Cyber Security News

Tsundere represents a significant shift in botnet tactics, leveraging the power of legitimate Node.js packages and blockchain technology to distribute malware across multiple operating systems. First identified around mid-2025 by Kaspersky GReAT researchers, this botnet demonstrates the evolving sophistication of supply chain attacks. The threat originates from activity first observed in October 2024, where attackers […]

The post Tsundere Botnet Abusing Popular Node.js and Cryptocurrency Packages to Attack Windows, Linux, and macOS Users appeared first on Cyber Security News.

A new banking malware called Sturnus has emerged as a significant threat to mobile users across Europe. Security researchers have discovered that this sophisticated Android trojan can capture encrypted messages from popular messaging apps like WhatsApp, Telegram, and Signal by accessing content directly from the device screen after decryption. The malware’s ability to monitor these […]

The post Sturnus Banking Malware Steals Communications from Signal and WhatsApp, Gaining Full Control of The Device appeared first on Cyber Security News.

The U.S. Attorney’s Office, Southern District of New York, has announced the sentencing of Keonne Rodriguez and William Lonergan Hill, co-founders of Samourai Wallet, a cryptocurrency mixing application designed specifically to hide illegal financial transactions. Rodriguez, who served as the Chief Executive Officer, received a five-year prison sentence on November 6, 2025, while Hill, the […]

The post Samourai Wallet Cryptocurrency Mixing Founders Jailed for Laundering Over $237 Million appeared first on Cyber Security News.

A new wave of ransomware attacks is targeting cloud storage environments, specifically focusing on Amazon Simple Storage Service (S3) buckets that contain critical business data. Unlike traditional ransomware that encrypts files using malicious software, these attacks exploit weak access controls and configuration mistakes in cloud environments to lock organizations out of their own data. As […]

The post New Ransomware Variants Targeting Amazon S3 Services Leveraging Misconfigurations and Access Controls appeared first on Cyber Security News.

A new global hacking campaign tracked as TamperedChef has emerged, exploiting everyday software names to trick users into installing malicious applications that deliver remote access tools. The campaign uses fake installers disguised as common programs like manual readers, PDF editors, and games, all equipped with valid code-signing certificates to appear legitimate. These applications are distributed […]

The post TamperedChef Hacking Campaign Leverages Common Apps to Deliver Payloads and Gain Remote Access appeared first on Cyber Security News.

A sophisticated cyberattack targeting Oracle E-Business Suite (EBS) customers has exposed critical vulnerabilities in enterprise resource planning systems, compromising an estimated 100 organizations worldwide between July and October 2025. The campaign, attributed to the notorious Clop ransomware group and linked to the financially motivated threat actor FIN11, exploited a zero-day vulnerability, CVE-2025-61882, to achieve unauthenticated […]

The post Lessons from Oracle E-Business Suite Hack That Allegedly Compromises Nearly 30 Organizations Worldwide appeared first on Cyber Security News.

Trustwave SpiderLabs researchers have identified a sophisticated banking trojan called Eternidade Stealer that spreads through WhatsApp hijacking and social engineering tactics. The malware, written in Delphi, represents a significant evolution in Brazil’s cybercriminal landscape, combining advanced contact harvesting with credential theft targeting financial institutions. The threat emerges from a multi-stage infection chain that begins with […]

The post New Malware Via WhatsApp Exfiltrate Contacts to Attack Server and Deploys Malware appeared first on Cyber Security News.

Cybercriminals are rapidly embracing generative AI to transform the way they operate scams, making fraud operations faster, more convincing, and dramatically easier to scale. According to recent research, what once required months of work and specialized technical skills can now be accomplished in just a few hours by anyone with basic computer knowledge. The shift […]

The post GenAI Makes it Easier for Cybercriminals to Successfully Lure Victims into Scams appeared first on Cyber Security News.

A threat actor known as Zeroplayer has reportedly listed a zero-day remote code execution (RCE) vulnerability, combined with a sandbox escape, targeting Microsoft Office and Windows systems for sale on underground hacking forums. Priced at $30,000, the exploit purportedly works on most Office file formats, including the latest versions, and affects fully patched Windows installations. […]

The post Threat Actors Allegedly Selling Microsoft Office 0-Day RCE Vulnerability on Hacking Forums appeared first on Cyber Security News.

Hackers have unleashed over 2.3 million malicious sessions against Palo Alto Networks’ GlobalProtect VPN portals since November 14, 2025, according to threat intelligence firm GreyNoise. This surge, which intensified dramatically within 24 hours to reach a 40-fold increase, represents the highest activity level in the past 90 days and underscores growing risks to remote access […]

The post Hackers Attacking Palo Alto Networks’ GlobalProtect VPN Portals with 2.3 Million Attacks appeared first on Cyber Security News.

Your SOC generates thousands of alerts daily. Many of them are low-priority, repetitive, or false positives. On paper, this looks like a technical problem. In reality, it’s a business problem.  Every Alert Costs  When analysts are buried under thousands of notifications, they spend more time triaging noise than responding to real incidents. The result: slower reaction times, missed threats, staff burnout, and ballooning operational costs.  Every wasted minute translates into a weaker security posture, potential financial loss, and reduced return on your security investments. Alert overload doesn’t just impact your SOC.  It slows down […]

The post How to Solve Alert Overload in Your SOC  appeared first on Cyber Security News.

Tel Aviv, Israel, November 19th, 2025, CyberNewsWire Seraphic, the leader in enterprise browser security (SEB) and AI enablement, today announced native protection for Electron-based applications such as ChatGPT desktop, Teams, Slack, and more, becoming the first and only browser security platform to introduce this capability.   AI runs in the browser: SaaS applications, AI copilots, agentic […]

The post Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications appeared first on Cyber Security News.

Hackers have begun actively exploiting a critical remote code execution (RCE) vulnerability in the popular file archiver 7-Zip, putting millions of users at risk of malware infection and system compromise. The flaw, tracked as CVE-2025-11001, stems from improper handling of symbolic links in ZIP archives, allowing attackers to traverse directories and execute arbitrary code on […]

The post Hackers Actively Exploiting 7-Zip RCE Vulnerability in the Wild appeared first on Cyber Security News.

Microsoft is bringing native Sysmon functionality directly into Windows, eliminating the need for manual deployment and separate downloads. Starting next year, Windows 11 and Windows Server 2025 will include System Monitor (Sysmon) capabilities, transforming how security teams detect threats and investigate incidents. For years, Sysmon has been the go-to tool for IT administrators, security professionals, and threat […]

The post Sysmon – Go-to Tool for IT Admins, Security Pros, and Threat Hunters Coming to Windows appeared first on Cyber Security News.

A new ransomware threat named “The Gentlemen” has emerged in the cybersecurity landscape, demonstrating advanced attack capabilities and a well-structured operational model. First appearing around July 2025, this group quickly established itself as a serious threat, publishing 48 victims on their dark web leak site between September and October 2025. The ransomware operates as a […]

The post ‘The Gentlemen’ Ransomware Group with Dual-Extortion Strategy Encrypts and Exfiltrates Data appeared first on Cyber Security News.

A China-aligned threat group known as PlushDaemon has been weaponizing a sophisticated attack method to infiltrate networks across multiple regions since 2018. The group’s primary strategy involves intercepting legitimate software updates by deploying a specialized tool called EdgeStepper, which acts as a bridge between users’ computers and malicious servers. This technique allows hackers to inject […]

The post Chinese PlushDaemon Hackers use EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers appeared first on Cyber Security News.

A sophisticated cyber campaign known as Operation WrtHug has hijacked tens of thousands of ASUS WRT routers globally, turning them into potential espionage tools for suspected China-linked hackers. SecurityScorecard’s STRIKE team, in collaboration with ASUS, revealed the operation on November 18, 2025, highlighting how attackers exploited outdated firmware to build a stealthy network infrastructure. This […]

The post Massive Hacking Operation WrtHug Compromises Thousands of ASUS Routers Worldwide appeared first on Cyber Security News.

A new wave of cyberattacks has emerged using the Tuoni Command and Control (C2) framework, a sophisticated tool that allows threat actors to deploy malicious payloads directly into system memory. This technique helps attackers avoid detection by traditional security solutions that rely on scanning files stored on disk. The Tuoni framework has gained attention in […]

The post Hackers Using Leverage Tuoni C2 Framework Tool to Stealthily Deliver In-Memory Payloads appeared first on Cyber Security News.

Palo Alto, California, November 19th, 2025, CyberNewsWire SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local […]

The post Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers appeared first on Cyber Security News.

Microsoft has launched an investigation into a widespread issue affecting Microsoft Copilot in Microsoft 365, where users are experiencing significant limitations when performing actions on files. The technology giant confirmed the incident via official Microsoft 365 Status channels, assigning the tracking identifier CP1188020 for administrative reference. The Issue and Impact The reported problem prevents users […]

The post Microsoft Investigating Copilot Issue On Processing Files  appeared first on Cyber Security News.