Category: Cyber Security News

A newly introduced feature in ChatGPT that allows it to connect with personal data applications can be exploited by attackers to exfiltrate private information from a user’s email account. The attack requires only the victim’s email address and leverages a…

Read more →

The well-known group of cybercriminals called Scattered Lapsus$ Hunters released a surprising farewell statement on BreachForums. This manifesto, a mix of confession and strategic deception, offers vital insights into the changing landscape of modern cybercrime and the increasing pressure from…

Read more →

New AI-powered penetration testing framework Villager combines Kali Linux toolsets with DeepSeek AI models to fully automate cyber attack workflows. Initially developed by the Chinese-based group Cyberspike, this tool has rapidly gained traction since its July 2025 release on the…

Read more →

The notorious APT-C-24 threat actor group, commonly known as Sidewinder or Rattlesnake, has evolved its attack methodology by deploying sophisticated LNK file-based phishing campaigns targeting government, energy, military, and mining sectors across South Asia. Active since 2012, this advanced persistent…

Read more →

Within mere hours of its public unveiling, the K2 Think model experienced a critical compromise that has sent ripples throughout the cybersecurity community. The newly launched reasoning system, developed by MBZUAI in partnership with G42, was designed to offer unprecedented…

Read more →

Samsung has released its September 2025 security update, addressing a critical zero-day vulnerability that is being actively exploited in the wild. The patch resolves a total of 25 Samsung Vulnerabilities and Exposures (SVEs), alongside fixes from Google and Samsung Semiconductor,…

Read more →

Since its first appearance earlier this year, the ToneShell backdoor has demonstrated a remarkable capacity for adaptation, toyed with by the Mustang Panda group to maintain an enduring foothold in targeted environments. This latest variant, discovered in early September, arrives…

Read more →

A sudden and definitive statement emerged from the “Scattered LAPSUS$ Hunters 4.0” Telegram channel on September 8, signaling an abrupt end to their public operations. After months of high-profile campaigns targeting major corporations and critical infrastructure, the collective declared a…

Read more →

The Cybersecuritynews researcher team uncovered a sophisticated social engineering campaign that is exploiting the public’s need for free internet access, using deceptive Wi-Fi portals to trick users into downloading and executing PowerShell-based malware. Dubbed the “Clickfix” attack, this method turns…

Read more →

In late July 2025, a series of ransomware samples surfaced on VirusTotal under filenames referencing the notorious Petya and NotPetya attacks. Unlike its predecessors, this new threat—dubbed HybridPetya by ESET analysts—exhibited capabilities that extended beyond conventional userland execution, directly targeting…

Read more →

A new, sophisticated malware campaign has been uncovered that leverages Microsoft’s Azure Functions for its command-and-control (C2) infrastructure, a novel technique that complicates detection and takedown efforts. According to the Dmpdump report, the malware, first identified from a file uploaded…

Read more →

A new kernel address leak vulnerability has been discovered in the latest versions of Windows 11 (24H2) and Windows Server 2022 (24H2). The flaw, identified as CVE-2025-53136, was ironically introduced by a Microsoft patch intended to fix a separate vulnerability,…

Read more →

The Cybersecuritynews researcher team uncovered a sophisticated social engineering campaign that is exploiting the public’s need for free internet access, using deceptive Wi-Fi portals to trick users into downloading and executing PowerShell-based malware. Dubbed the “Clickfix” attack, this method turns…

Read more →

Apple has issued a warning regarding highly sophisticated “mercenary spyware” attacks targeting a select group of its users. The company’s threat notification system is designed to alert and support individuals who may have been targeted due to their profession or…

Read more →

Microsoft has officially announced a multi-phase plan to deprecate VBScript in Windows, a move that signals a significant shift for developers, particularly those working with Visual Basic for Applications (VBA). The change, first detailed in May 2024, will gradually phase…

Read more →

Microsoft has addressed four elevation of privilege vulnerabilities in its Windows Defender Firewall service, all rated as “Important” in severity. The security flaws were detailed in Microsoft’s September 9, 2025, security update release. If exploited, these vulnerabilities could allow an…

Read more →

Oracle has released VirtualBox 7.2.2, a maintenance update for its open-source virtualization platform, focusing on improving stability and addressing a range of bugs. Released on September 10, 2025, this version comes as a follow-up to the major 7.2 release, which…

Read more →

Apple has issued a warning regarding highly sophisticated “mercenary spyware” attacks targeting a select group of its users. The company’s threat notification system is designed to alert and support individuals who may have been targeted due to their profession or…

Read more →

Microsoft is investigating a significant Exchange Online service disruption that is preventing users in North and South America from accessing their mailboxes. The ongoing incident, tracked under the ID EX1151485 in the admin center, impacts all methods of connecting to…

Read more →

Microsoft to enhance security for its Teams platform by automatically warning users about malicious links in chat messages. The new feature, part of Microsoft Defender for Office 365, is designed to protect users from phishing, spam, and malware attacks by…

Read more →