Cyber Security News

Russia’s APT28 has resurfaced in mid-2025 with a sophisticated spear-phishing campaign that weaponizes Office documents to deploy two novel payloads: BeardShell, a C-based backdoor leveraging IceDrive as a command-and-control channel, and Covenant’s HTTP Grunt Stager, which communicates via the Koofr cloud API. These malicious documents are distributed through private Signal chats, exploiting the application’s lack […]

The post APT28 With Weaponized Office Documents Delivers BeardShell and Covenant Modules appeared first on Cyber Security News.

ConnectWise released a critical security update for its Automate platform on October 16, 2025. The patch, version 2025.9, addresses serious flaws in agent communications that could let attackers intercept sensitive data or push malicious software updates. These vulnerabilities primarily affect on-premises installations, where misconfigurations might expose systems to network-based exploits. The issues stem from environments […]

The post Critical ConnectWise Vulnerabilities Allow Attackers To Inject Malicious Updates appeared first on Cyber Security News.

A sophisticated rootkit targeting GNU/Linux systems has emerged, leveraging advanced eBPF (extended Berkeley Packet Filter) technology to conceal malicious activities and evade traditional monitoring tools. The threat, known as LinkPro, was discovered during a digital forensic investigation of a compromised AWS-hosted infrastructure, where it functioned as a stealthy backdoor with capabilities ranging from process hiding […]

The post LinkPro Rootkit Attacking GNU/Linux Systems Using eBPF Module to Hide Malicious Activities appeared first on Cyber Security News.

Cisco has issued a security advisory warning of multiple vulnerabilities in its Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models running Cisco Session Initiation Protocol (SIP) Software. Published on October 15, 2025, the advisory details risks that could enable unauthenticated remote attackers to trigger denial-of-service (DoS) conditions or […]

The post Cisco Desk, IP, and Video Phone Vulnerabilities Let Remote Attackers Trigger DoS And XSS Attacks appeared first on Cyber Security News.

VMware has launched Workstation 25H2 and Fusion 25H2, the newest iterations of its desktop hypervisors, featuring a revamped versioning system, enhanced tools, and broader compatibility with modern hardware and operating systems. These updates aim to streamline virtualization for developers, IT professionals, and testers by improving performance, automation, and support for cutting-edge platforms. The releases introduce […]

The post VMware Workstation and Fusion 25H2 Released with New Features and Latest OS Support appeared first on Cyber Security News.

In recent months, a sophisticated malware campaign—dubbed EtherHiding—has emerged from North Korea-aligned threat actors, sharply escalating the cybersecurity risks facing cryptocurrency exchanges and their users worldwide. The campaign surfaced in the wake of heightened regulatory crackdowns on illicit crypto transactions, with attackers shifting tactics to exploit new digital supply chain vulnerabilities. EtherHiding first appeared in […]

The post North Korean Hackers Using EtherHiding to Deliver Malware and Steal Cryptocurrency appeared first on Cyber Security News.

Over 269,000 F5 devices are reportedly exposed to the public internet daily, according to data from The Shadowserver Foundation. This exposure comes at a critical time following F5’s disclosure of a sophisticated nation-state attack that compromised its development environment, stealing source code and details on undisclosed vulnerabilities in BIG-IP products. Nearly half of these exposed […]

The post Over 269,000 F5 Devices Exposed Online After Major Breach: U.S. Faces Largest Risk appeared first on Cyber Security News.

F5 Networks, a leading provider of application security and delivery solutions, has disclosed a significant security breach involving a nation-state threat actor, prompting the release of critical updates for its core products. Detected in August 2025, the incident exposed internal systems to prolonged unauthorized access, leading to the theft of BIG-IP source code and undisclosed […]

The post F5 Released Security Updates Covering Multiple Products Following Recent Hack appeared first on Cyber Security News.

Cisco has disclosed a severe vulnerability in its widely used IOS and IOS XE Software, potentially allowing attackers to crash devices or seize full control through remote code execution. The flaw, rooted in the Simple Network Management Protocol (SNMP) subsystem, stems from a stack overflow condition that attackers can trigger with a specially crafted SNMP […]

The post Cisco IOS and IOS XE Software Vulnerabilities Let Attackers Execute Remote Code appeared first on Cyber Security News.

A new information-stealer has emerged targeting job seekers with a trojanized Node.js application named Chessfi. Delivered via a modified npm package hosted on the official repository, the malware blends two previously separate tools—BeaverTail and OtterCookie—into a unified JavaScript payload. Victims are lured through fake employment offers and asked to install the application under the guise […]

The post North Korean Hackers Using Malicious Scripts Combining BeaverTail and OtterCookie for Keylogging appeared first on Cyber Security News.

Cybersecurity professionals are raising alarms over a new wave of phishing emails masquerading as breach notifications from LastPass. These messages warn recipients of an urgent account compromise and urge them to download a “security patch” to restore access. In reality, the downloadable file contains a sophisticated malware loader designed to harvest credentials and deploy additional […]

The post Beware of Fake ‘LastPass Hack’ Emails Trying to Trick Users Into Installing Malware appeared first on Cyber Security News.

Over the past month, a targeted campaign dubbed Operation Silk Lure has surfaced, exploiting the Windows Task Scheduler to deploy a novel variant of ValleyRAT. Emerging in mid-2025, the operation hinges on spear-phishing emails that carry malicious LNK attachments masquerading as candidate resumes. When victims open these attachments, a hidden PowerShell command initiates the download […]

The post Operation Silk Lure Weaponizing Windows Scheduled Tasks to Drop ValleyRAT appeared first on Cyber Security News.

The Qilin ransomware group has emerged as one of the most prolific and dangerous threat actors in the cybersecurity landscape, exploiting sophisticated bulletproof hosting infrastructure to conduct devastating attacks on organizations across multiple sectors. Operating under a Ransomware-as-a-Service (RaaS) model, Qilin first surfaced in mid-2022 under the name “Agenda” before rebranding later that year. The […]

The post Qilin Ransomware Using Ghost Bulletproof Hosting to Attack Organizations Worldwide appeared first on Cyber Security News.

In recent months, a new advanced persistent threat (APT) group known as Mysterious Elephant has emerged as a formidable adversary targeting government and diplomatic institutions across the Asia-Pacific region. First identified by Kaspersky’s Global Research and Analysis Team (GReAT) in 2023, the group has continued to refine its toolkit, employing both custom-built malware and modified […]

The post Mysterious Elephant APT Hackers Infiltrate Organization to Steal Sensitive Information appeared first on Cyber Security News.

U.S. Senator Bill Cassidy, Chairman of the Senate Health, Education, Labor, and Pensions (HELP) Committee, has demanded answers from Cisco Systems regarding recent zero-day vulnerabilities in its widely used networking equipment. The October 10, 2025, letter to CEO Chuck Robbins highlights the potential risks to national security and the economy, following a swift emergency directive […]

The post Senate Investigates Cisco Over Zero-Day Firewall Vulnerabilities appeared first on Cyber Security News.

Early October 2025 witnessed the resurgence of a retro phishing technique that exploits legacy Basic Authentication URLs to deceive users into divulging sensitive credentials. Threat actors crafted links in the format https://username:[email protected], embedding a trusted institution’s domain in the username field to visually mimic legitimate services. When users click these links, their browsers authenticate to […]

The post New Phishing Attack Uses Basic Auth URLs to Trick Users and Steal Login Credentials appeared first on Cyber Security News.

A sophisticated multi-stage malware campaign is targeting organizations globally, utilizing the PhantomVAI Loader to distribute dangerous information-stealing malware. The attack chain, which begins with carefully crafted phishing emails, has emerged as a significant threat to businesses across manufacturing, education, healthcare, technology, utilities, and government sectors. This malware family, previously known as Katz Stealer Loader, has […]

The post PhantomVAI Loader Attacking Organizations Worldwide to Deliver AsyncRAT, XWorm, FormBook and DCRat appeared first on Cyber Security News.

CISA has added a critical Microsoft Windows vulnerability to its Known Exploited Vulnerabilities catalog, warning organizations that threat actors are actively exploiting it in real-world attacks. Identified as CVE-2025-59230, the flaw stems from improper access control in the Windows Remote Access Connection Manager service. This local privilege escalation vulnerability allows an authorized user, such as […]

The post CISA Warns Of Windows Improper Access Control Vulnerability Exploited In Attacks appeared first on Cyber Security News.

An aggressive SEO poisoning campaign has surfaced in early October 2025, preying on users searching for the legitimate Ivanti Pulse Secure VPN client. Attackers have registered lookalike domains such as ivanti-pulsesecure.com and ivanti-secure-access.org to host trojanized installers that appear official. Unsuspecting victims clicking on top search results are redirected to these malicious sites, where a […]

The post Beware of Malicious Ivanti VPN Client Sites in Google Search That Delivers Malware appeared first on Cyber Security News.

The UK’s Information Commissioner’s Office (ICO) has imposed a £14 million fine on outsourcing giant Capita following a major cyber attack in 2023 that exposed the personal data of 6.6 million individuals. This penalty, split as £8 million to Capita plc and £6 million to Capita Pension Solutions Limited, marks one of the largest data […]

The post Capita To pay £14 Million For Data Breach Exposes 6.6 Million Users Personal Data appeared first on Cyber Security News.