Category: Cyber Security News

The rapid rise of DeepSeek, a Chinese artificial intelligence (AI) company, has not only disrupted the AI industry but also attracted the attention of cybercriminals. As its AI Assistant app became the most downloaded free app on the iOS App…

Read more →

Researchers have uncovered two critical vulnerabilities in GitHub Copilot, Microsoft’s AI-powered coding assistant, that expose systemic weaknesses in enterprise AI tools.  The flaws—dubbed “Affirmation Jailbreak” and “Proxy Hijack”—allow attackers to bypass ethical safeguards, manipulate model behavior, and even hijack access…

Read more →

A new wave of cyberattacks leveraging the Coyote Banking Trojan has been identified, targeting financial institutions in Brazil. This sophisticated malware employs malicious Windows LNK (shortcut) files as an entry point to execute PowerShell scripts, enabling multi-stage infection chains that…

Read more →

Cisco’s Webex Chat (formerly known as IMI Chat) was found to have a significant security flaw that exposed the sensitive chat histories of hundreds to thousands of organizations. The exploit allowed unauthorized attackers to access millions of live customer support…

Read more →

A critical cybersecurity vulnerability has been uncovered in Contec CMS8000 patient monitors, revealing embedded malware that poses significant risks to patient safety and data security. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported that the devices include a backdoor…

Read more →

In a law enforcement operation dubbed “Operation Talent,” an international coalition of law enforcement agencies led by Germany’s Bundeskriminalamt (BKA) and Europol has dismantled two of the world’s largest cybercrime forums: Cracked.io and Nulled.to. These platforms, which collectively hosted over…

Read more →

A critical unauthenticated Remote Code Execution (RCE) vulnerability has been affecting DSL-3788 routers, allowing attackers to acquire complete control over the router remotely. The flaw has been detected in firmware versions v1.01R1B036_EU_EN and below. This vulnerability was reported by Max…

Read more →

A significant extension of Microsoft’s Microsoft 365 (M365) Bounty Program has been announced. The program now includes new Viva products under its scope for identifying vulnerabilities, with rewards reaching up to $27,000 for critical submissions.  This update underscores Microsoft’s commitment…

Read more →

Broadcom has addressed multiple vulnerabilities in its VMware Aria Operations for Logs and VMware Aria Operations products.  These vulnerabilities, identified as CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, and CVE-2025-22222, pose significant risks, including unauthorized access to sensitive data and privilege escalation.  The…

Read more →

James Forshaw of Google Project Zero has shed light on a significant security vulnerability in Windows related to accessing trapped COM objects through the IDispatch interface. This research highlights an intriguing bug class that exploits cross-process communication features in object-oriented…

Read more →

Recent revelations have exposed critical vulnerabilities in DeepSeek’s large language models (LLMs), particularly DeepSeek-R1, through advanced jailbreaking techniques. These exploits, including “Bad Likert Judge,” “Crescendo,” and “Deceptive Delight,” have demonstrated the ease with which malicious actors can bypass safety measures…

Read more →

In a recent disclosure to the stock exchanges, Tata Technologies Limited announced that it has been the victim of a ransomware attack affecting some of its IT assets. Tata Technologies, headquartered in Pune, India, is a subsidiary of the Tata…

Read more →

A new jailbreak vulnerability in OpenAI’s ChatGPT-4o, dubbed “Time Bandit,” has been exploited to bypass the chatbot’s built-in safety functions. This vulnerability allows attackers to manipulate the chatbot into producing illicit or dangerous content, including instructions for malware creation, phishing…

Read more →

The Tor Project, a renowned organization dedicated to online privacy and anonymity, has fallen victim to a cyberattack. On January 30, 2025, the group’s official X (formerly Twitter) account was compromised and used to promote a fraudulent cryptocurrency scheme. The…

Read more →

A newly discovered Android malware campaign, dubbed Tria Stealer, has been targeting users in Malaysia and Brunei since mid-2024. Leveraging fake wedding invitations as a lure, this Trojan steals sensitive data, including SMS messages, call logs, and app notifications, and…

Read more →

Cybersecurity experts have uncovered the use of the Phorpiex botnet to distribute LockBit Black ransomware (LockBit 3.0) through millions of phishing emails and compromised websites. This campaign, active since April 2024, marks a significant evolution in ransomware delivery methods, leveraging…

Read more →

Cyber threats evolve rapidly, but some tactics stand out for their widespread use and effectiveness. In its latest 2024 trends report, ANY.RUN identified the top malware Tactics, Techniques, and Procedures (TTPs) employed by cyber attackers for malicious purposes. Let’s dive…

Read more →

The Arcus Media ransomware has emerged as a significant cybersecurity threat, employing advanced techniques to maximize disruption and hinder recovery efforts. Operating under a Ransomware-as-a-Service (RaaS) model, the group has targeted industries worldwide, including business services, retail, and media, since…

Read more →

A sophisticated Android malware campaign, dubbed Tria Stealer, has been targeting users in Malaysia and Brunei since mid-2024.  The malware uses fake wedding invitations as a lure to trick victims into installing a malicious Android Package Kit (APK).  Once installed,…

Read more →

Multiple critical security vulnerabilities affecting Canon Laser Printers and Small Office Multifunctional Printers.  These vulnerabilities, identified as buffer overflow flaws, could allow attackers to execute arbitrary code remotely or render the devices inoperative through Denial-of-Service (DoS) attacks.  The affected models…

Read more →