Over the past week, cybersecurity professionals have been gripped by the emergence of GlassWorm, a highly sophisticated, self-propagating malware campaign targeting VS Code extensions on the OpenVSX Marketplace. The scale and technical complexity of this attack signal a turning point…
Category: Cyber Security News
Threat Actors Allegedly Selling Monolock Ransomware on Dark Web Forums
Monolock ransomware has surfaced in underground forums, with threat actors advertising version 1.0 for sale alongside stolen corporate credentials. First detected in late September, the malware exploits phishing emails containing malicious Word documents. Upon opening, the embedded macro downloads the…
Threat Actors Compromise Xubuntu Website To Deliver Malicious Windows Executable
Threat actors infiltrated the official Xubuntu website, redirecting torrent downloads to a malicious ZIP file containing Windows-targeted malware. The incident, uncovered on October 18, 2025, highlights vulnerabilities in community-maintained Linux distribution sites amid rising interest in alternatives to end-of-life operating…
Chrome V8 JavaScript Engine Vulnerability Let Attackers Execute Remote Code
Google has swiftly addressed a high-severity flaw in its Chrome browser’s V8 JavaScript engine, releasing an emergency update to thwart potential remote code execution attacks. The vulnerability, tracked as CVE-2025-12036, stems from an inappropriate implementation within V8, the open-source JavaScript…
Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework
The emergence of the AdaptixC2 post-exploitation framework in 2025 marked a significant milestone in the evolution of attacker toolsets targeting open-source supply chains. Positioning itself as a formidable alternative to established tools like Cobalt Strike, AdaptixC2 quickly attracted threat actors…
Cavalry Werewolf APT Hackers Attacking Multiple Industries with FoalShell and StallionRAT
A sophisticated threat campaign has emerged targeting Russia’s public sector and critical industries between May and August 2025. The Cavalry Werewolf APT group, also known as YoroTrooper and Silent Lynx, has been actively deploying custom-built malware toolsets through highly targeted…
Meta Launches New Tools to Protect Messenger and WhatsApp Users from Scammers
Meta announced innovative tools on Tuesday to shield users of Messenger and WhatsApp from scammers. The updates, revealed during Cybersecurity Awareness Month, aim to detect suspicious activity in real-time and empower users with better account protections. This comes as scammers…
Microsoft Confirms Recent Updates Cause Login Issues on Windows 11 24H2, 25H2, and Windows Server 2025
Microsoft has acknowledged a significant authentication problem affecting users of recent Windows versions, stemming from security enhancements in updates released since late August 2025. The company detailed how these updates are triggering Kerberos and NTLM failures on devices sharing identical…
How Threat Intelligence Can Save Money and Resources for Businesses
Cybersecurity is not just about defense; it is about protecting profits. Organizations without modern threat intelligence (TI) face escalating breach costs, wasted resources, and operational inefficiencies that hit the bottom line. Actionable intel can help businesses cut costs, optimize workflows,…
Pakistani Threat Actors Targeting Indian Govt. With Email Mimic as ‘NIC eEmail Services’
A sophisticated phishing campaign orchestrated by Pakistan-linked threat actors has been discovered targeting Indian government entities by impersonating the National Informatics Centre’s email services. The operation, attributed to APT36, also known as TransparentTribe, leverages social engineering tactics to compromise sensitive…
Microsoft 365 Copilot Prompt Injection Vulnerability Allows Attackers to Exfiltrate Sensitive Data
A sophisticated vulnerability in Microsoft 365 Copilot (M365 Copilot) that allows attackers to steal sensitive tenant data, including recent emails, through indirect prompt injection attacks. The flaw, detailed in a blog post published today by researcher Adam Logue, exploits the…
Better Auth API keys Vulnerability Let Attackers Create Privileged Credentials For Arbitrary Users
A severe vulnerability in the popular better-auth library’s API keys plugin enables attackers to generate privileged credentials for any user without authentication. Dubbed CVE-2025-61928, the issue affects better-auth, a TypeScript authentication framework downloaded around 300,000 times weekly on npm. This…
Apache Syncope Groovy RCE Vulnerability Let Attackers Inject Malicious Code
Apache Syncope, an open-source identity management system, has been found vulnerable to remote code execution (RCE) through its Groovy scripting feature, as detailed in CVE-2025-57738. This flaw affects versions prior to 3.0.14 and 4.0.2, where administrators can upload malicious Groovy…
CISA Warns of Apple macOS, iOS, tvOS, Safari, and watchOS Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert about a critical vulnerability in multiple Apple products. Tracked as CVE-2022-48503, this unspecified issue in the JavaScriptCore engine could allow attackers to execute arbitrary code simply by processing…
LANSCOPE Endpoint Manager Vulnerability Let Attackers Execute Remote Code
Motex has disclosed a severe remote code execution vulnerability in its LANSCOPE Endpoint Manager On-Premise Edition. Assigned CVE-2025-61932, the flaw carries a CVSS 3.0 score of 9.8, classifying it as an emergency-level threat. This vulnerability could allow attackers to execute…
New LOSTKEYS Malware Linked to Russia State-Sponsored Hacker Group COLDRIVER
Over the summer of 2025, a novel malware family emerged following the public disclosure of the LOSTKEYS implant. This new strain was rapidly weaponized in a series of highly targeted campaigns against policy advisors, non-governmental organizations, and dissidents. Leveraging a…
131 Malicious Extensions Targeting WhatsApp Used Found in Chrome Web Store
Over the past several months, cybersecurity researchers have observed a surge of fraudulent Chrome extensions masquerading as legitimate WhatsApp Web automation tools. These 131 rebranded clones, each presenting as distinct offerings, share an identical codebase designed to automate bulk messaging…
Critical ASP.NET Vulnerability Allows Attacker To Bypass Security Feature Remotely
Microsoft has disclosed a serious security flaw in ASP.NET Core that enables authenticated attackers to smuggle HTTP requests and evade critical protections. Tracked as CVE-2025-55315, the vulnerability stems from inconsistent handling of HTTP requests, a classic issue known as HTTP…
ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration
A critical vulnerability in Zyxel’s ATP and USG series firewalls that allows attackers to bypass authorization controls and access sensitive system configurations. Dubbed CVE-2025-9133, this flaw affects devices running firmware versions up to V5.40(ABPS.0) and enables unauthorized viewing and downloading…
AWS Declares Major Outage Resolved After Nearly 24 Hours of Disruption
Amazon Web Services (AWS), the world’s largest cloud computing provider, has officially marked a widespread outage in its US-EAST-1 region as resolved, following nearly a full day of cascading failures that disrupted services for millions worldwide. The incident, which began…