A sophisticated new cybercriminal campaign has emerged, leveraging a Python-based information stealer known as PXA Stealer to orchestrate one of the most extensive data theft operations observed in recent months. The malware, which first surfaced in late 2024, has evolved…
Category: Cyber Security News
Threat Actors Using AI to Scale Operations, Accelerate Attacks and Attack Autonomous AI Agents
The cybersecurity landscape has witnessed an unprecedented evolution as threat actors increasingly weaponize artificial intelligence to amplify their attack capabilities and target the very AI systems organizations depend upon. According to the CrowdStrike 2025 Threat Hunting Report, adversaries are no…
Mozilla Warns of Phishing Attacks Targeting Add-on Developers Account
Mozilla has issued an urgent security alert to its developer community following the detection of a sophisticated phishing campaign specifically targeting AMO (addons.mozilla.org) accounts. The company’s security team, led by Scott DeVaney, reported on August 1, 2025, that cybercriminals are…
CNCERT Accuses of US Intelligence Agencies Attacking Chinese Military-Industrial Units
Since mid-2022, Chinese military-industrial networks have reportedly been the target of highly sophisticated cyber intrusions attributed to US intelligence agencies. These campaigns exploited previously unknown vulnerabilities to install stealthy malware, maintain prolonged access, and exfiltrate sensitive defense data. Initially identified…
Researchers Exploited Google kernelCTF Instances And Debian 12 With A 0-Day
Researchers exploited CVE-2025-38001—a previously unknown Use-After-Free (UAF) vulnerability in the Linux HFSC queuing discipline—to compromise all Google kernelCTF instances (LTS, COS, and mitigation) as well as fully patched Debian 12 systems. Their work netted an estimated $82,000 in cumulative bounties…
FUJIFILM Printers Vulnerability Let Attackers Trigger DoS Condition
A critical security vulnerability affecting multiple FUJIFILM printer models could allow attackers to trigger denial-of-service (DoS) conditions through malicious network packets. The vulnerability, tracked as CVE-2025-48499, was announced on August 4, 2025, and affects various DocuPrint and Apoes printer series.…
LARGEST EVER Bitcoin Hack Valued $3.5 Billion Uncovered
The largest cryptocurrency hack ever recorded involved the theft of 127,426 BTC from Chinese mining pool LuBian in December 2020. The stolen Bitcoin was worth approximately $3.5 billion at the time of the theft and has since appreciated to an…
Critical Squid Vulnerability Let Attackers Execute Remote Code
A critical security vulnerability has been discovered in Squid Web Proxy Cache that enables attackers to execute remote code through a heap buffer overflow in URN (Uniform Resource Name) handling. The vulnerability, tracked as CVE-2025-54574, affects all Squid versions prior…
Hackers Use AI to Create Malicious NPM Package that Drains Your Crypto Wallet
Cybercriminals have escalated their attack sophistication by leveraging artificial intelligence to create a malicious NPM package that masquerades as a legitimate development tool while secretly draining cryptocurrency wallets. The package, named @kodane/patch-manager, presents itself as an “NPM Registry Cache Manager”…
Threat Actors Exploitation Attempts Spikes as an Early Indicator of New Cyber Vulnerabilities
Cybersecurity researchers have uncovered a groundbreaking pattern that could revolutionize how organizations prepare for emerging threats. A comprehensive analysis reveals that spikes in malicious attacker activity against enterprise edge technologies serve as reliable early warning signals for new vulnerability disclosures,…
New Malware Attack Weaponizing LNK Files to Install The REMCOS Backdoor on Windows Machines
In recent weeks, cybersecurity teams have observed a surge in malicious campaigns exploiting Windows shortcut (LNK) files to deliver sophisticated backdoors. This new wave of attacks disguises LNK shortcuts as innocuous documents or folders, relying on Windows’ default behavior of…
Critical HashiCorp Vulnerability Let Attackers Execute Arbitrary Code on Underlying Host
A critical HashiCorp security vulnerability affecting Vault Community Edition and Enterprise versions could allow privileged operators to execute arbitrary code on underlying host systems. The vulnerability, tracked as CVE-2025-6000, affects Vault versions from 0.8.0 up to 1.20.0 and has been…
Hackers Can Manipulate BitLocker Registry Keys Via WMI to Execute Malicious Code as Interactive User
A novel lateral movement technique that exploits BitLocker’s Component Object Model (COM) functionality to execute malicious code on target systems. The technique, demonstrated through the BitLockMove proof-of-concept tool, represents a sophisticated evolution in lateral movement tactics that bypasses traditional detection…
NestJS Framework Vulnerability Let Attackers Execute Arbitrary Code in Developers Machine
A critical security vulnerability has been discovered in the NestJS framework’s development tools that enables remote code execution (RCE) attacks against JavaScript developers. The flaw, identified as CVE-2025-54782, affects the @nestjs/devtools-integration package and allows malicious websites to execute arbitrary code…
AI-Powered Code Editor Cursor IDE Vulnerability Enables Remote Code Without User Interaction
A severe vulnerability in the popular AI-powered code editor Cursor IDE, dubbed “CurXecute,” allows attackers to execute arbitrary code on developers’ machines without any user interaction. The vulnerability, tracked as CVE-2025-54135 with a high severity score of 8.6, affects all…
APT37 Hackers Weaponizes JPEG Files to Attack Windows Systems Leveraging “mspaint.exe”
A sophisticated new wave of cyberattacks attributed to North Korea’s notorious APT37 (Reaper) group is leveraging advanced malware hidden within JPEG image files to compromise Microsoft Windows systems, signaling a dangerous evolution in evasion tactics and fileless attack techniques. Security…
Interlock Ransomware Employs ClickFix Technique to Run Malicious Commands on Windows Machines
The cybersecurity landscape continues to evolve as threat actors develop increasingly sophisticated methods to compromise Windows systems. A new ransomware variant known as Interlock has emerged as a significant threat, leveraging the deceptive ClickFix social engineering technique to execute malicious…
Microsoft PlayReady DRM Used by Netflix, Amazon, and Disney+ Leaked Online
A significant security breach has compromised Microsoft’s PlayReady Digital Rights Management (DRM) system, exposing critical certificates that protect premium streaming content across major platforms including Netflix, Amazon Prime Video, and Disney+. The leak, which surfaced on GitHub through an account…
APT37 Hackers Weaponizes JPEG Files to Attack Windows Systems Leveraging “mspaint.exe” File
A sophisticated new wave of cyberattacks attributed to North Korea’s notorious APT37 (Reaper) group is leveraging advanced malware hidden within JPEG image files to compromise Microsoft Windows systems, signaling a dangerous evolution in evasion tactics and fileless attack techniques. Security…
Cybersecurity News Recap – Chrome, Gemini Vulnerabilities, Linux Malware, and Man-in-the-Prompt Attack
Welcome to this week’s edition of Cybersecurity News Recap! In this issue, we bring you the latest updates and critical developments across the threat landscape. Stay ahead of risks with key insights on newly discovered Chrome and Gemini vulnerabilities, the surge…