Category: Cyber Security News

Cybersecurity researchers began detecting an alarming surge in early April 2025 in UDP flood traffic emanating from compromised network video recorders (NVRs) and other edge devices. Within milliseconds of infection, these devices were weaponized to direct overwhelming volumes of packets…

Read more →

OpenAI announced today its definitive agreement to acquire Statsig, a product experimentation and analytics platform, for $1.1 billion. The acquisition is a key move by the leader in artificial intelligence. It aims to add strong data tools to its system.…

Read more →

Google has officially promoted Chrome 140 to the stable channel, initiating a multi-platform rollout for Windows, Mac, Linux, Android, and iOS. The update brings the usual stability and performance improvements, but the headline feature is a critical security patch addressing…

Read more →

A stealthy new malware loader dubbed TinyLoader has begun proliferating across Windows environments, exploiting network shares and deceptive shortcut files to compromise systems worldwide. First detected in late August 2025, TinyLoader installs multiple secondary payloads—most notably RedLine Stealer and DCRat—transforming…

Read more →

A proof-of-concept exploit for CVE-2025-53772, a critical remote code execution vulnerability in Microsoft’s IIS Web Deploy (msdeploy) tool, was published this week, raising urgent alarms across the .NET and DevOps communities.  The flaw resides in the unsafe deserialization of HTTP header contents in…

Read more →

CISA has issued an urgent advisory concerning a newly disclosed zero-day vulnerability in Meta Platforms’ WhatsApp messaging service (CVE-2025-55177).  This flaw, categorized under CWE-863: Incorrect Authorization, allows an unauthorized actor to manipulate linked device synchronization messages and force a target…

Read more →

In response to the discovery of actively exploited 0-day vulnerabilities, Google has released its September 2025 Android Security Bulletin, rolling out patch level 2025-09-05 to safeguard millions of devices. The bulletin details critical issues in both System and Kernel components,…

Read more →

AI-powered cybersecurity tools can be turned against themselves through prompt injection attacks, allowing adversaries to hijack automated agents and gain unauthorized system access. Security researchers Víctor Mayoral-Vilches & Per Mannermaa Rynning, revealed how modern AI-driven penetration testing frameworks become vulnerable…

Read more →

Threat actors are rapidly weaponizing Hexstrike-AI, a recently released AI-powered offensive security framework, to scan for and exploit zero-day CVEs in under ten minutes.  Originally marketed as an offensive security framework for red teams, Hexstrike-AI’s architecture has already been repurposed…

Read more →

Cloudflare has confirmed a data breach where a sophisticated threat actor accessed and stole customer data from the company’s Salesforce instance. The breach was part of a wider supply chain attack that exploited a vulnerability in the Salesloft Drift chatbot…

Read more →

A sophisticated spear-phishing campaign has emerged targeting senior executives and C-suite personnel across multiple industries, leveraging Microsoft OneDrive as the primary attack vector. The campaign utilizes carefully crafted emails masquerading as internal HR communications about salary amendments to trick high-profile…

Read more →

Google has officially debunked widespread reports claiming the company issued a major security warning to Gmail users, clarifying that such claims are entirely false. The technology giant addressed the misinformation directly on September 1, 2025, emphasizing that no broad security…

Read more →

A critical security vulnerability discovered in ESPHome’s web server component has exposed thousands of smart home devices to unauthorized access, effectively nullifying basic authentication protections on ESP-IDF platform implementations. The flaw, designated CVE-2025-57808 with a CVSS score of 8.1, affects…

Read more →

A sophisticated spear-phishing campaign orchestrated by Iranian-aligned operators has been identified targeting diplomatic missions worldwide through a compromised Ministry of Foreign Affairs of Oman mailbox. The attack, discovered in August 2025, represents a continuation of tactics associated with the Homeland…

Read more →

Commercial surveillance vendors have evolved from niche technology suppliers into a sophisticated multi-billion-dollar ecosystem that poses unprecedented threats to journalists, activists, and civil society members worldwide. A comprehensive new report by Sekoia.io’s Threat Detection & Research team reveals how these…

Read more →

When you’re in a SOC, speed is everything. The earlier you detect and confirm an intrusion, the faster you can contain it, and the less damage it does to your organization. But raw indicators of compromise (IOCs) like hashes, IPs,…

Read more →

A newly discovered WhatsApp scam has begun circulating on messaging platforms, exploiting the popular device linking feature to seize full control of user accounts. The attack unfolds when recipients receive what appears to be a harmless message from a known…

Read more →

Luxury automaker Jaguar Land Rover (JLR) has been forced to halt production at its Halewood plant and shut down its global IT infrastructure following a significant cybersecurity incident. The breach, which was first reported on Monday, September 1, has led…

Read more →

A sophisticated network of Ukrainian-based autonomous systems has emerged as a significant cybersecurity threat, orchestrating large-scale brute-force and password-spraying attacks against SSL VPN and RDP infrastructure. Between June and July 2025, these malicious networks launched hundreds of thousands of coordinated…

Read more →

Palo Alto Networks has confirmed it is one of hundreds of organizations impacted by a significant supply chain attack that resulted in the theft of customer data from its Salesforce instances. The breach originated from a compromised third-party application, Salesloft’s…

Read more →