A new banking malware called Sturnus has emerged as a significant threat to mobile users across Europe. Security researchers have discovered that this sophisticated Android trojan can capture encrypted messages from popular messaging apps like WhatsApp, Telegram, and Signal by…
Category: Cyber Security News
Tsundere Botnet Abusing Popular Node.js and Cryptocurrency Packages to Attack Windows, Linux, and macOS Users
Tsundere represents a significant shift in botnet tactics, leveraging the power of legitimate Node.js packages and blockchain technology to distribute malware across multiple operating systems. First identified around mid-2025 by Kaspersky GReAT researchers, this botnet demonstrates the evolving sophistication of…
GenAI Makes it Easier for Cybercriminals to Successfully Lure Victims into Scams
Cybercriminals are rapidly embracing generative AI to transform the way they operate scams, making fraud operations faster, more convincing, and dramatically easier to scale. According to recent research, what once required months of work and specialized technical skills can now…
New Malware Via WhatsApp Exfiltrate Contacts to Attack Server and Deploys Malware
Trustwave SpiderLabs researchers have identified a sophisticated banking trojan called Eternidade Stealer that spreads through WhatsApp hijacking and social engineering tactics. The malware, written in Delphi, represents a significant evolution in Brazil’s cybercriminal landscape, combining advanced contact harvesting with credential…
Lessons from Oracle E-Business Suite Hack That Allegedly Compromises Nearly 30 Organizations Worldwide
A sophisticated cyberattack targeting Oracle E-Business Suite (EBS) customers has exposed critical vulnerabilities in enterprise resource planning systems, compromising an estimated 100 organizations worldwide between July and October 2025. The campaign, attributed to the notorious Clop ransomware group and linked…
TamperedChef Hacking Campaign Leverages Common Apps to Deliver Payloads and Gain Remote Access
A new global hacking campaign tracked as TamperedChef has emerged, exploiting everyday software names to trick users into installing malicious applications that deliver remote access tools. The campaign uses fake installers disguised as common programs like manual readers, PDF editors,…
Critical N-able N-central Vulnerabilities Allow attacker to interact with legacy APIs and read sensitive files
N-able’s N-central remote management and monitoring (RMM) platform faces critical security risks following the discovery of multiple vulnerabilities. According to Horizon3.ai, it allows unauthenticated attackers to bypass authentication, access legacy APIs, and exfiltrate sensitive files, including credentials and database backups.…
Threat Actors Pioneering a New Operational Model That Combines Digital and Physical Threats
Nation-state actors are fundamentally changing how they conduct military operations. The boundary between digital attacks and physical warfare is disappearing rapidly. Instead of treating cybersecurity and military operations as separate activities, hostile nations are now blending them together in coordinated…
Threat Actors Allegedly Selling Microsoft Office 0-Day RCE Vulnerability on Hacking Forums
A threat actor known as Zeroplayer has reportedly listed a zero-day remote code execution (RCE) vulnerability, combined with a sandbox escape, targeting Microsoft Office and Windows systems for sale on underground hacking forums. Priced at $30,000, the exploit purportedly works…
Researchers Disclosed Analysis of Rhadamanthys Loader’s Anti-Sandboxing and Anti-AV Emulation Features
Rhadamanthys has emerged as one of the most dangerous stealer malware programs since its first appearance in 2022. This advanced threat continues to challenge security teams with its ability to steal sensitive data from infected systems while avoiding detection by…
Critical Twonky Server Vulnerabilities Let Attackers Bypass Authentication
Twonky Server version 8.5.2 contains two critical authentication bypass vulnerabilities that allow unauthenticated attackers to gain full administrative access to the media server software. Rapid7 discovered that the vulnerabilities can be chained together to compromise administrator accounts without any user…
NSA Issues Guidance for ISPs and Network Defenders to Combat Malicious Activity
The National Security Agency (NSA), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and multiple international partners, has released a comprehensive cybersecurity information sheet titled “Bulletproof Defense: Mitigating Risks From Bulletproof Hosting Providers.” Published on November…
pi GPT Tool Turns Your Raspberry Pi into A ChatGPT Powered AI-managed device
pi GPT, a custom integration for OpenAI’s ChatGPT that transforms everyday Raspberry Pi devices into fully managed AI-powered workstations. Announced on November 18, 2025, this tool empowers developers, hobbyists, and students to code, deploy, and oversee projects directly on local…
CISA Warns of Google Chrome 0-Day Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert about a zero-day vulnerability in Google Chrome, actively exploited by threat actors. CVE-2025-13223 is a flaw in the Chromium V8 JavaScript engine that poses significant risks to…
Ollama Vulnerabilities Let Attackers Execute Arbitrary Code by Parsing of Malicious Model Files
A severe vulnerability in Ollama, one of GitHub’s most popular open-source projects, with over 155,000 stars. The flaw enables attackers to execute arbitrary code on systems running vulnerable versions of the platform by exploiting weaknesses in the software’s parsing of…
Cline AI Coding Agent Vulnerabilities Enables Prompt Injection, Code Execution, and Data Leakage
Cline is an open-source AI coding agent with 3.8 million installs and over 52,000 GitHub stars. Contains four critical security vulnerabilities that enable attackers to execute arbitrary code and exfiltrate sensitive data through malicious source code repositories. Mindgard researchers discovered…
Hackers Can Exploit Default ServiceNow AI Assistants Configurations to Launch Prompt Injection Attacks
A dangerous vulnerability in ServiceNow’s Now Assist AI platform allows attackers to execute second-order prompt injection attacks via default agent configuration settings. The flaw enables unauthorized actions, including data theft, privilege escalation, and exfiltration of external email, even with ServiceNow’s…
China-Nexus APT Group Leverages DLL Sideloading Technique to Attack Government and Media Sectors
A targeted cyber espionage campaign has emerged across Southeast Asia, specifically affecting government and media organizations in countries surrounding the South China Sea. The campaign, which has been actively monitored since early 2025, demonstrates advanced persistent threat characteristics with a…
Hackers Attacking Palo Alto Networks’ GlobalProtect VPN Portals with 2.3 Million Attacks
Hackers have unleashed over 2.3 million malicious sessions against Palo Alto Networks’ GlobalProtect VPN portals since November 14, 2025, according to threat intelligence firm GreyNoise. This surge, which intensified dramatically within 24 hours to reach a 40-fold increase, represents the…
How to Solve Alert Overload in Your SOC
Your SOC generates thousands of alerts daily. Many of them are low-priority, repetitive, or false positives. On paper, this looks like a technical problem. In reality, it’s a business problem. Every Alert Costs When analysts are buried under thousands of notifications, they spend more time triaging noise than responding to real incidents. The result: slower reaction times, missed threats, staff burnout, and ballooning operational costs. Every wasted minute translates into a weaker security posture,…