The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps (IRGC) as part of a new espionage-focused campaign. The activity, detected in early September 2025…
Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks
Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI) inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang. “These vulnerabilities all traced back to the same root…
Millions of sites at risk from Imunify360 critical flaw exploit
A vulnerability affecting Imunify360 lets attackers run code via malicious file uploads, risking millions of websites. A vulnerability in ImunifyAV/Imunify360 allows attackers to upload malicious files to shared servers and execute arbitrary code, potentially exposing millions of websites, cybersecurity firm…
CISA flags imminent threat as Akira ransomware starts hitting Nutanix AHV
Advisory updated as leading cybercrime crew opens up its target pool The US Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance to organizations on the Akira ransomware operation, which poses an imminent threat to critical sectors.… This article…
In Other News: Deepwatch Layoffs, macOS Vulnerability, Amazon AI Bug Bounty
Other noteworthy stories that might have slipped under the radar: EchoGram attack undermines AI guardrails, Asahi brewer still crippled after ransomware attack, Sora 2 system prompt uncovered. The post In Other News: Deepwatch Layoffs, macOS Vulnerability, Amazon AI Bug Bounty…
How Spyware Steals Your Data Without You Knowing About It
You might not be aware that your smartphone has spyware, which poses a risk to your privacy and personal security. However, what exactly is spyware? This type of malware, often presented as a trustworthy mobile application, has the potential to…
ASF Rejects Akira Breach Claims Against Apache OpenOffice
Apache OpenOffice, an open-source office suite project maintained by the Apache Software Foundation (ASF), is currently disputing claims of a significant data breach allegedly perpetrated by the Akira ransomware gang. On October 30, 2025, Akira published a post on…
Chinese cyber spies used Claude AI to automate 90% of their attack campaign, Anthropic claims
Anthropic threat researchers believe that they’ve uncovered and disrupted the first documented case of a cyberattack executed with the help of its agentic AI and minimal human intervention. “The threat actor manipulated [Anthropic’s large language model] Claude into functioning as…
Chinese Tech Firm Leak Reportedly Exposes State Linked Hacking
A massive data leak reportedly at Chinese firm Knownsec (Chuangyu) exposed 12,000 files detailing state-backed ‘cyber weapons’ and spying on over 20 countries. See the details, including 95GB of stolen Indian immigration data. This article has been indexed from Hackread…
Microsoft Teams’ New Location-Based Status Sparks Major Privacy and Legal Concerns
Microsoft Teams is preparing to roll out a new feature that could significantly change how employee presence is tracked in the workplace. By the end of the year, the platform will be able to automatically detect when an employee…
Zero Trust Security for Mission Partner Environments in Coalition Operations
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Zero Trust Security for Mission Partner Environments in Coalition Operations
Cisco Catalyst Center Vulnerability Allows Attackers to Escalate Privileges
A critical security vulnerability has been identified in the Cisco Catalyst Center Virtual Appliance that could enable authenticated, remote attackers to escalate their privileges to Administrator on affected systems. This vulnerability CVE-2025-20341 caused by insufficient validation of user-supplied input, underscores…
Anthropic: China-Based Hackers Used Claude to Automate Global Cyberattack
Chinese state-backed hackers hijacked Anthropic’s Claude AI to run an autonomous global cyberattack, marking a major shift in AI-driven cyberwarfare. The post Anthropic: China-Based Hackers Used Claude to Automate Global Cyberattack appeared first on TechRepublic. This article has been indexed…
SmartApeSG Campaign Leverages ClickFix Technique to Deploy NetSupport RAT
The SmartApeSG campaign, also known as ZPHP or HANEY MANEY, continues to evolve its attack methods to compromise Windows systems with malicious remote access tools. First reported in June 2024, this campaign has shifted from using fake browser update pages…
NVIDIA NeMo Framework Vulnerabilities Allows Code Injection and Privilege Escalation
NVIDIA has issued a critical security update addressing two high-severity vulnerabilities in its NeMo Framework that could allow attackers to execute malicious code and escalate privileges on affected systems. The vulnerabilities, tracked as CVE-2025-23361 and CVE-2025-33178, both carry a CVSS…
Anthropic Claude AI Used by Chinese-Back Hackers in Spy Campaign
AI vendor Anthropic says a China-backed threat group used the agentic capabilities in its Claude AI model to automate as much as 90% of the operations in a info-stealing campaign that presages how hackers will used increasingly sophisticated AI capabilities…
Imunify360 Flaw Puts Sites At Risk
Website security products from Imunify360, designed for Linux-based web hosting environments and used to protect an estimated 56 million sites The post Imunify360 Flaw Puts Sites At Risk first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read…
Microsoft Office Russian Dolls, (Fri, Nov 14th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Microsoft Office Russian Dolls, (Fri, Nov 14th)
Multiple Cisco Unified CCX Vulnerabilities Enable Arbitrary Command Execution by Attackers
Cisco has disclosed critical security vulnerabilities affecting Cisco Unified Contact Center Express (Unified CCX) that could enable unauthenticated, remote attackers to execute arbitrary commands, escalate privileges to root, and bypass authentication mechanisms. The vulnerabilities reside in the Java Remote Method…
How CIOs Can Turn AI Visibility into Strategy
Generative AI is everywhere and it’s only growing. Whether you know it or not, tools such as ChatGPT, Claude, DeepSeek, and Gemini are being actively used in your office. A recent study from MIT’s Nanda Project found that 90% of…
Doordash Hit By October User Data Breach
DoorDash, the food delivery platform serving millions of customers across the U.S., Canada, Australia, and New Zealand, recently disclosed The post Doordash Hit By October User Data Breach first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read…
Hackers Breach NY State Texting Service
Hackers achieved an extremely rare feat by successfully taking over the operation of Mobile Commons, a legitimate bulk text messaging The post Hackers Breach NY State Texting Service first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read…
Akira Ransomware Made 244 Million Dollars
The Akira ransomware group has been identified as a highly prolific and financially successful threat actor, having generated over $244 million The post Akira Ransomware Made 244 Million Dollars first appeared on CyberMaterial. This article has been indexed from CyberMaterial…
Claude AI Linked To Chinese Espionage
A state-sponsored threat actor, believed to be based in China, executed a large-scale espionage campaign that exploited Anthropic’s Claude Code The post Claude AI Linked To Chinese Espionage first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read…