In recent months, security teams have observed a significant increase in sophisticated phishing campaigns leveraging a newly discovered Phishing-as-a-Service (PhaaS) platform dubbed VoidProxy. The operation, first detected in August 2025, combines multiple anti-analysis techniques and adversary-in-the-middle (AitM) capabilities to target…
Top 10 Best Ransomware Protection Solutions in 2025
Ransomware continues to be one of the most destructive and pervasive cyber threats facing organizations of all sizes. In 2025, the sophistication of ransomware attacks has reached unprecedented levels, with threat actors employing advanced techniques like double extortion, supply chain…
Samsung Patches Zero-Day Exploited Against Android Users
Reported by Meta and WhatsApp, the vulnerability leads to remote code execution and was likely exploited by a spyware vendor. The post Samsung Patches Zero-Day Exploited Against Android Users appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Phishing Campaigns Drop RMM Tools for Remote Access
Threat actors are using multiple lures to trick users into installing RMM tools This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing Campaigns Drop RMM Tools for Remote Access
AppSuite-PDF, PDF Editor Operators Exploited 26 Code-Signing Certificates to Fake Legitimacy
Analysis reveals that the developers behind the AppSuite-PDF and PDF Editor campaigns have abused at least 26 distinct code-signing certificates over the past seven years to lend legitimacy to their malware, collectively tracked as BaoLoader. Previously classified as potentially unwanted…
Top 10 Best Ransomware Protection Companies in 2025
As per a recent Sophos report from July 2025, 53% of Indian organizations impacted by ransomware paid the ransom, though the median payment saw a significant drop to around $481,636 (approximately ₹4 crore). However, the average recovery cost, excluding ransom,…
UK Lords take aim at Ofcom’s ‘child-protection’ upgrades to Online Safety Act
Peers will quiz campaigners on whether Ofcom’s new measures will actually work, or just add more compliance pain The House of Lords is about to put the latest child-protection plans of UK regulator the Office of Communications (Ofcom) under the…
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns
A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes. Dubbed Villager, the…
OpenAI, Microsoft Reach Preliminary Deal Over For-Profit Shift
OpenAI reaches non-binding agreement with Microsoft over for-profit restructure, says non-profit arm to receive $100bn stake This article has been indexed from Silicon UK Read the original article: OpenAI, Microsoft Reach Preliminary Deal Over For-Profit Shift
FTC Probes Amazon, Google Over Ad Practices
FTC reportedly investigating whether Amazon and Google misled advertisers, in latest case to hit large technology companies This article has been indexed from Silicon UK Read the original article: FTC Probes Amazon, Google Over Ad Practices
A week in security (September 8 – September 14)
A list of topics we covered in the week of September 8 to September 14 of 2025 This article has been indexed from Malwarebytes Read the original article: A week in security (September 8 – September 14)
An Overview of Passwordless Authentication
Explore passwordless authentication methods, benefits, and implementation strategies. Learn how to enhance security and user experience by eliminating passwords. The post An Overview of Passwordless Authentication appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read…
ShinyHunters hits Vietnam, Petya-NotPetya copycat appears, CISA wants CVE
ShinyHunters hits Vietnam National Credit Information Center HybridPetya is a Petya/NotPetya copycat with UEFI Secure Boot bypass CISA seeks control over CVE Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a…
DarkCloud Stealer Targets Financial Firms via Weaponized RAR Files
August 2025 saw a dramatic surge in targeted attacks by the DarkCloud Stealer against financial institutions worldwide. CyberProof’s MDR analysts and threat hunters identified a wave of phishing emails bearing malicious RAR archives designed to prey on Windows users. Once…
Microsoft Warns Windows 11 23H2 Support Ending in 60 Days
Microsoft has issued an urgent reminder to enterprise and educational institutions worldwide about the impending end of support for Windows 11 version 22H2. With just 60 days remaining, organizations must prepare for the October 14, 2025, deadline when critical security…
FlowiseAI Password Reset Token Vulnerability Allows Account Takeover
A critical vulnerability affecting FlowiseAI’s Flowise platform has been disclosed, revealing a severe authentication bypass flaw that allows attackers to perform complete account takeovers with minimal effort. The vulnerability tracked as CVE-2025-58434 impacts both cloud deployments at cloud.flowiseai.com and self-hosted…
New Research Reveals One-Third of Cloud Assets Harbor Easily Exploitable Vulnerabilities
Analysis of nearly five million internet-exposed assets shows significant security gaps across major cloud platforms, with Google Cloud-hosted assets showing highest vulnerability rates. The post New Research Reveals One-Third of Cloud Assets Harbor Easily Exploitable Vulnerabilities appeared first on…
BitlockMove Tool Enables Lateral Movement via Bitlocker DCOM & COM Hijacking
A new proof-of-concept (PoC) tool named BitlockMove demonstrates a novel lateral movement technique that leverages BitLocker’s Distributed Component Object Model (DCOM) interfaces and COM hijacking. Released by security researcher Fabian Mosch of r-tec Cyber Security, the tool enables attackers to…
Linux CUPS Vulnerability Let Attackers Remote DoS and Bypass Authentication
Two critical vulnerabilities have been discovered in the Linux Common Unix Printing System (CUPS), exposing millions of systems to remote denial-of-service attacks and authentication bypass exploits. The vulnerabilities, tracked as CVE-2025-58364 and CVE-2025-58060, affect the core printing infrastructure used across…
Most enterprise AI use is invisible to security teams
Most enterprise AI activity is happening without the knowledge of IT and security teams. According to Lanai, 89% of AI use inside organizations goes unseen, creating risks around data privacy, compliance, and governance. This blind spot is growing as AI…
HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks
Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware. “The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites,” Fortinet…
NPM Attack Leave Hackers Empty Handed: Cybersecurity Today with David Shipley
Cybersecurity Today: NPM Attack, Void Proxy Phishing, and Major Business Disruptions In this episode of Cybersecurity Today, host David Shipley discusses a recent massive NPM attack that, despite causing significant disruption, left hackers with minimal gains. We also cover a…
Yurei Ransomware Uses PowerShell to Deploy ChaCha20 File Encryption
A newly discovered ransomware group called Yurei has emerged with sophisticated encryption capabilities, targeting organizations through double-extortion tactics while leveraging open-source code to rapidly scale operations. First observed on September 5, 2025, this Go-based ransomware employs the ChaCha20 encryption algorithm…
Over 500GB of Sensitive Great Firewall of China Data Leaked Online
A massive data breach has exposed the inner workings of China’s internet censorship system, with over 500GB of sensitive documents from the Great Firewall of China (GFW) leaked online on September 11, 2025. This represents the largest leak of internal…