Cyber Security News

WPair is an Android application designed to identify and demonstrate the CVE-2025-36911 vulnerability affecting millions of Bluetooth audio devices worldwide. The tool addresses a critical authentication bypass flaw discovered by KU Leuven researchers in Google’s Fast Pair protocol, commonly referred to as WhisperPair.​ CVE-2025-36911 represents a systemic failure in Fast Pair implementations across multiple manufacturers […]

The post WPair – Scanner Tool to Detect WhisperPair Flaw in Google’s Fast Pair Protocol appeared first on Cyber Security News.

A sophisticated spear-phishing campaign has emerged targeting Argentina’s judicial sector, exploiting trust in legitimate court communications to deliver a dangerous Remote Access Trojan. The campaign uses authentic-looking federal court documents about preventive detention reviews to trick legal professionals into downloading malware. Security experts have classified this attack as highly targeted, employing multi-stage infection techniques to […]

The post New Spear Phishing Attack Leveraging Argentine Federal Court Rulings to Covert RAT for Remote Access appeared first on Cyber Security News.

A groundbreaking experiment has revealed that advanced language models can now create working exploits for previously unknown security vulnerabilities. Security researcher Sean Heelan recently tested two sophisticated systems built on GPT-5.2 and Opus 4.5, challenging them to develop exploits for a zero-day flaw in the QuickJS Javascript interpreter. The results point to a significant shift […]

The post New Study Shows GPT-5.2 Can Reliably Develop Zero-Day Exploits at Scale appeared first on Cyber Security News.

A critical alert issued on January 19, 2026, warned of rising cyber-attacks by Russian-aligned hacktivist groups targeting UK organisations. These state-aligned threat actors are conducting disruptive denial-of-service (DoS) operations against local government authorities. Critical national infrastructure operators are aiming to cripple essential services and turn off public-facing websites. The NCSC emphasizes that while DoS attacks […]

The post NCSC Warns of Hacktivist Groups Attacking UK Organisations and Online Services appeared first on Cyber Security News.

SolyxImmortal represents a notable advancement in information-stealing malware targeting Windows systems. This Python-based threat combines multiple data theft capabilities into a single, persistent implant designed for long-term surveillance rather than destructive activity. The malware operates silently in the background, collecting credentials, documents, keystrokes, and screenshots while sending stolen information directly to attackers through Discord webhooks. […]

The post Python-based Malware SolyxImmortal Leverages Discord to Silently Harvest Sensitive Data appeared first on Cyber Security News.

Seven vulnerabilities were disclosed in Process Optimization (formerly ROMeo) 2024.1 and earlier on January 13, 2026, including a critical flaw enabling unauthenticated SYSTEM-level remote code execution. The most severe vulnerability enables unauthenticated attackers to achieve remote code execution under system privileges, posing an immediate risk to industrial process control environments worldwide.​ The primary threat stems […]

The post Critical AVEVA Software Vulnerabilities Enables Remote Code Execution Under System Privileges appeared first on Cyber Security News.

A critical vulnerability in Google’s Fast Pair protocol that allows attackers to hijack Bluetooth audio accessories and track users without their knowledge or consent.​ Security researchers from KU Leuven have uncovered a vulnerability, tracked as CVE-2025-36911 and dubbed WhisperPair, that affects hundreds of millions of wireless earbuds, headphones, and speakers from major manufacturers. Including Sony, […]

The post WhisperPair Attack Allows Hijacking of Laptops, Earbuds Without User Consent – Millions Affected appeared first on Cyber Security News.

A malvertising campaign identified in September 2025 has brought a significant threat to Windows users worldwide. Attackers created fake PDF editing applications and promoted them through Google Ads to distribute a dangerous information-stealing malware called TamperedChef. The malware targets users searching for appliance manuals and PDF editing tools online, exploiting common search behaviors to deliver […]

The post Threat Actors Leverage Google Ads to Weaponize PDF Editor with TamperedChef appeared first on Cyber Security News.

Pulsar RAT has emerged as a sophisticated derivative of the open-source Quasar RAT, introducing dangerous enhancements that enable attackers to maintain invisible remote access through advanced evasion techniques. This modular Windows-focused remote administration tool represents a significant evolution in threat sophistication. Combining memory-only execution with hidden virtual network computing (HVNC) capabilities that circumvent traditional detection […]

The post Pulsar RAT Using Memory-Only Execution & HVNC to Gain Invisible Remote Access appeared first on Cyber Security News.

OpenAI’s global rollout of its budget-friendly ChatGPT Go subscription at $8 USD monthly introduces significant data privacy and security considerations for cybersecurity professionals monitoring AI platform access controls. The tiered pricing structure, which includes an ad-supported model for free and Go users, fundamentally alters the threat landscape for organizational data exposure. The introduction of advertising […]

The post ChatGPT Go Launched for $8 USD/month With Support for Ads and Privacy Risks appeared first on Cyber Security News.

A critical remote command-injection vulnerability has been discovered in Apache bRPC’s built-in heap profiler service, affecting all versions before 1.15.0 across all platforms. The vulnerability allows unauthenticated attackers to execute arbitrary system commands by manipulating the profiler’s parameter validation mechanisms. The heap profiler service endpoint (/pprof/heap) fails to properly sanitize the extra_options parameter before passing it to […]

The post Apache bRPC Vulnerability Enables Remote Command Injection appeared first on Cyber Security News.

A significant vulnerability within the Google ecosystem allowed attackers to bypass Google Calendar’s privacy controls using a standard calendar invitation. The discovery highlights a growing class of threats known as “Indirect Prompt Injection,” where malicious instructions are hidden within legitimate data sources processed by Artificial Intelligence (AI) models. This specific exploit enabled unauthorized access to […]

The post Google Gemini Privacy Controls Bypassed to Access Private Meeting Data Using Calendar Invite appeared first on Cyber Security News.

A sophisticated malware campaign targeting South Korean users has emerged, distributing the Remcos remote access trojan (RAT) through deceptive installers disguised as legitimate VeraCrypt encryption software. This ongoing attack campaign primarily focuses on individuals connected to illegal online gambling platforms, though security experts warn that everyday users downloading encryption tools may also fall victim to […]

The post Remcos RAT Masquerade as VeraCrypt Installers Steals Users Login Credentials appeared first on Cyber Security News.

Threat actors are turning Visual Studio Code into an attack platform, using its rich extension ecosystem to slip multistage malware into developer workstations. The latest campaign, dubbed Evelyn Stealer, hides behind a malicious extension that delivers a stealthy information stealing tool in several carefully staged steps. Instead of targeting end users, the operators go after […]

The post Threat Actors Weaponizing Visual Studio Code to Deploy a Multistage Malware appeared first on Cyber Security News.

The cybercrime world operates in shadows, but when insiders turn against each other, those shadows shrink. In February 2025, an individual using the alias ExploitWhispers surfaced on Telegram and released internal communications from the BlackBasta ransomware group. The leak contained a JSON file with roughly 200,000 messages spanning over a year, from September 2023 to […]

The post Inside the Leaks that Exposed the Hidden Infrastructure Behind a Ransomware Operation appeared first on Cyber Security News.

A new malware campaign has emerged that tricks people into downloading fake Malwarebytes software, putting their login credentials and cryptocurrency wallets at serious risk. Security researchers discovered this operation actively spreading between January 11 and January 15, 2026, using specially crafted ZIP files that impersonate legitimate Malwarebytes installers. The fake files are named malwarebytes-windows-github-io-X.X.X.zip, making […]

The post Threat Actors Impersonate as MalwareBytes to Attack Users and Steal Logins appeared first on Cyber Security News.

Windows Subsystem for Linux 2 (WSL2) is meant to give developers a fast Linux environment on Windows. Now attackers are turning that benefit into a hiding place. By running tools and payloads inside the WSL2 virtual machine, they can operate out of sight of many traditional Windows security controls. The result is a quiet but […]

The post Attackers are Using WSL2 as a Stealthy Hideout Inside Windows Systems appeared first on Cyber Security News.

A seemingly simple phone call became the gateway to a sophisticated attack that diverted employee paychecks without any malware or network breach. An organization discovered this fraud when workers reported missing salary deposits. The attacker had modified direct-deposit information to funnel payments into accounts under their control. This incident reveals a troubling trend where threat […]

The post Attackers Redirected Employee Paychecks Without Breaching a Single System appeared first on Cyber Security News.

A new spear-phishing campaign known as Operation Poseidon has emerged, exploiting Google’s advertising infrastructure to distribute EndRAT malware while evading traditional security measures. he attack leverages legitimate ad click tracking domains to disguise malicious URLs, making them appear as trustworthy advertising traffic. This technique effectively bypasses email security filters and reduces user suspicion during the […]

The post New Spear-Phishing Attack Abusing Google Ads to Deliver EndRAT Malware appeared first on Cyber Security News.

A critical zero-day vulnerability in Cloudflare’s Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers through a certificate validation path. Security researchers from FearsOff discovered that requests targeting the /.well-known/acme-challenge/ directory could reach origins even when customer-configured WAF rules explicitly blocked all other traffic. The Automatic Certificate Management […]

The post Cloudflare Zero-Day Vulnerability Enables Any Host Access Bypassing Protections appeared first on Cyber Security News.