You may have seen them in restaurants, cat-faced robots gliding between tables, delivering plates of food. These robots, many of them made by Pudu Robotics, the world’s largest commercial service robotics company, are part of a growing fleet of automated…
Category: Cyber Security News
Hackers Abuse Legitimate Email Marketing Platforms to Disguise Malicious Links
Cybercriminals are increasingly exploiting legitimate email marketing platforms to launch sophisticated phishing campaigns, leveraging the trusted reputation of these services to bypass security filters and deceive victims. This emerging threat vector represents a significant evolution in phishing tactics, where attackers…
Hackers Leverage Built-in MacOS Protection Features to Deploy Malware
macOS has long been recognized for its robust, integrated security stack, but cybercriminals are finding ways to weaponize these very defenses. Recent incidents show attackers exploit Keychain, SIP, TCC, Gatekeeper, File Quarantine, XProtect, and XProtect Remediator to stealthily deliver malicious…
Salesforce Releases Forensic Investigation Guide Following Chain of Attacks
Salesforce today unveiled its comprehensive Forensic Investigation Guide, equipping organizations with best practices, log analysis techniques, and automation workflows to detect and respond to sophisticated security breaches rapidly. To reconstruct attack timelines and assess data exposure, the guide emphasizes three…
Malicious npm Package Mimics as Popular Nodemailer with Weekly 3.9 Million Downloads to Hijack Crypto Transactions
Security researchers at Socket.dev uncovered a sophisticated supply chain attack in late August 2025 leveraging a malicious npm package named nodejs-smtp, which masquerades as the widely used email library nodemailer, boasting approximately 3.9 million weekly downloads. At first glance, nodejs-smtp…
Windows 11 25H2 Update Preview Released, What’s New?
Microsoft has opened the Release Preview Channel to Windows Insiders for the forthcoming Windows 11, version 25H2 (Build 26200.5074) enablement package (eKB), offering an early look at this year’s annual feature update. Insiders can now opt in via Windows Update’s…
Apple Hints That iPhone 17 Is to Eliminate the Physical SIM Card
Apple appears to be laying the groundwork to remove the physical SIM card slot from its upcoming iPhone 17 models in more countries, with a significant push anticipated across the European Union. The move aligns with the company’s long-term strategy…
AI Waifu RAT Attacking Users With Novel Social Engineering Techniques
A sophisticated malware campaign targeting niche Large Language Model (LLM) role-playing communities has emerged, leveraging advanced social engineering tactics to distribute a dangerous Remote Access Trojan (RAT). The malware, dubbed “AI Waifu RAT” by security researchers, masquerades as an innovative…
Hackers Leverage Windows Defender Application Control Policies to Disable EDR Agents
Cybercriminals are exploiting Windows Defender Application Control (WDAC) policies to systematically disable Endpoint Detection and Response (EDR) agents, creating a dangerous blind spot in corporate security infrastructure. Real-world threat actors, including ransomware groups like Black Basta, have now adopted a…
Amazon Dismantles Russian APT 29 Infrastructure Used to Attack Users
Amazon’s threat intelligence team uncovered a sophisticated watering hole campaign in late August 2025, which is orchestrated by APT29, also known as Midnight Blizzard, a Russian Foreign Intelligence Service–linked actor. The operation relied on the compromise of legitimate websites to…
Infostealer Malware is Being Exploited by APT Groups for Targeted Attacks
Infostealer malware, initially designed to indiscriminately harvest credentials from compromised hosts, has evolved into a potent weapon for state-sponsored Advanced Persistent Threat (APT) groups. Emerging in early 2023, families such as RedLine, Lumma, and StealC quickly proliferated across phishing campaigns…
Sitecore CMS Platform Vulnerabilities Enables Remote Code Execution
Critical vulnerabilities in Sitecore Experience Platform allow attackers to achieve complete system compromise through a sophisticated attack chain combining HTML cache poisoning with remote code execution capabilities. These flaws also enable attackers to enumerate cache keys and configuration details via…
CISA Releases Nine ICS Advisories Surrounding Vulnerabilities, and Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) has published nine Industrial Control Systems (ICS) advisories on August 28, 2025, detailing high- and medium-severity vulnerabilities across leading vendors’ products. The advisories highlight remote-exploitable flaws, privilege-escalation weaknesses, memory corruption bugs, and insecure…
Linux UDisks Daemon Vulnerability Let Attackers Gaining Access to Files Owned by Privileged Users
A critical security vulnerability has been discovered in the Linux UDisks daemon that could allow unprivileged attackers to gain access to files owned by privileged users. The flaw, identified as CVE-2025-8067, was publicly disclosed on August 28, 2025, and carries…
How Prompt Injection Attacks Bypassing AI Agents With Users Input
Prompt injection attacks have emerged as one of the most critical security vulnerabilities in modern AI systems, representing a fundamental challenge that exploits the core architecture of large language models (LLMs) and AI agents. As organizations increasingly deploy AI agents…
Weekly Cybersecurity News Recap : WhatsApp, Chrome 0-Day, AI Ransomware and Cyber Attacks
Welcome to your Weekly Cybersecurity News Recap. This week, the digital world faced a fresh wave of threats, underscoring the relentless evolution of cyber risks that target individuals and organizations alike. From our personal communication apps to the browsers we…
Microsoft Confirms Recent Windows 11 24H2 Security Update Not Causing SSD/HDD Failures
Microsoft has officially addressed growing concerns among Windows 11 users, stating that its August 2025 security update for version 24H2 is not responsible for the scattered reports of SSD and HDD failures that have recently surfaced on social media and…
Top 10 Attack Surface Management Software Solutions In 2025
Attack Surface Management (ASM) is a proactive security discipline focused on continuously discovering, analyzing, and reducing an organization’s external-facing digital footprint. In 2025, with the proliferation of cloud services, remote work, and supply chain dependencies, an organization’s attack surface has…
Top 10 Best Web Application Penetration Testing Companies in 2025
Web application penetration testing in 2025 goes beyond a simple, one-time assessment. The top companies combine human expertise with automation and intelligent platforms to provide continuous, on-demand testing. The rise of Penetration Testing as a Service (PTaaS) and bug bounty…
New ‘Sindoor Dropper’ Malware Targets Linux Systems with Weaponized .desktop Files
A new malware campaign, dubbed “Sindoor Dropper,” is targeting Linux systems using sophisticated spear-phishing techniques and a multi-stage infection chain. The campaign leverages lures themed around the recent India-Pakistan conflict, known as Operation Sindoor, to entice victims into executing malicious…