Cyber Security News

A critical security flaw has been discovered in the widely used npm package expr-eval, potentially exposing AI and natural language processing applications to remote code execution attacks. The vulnerability, tracked as CVE-2025-12735, allows attackers to execute arbitrary system commands through maliciously crafted input. The expr-eval library is a JavaScript tool designed to parse and evaluate mathematical […]

The post Critical Vulnerability in Popular NPM Library Exposes AI and NLP Apps to Remote Code Execution appeared first on Cyber Security News.

A critical remote code execution vulnerability has been discovered in LangGraph’s checkpoint serialization system. The flaw CVE-2025-64439 affects versions of langgraph-checkpoint before 3.0. It allows attackers to execute arbitrary Python code when untrusted data is deserialized. The vulnerability resides in LangGraph’s JsonPlusSerializer, the default serialization protocol used for checkpoint persistence. When the serializer encounters illegal […]

The post LangGraph Vulnerability Allows Malicious Python Code Execution During Deserialization appeared first on Cyber Security News.

Intel has filed a federal lawsuit against a former employee accused of downloading thousands of classified documents shortly after being terminated, raising serious concerns about corporate data security and insider threats. Jinfeng Luo, a software developer who has worked at Intel since 2014, was based in Seattle when the company notified him of his pending […]

The post Fired Intel Engineer Stolen 18,000 Files, Many of which Were Classified as “Top Secret” appeared first on Cyber Security News.

The manufacturing sector faces an escalating threat landscape as cybercriminals increasingly exploit cloud-based platforms and artificial intelligence services to conduct sophisticated attacks. A comprehensive analysis by Netskope Threat Labs reveals that approximately 22 out of every 10,000 manufacturing users encounter malicious content monthly, marking a significant rise in targeted campaigns specifically designed to compromise industrial […]

The post New Report Warns of Threat Actors Actively Adopting AI Platforms to Attack Manufacturing Companies appeared first on Cyber Security News.

HackGPT Enterprise is a new tool made for security teams focuses on being scalable and compliant, meeting the growing need for effective vulnerability assessments. The platform supports multi-model AI, including OpenAI’s GPT-4 and local LLMs like Ollama, enabling pattern recognition, anomaly detection, and zero-day vulnerability discovery. Developed by Yashab Alam, this cloud-native platform integrates advanced […]

The post HackGPT: AI-Powered Penetration Testing Platform Includes GPT-4 and Other AI Engines appeared first on Cyber Security News.

Welcome to this week’s edition of the Cybersecurity News Weekly Newsletter, where we dissect the latest threats shaking the digital landscape. As cyber risks evolve faster than ever, staying ahead means understanding the exploits that could target your devices, networks, and data. This roundup spotlights zero-day vulnerabilities in Android and Cisco systems, critical flaws in […]

The post Cybersecurity News Weekly Newsletter – Android and Cisco 0-Day, Teams Flaws, HackedGPT, and Whisper Leak appeared first on Cyber Security News.

A sophisticated side-channel attack that exposes the topics of conversations with AI chatbots, even when traffic is protected by end-to-end encryption. Dubbed “Whisper Leak,” this vulnerability allows eavesdroppers such as nation-state actors, ISPs, or Wi-Fi snoopers to infer sensitive prompt details from network packet sizes and timings. The discovery highlights growing privacy risks as AI […]

The post New Whisper Leak Toolkit Exposes User Prompts to Popular AI Agents within Encrypted Traffic appeared first on Cyber Security News.

QNAP has addressed seven critical zero-day vulnerabilities in its network-attached storage (NAS) operating systems, following their successful exploitation by security researchers at Pwn2Own Ireland 2025. These flaws, identified as CVE-2025-62847, CVE-2025-62848, CVE-2025-62849, and associated ZDI canonical entries ZDI-CAN-28353, ZDI-CAN-28435, ZDI-CAN-28436, enable remote code execution (RCE) and privilege escalation attacks against QTS 5.2.x, QuTS hero h5.2.x, […]

The post Seven QNAP Zero-Day Vulnerabilities Exploited at Pwn2Own 2025 Now Patched appeared first on Cyber Security News.

Scammers are targeting businesses with a new extortion scheme, and Google Maps is fighting back with a dedicated reporting tool. Google has introduced a feature that allows business owners to report ransom demands directly to malicious actors who threaten them with fake negative reviews. Cybercriminals have developed a sophisticated plan to extort money from businesses […]

The post Google Maps Adds Feature for Businesses to Report Ransom Demands Over Reviews appeared first on Cyber Security News.

A sophisticated spyware operation targeting Samsung Galaxy devices, dubbed LANDFALL, which exploited a zero-day vulnerability to infiltrate phones through seemingly innocuous images shared on WhatsApp. This campaign, active since mid-2024, allowed attackers to deploy commercial-grade Android malware capable of full device surveillance without user interaction. The discovery underscores ongoing threats from state-linked surveillance tools in […]

The post Hackers Hijack Samsung Galaxy Phones via 0-Day Exploit Using a Single WhatsApp Image appeared first on Cyber Security News.

A newly identified ransomware group, Cephalus, has emerged as a significant threat to organizations worldwide, exploiting stolen Remote Desktop Protocol (RDP) credentials to gain access to networks and deploy powerful encryption attacks. The AhnLab researchers observed in mid-June 2025 that the group poses a persistent, financially motivated threat that exploits security gaps in remote access […]

The post Threat Actors Leveraging RDP Credentials to Deploy Cephalus Ransomware appeared first on Cyber Security News.

German hosting provider aurologic GmbH has emerged as a central facilitator within the global malicious infrastructure ecosystem, providing upstream transit and data center services to numerous high-risk hosting networks. Operating from its primary facility at Tornado Datacenter GmbH & Co. KG in Langen, Germany, aurologic markets itself as a high-capacity European carrier offering dedicated server […]

The post German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure appeared first on Cyber Security News.

ClickFix attacks have experienced a dramatic surge over the past year, establishing themselves as a cornerstone of modern social engineering tactics. These sophisticated attacks manipulate victims into executing malicious code directly on their devices through deceptive copy-and-paste mechanisms. The threat has evolved beyond traditional email-based phishing, now leveraging multiple delivery channels including poisoned search results […]

The post ClickFix Attacks Evolved With Weaponized Videos That Tricks Users via Self-infection Process appeared first on Cyber Security News.

A sophisticated banking trojan named Herodotus has emerged as a significant threat to Android users worldwide. Operating as Malware-as-a-Service, this malicious application disguises itself as a legitimate tool to trick users into downloading and installing an APK file outside the official Play Store. Once installed on a device, the trojan gains access to critical system […]

The post Herodotus Android Banking Malware Takes Full Control Of Device Evading Antivirus appeared first on Cyber Security News.

Active Directory sites are designed to optimize network performance across geographically separated organizations by managing replication and authentication across multiple locations. The Synacktiv security researchers have demonstrated that these supposedly safe network management tools can be weaponized to launch powerful attacks against enterprise environments.​ The vulnerability emerges because Active Directory sites can be linked to […]

The post Hackers Can Attack Active Directory Sites to Escalate Privileges and Domain Compromise appeared first on Cyber Security News.

LockBit 5.0 made its debut in late September 2025, marking a significant upgrade for one of the most notorious ransomware-as-a-service (RaaS) groups. With roots tracing back to the ABCD ransomware in 2019, LockBit rapidly grew in sophistication, consistently updating its tactics despite facing aggressive law enforcement efforts and affiliate panel leaks. The latest version is […]

The post New Analysis Uncovers LockBit 5.0 Key Capabilities and Two-Stage Execution Model appeared first on Cyber Security News.

Russian-based threat actors are distributing a sophisticated Android Remote Access Trojan through underground channels, offering it as a subscription service to other criminals. The malware, identified as Fantasy Hub, enables attackers to conduct widespread surveillance operations on compromised mobile devices, stealing sensitive communications and personal information from unsuspecting users. The spyware’s capabilities extend far beyond […]

The post New Android Malware ‘Fantasy Hub’ Intercepts SMS Messages, Contacts and Call Logs appeared first on Cyber Security News.

Microsoft’s upcoming Teams update, set for targeted releases in early November 2025 and worldwide by January 2026, will allow users to initiate chats with only an email address, even if the recipient isn’t a Teams user. This feature raises security concerns among experts. The invitee joins as a guest via email, enabling seamless external communication […]

The post Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks appeared first on Cyber Security News.

A sophisticated supply-chain attack has emerged targeting Windows systems through compromised npm packages, marking a critical vulnerability in open-source software distribution. Between October 21 and 26, 2025, threat actors published 17 malicious npm packages containing 23 releases designed to deliver Vidar infostealer malware. The campaign exploited the trust developers place in package registries, leveraging legitimate-appearing […]

The post 15+ Weaponized npm Packages Attacking Windows Systems to Deliver Vidar Malware appeared first on Cyber Security News.

A sophisticated phishing campaign is actively targeting hotel establishments and their guests through compromised Booking.com accounts, according to research uncovered by security experts. The campaign, dubbed “I Paid Twice” due to evidence of victims paying twice for their reservations, has been operating since at least April 2025 and remains active as of October 2025. The […]

The post New Phising Attack Targeting Travellers from Hotel’s Compromised Booking.com Account appeared first on Cyber Security News.