Cyber Security News

ChaosBot surfaced in late September 2025 as a sophisticated Rust-based backdoor targeting enterprise networks. Initial investigations revealed that threat actors gained entry by exploiting compromised CiscoVPN credentials coupled with over-privileged Active Directory service accounts. Once inside, ChaosBot was stealthily deployed via side-loading techniques using the legitimate Microsoft Edge component identity_helper.exe from the C:\Users\Public\Libraries directory. The […]

The post New Chaosbot Leveraging CiscoVPN and Active Directory Passwords to Execute Network Commands appeared first on Cyber Security News.

Threat actors have reemerged in mid-2025 leveraging previously disclosed vulnerabilities in SonicWall SSL VPN appliances to deploy Akira ransomware on enterprise networks. Beginning in July, multiple incidents of initial access via unpatched SonicWall devices were reported across North America and EMEA. Attackers exploited CVE-2024-40766, an access control flaw in SonicOS versions up to 7.0.1-5035, enabling […]

The post Threat Actors Exploiting SonicWall SSL VPN Devices in Wild to Deploy Akira Ransomware appeared first on Cyber Security News.

Menlo Park, USA, October 10th, 2025, CyberNewsWire AccuKnox, a leader in Zero Trust Cloud Native Application Protection Platforms (CNAPP), is proud to announce that Nanoprecise has selected AccuKnox to enhance its cloud security, governance, and compliance framework. Nanoprecise is a pioneer predictive maintenance and condition monitoring, and leverages Artificial Intelligence and IoT technologies to deliver […]

The post Nanoprecise partners with AccuKnox to strengthen its Zero Trust Cloud Security and Compliance Posture appeared first on Cyber Security News.

Socket’s Threat Research Team has uncovered a sophisticated phishing campaign involving 175 malicious npm packages that collectively accumulated over 26,000 downloads. The campaign, dubbed “Beamglea” based on consistent artifacts across all packages, represents a novel abuse of npm’s public registry and the unpkg.com CDN to host redirect scripts targeting 135+ industrial, technology, and energy companies […]

The post 175 Malicious npm Packages With 26,000 Downloads Attacking Technology, and Energy Companies Worldwide appeared first on Cyber Security News.

Since its emergence in early 2025, RondoDox has rapidly become one of the most pervasive IoT-focused botnets in operation, targeting a wide range of network-connected devices—from consumer routers to enterprise CCTV systems and web servers. Its modular design allows operators to deploy tailored exploit modules against over 50 distinct vulnerabilities, enabling swift compromise of disparate […]

The post RondoDox Botnet Exploits 50+ Vulnerabilities to Attack Routers, CCTV Systems and Web Servers appeared first on Cyber Security News.

Microsoft Defender for Endpoint is incorrectly flagging specific versions of SQL Server as having reached their end-of-life, causing potential confusion for system administrators. The issue, tracked under advisory DZ1168079, stems from a code bug and affects the Threat and Vulnerability Management feature within the Microsoft Defender XDR suite. The bug impacts explicitly organizations running SQL […]

The post Microsoft Defender Incorrectly Flags SQL Server Software as End-of-life appeared first on Cyber Security News.

A critical vulnerability in GitHub Copilot Chat, rated 9.6 on the CVSS scale, could have allowed attackers to exfiltrate source code and secrets from private repositories silently. The exploit combined a novel prompt injection technique with a clever bypass of GitHub’s Content Security Policy (CSP), granting the attacker significant control over a victim’s Copilot instance, […]

The post Critical GitHub Copilot Vulnerability Let Attackers Exfiltrate Source Code From Private Repos appeared first on Cyber Security News.

A sophisticated Android spyware campaign dubbed ClayRat has emerged as one of the most concerning mobile threats of 2025, masquerading as popular applications including WhatsApp, Google Photos, TikTok, and YouTube to infiltrate devices and steal sensitive user data. The malware demonstrates remarkable adaptability and persistence, with threat actors continuously evolving their tactics to bypass security […]

The post New Android Malware ClayRat Mimic as WhatsApp, Google Photos to Attack Users appeared first on Cyber Security News.

Cybersecurity researchers have identified what is believed to be the earliest known instance of malware that leverages a Large Language Model (LLM) to generate malicious code at runtime. Dubbed ‘MalTerminal’ by SentinelLABS, the malware uses OpenAI’s GPT-4 to dynamically create ransomware code and reverse shells, presenting a new and formidable challenge for detection and threat […]

The post LLM-enabled MalTerminal Malware Leverages GPT-4 to Generate Ransomware Code appeared first on Cyber Security News.

Emerging from a recent wave of targeted campaigns, SnakeKeylogger has surfaced as a potent infostealer that capitalizes on PowerShell and social engineering. The malware’s operators craft convincing spear-phishing e-mails under aliases such as “CPA-Payment Files,” impersonating reputable financial and research firms. Recipients encounter ISO or ZIP attachments containing a seemingly innocuous BAT script. Once executed, […]

The post SnakeKeylogger via Weaponized E-mails Leverage PowerShell to Exfiltrate Sensitive Data appeared first on Cyber Security News.

A sophisticated financially motivated threat actor known as Storm-2657 has been orchestrating elaborate “payroll pirate” attacks targeting US universities and other organizations, Microsoft Threat Intelligence has revealed. These attacks represent a concerning evolution in cybercriminal tactics, where hackers compromise employee accounts to gain unauthorized access to human resources systems and redirect salary payments to attacker-controlled […]

The post Microsoft Warns of Hackers Compromising Employee Accounts to Steal Salary Payments appeared first on Cyber Security News.

An active in-the-wild exploitation of a zero-day vulnerability in Gladinet CentreStack and Triofox products. Tracked as CVE-2025-11371, the unauthenticated Local File Inclusion (LFI) flaw allows attackers to achieve remote code execution (RCE) on affected systems. The vulnerability is currently unpatched, but a mitigation has been provided. Organizations using the affected software are strongly urged to […]

The post Gladinet CentreStack And Triofox 0-Day RCE Vulnerability Actively Exploited In Attacks appeared first on Cyber Security News.

The cybersecurity landscape faces a new and significant threat as the notorious CL0P ransomware group has launched a large-scale extortion campaign targeting Oracle E-Business Suite (EBS) environments. Starting September 29, 2025, security researchers began tracking a sophisticated operation where threat actors claimed affiliation with the CL0P extortion brand and initiated a high-volume email campaign targeting […]

The post Google Warns of CL0P Ransomware Group Actively Exploiting Oracle E-Business Suite Zero-Day appeared first on Cyber Security News.

International law enforcement agencies have seized the latest clearnet domain of the notorious cybercrime marketplace, BreachForums. The domain, breachforums[.]hn, now displays a seizure notice from the U.S. Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI), alongside French authorities, including the Brigade de Lutte Contre la Cybercriminalité (BL2C) and the Parquet de Paris […]

The post Authorities Seize BreachForums New Clearnet Cybercrime Marketplace Domain appeared first on Cyber Security News.

Two high-severity vulnerabilities have been discovered in the popular open-source file archiver, 7-Zip, which could allow remote attackers to execute arbitrary code. Identified as CVE-2025-11001 and CVE-2025-11002, the flaws affect all versions of the software prior to the latest release and require immediate patching. Flaw in Symbolic Link Processing The core of both vulnerabilities lies […]

The post 7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code Remotely appeared first on Cyber Security News.

Microsoft users are facing a novel quishing campaign that leverages weaponized QR codes embedded in malicious emails. Emerging in early October 2025, this attack exploits trust in QR-based authentication and device pairing workflows, tricking targets into scanning codes that deliver infostealer binaries. Initial reports surfaced when Gen Threat Labs analysts noted anomalous QR attachments spoofing […]

The post New Quishing Attack With Weaponized QR Code Targeting Microsoft Users appeared first on Cyber Security News.

Over the past two months, threat actors have weaponized a critical authentication bypass flaw in the Service Finder Bookings WordPress plugin, enabling them to hijack any account on compromised sites. First disclosed on July 31, 2025, the vulnerability emerged after a bug bounty submission revealed that the plugin’s servicefinderswitchback function failed to validate a user-switch […]

The post Hackers Actively Exploiting WordPress Plugin Vulnerability to Gain Admin Access appeared first on Cyber Security News.

A sophisticated phishing campaign has emerged targeting job seekers through legitimate Zoom document-sharing features, demonstrating how cybercriminals exploit trusted platforms to harvest Gmail credentials. The attack leverages social engineering tactics by impersonating HR departments and using authentic Zoom notifications to bypass user suspicion and traditional security measures. The campaign begins with victims receiving legitimate-looking emails […]

The post Threat Actors Mimic as HR Departments to Steal Your Gmail Login Credentials appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated evolution of the ClickFix attack methodology, where threat actors are leveraging cache smuggling techniques to avoid traditional file download detection mechanisms. This innovative campaign targets enterprise networks by masquerading as a Fortinet VPN compliance checking tool, specifically exploiting the trust organizations place in their remote access infrastructure. The malicious […]

The post Hackers Upgraded ClickFix Attack With Cache Smuggling to Secretly Download Malicious Files appeared first on Cyber Security News.

A recently discovered Python-based remote access trojan (RAT) exhibits unprecedented polymorphic behavior, altering its code signature each time it runs. First observed on VirusTotal, the sample, dubbed nirorat.py, initially scored only 26/100 on detection engines, despite containing a full suite of RAT capabilities. Analysts believe the malware leverages Python’s introspection and code-modification features to evade […]

The post New Polymorphic Python Malware Repeatedly Mutate its Appearance at Every Execution Time appeared first on Cyber Security News.