RevengeHotels, a financially motivated threat group active since 2015, has escalated its operations against hospitality organizations by integrating large language model–generated code into its infection chain. Initially known for deploying bespoke RAT families such as RevengeRAT and NanoCoreRAT via phishing…
Category: Cyber Security News
KillSec Ransomware Attacking Healthcare Industry IT Systems
The KillSec ransomware strain has rapidly emerged as a formidable threat targeting healthcare IT infrastructures across Latin America and beyond. First observed in early September 2025, KillSec operators have leveraged compromised software supply chain relationships to deploy their payloads at…
New APT28 Attack Via Signal Messenger Delivers BeardShell and Covenant Malware
Late in the summer of 2025, cybersecurity researchers uncovered a sophisticated spearphishing campaign targeting Ukrainian military personnel via the Signal messaging platform. The operation, dubbed “Phantom Net Voxel,” begins with a malicious Office document sent through private Signal chats, masquerading…
LG WebOS TV Vulnerability Let Attackers Bypass Authentication and Enable Full Device Takeover
A critical vulnerability has been discovered in LG’s WebOS for smart TVs, allowing an attacker on the same local network to bypass authentication mechanisms and achieve full control over the device. The flaw, which affects models like the LG WebOS…
Spring Framework Security Flaws Enable Authorization Bypass and Annotation Detection Issues
Two critical vulnerabilities, CVE-2025-41248 and CVE-2025-41249, have emerged in Spring Security and Spring Framework that could allow attackers to bypass authorization controls in enterprise applications. These flaws arise when using Spring Security’s @EnableMethodSecurity feature in conjunction with method-level annotations such…
Nessus vs Metasploit Comparison: How To Exploit Vulnerabilities Using These Powerful Tools
The cybersecurity landscape demands sophisticated tools to identify and exploit vulnerabilities effectively, with Nessus vs Metasploit representing one of the most powerful combinations in modern penetration testing. As cyber threats continue to evolve rapidly, security professionals require comprehensive solutions that…
AWSDoor – New Persistence Technique Allows Attackers to Hide Malware Within AWS Cloud Environment
Attackers are increasingly leveraging sophisticated techniques to maintain long-term access in cloud environments, and a newly surfaced tool named AWSDoor is emerging as a major threat. AWSDoor automates a range of IAM and resource-based persistence methods, allowing adversaries to hide…
AISURU Botnet With 300,000 Hijacked Routers Behind The Recent Massive 11.5 Tbps DDoS Attack
Since early 2025, the cybersecurity community has witnessed an unprecedented surge in distributed denial-of-service (DDoS) bandwidth, culminating in a record-shattering 11.5 Tbps assault attributed to a botnet named AISURU. Emerging from XLab’s continuous monitoring of global DDoS incidents, this botnet…
SmokeLoader Utilizes Optional Plugins To Perform Tasks Such as Stealing Data and DoS Attacks
SmokeLoader, first seen on criminal forums in 2011, has evolved into a highly modular malware loader designed to deliver a variety of second-stage payloads, including trojans, ransomware, and credential stealers. After Operation Endgame disrupted numerous campaigns in mid-2024, the loader…
Spring Framework and Security Vulnerabilities Enables Authorization Bypass and Annotation Detection Flaw
Two critical vulnerabilities, CVE-2025-41248 and CVE-2025-41249, have emerged in Spring Security and Spring Framework that could allow attackers to bypass authorization controls in enterprise applications. These flaws arise when using Spring Security’s @EnableMethodSecurity feature in conjunction with method-level annotations such…
New Phoenix Rowhammer Attack Variant Bypasses Protection With DDR5 Chips
A new Rowhammer attack variant named Phoenix can bypass the latest protections in modern DDR5 memory chips, researchers have revealed. The attack is the first to demonstrate a practical privilege escalation exploit on a commodity system equipped with DDR5 RAM,…
0-Click Linux Kernel KSMBD RCE Exploit From N-Day Vulnerabilities
A 0-Click Linux Kernel KSMBD RCE Exploit From N-Day Vulnerabilities, achieving remote code execution on a two-year-out-of-date Linux 6.1.45 instance running the kernelspace SMB3 daemon, ksmbd. By chaining two authenticated N-day flaws, CVE-2023-52440 and CVE-2023-4130, the exploit attains an unauthenticated…
New Maranhão Stealer Via Pirated Software Leveraging Cloud-Hosted Platforms to Steal Login Credentials
Since May 2025, a novel credential stealer dubbed Maranhão Stealer has emerged as a significant threat to users of pirated gaming software. Distributed through deceptive websites hosting cracked launchers and cheats, the malware leverages cloud-hosted platforms to deliver trojanized installers…
Open Source CyberSOCEval Sets New Standards for AI in Malware Analysis and Threat Intelligence
A groundbreaking open-source benchmark suite called CyberSOCEval has emerged as the first comprehensive evaluation framework for Large Language Models (LLMs) in Security Operations Center (SOC) environments. Released as part of CyberSecEval 4, this innovative benchmark addresses critical gaps in cybersecurity…
Massive Supply Chain Attack Hijacks ctrl/tinycolor With 2 Million Downloads and Other 40 NPM Packages
A sophisticated and widespread supply chain attack has struck the NPM ecosystem, compromising the popular @ctrl/tinycolor package, which is downloaded over 2 million times per week. The attack also affected more than 40 other packages from various maintainers, introducing a…
Pro-Russian Hackers Attacking Key Industries in Major Countries Around The World
A sophisticated pro-Russian cybercriminal group known as SectorJ149 (also identified as UAC-0050) has emerged as a significant threat to critical infrastructure worldwide, conducting targeted attacks against manufacturing, energy, and semiconductor companies across multiple nations. The group’s activities represent a strategic…
Threat Actors Leverage Several RMM Tools in Phishing Attack to Maintain Remote Access
Cybercriminals are increasingly exploiting legitimate remote monitoring and management (RMM) tools to establish persistent access to compromised systems through sophisticated phishing campaigns. Joint research conducted by Red Canary Intelligence and Zscaler threat hunters has identified multiple malicious campaigns utilizing ITarian…
Sidewinder APT Hackers Leverage Nepal Protests to Push Mobile and Windows Malware
The eruption of widespread protests across Nepal in early September 2025 provided fertile ground for a sophisticated campaign orchestrated by the Sidewinder APT group. As demonstrators mobilized against government policies and social media restrictions, threat actors exploited the turbulence to…
Hackers Using Generative AI ‘ChatGPT’ to Evade Anti-virus Defenses
In mid-July 2025, a novel campaign emerged in which cybercriminals weaponized generative AI to fabricate deepfake images of government IDs, embedding them within spear-phishing messages that bypassed traditional antivirus safeguards. These emails impersonated military and security institutions, complete with convincing…
Burger King Uses DMCA Complaint to Take Down Blog Post Detailing Security Flaws on Drive-Thru Systems
Burger King has invoked the U.S. Digital Millennium Copyright Act (DMCA) to force the removal of a security researcher’s blog post that exposed critical vulnerabilities in its drive-thru “Assistant” system. The move has caused a debate over the use of…