targeted attacks, exploiting Pluggable Authentication Modules (PAM) to […]

The post New Undectable Plague Malware Attacking Linux Servers to Gain Persistent SSH Access appeared first on Cyber Security News.

A suspected zero-day vulnerability in SonicWall firewall devices that the Akira ransomware group is actively exploiting. The flaw allows attackers to gain initial access to corporate networks through SonicWall’s SSL VPN feature, leading to subsequent ransomware deployment. In late July 2025, security researchers observed a significant increase in ransomware attacks leveraging SonicWall devices. The evidence […]

The post SonicWall Firewall Devices 0-day Vulnerability Actively Exploited by Akira Ransomware appeared first on Cyber Security News.

A sophisticated cyber espionage campaign targeting software developers has infiltrated two of the world’s largest open source package repositories, with North Korea’s notorious Lazarus Group successfully deploying 234 malicious packages across npm and PyPI ecosystems. Between January and July 2025, this state-sponsored operation exposed over 36,000 potential victims to advanced malware designed for long-term surveillance […]

The post Lazarus Hackers Weaponized 234 Packages Across npm and PyPI to Infect Developers appeared first on Cyber Security News.

A new ransomware threat has emerged as one of the most aggressive cybercriminal operations of 2025, with SafePay ransomware claiming responsibility for over 265 successful attacks spanning multiple continents. The group, which first appeared in September 2024 with limited activity targeting just over 20 victims, has dramatically escalated its operations since early 2025, establishing itself […]

The post SafePay Ransomware Infected 260+ Victims Across Multiple Countries appeared first on Cyber Security News.

The ransomware landscape experienced a significant shift in the second quarter of 2025 as Qilin ransomware emerged as the dominant threat following the unexpected collapse of RansomHub, previously the most prolific ransomware-as-a-service operation. This transition has reshaped the cybercriminal ecosystem, with Qilin capitalizing on the vacuum left by RansomHub’s abrupt cessation of operations in early […]

The post Qilin Ransomware Surging Following The Fall of dominant RansomHub RaaS appeared first on Cyber Security News.

LockBit ransomware operators have adopted an increasingly sophisticated approach to evade detection by leveraging DLL sideloading techniques that exploit the inherent trust placed in legitimate applications. This stealthy method involves tricking legitimate, digitally signed applications into loading malicious Dynamic Link Libraries instead of their intended components, allowing cybercriminals to execute ransomware payloads while masquerading as […]

The post LockBit Operators Using Stealthy DLL Sideloading Technique to Load Malicious App as Legitimate One appeared first on Cyber Security News.

A sophisticated malware-as-a-service operation orchestrated by Chinese-speaking threat actors has successfully compromised over 11,000 Android devices worldwide through the deployment of PlayPraetor, a powerful Remote Access Trojan designed for on-device fraud. The campaign represents a significant escalation in mobile banking malware operations, with the botnet expanding at an alarming rate of over 2,000 new infections […]

The post 11,000 Android Devices Hacked by Chinese Threats Actors to Deploy PlayPraetor Malware appeared first on Cyber Security News.

Cybercriminals have discovered a sophisticated new attack vector by exploiting Microsoft 365’s Direct Send feature to deliver phishing campaigns that masquerade as legitimate internal communications. This emerging threat leverages a legitimate Microsoft service designed for multifunction printers and legacy applications, turning it into a weapon for social engineering attacks that bypass traditional email security controls. […]

The post Hackers Abuse Microsoft 365’s Direct Send Feature to Deliver Internal Phishing Attacks appeared first on Cyber Security News.

A newly identified threat actor designated Storm-2603 has emerged as a sophisticated adversary in the ransomware landscape, leveraging advanced custom malware to circumvent endpoint security protections through innovative techniques. The group first gained attention during Microsoft’s investigation into the “ToolShell” campaign, which exploited multiple SharePoint Server vulnerabilities including CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771. Unlike established […]

The post Storm-2603 Using Custom Malware That Leverages BYOVD to Tamper with Endpoint Protections appeared first on Cyber Security News.