An ongoing malicious advertising campaign is weaponizing legitimate software downloads to deploy OysterLoader malware, previously identified as Broomstick and CleanUpLoader. This sophisticated initial access tool enables cybercriminals to establish footholds in corporate networks, ultimately serving as a delivery mechanism for…
Category: Cyber Security News
Apple Patches Multiple Critical Vulnerabilities in iOS 26.1 and iPadOS 26.1
Apple released iOS 26.1 and iPadOS 26.1, addressing multiple vulnerabilities that could lead to privacy breaches, app crashes, and potential data leaks for iPhone and iPad users. The update targets devices starting from the iPhone 11 series and various iPad…
Hackers Actively Scanning for TCP Port 8530/8531 Linked to WSUS Vulnerability CVE-2025-59287
Cybersecurity researchers and firewall monitoring services have detected a dramatic surge in reconnaissance activity targeting Windows Server Update Services (WSUS) infrastructure. Network sensors collected from security organizations, including data from Shadowserver, show a significant increase in scans directed at TCP…
Open VSX Registry Addresses Leaked Tokens and Malicious Extensions in Wake of Security Scare
The Open VSX Registry and the Eclipse Foundation have completed their investigation into a significant security incident involving exposed developer tokens and malicious extensions. The comprehensive response reveals how the platform is strengthening defenses across the entire VS Code extension…
AMD Zen 5 Processors RDSEED Vulnerability Breaks Integrity With Randomness
AMD has disclosed a critical vulnerability affecting its Zen 5 processor lineup that compromises the reliability of random number generation, a fundamental security feature in modern computing. The flaw, tracked as CVE-2025-62626, impacts the RDSEED instruction used by systems to…
New TruffleNet BEC Campaign Leverages AWS SES Using Stolen Credentials to Compromise 800+ Hosts
Identity compromise has become one of the most significant threats facing cloud infrastructure, particularly when attackers gain access to legitimate credentials. These valid access keys enable adversaries to bypass traditional security defenses, creating opportunities for widespread exploitation. Amazon Web Services…
Microsoft Patch for WSUS Vulnerability has Broken Hotpatching on Windows Server 2025
In a recent setback for Windows administrators, Microsoft’s October 2025 security update addressing a critical vulnerability in Windows Server Update Services (WSUS) has inadvertently broken hotpatching functionality on a subset of Windows Server 2025 systems. The flaw, tracked as CVE-2025-59287,…
Hackers Can Manipulate Claude AI APIs with Indirect Prompts to Steal User Data
Hackers can exploit Anthropic’s Claude AI to steal sensitive user data. By leveraging the model’s newly added network capabilities in its Code Interpreter tool, attackers can use indirect prompt injection to extract private information, such as chat histories, and upload…
New Business Email Protection Technique Blocks the Phishing Email Behind NPM Breach
Supply chain attacks targeting the JavaScript ecosystem have evolved into sophisticated operations combining domain manipulation with social engineering. On September 8, 2025, threat actors launched a coordinated phishing campaign aimed at compromising high-profile NPM developers. The attack successfully infiltrated the…
Beware of New Phishing Attack that Abuses Cloudflare and ZenDesk Pages to Steal Logins
A sophisticated phishing campaign has emerged, exploiting the trust placed in legitimate cloud hosting services. Threat actors are leveraging Cloudflare Pages and ZenDesk platforms to conduct large-scale credential theft operations targeting unsuspecting users. The campaign demonstrates a concerning trend where…
Hackers Deliver SSH-Tor Backdoor Via Weaponized Military Documents in ZIP Files
In October 2025, threat researchers at Cyble Research and Intelligence Labs uncovered a sophisticated cyber attack leveraging weaponized military documents to distribute an advanced SSH-Tor backdoor targeting defense sector personnel. The campaign centers on a deceptively simple delivery mechanism: a…
Conti Group Member Responsible for Deploying Ransomware Extradited to USA
A Ukrainian national accused of playing a key role in the notorious Conti ransomware operation has been extradited from Ireland to face federal charges in the United States. Oleksii Oleksiyovych Lytvynenko, 43, made his first court appearance in the Middle…
Windows 11 24H2/25H2 Update Causes Task Manager to be Active After Closure
Microsoft has released a non-security update for Windows 11 versions 24H2 and 25H2 that introduces an unusual bug affecting one of the operating system’s most essential utilities. The update, designated as KB5067036, is causing Task Manager to continue running in…
Proton Exposes 300 Million Stolen Credentials Available for Sale on Dark Web Cybercrime Markets
Proton has launched a new initiative called the Data Breach Observatory. This program reveals serious problems that exist on the internet. The cybersecurity company revealed that over 300 million stolen credentials are currently circulating on dark web cybercrime markets, putting…
New Operation SkyCloak Uses Powershell Tools and Hidden SSH Service to Unblock Traffic
A sophisticated campaign targeting military personnel across Russia and Belarus has emerged, deploying a complex multi-stage infection chain that establishes covert remote access through Tor-based infrastructure. Operation SkyCloak represents a stealth-oriented intrusion effort aimed at the Russian Airborne Forces and…
Windows Graphics Vulnerabilities Allow Remote Attackers to Execute Arbitrary Code
Multiple vulnerabilities in Microsoft’s Graphics Device Interface (GDI), a core component of the Windows operating system responsible for rendering graphics. These flaws, discovered by Check Point through an intensive fuzzing campaign targeting Enhanced Metafile (EMF) formats, could enable remote attackers…
New BOF Tool Exploits Microsoft Teams’ Cookie Encryption Allowing Attackers to Access User Chats
A specialized Beacon Object File (BOF) designed to extract authentication cookies from Microsoft Teams without disrupting the application. This development builds on recent findings that expose how Teams stores sensitive access tokens, potentially allowing attackers to impersonate users and access…
Cybersecurity News Weekly Newsletter – EY Data Leak, Bind 9, Chrome Vulnerability, and Aardvar ChatGPT Agent
This week’s cybersecurity roundup highlights escalating threats from misconfigurations, software flaws, and advanced malware. Key incidents demand immediate attention from IT teams and executives. ISC patched CVE-2025-5470 in BIND 9 (versions 9.16.0–9.18.26), a DoS vulnerability (CVSS 8.6) allowing server crashes…
New EDR-Redir V2 Blinds Windows Defender on Windows 11 With Fake Program Files
An upgraded release of tool EDR-Redir V2, designed to evade Endpoint Detection and Response (EDR) systems by exploiting Windows bind link technology in a novel way. According to the researcher TwoSevenOneT, the version targets the parent directories of EDR installations,…
OpenAI’s New Aardvark GPT-5 Agent that Detects and Fixes Vulnerabilities Automatically
OpenAI has unveiled Aardvark, an autonomous AI agent powered by its cutting-edge GPT-5 model, designed to detect software vulnerabilities and automatically propose fixes. This tool aims to entrust developers and security teams by scaling human-like analysis across vast codebases, addressing…