Cybercriminals are increasingly automating one of the most insidious social engineering exploits—forcing victims to manually execute malware under the guise of browser verification. The newly discovered IUAM ClickFix Generator commoditizes the ClickFix technique into an easy-to-use phishing kit, lowering the…
Category: EN
The Evolution of Chaos Ransomware: Faster, Smarter, and More Dangerous
FortiGuard Labs details Chaos-C++, a ransomware variant using destructive encryption and clipboard hijacking to amplify damage and theft. Read more. This article has been indexed from Fortinet Threat Research Blog Read the original article: The Evolution of Chaos Ransomware:…
Critical AWS ClientVPN for macOS Vulnerability Let Attackers Escalate Privileges
A critical flaw in the AWS Client VPN for macOS has been disclosed, presenting a local privilege escalation risk to non-administrator users. The vulnerability tracked as CVE-2025-11462 allows attackers to gain root privileges by abusing the client’s log rotation mechanism.…
ClamAV 1.5.0 Released with New MS Office and PDF Verification Features
Cisco has announced the release of ClamAV 1.5.0, a significant update to the open-source antivirus engine that introduces major security enhancements, new document scanning capabilities, and extensive API improvements. This version strengthens the platform’s detection and verification mechanisms, with a…
Yurei Ransomware Leverages SMB Shares and Removable Drives to Encrypt Files
Yurei ransomware first emerged in early September 2025, targeting Windows environments with a sophisticated Go-based payload designed for rapid, large-scale encryption. Once executed, the malware enumerates all accessible local and network drives, appends a .Yurei extension to each file, and…
Google’s New AI Agent, CodeMender, Automatically Rewrites Vulnerable Code
Google has introduced CodeMender, a new artificial intelligence-powered agent that automatically enhances software security by identifying and fixing vulnerabilities. This initiative addresses the growing gap between the rapid, AI-assisted discovery of security flaws and the time-consuming manual effort required to…
TamperedChef Malware as PDF Editor Harvest Browser Credentials and Allows Backdoor Access
In recent weeks, security teams have observed a surge in malvertising campaigns distributing what appears to be a fully functional PDF editor. Dubbed TamperedChef, this malware masquerades as a legitimate application—AppSuite PDF Editor—leveraging convincing advertisements to lure European organizations and…
We Raised $15M to Build the Future of Security Data
We’re excited to share that Realm Security has raised a $15M Series A, just 12 months after our $5M seed round. We wouldn’t be here without our customers, our team, and our partners. Thank you for believing in what we’re…
AI fuels social engineering but isn’t yet revolutionizing hacking
AI tools are still too computationally intense for cybercriminals to rely on, according to a new report. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: AI fuels social engineering but isn’t yet revolutionizing…
OpenAI Blocks ChatGPT Accounts Linked to Chinese Hackers Developing Malware
OpenAI has taken decisive action to stop misuse of its ChatGPT models by banning accounts tied to a group of Chinese hackers. This move reflects OpenAI’s core aim to ensuring artificial general intelligence benefits everyone. By setting clear rules and…
AI Chatbot Exploited as a Backdoor to Access Sensitive Data and Infrastructure
The rapid adoption of generative AI (GenAI), especially large language model (LLM) chatbots, has revolutionized customer engagement by delivering unparalleled efficiency and personalization. Yet, with this transformative power comes an equally formidable risk: adversaries are increasingly weaponizing AI applications to…
ClamAV 1.5.0 Released with Enhanced MS Office and PDF File Verification
ClamAV 1.5.0 is now available with new features that strengthen malware detection in Microsoft Office and PDF documents. This update marks a significant step forward for users who need reliable and thorough scanning of encrypted files and embedded links. Alongside…
Check Point Partners with HackShield to Empower the Next Generation of Cyber Heroes
We couldn’t be more excited to announce our new partnership with HackShield, the award-winning cyber education platform for children. This collaboration will bring essential cyber awareness education to kids aged 8 to 12 through HackShield’s gamified learning experience. Our goal:…
Is your computer mouse eavesdropping on you?
Researchers have found a method they called Mic-E-Mouse, which turns your computer mouse into a spy that can listen in on your conversations. This article has been indexed from Malwarebytes Read the original article: Is your computer mouse eavesdropping on…
Germany slams brakes on EU’s Chat Control device-scanning snoopfest
Berlin’s opposition likely kills off Brussels’ bid to scan everyone’s messages Germany has committed to oppose the EU’s controversial “Chat Control” regulations following huge pressure from multiple activists and major organizations.… This article has been indexed from The Register –…
Researchers uncover ClickFix-themed phishing kit
Palo Alto Networks researchers have discovered and analyzed “IUAM ClickFix Generator”, a phishing kit that allows less skilled attackers to infect unsuspecting users with malware by using the increasingly popular ClickFix social engineering technique. “This tool allows threat actors to…
Nezha Tool Used in New Cyber Campaign Targeting Web Applications
A cyber campaign using Nezha has been identified, targeting vulnerable web apps with PHP web shells and Ghost RAT This article has been indexed from www.infosecurity-magazine.com Read the original article: Nezha Tool Used in New Cyber Campaign Targeting Web Applications
Salesforce Refuses To Pay Ransom
Salesforce has officially stated it won’t negotiate with or pay a ransom to the threat actors responsible for a widespread data theft campaign The post Salesforce Refuses To Pay Ransom first appeared on CyberMaterial. This article has been indexed from…
Microsoft Ties Storm 1175 To Medusa
A cybercriminal group that Microsoft tracks as Storm-1175 has been exploiting a severe vulnerability in the Fortra GoAnywhere software to deploy Medusa ransomware The post Microsoft Ties Storm 1175 To Medusa first appeared on CyberMaterial. This article has been indexed…
Redis Use After Free Bug Enables RCE
A severe security flaw has been found in Redis servers that could allow an attacker to take full control of a system. This vulnerability, tracked as CVE-2025-49844 The post Redis Use After Free Bug Enables RCE first appeared on CyberMaterial.…