Austin, TX, USA, August 6th, 2025, CyberNewsWire SpyCloud Investigations, now with AI Insights, empowers security teams to act decisively with finished intelligence built from billions of breach, malware, and phishing records. SpyCloud, the leader in identity threat protection, today announced…
Category: Cyber Security News
Sophisticated DevilsTongue Windows Spyware Tracking Users Globally
The emergence of DevilsTongue marks a significant escalation in mercenary spyware capabilities, leveraging advanced Windows-based techniques to infiltrate high-value targets worldwide. First observed in campaigns dating back to 2019, this modular malware aggressively exploits zero-day browser vulnerabilities and weaponized documents…
Rockwell Arena Simulation Vulnerabilities Let Attackers Execute Malicious Code Remotely
Rockwell Automation has disclosed three critical memory corruption vulnerabilities in its Arena® Simulation software that could allow threat actors to execute arbitrary code remotely on affected systems. The security flaws, identified as CVE-2025-7025, CVE-2025-7032, and CVE-2025-7033, carry a high CVSS…
Global Jewellery Brand Pandora Suffers Hacked – Customer Data Exposed
Danish jewellery giant Pandora has disclosed a significant data breach that compromised customer information through a third-party vendor platform. The company has begun notifying affected customers, starting with Italian markets, about the cybersecurity incident that resulted in unauthorized access to…
Threat Actors Leveraging GenAI for Phishing Attacks Impersonating Government Websites
Cybercriminals have escalated their phishing operations by incorporating generative artificial intelligence tools to create sophisticated replicas of government websites, marking a significant evolution in social engineering tactics. A recent campaign targeting Brazilian citizens demonstrates how threat actors are exploiting AI-powered…
Microsoft’s New AI Agent Project to Detect Malware with Reverse Engineering Tools
Microsoft has unveiled Project Ire, an autonomous AI agent capable of reverse engineering and classifying malware at an unprecedented scale. The breakthrough system achieved a precision rate of 0.98 and a recall of 0.83 during testing on Windows drivers, marking…
Adobe AEM Forms 0-Day Vulnerability Let Attackers Execute Arbitrary Code
Adobe has released an urgent security update for Adobe Experience Manager Forms on Java Enterprise Edition (JEE) to address two critical zero-day vulnerabilities that could allow attackers to execute arbitrary code and perform unauthorized file system access. The vulnerabilities, identified…
Chinese Hackers Compromised Up To 115 Million Payment Cards In The US
A sophisticated Chinese cybercriminal syndicate has orchestrated one of the most devastating payment card fraud operations in recorded history, potentially compromising between 12.7 million and 115 million payment cards across the United States between July 2023 and October 2024. The…
Chinese Hackers Exploit SharePoint Vulnerabilities to Deploy Toolsets Includes Backdoor, Ransomware and Loaders
A sophisticated Chinese threat actor has been exploiting critical vulnerabilities in Microsoft SharePoint to deploy an advanced malware toolset dubbed “Project AK47,” according to new research published by Palo Alto Networks Unit 42. The campaign, which has been active since…
Critical Trend Micro Apex One Management RCE Vulnerability Actively Exploited in the wild
Critical command injection remote code execution (RCE) vulnerabilities in Trend Micro Apex One Management Console are currently being actively exploited by threat actors. The company confirmed observing at least one instance of attempted exploitation in production environments, prompting the immediate…
CISA Releases Two Advisories Covering Vulnerabilities, and Exploits Surrounding ICS
CISA released two urgent Industrial Control Systems (ICS) advisories on August 5, 2025, addressing significant security vulnerabilities in critical manufacturing and energy sector systems. These advisories detail exploitable flaws that could compromise industrial operations and potentially disrupt essential services across…
Threat Actors Weaponizing RMM Tools to Take Control of The Machine and Steal Data
Cybercriminals are increasingly exploiting Remote Monitoring and Management (RMM) software to gain unauthorized access to corporate systems, with a sophisticated new attack campaign demonstrating how legitimate IT tools can become powerful weapons in the wrong hands. This emerging threat leverages…
Threats Actors Poisoned Bing Search Results to Deliver Bumblebee Malware if User Searched for ‘ManageEngine OpManager’
Cybersecurity researchers have uncovered a sophisticated search engine optimization (SEO) poisoning campaign that exploited Bing search results to distribute Bumblebee malware, ultimately leading to devastating Akira ransomware attacks. The campaign, active throughout July 2025, specifically targeted users searching for legitimate…
Millions of Dell Laptops Vulnerable to Device Takeover and Persistent Malware Attacks
A wide range of vulnerabilities affects millions of Dell laptops used by government agencies, cybersecurity professionals, and enterprises worldwide. The vulnerabilities, collectively dubbed “ReVault,” target the Broadcom BCM5820X security chip embedded in Dell’s ControlVault3 firmware, creating opportunities for attackers to…
U.S. Treasury Warns of Crypto ATMs Fueling Criminal Activity
The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has issued a critical warning about the exploitation of convertible virtual currency (CVC) kiosks by criminal organizations. Released on August 4, 2025, the advisory highlights how these cryptocurrency ATMs,…
CISA Warns of D-Link Vulnerabilities Actively Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert, adding three vulnerabilities affecting D-Link devices to its Known Exploited Vulnerabilities (KEV) Catalog. The inclusion of these flaws in the catalog signifies that they are being actively…
10,000+ Malicious TikTok Shop Domains Attacking Users to Steal Logins and Deploy Malware
A sophisticated cybercriminal campaign dubbed “ClickTok” has emerged as one of the most extensive threats targeting TikTok Shop users worldwide, with researchers identifying over 10,000 malicious domains designed to steal user credentials and deploy advanced spyware. The campaign represents a…
Cyber Attacks Against AI Infrastructure Are in The Rise With Key Vulnerabilities Uncovered
Cyber-criminals have gradually shifted their focus toward the high-value infrastructure that trains, tunes and serves modern artificial-intelligence models. Over the past six months, incident-response teams have documented a new malware family, tentatively dubbed “ShadowInit,” that targets GPU clusters, model-serving gateways…
Microsoft Zero Day Quest Hacking Contest – Rewards Up to $5 Million
Microsoft has announced the return of its groundbreaking Zero Day Quest, the largest public hacking event in history, offering unprecedented bounty rewards of up to $5 million for high-impact security research. Building upon last year’s successful $4 million initiative, this…
The Network-Security Compliance Checklist: 25 Controls, Mapped And Audit-Ready
You’re on a four-day clock. Following new SEC rules announced on July 26, 2023, U.S. public companies must disclose any cybersecurity incident they determine to be ‘material’ within four business days of that determination. For most companies, this requirement became…