Cyber Security News

A sophisticated data exfiltration campaign targeting corporate Salesforce instances has exposed sensitive information from multiple organizations through compromised OAuth tokens associated with the Salesloft Drift third-party application.  The threat actor, designated as UNC6395, systematically harvested credentials and sensitive data between August 8-18, 2025, demonstrating advanced operational security awareness while executing SOQL queries across numerous Salesforce […]

The post Salesloft Drift Hacked to Steal OAuth Tokens and Exfiltrate from Salesforce Corporate Instances appeared first on Cyber Security News.

China-based threat actor Mustang Panda has emerged as one of the most sophisticated cyber espionage groups operating in the current threat landscape, with operations dating back to at least 2014. This advanced persistent threat (APT) group has systematically targeted government entities, nonprofit organizations, religious institutions, and NGOs across the United States, Europe, Mongolia, Myanmar, Pakistan, […]

The post China-based Threat Actor Mustang Panda’s Tactics, Techniques, and Procedures Unveiled appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a critical security flaw in Securden Unified PAM that allows attackers to completely bypass authentication mechanisms and gain unauthorized access to sensitive credentials and system functions. The vulnerability, designated as CVE-2025-53118 with a CVSS score of 9.4, represents one of four serious security issues discovered in the privileged access management solution […]

The post Securden Unified PAM Vulnerability Let Attackers Bypass Authentication appeared first on Cyber Security News.

A sophisticated new variant of the Hook Android banking trojan has emerged with unprecedented capabilities that position it among the most advanced mobile malware families observed to date. This latest version, designated Hook Version 3, represents a significant evolution in Android banking malware sophistication, introducing a comprehensive arsenal of 107 remote commands with 38 newly […]

The post New Hook Android Banking Malware With New Advanced Capabilities and Supports 107 Remote Commands appeared first on Cyber Security News.

When every minute counts, it’s important to have access to fresh threat intelligence at the tip of your finger. That’s what all high-performing SOC teams have in common. Learn where to get relevant threat data for free and how to triage incidents in seconds using it. Getting & Applying Free Threat Intelligence Enriching your indicators […]

The post How SOCs Triage Incidents in Seconds with Threat Intelligence appeared first on Cyber Security News.

A new ransomware has been identified, which is believed to be the first-ever ransomware strain that leverages a local AI model to generate its malicious components. Dubbed “PromptLock” by the ESET Research team that discovered it, the malware uses OpenAI’s gpt-oss:20b model via the Ollama API to create custom, cross-platform Lua scripts for its attack […]

The post First AI Ransomware ‘PromptLock’ Uses OpenAI gpt-oss-20b Model for Encryption appeared first on Cyber Security News.

A sophisticated credential harvesting campaign has emerged targeting ScreenConnect cloud administrators with spear phishing attacks designed to steal super administrator credentials. The ongoing operation, designated MCTO3030, has maintained consistent tactics since 2022 while operating largely undetected through low-volume distribution strategies that send up to 1,000 emails per campaign run. The campaign specifically targets senior IT […]

The post New Attack Targeting ScreenConnect Cloud Administrators to Steal Login Credentials appeared first on Cyber Security News.

Cloud Software Group has disclosed multiple high-severity vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that can lead to remote code execution (RCE) and denial of service (DoS). Exploitation of CVE-2025-7775 has been observed in the wild against unmitigated appliances, and customers are urged to upgrade immediately. Affected versions include […]

The post Citrix NetScaler ADC and Gateway 0-Day RCE Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.

Online PDF editors have become common tools for quick document manipulation, providing convenient alternatives to desktop software. However, their cloud-based nature brings significant security vulnerabilities that both organizations and individuals must carefully consider. Recent cybersecurity research reveals that these platforms present multiple attack vectors, including data interception, malware injection, and compliance violations that can expose sensitive information […]

The post Online PDF Editors Safe to Use? Detailed Analysis of Security Risks Associated With It appeared first on Cyber Security News.

Microsoft has released a new VM Conversion extension for Windows Admin Center, designed to streamline the migration of VMware virtual machines from vCenter to Hyper-V environments.  The preview tool, announced on August 20, 2025, provides enterprises with a cost-free solution for bulk VM migrations while maintaining minimal downtime and preserving critical configurations. Key Takeaways1. Migrate […]

The post Microsoft Unveils New Tool to Migrate VMware Virtual Machines From vCenter to Hyper-V appeared first on Cyber Security News.

Aembit, the workload identity and access management (IAM) company, today announced new capabilities for GitLab designed to reduce the security risks of long-lived personal access tokens (PATs) and other secrets needed to automate software delivery, while making it easier to deploy and manage pipelines. With the introduction of Credential Lifecycle Management and the availability of […]

The post Aembit Extends Secretless CI/CD with Credential Lifecycle Management for GitLab appeared first on Cyber Security News.

CISA has issued a high-severity warning for CVE-2025-48384, a link-following vulnerability in Git that enables arbitrary file writes via misconfigured carriage return handling in configuration files.  This flaw has already seen active exploitation, underscoring the critical need for immediate mitigation. Key Takeaways1. CVE-2025-48384 lets attackers abuse CR handling in Git configs to write arbitrary files.2. […]

The post CISA Warns of Git Arbitrary File Write Vulnerability Exploited in Attacks appeared first on Cyber Security News.

AccuKnox, a leader in Zero Trust Kubernetes and cloud-native security solutions, has been issued a patent [US Patent# 12,242,629 – full PDF copy available] by the U.S. Patent and Trademark Office for the breakthrough technology in Runtime Security of Kernel-Level Events.  This innovation delivers real-time detection, prevention, and remediation of anomalous kernel activity. The patented […]

The post AccuKnox Awarded Patent for Runtime Security of Kernel Events appeared first on Cyber Security News.

Android’s open ecosystem has been both its greatest strength and a persistent security challenge. While sideloading offers developers and users unparalleled freedom, it has also become a vector for malicious actors to distribute malware masquerading as legitimate applications. Over the past year, Android Developers Blog analysts noted that malware delivered via internet-sideloaded sources outpaced Play […]

The post Google to Add New Layer of Developer Verification to Distribute Apps on Play Store appeared first on Cyber Security News.

A comprehensive analysis of the top 10 social media platforms reveals that X (formerly Twitter) stands out as the most invasive collector of user location information, gathering both precise and coarse location data across all categories listed in Apple’s App Store privacy framework.  This extensive data harvesting raises significant privacy concerns as location tracking can […]

The post X/Twitter The Most Aggressive Social Media App Collecting Users Location Information appeared first on Cyber Security News.

A malvertising campaign using sponsored results on Microsoft’s search platform delivered a weaponized PuTTY that established persistence, enabled hands-on keyboard control, and executed Kerberoasting to target Active Directory service accounts. According to an investigation published by LevelBlue’s MDR SOC and corroborated by independent research tracking Oyster/Broomstick backdoor activity tied to trojanized admin tools distributed via […]

The post Weaponized PuTTY Via Bing Ads Exploit Kerberos and Attack Active Directory Services appeared first on Cyber Security News.

Android droppers have evolved from niche installers for heavyweight banking Trojans into universal delivery frameworks, capable of deploying even rudimentary spyware or SMS stealers. Initially, droppers served banking malware families that required elevated Accessibility permissions to harvest credentials. These small applications appeared innocuous at first glance, often masquerading as utility or government apps in high-risk […]

The post Threat Actors Adapting Android Droppers Even to Deploy Simple Malware to Stay Future-Proof appeared first on Cyber Security News.

A stealthy espionage campaign emerged in early 2025 targeting diplomats and government entities in Southeast Asia and beyond. At the heart of this operation lies STATICPLUGIN, a downloader meticulously disguised as a legitimate Adobe plugin update. Victims encountered a captive portal hijack that redirected browsers to malicious domains, where an HTTPS-secured landing page prompted users […]

The post Chinese UNC6384 Hackers Leverages Valid Code Signing Certificates to Evade Detection appeared first on Cyber Security News.

CISA has issued a critical alert regarding three newly identified vulnerabilities being actively exploited by threat actors. On August 25, 2025, CISA added these high-risk Common Vulnerabilities and Exposures (CVEs) to its Known Exploited Vulnerabilities (KEV) Catalog, signaling immediate concern for federal agencies and private organizations alike. Key Takeaways1. CISA added two Citrix Session Recording […]

The post CISA Warns of Citrix RCE and Privilege Escalation Vulnerabilities Exploited in Attacks appeared first on Cyber Security News.

A massive coordinated scanning campaign targeting Microsoft Remote Desktop Protocol (RDP) services, with threat actors deploying over 30,000 unique IP addresses to probe for vulnerabilities in Microsoft RD Web Access and RDP Web Client authentication portals.  The campaign represents one of the largest coordinated RDP reconnaissance operations observed in recent years, signaling potential preparation for […]

The post Hackers Actively Scanning to Exploit Microsoft Remote Desktop Protocol Services From 30,000+ IPs appeared first on Cyber Security News.