Threat actors began slipping malicious code into legitimate RubyGems packages, disguising infostealers as social media automation tools in early 2023. Over the past two years, attackers operating under aliases such as zon, nowon, kwonsoonje, and soonje have published more than…
Tag: Cyber Security News
Columbia University Data Breach – Hackers Stolen 870,000 Individuals Personal and Financial Data
Columbia University has disclosed a major cybersecurity incident where an unauthorized third party accessed and extracted a significant volume of personal and financial data. The breach, which affects a vast number of individuals connected to the university, was discovered following…
ChatGPT-5 Released: What’s New With the Next-Generation AI Agent
OpenAI has officially launched ChatGPT-5, a new generation of its AI agent that introduces a sophisticated, unified system designed to be faster, more intelligent, and significantly more useful for real-world applications. This release marks a significant evolution from its predecessors,…
Biggest Ever GreedyBear Attack With 650 Hacking Tools Stolen $1 Million from Victims
A sophisticated cybercriminal operation known as GreedyBear has orchestrated one of the most extensive cryptocurrency theft campaigns to date, deploying over 650 malicious tools across multiple attack vectors to steal more than $1 million from unsuspecting victims. Unlike traditional threat…
ECScape: Exploiting ECS Protocol on EC2 to Exfiltrate Cross-Task IAM and Execution Role Credentials
A sophisticated technique dubbed “ECScape” that allows malicious containers running on Amazon Elastic Container Service (ECS) to steal AWS credentials from other containers sharing the same EC2 instance. The discovery highlights critical isolation weaknesses in multi-tenant ECS deployments and underscores…
CISA Releases Emergency Advisory Urges Feds to Patch Exchange Server Vulnerability by Monday
CISA has issued an emergency advisory directing all Federal Civilian Executive Branch agencies to mitigate a newly disclosed Microsoft Exchange urgently hybrid-joined vulnerability, tracked as CVE-2025-53786, by 9:00 AM EDT on Monday, August 11, 2025. The flaw enables attackers who…
Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands
A new and custom firmware for the popular Flipper Zero multi-tool device is reportedly capable of bypassing the rolling code security systems used in most modern vehicles, potentially putting millions of cars at risk of theft. Demonstrations by the YouTube…
Hackers Weaponizing SVG Files With Malicious Embedded JavaScript to Execute Malware on Windows Systems
Cybercriminals have begun exploiting Scalable Vector Graphics (SVG) files as sophisticated attack vectors, transforming seemingly harmless image files into potent phishing weapons capable of executing malicious JavaScript on Windows systems. This emerging threat leverages the XML-based structure of SVG files…
WhatsApp Developers Under Attack From Weaponized npm Packages with Remote Kill Switch
Two malicious npm packages have emerged as sophisticated weapons targeting WhatsApp developers through a remote-controlled destruction mechanism that can completely wipe development systems. The packages, identified as naya-flore and nvlore-hsc, masquerade as legitimate WhatsApp socket libraries while harboring a devastating…
Guided Selling in 3D Product Configurators
People don’t want to guess when they buy something – especially something complex or customizable. They want to feel like they’re making the right choice. But with many ecommerce stores, it’s easy to feel lost: too many options, confusing specs,…
Hacker Extradited to US for Stealing Over $2.5 Million in Tax Fraud Attacks
A sophisticated cybercriminal operation that targeted American tax preparation businesses through spearphishing campaigns has culminated in the extradition of Nigerian national Chukwuemeka Victor Amachukwu from France to face federal charges in New York. The 39-year-old defendant, operating under multiple aliases…
SonicWall Confirms No New SSLVPN 0-Day – Ransomware Attack Linked to Old Vulnerability
Cybersecurity firm SonicWall has officially addressed recent concerns about a potential new zero-day vulnerability in its Secure Sockets Layer Virtual Private Network (SSLVPN) products. In a statement to Cybersecurity News, the company confirmed that recent ransomware attacks are not the…
ScarCruft Hacker Group Launched a New Malware Attack Using Rust and PubNub
The North Korean state-sponsored Advanced Persistent Threat (APT) group ScarCruft has launched a sophisticated new malware campaign targeting South Korean users through a deceptive postal-code update notice. This latest attack represents a significant evolution in the group’s operational capabilities, marking…
CISA Warns of ‘ToolShell’ Exploits Chain Attacks SharePoint Servers – Discloses IOCs and detection signatures
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an urgent analysis in early July 2025, detailing a sophisticated exploit chain targeting on-premises Microsoft SharePoint servers. Dubbed “ToolShell,” the campaign leverages two fresh vulnerabilities—CVE-2025-49706, a network spoofing flaw, and CVE-2025-49704,…
New Ghost Calls Attack Abuses Web Conferencing for Covert Command & Control
A sophisticated new attack technique called “Ghost Calls” exploits web conferencing platforms to establish covert command and control (C2) channels. Presented by Adam Crosser from Praetorian at Black Hat USA 2025, this groundbreaking research demonstrates how attackers can leverage the…
Microsoft 365 Direct Send Weaponized to Bypass Email Security Defenses
Cybersecurity researchers have uncovered a sophisticated spear phishing campaign that weaponizes Microsoft 365’s Direct Send feature to bypass traditional email security defenses and conduct hyper-personalized credential theft attacks. The campaign demonstrates an alarming evolution in attack sophistication, combining technical exploitation…
IRGC Hacker Groups Attacking Targeted Financial, Government, and Media Organizations
During the 12-day conflict between Israel and Iran in June 2025, a sophisticated network of Iranian-linked cyber threat actors launched coordinated digital operations against critical infrastructure sectors worldwide. The campaign demonstrated unprecedented coordination between military operations and state-sponsored cyberattacks, targeting…
WhatsApp Has Taken Down 6.8 Million Accounts Linked to Malicious Activities
WhatsApp has successfully dismantled 6.8 million accounts linked to fraudulent activities during the first half of 2024, representing a significant escalation in the platform’s fight against organized cybercrime. The takedown operation, announced by parent company Meta, specifically targeted scam centers…
New Active Directory Lateral Movement Techniques that Bypasses Authentication and Exfiltrate Data
Sophisticated attack vectors unveiled that exploit hybrid Active Directory and Microsoft Entra ID environments, demonstrating how attackers can achieve complete tenant compromise through previously unknown lateral movement techniques. These methods, presented at Black Hat USA 2025, expose critical vulnerabilities in…
Hackers Use Legitimate Drivers to Kill Antivirus Processes and Lower The System’s Defenses
In a sophisticated campaign first observed in October 2024, attackers have begun leveraging a legitimate driver to disable antivirus software across compromised networks. By abusing the ThrottleStop.sys driver—originally designed by TechPowerUp to manage CPU throttling—the malware gains kernel‐level memory access…