Cyber Security News

Large Language Models (LLMs) have revolutionized software development, democratizing coding capabilities for non-programmers. However, this accessibility has introduced a severe security crisis. Advanced AI tools, designed to assist developers, are now being weaponized to automate the creation of sophisticated exploits against enterprise software. This shift fundamentally challenges traditional security assumptions, where the technical complexity of […]

The post Threat Actors Manipulating LLMs for Automated Vulnerability Exploitation appeared first on Cyber Security News.

APT36, also known as Transparent Tribe, has launched a new malware campaign that targets Indian government and strategic entities by abusing Windows LNK shortcut files. The attack starts with spear‑phishing emails that carry a ZIP archive named “Online JLPT Exam Dec 2025.zip,” using an exam notice theme to lure officials into opening the attachment. Once […]

The post APT36 Malware Campaign Targeting Windows LNK Files to Attack Indian Government Entities appeared first on Cyber Security News.

NeuroSploitv2 is an AI-powered penetration testing framework that automates critical aspects of offensive security operations through advanced language models. The framework, available on GitHub, integrates with multiple LLM providers, including Claude, GPT, Gemini, and Ollama, to enable specialized vulnerability analysis and exploitation strategies. The framework stands out for its modular architecture, which features specialized AI […]

The post NeuroSploitv2 – AI-Powered Pentesting Tool With Claude, GPT, and Gemini models to Detect vulnerabilities appeared first on Cyber Security News.

Dark web forums have become a marketplace for sophisticated malware tools, with threat actors continuously refining their capabilities to stay ahead of security solutions. The latest concerning development involves an emerging AI-powered crypter service that promises unprecedented evasion abilities, putting enterprise environments at significant risk. A threat actor operating under the alias ImpactSolutions has begun […]

The post Threat Actors Advertising AI-Enhanced Metamorphic Crypter with Claims of Windows Defender Bypass appeared first on Cyber Security News.

A security patch addressing a critical privilege escalation vulnerability that allows unauthorized users to gain administrative access to the data streaming platform. The flaw, tracked as CVE-2025-47411 and rated important, affects Apache StreamPipes versions 0.69.0 through 0.97.0. The vulnerability stems from a flawed user ID creation mechanism that permits legitimate non-administrator account holders to exploit […]

The post Critical Apache StreamPipes Vulnerability Let Attackers Seize Admin Control appeared first on Cyber Security News.

The Adaptix Framework team has announced a significant update to AdaptixC2, an open-source post-exploitation and adversarial emulation platform designed for penetration testers. The latest version introduces significant improvements to network tunneling, the user interface, and overall system performance. One of the most notable upgrades focuses on network tunnel capabilities. The SOCKS4 and SOCKS5 protocols have been […]

The post Open-Source C2 Platform AdaptixC2 Released With Enhanced Stability, Performance, and Speed appeared first on Cyber Security News.

A large-scale web skimming operation has emerged across the internet, targeting online shoppers and account holders with unprecedented scope. Security researchers have identified an over 50-script global campaign that intercepts sensitive information during checkout and account creation processes. The attack demonstrates a significant evolution in how cybercriminals target e-commerce platforms, moving beyond simple credit card […]

The post Massive Magecart with 50+ Malicious Scripts Hijacking Checkout and Account Creation Flows appeared first on Cyber Security News.

The cybercriminal threat actor known as Crypt4You has recently emerged on underground forums and dark web marketplaces, advertising a sophisticated tool named VOID KILLER. This malicious software operates as a kernel-level antivirus and endpoint detection response (EDR) process killer, designed to evade and neutralize security defenses. The tool is being marketed as an alternative to […]

The post Hackers Advertised VOID ‘AV Killer’ with Kernel-level Termination Claims appeared first on Cyber Security News.

The cybersecurity landscape has reached a critical turning point as artificial intelligence moves from theoretical threat to operational reality. In their H2 2025 Threat Report, ESET researchers have documented a disturbing shift in how attackers operate, revealing that AI-powered malware is no longer a distant concern but an active threat targeting systems worldwide. The emergence […]

The post ESET Warns AI-driven Malware Attack and Rapidly Growing Ransomware Economy appeared first on Cyber Security News.

Israel’s National Cyber Directorate recently issued an urgent alert about a targeted spear-phishing attack aimed at people working in security and defense-related areas. The campaign uses WhatsApp messages that pretend to come from trusted organizations, inviting targets to professional conferences. These messages contain shortened URLs that lead victims to fake websites designed to steal personal […]

The post New Spear-Phishing Attack Targeting Security Individuals in Israel Region appeared first on Cyber Security News.

The European Space Agency (ESA) has confirmed a cybersecurity breach affecting a limited number of external servers, marking a rare public admission of vulnerability in the continent’s premier space organization. In an official statement released Tuesday, ESA disclosed: “ESA is aware of a recent cybersecurity issue involving servers located outside the ESA corporate network. We […]

The post European Space Agency Confirms Breach of Servers Outside the Corporate Network appeared first on Cyber Security News.

A new malware campaign has successfully infiltrated Maven Central, one of the most trusted repositories for Java developers, by masquerading as a legitimate Jackson JSON library extension. The malicious package, published under the org.fasterxml.jackson.core/jackson-databind namespace, represents one of the first instances of sophisticated malware discovered on Maven Central through a typosquatting attack. This attack takes […]

The post Hackers Infiltrated Maven Central Masquerading as a Legitimate Jackson JSON Library appeared first on Cyber Security News.

A Chinese-linked threat group tied to the HoneyMyte, also known as Mustang Panda or Bronze President, is using a new kernel rootkit to hide its ToneShell backdoor. The campaign has hit government networks across Southeast and East Asia, with the heaviest impact in Myanmar and Thailand. The goal is long-term spying, not quick money theft. […]

The post Chinese Hackers Use Rootkit to Hide ToneShell Malware Activity appeared first on Cyber Security News.

SmarterTools has issued an urgent security advisory addressing a critical vulnerability in SmarterMail that could allow attackers to execute remote code on mail servers. The flaw, tracked as CVE-2025-52691, poses a severe threat to organizations using the affected versions. The vulnerability has been assigned a CVSS score of 10.0, the highest possible severity rating. This […]

The post Critical Vulnerability in SmarterMail Let Attackers Execute Remote Code appeared first on Cyber Security News.

CISA has added a critical MongoDB Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively exploited in cyberattacks. CVE-2025-14847 affects MongoDB Server and allows unauthenticated attackers to read uninitialized heap memory due to an inconsistency in the handling of the length parameter in Zlib-compressed protocol headers. Attribute Details […]

The post CISA Warns of MongoDB Server Vulnerability(CVE-2025-14847) Exploited in Attacks appeared first on Cyber Security News.

A critical vulnerability in MongoDB Server is putting tens of thousands of databases worldwide at risk. Dubbed MongoBleed and tracked as CVE-2025-14847, this high-severity flaw allows unauthenticated attackers to remotely extract sensitive data from server memory without credentials. The Shadow Server Foundation disclosed updated findings showing 74,854 potentially unpatched MongoDB versions among 78,725 exposed instances detected today. Public exploit code […]

The post 70,000+ MongoDB Servers Vulnerable to MongoBleed Exploit – PoC Released appeared first on Cyber Security News.

A critical zero-day vulnerability has been discovered in XSpeeder’s SXZOS firmware, affecting tens of thousands of SD-WAN appliances, edge routers, and smart TV controllers deployed globally. The vulnerability, designated PWN-25-01, enables unauthenticated remote code execution (RCE) with root-level privileges through a single HTTP GET request. XSpeeder, a Chinese networking vendor specializing in edge infrastructure, manufactures […]

The post Critical 0-Day RCE Vulnerability in Networking Devices Exposes 70,000+ Hosts appeared first on Cyber Security News.

Microsoft’s newly unveiled “Connected Agents” feature in Copilot Studio, announced at Build 2025, is creating a significant security vulnerability. Attackers are already exploiting to gain unauthorized backdoor access to critical business systems. Connected Agents enables AI-to-AI integration, allowing agents to share functionality and reuse logic across environments. While designed for efficiency, similar to wrapping repeated […]

The post Hackers Exploit Copilot Studio’s New Connected Agents Feature to Gain Backdoor Access appeared first on Cyber Security News.

A major supply chain attack targeting EmEditor, a widely used text editor software, has exposed millions of users to sophisticated infostealer malware. Between December 19 and December 22, 2025, the official EmEditor website fell victim to unauthorized modification, serving compromised installer files to unsuspecting users during a critical four-day window. The company confirmed that users […]

The post EmEditor Editor Website Hacked to Deliver Infostealer Malware in Supply Chain Attack appeared first on Cyber Security News.

Chinese threat actors operating under the name Silver Fox are targeting Indian organizations through sophisticated phishing campaigns that impersonate legitimate income tax documents. The attack campaign uses authentic-looking Income Tax Department emails to trick users into downloading a malicious executable disguised as a tax-related file. Once clicked, victims are redirected to a command-and-control server, which […]

The post Silver Fox Hackers Attacking Indian Entities with Income Tax Phishing Lures appeared first on Cyber Security News.