Cyber Security News

A massive resurgence of the Sha1-Hulud supply chain malware has struck the open-source ecosystem, compromising over 800 npm packages and tens of thousands of GitHub repositories in a campaign the attackers have dubbed “The Second Coming.” This sophisticated wave targets high-profile dependencies from major organizations, including AsyncAPI, Postman, PostHog, Zapier, and ENS, affecting an estimated […]

The post Sha1-Hulud Supply Chain Attack: 800+ npm Packages and Thousands of GitHub Repos Compromised appeared first on Cyber Security News.

India-aligned threat group Dropping Elephant has launched a sophisticated multi-stage cyberattack targeting Pakistan’s defense sector using a Python-based remote access trojan disguised within an MSBuild dropper. Idan Tarab has identified this advanced campaign that leverages fake defense-related phishing lures to compromise military research and development units and procurement facilities linked to Pakistan’s National Radio and […]

The post Dropping Elephant Hacker Group Attacks Defense Sector Using Python Backdoor via MSBuild Dropper appeared first on Cyber Security News.

In October 2025, a significant breach exposed the internal workings of APT35, also known as Charming Kitten, a cyber unit operating within Iran’s Islamic Revolutionary Guard Corps Intelligence Organization. Thousands of leaked documents revealed the group’s systematic approach to targeting governments and businesses across the Middle East and Asia. The exposure included performance reports, technical […]

The post APT35 Hacker Groups Internal Documents Leak Exposes their Targets and Attack Methods appeared first on Cyber Security News.

Tenda N300 wireless routers and 4G03 Pro portable LTE devices face severe security threats from multiple command injection vulnerabilities that allow attackers to execute arbitrary commands with root privileges. The affected devices currently lack vendor patches, leaving users vulnerable. The vulnerabilities stem from improper handling of user input within critical service functions on these Tenda […]

The post Tenda N300 Vulnerabilities Let Attacker to Execute Arbitrary Commands as Root User appeared first on Cyber Security News.

Large language models like GPT-3.5-Turbo and GPT-4 are transforming how we work, but they are also opening doors for cybercriminals to create a new generation of malware. Researchers have demonstrated that these advanced AI tools can be manipulated to generate malicious code, fundamentally changing how attackers operate. Unlike traditional malware that relies on hardcoded instructions […]

The post LLMs Tools Like GPT-3.5-Turbo and GPT-4 Fuels the Development of Fully Autonomous Malware appeared first on Cyber Security News.

A dangerous malware campaign has surfaced targeting cryptocurrency users through a deceptive Python package hosted on the PyPI repository. The threat actors disguised their malicious code within a fake spell-checking tool, mimicking the legitimate pyspellchecker package that boasts over 18 million downloads. This supply chain attack represents an evolving threat landscape where attackers exploit trusted […]

The post Hackers Leverage Malicious PyPI Package to Attack Users and Steal Cryptocurrency Details appeared first on Cyber Security News.

A new threat known as EtherHiding is reshaping how malware spreads through the internet. Unlike older methods that rely on traditional servers to deliver harmful code, this attack uses blockchain smart contracts to store and update malware payloads. The approach makes it harder for security teams to track and stop attackers because the payloads can […]

The post New EtherHiding Attack Uses Web-Based Attacks to Deliver Malware and Rotate Payloads appeared first on Cyber Security News.

The ToddyCat APT group has developed new ways to access corporate email communications at target organizations. Email remains the main way companies handle business communications, whether through their own servers like Microsoft Exchange or through cloud services such as Microsoft 365 and Gmail. Many believe that cloud services provide better protection for company communications. Even […]

The post ToddyCat APT Accessing Organizations Internal Communications of Employees at Target Companies appeared first on Cyber Security News.

A massive supply chain attack targeting the NPM accounts of automation giant Zapier and the Ethereum Name Service (ENS). Identified by Aikido Security, the campaign is being orchestrated by the same threat actors responsible for the “Shai Hulud” self-propagating worm that first surfaced in September. This latest wave, self-titled “Shai Hulud: The Second Coming,” has […]

The post Zapier’s NPM Account Hacked – Multiple Packages Infected with Self-Propagating Shai Hulud Malware appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated Python-based malware that employs process injection techniques to hide inside legitimate Windows binaries. This threat represents a new evolution in fileless attack strategies, combining multi-layer obfuscation with trusted system utilities to evade detection. The malware’s ability to masquerade as harmless files while deploying a full Python runtime environment marks […]

The post Threats Actors Leverage Python-based Malware to Inject Process into a Legitimate Windows Binary appeared first on Cyber Security News.

A sophisticated phishing campaign is currently leveraging a subtle typographical trick to bypass user vigilance, deceiving victims into handing over sensitive login credentials. Attackers utilize the domain “rnicrosoft.com” to impersonate the tech giant. By replacing the letter ‘m’ with the combination of ‘r’ and ‘n’, fraudsters create a visual doppleganger that is nearly indistinguishable from […]

The post Hackers Replace ‘m’ with ‘rn’ in Microsoft(.)com to Steal Users’ Login Credentials appeared first on Cyber Security News.

A critical memory corruption vulnerability in vLLM versions 0.10.2 and later allows attackers to achieve remote code execution through the Completions API endpoint by sending maliciously crafted prompt embeddings. The vulnerability resides in the tensor deserialization process within vLLM’s entrypoints/renderer.py at line 148. When processing user-supplied prompt embeddings, the system loads serialized tensors using torch.load() […]

The post vLLM Vulnerability Enables Remote Code Execution Via Malicious Payloads appeared first on Cyber Security News.

A sophisticated recruitment scam linked to North Korea has emerged, targeting American artificial intelligence developers, software engineers, and cryptocurrency professionals through an elaborate fake job platform. Validin security researchers have uncovered a new variant of what they call the “Contagious Interview” operation, designed to compromise job seekers through a seemingly legitimate hiring process. The campaign […]

The post Beware of North Korean Fake Job Platform Targeting U.S. Based AI-Developers appeared first on Cyber Security News.

Welcome to this week’s edition of the Cybersecurity News Weekly Newsletter, where we analyze the critical incidents defining the current threat landscape. If this week has taught us anything, it is that the stability of our digital infrastructure is just as volatile as the security of the software running upon it. We are witnessing a […]

The post Cybersecurity News Weekly Newsletter – Fortinet, Chrome 0-Day Flaws, Cloudflare Outage and Salesforce Gainsight Breach appeared first on Cyber Security News.

A critical vulnerability in Azure Bastion (CVE-2025-49752) allows remote attackers to bypass authentication mechanisms and escalate privileges to administrative levels. The flaw, categorized as an authentication bypass vulnerability, poses an immediate risk to organizations that rely on Azure Bastion for secure administrative access to their cloud infrastructure. Attackers Can Escalate Privileges Without User Interaction The […]

The post Critical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privileges appeared first on Cyber Security News.

Microsoft has officially acknowledged a significant disruption affecting Windows 11 version 24H2 users, specifically after installing the cumulative update KB5062553 released in July 2025. The issue primarily affects environments using Virtual Desktop Infrastructure (VDI) and devices undergoing their first user logon. Reports indicate that essential shell components, including the Start Menu, Taskbar, and System Settings, […]

The post Microsoft Confirms Windows 11 24H2 Update Broken Multiple Core Features appeared first on Cyber Security News.

Remote monitoring tools are essential for managing and maintaining the health and performance of IT infrastructure and systems. Remote monitoring tools provide continuous oversight of network devices, servers, applications, and other critical components from a remote location. These tools help identify and resolve issues proactively by offering real-time alerts, performance metrics, and detailed reports. With […]

The post 15 Best Remote Monitoring Tools – 2025 appeared first on Cyber Security News.

A sophisticated supply chain attack has reportedly compromised data across hundreds of organizations, linking the breach to a critical integration between customer success platform Gainsight and CRM giant Salesforce. The notorious hacking collective ShinyHunters is claiming responsibility for the intrusion, which allegedly affects over 200 companies. The attack vector did not rely on breaking into […]

The post ShinyHunters Claims Data Theft from 200+ Companies via Salesforce Gainsight Breach appeared first on Cyber Security News.

The Metasploit Framework has introduced a new exploit module targeting critical vulnerabilities in Fortinet’s FortiWeb Web Application Firewall (WAF). This module chains two recently disclosed flaws, CVE-2025-64446 and CVE-2025-58034, to achieve unauthenticated Remote Code Execution (RCE) with root privileges. The release follows reports of active exploitation in the wild, including “silent patches” and subsequent bypasses that have left many […]

The post Metasploit Adds Exploit Module for Recently Disclosed FortiWeb 0-Day Vulnerabilities appeared first on Cyber Security News.

A former IT contractor from Ohio has admitted to launching a cyberattack against his employer’s network in retaliation for being terminated, federal prosecutors announced this week. Maxwell Schultz, 35, of Columbus, Ohio, pleaded guilty to computer fraud charges after leading a technical attack that locked thousands of employees out of their systems nationwide. On May […]

The post Fired Techie Admits Hacking Employer’s Network in Retaliation for Termination appeared first on Cyber Security News.