A severe vulnerability in the popular AI-powered code editor Cursor IDE, dubbed “CurXecute,” allows attackers to execute arbitrary code on developers’ machines without any user interaction. The vulnerability, tracked as CVE-2025-54135 with a high severity score of 8.6, affects all…
Tag: Cyber Security News
APT37 Hackers Weaponizes JPEG Files to Attack Windows Systems Leveraging “mspaint.exe”
A sophisticated new wave of cyberattacks attributed to North Korea’s notorious APT37 (Reaper) group is leveraging advanced malware hidden within JPEG image files to compromise Microsoft Windows systems, signaling a dangerous evolution in evasion tactics and fileless attack techniques. Security…
Interlock Ransomware Employs ClickFix Technique to Run Malicious Commands on Windows Machines
The cybersecurity landscape continues to evolve as threat actors develop increasingly sophisticated methods to compromise Windows systems. A new ransomware variant known as Interlock has emerged as a significant threat, leveraging the deceptive ClickFix social engineering technique to execute malicious…
Microsoft PlayReady DRM Used by Netflix, Amazon, and Disney+ Leaked Online
A significant security breach has compromised Microsoft’s PlayReady Digital Rights Management (DRM) system, exposing critical certificates that protect premium streaming content across major platforms including Netflix, Amazon Prime Video, and Disney+. The leak, which surfaced on GitHub through an account…
APT37 Hackers Weaponizes JPEG Files to Attack Windows Systems Leveraging “mspaint.exe” File
A sophisticated new wave of cyberattacks attributed to North Korea’s notorious APT37 (Reaper) group is leveraging advanced malware hidden within JPEG image files to compromise Microsoft Windows systems, signaling a dangerous evolution in evasion tactics and fileless attack techniques. Security…
Cybersecurity News Recap – Chrome, Gemini Vulnerabilities, Linux Malware, and Man-in-the-Prompt Attack
Welcome to this week’s edition of Cybersecurity News Recap! In this issue, we bring you the latest updates and critical developments across the threat landscape. Stay ahead of risks with key insights on newly discovered Chrome and Gemini vulnerabilities, the surge…
New Undectable Plague Malware Attacking Linux Servers to Gain Persistent SSH Access
A sophisticated Linux backdoor dubbed Plague has emerged as an unprecedented threat to enterprise security, evading detection across all major antivirus engines while establishing persistent SSH access through manipulation of core authentication mechanisms. Discovered by cybersecurity researchers at Nextron Systems,…
SonicWall Firewall Devices 0-day Vulnerability Actively Exploited by Akira Ransomware
A suspected zero-day vulnerability in SonicWall firewall devices that the Akira ransomware group is actively exploiting. The flaw allows attackers to gain initial access to corporate networks through SonicWall’s SSL VPN feature, leading to subsequent ransomware deployment. In late July…
SafePay Ransomware Infected 260+ Victims Across Multiple Countries
A new ransomware threat has emerged as one of the most aggressive cybercriminal operations of 2025, with SafePay ransomware claiming responsibility for over 265 successful attacks spanning multiple continents. The group, which first appeared in September 2024 with limited activity…
Lazarus Hackers Weaponized 234 Packages Across npm and PyPI to Infect Developers
A sophisticated cyber espionage campaign targeting software developers has infiltrated two of the world’s largest open source package repositories, with North Korea’s notorious Lazarus Group successfully deploying 234 malicious packages across npm and PyPI ecosystems. Between January and July 2025,…
Hackers Abuse Microsoft 365’s Direct Send Feature to Deliver Internal Phishing Attacks
Cybercriminals have discovered a sophisticated new attack vector by exploiting Microsoft 365’s Direct Send feature to deliver phishing campaigns that masquerade as legitimate internal communications. This emerging threat leverages a legitimate Microsoft service designed for multifunction printers and legacy applications,…
11,000 Android Devices Hacked by Chinese Threats Actors to Deploy PlayPraetor Malware
A sophisticated malware-as-a-service operation orchestrated by Chinese-speaking threat actors has successfully compromised over 11,000 Android devices worldwide through the deployment of PlayPraetor, a powerful Remote Access Trojan designed for on-device fraud. The campaign represents a significant escalation in mobile banking…
LockBit Operators Using Stealthy DLL Sideloading Technique to Load Malicious App as Legitimate One
LockBit ransomware operators have adopted an increasingly sophisticated approach to evade detection by leveraging DLL sideloading techniques that exploit the inherent trust placed in legitimate applications. This stealthy method involves tricking legitimate, digitally signed applications into loading malicious Dynamic Link…
Qilin Ransomware Surging Following The Fall of dominant RansomHub RaaS
The ransomware landscape experienced a significant shift in the second quarter of 2025 as Qilin ransomware emerged as the dominant threat following the unexpected collapse of RansomHub, previously the most prolific ransomware-as-a-service operation. This transition has reshaped the cybercriminal ecosystem,…
Storm-2603 Using Custom Malware That Leverages BYOVD to Tamper with Endpoint Protections
A newly identified threat actor designated Storm-2603 has emerged as a sophisticated adversary in the ransomware landscape, leveraging advanced custom malware to circumvent endpoint security protections through innovative techniques. The group first gained attention during Microsoft’s investigation into the “ToolShell”…
Threat Actors Leverage Compromised Email Accounts for Targeted Phishing Attacks
Cybercriminals are increasingly sophisticated in their phishing attacks, with threat actors now leveraging compromised email accounts from trusted sources to bypass security controls and enhance campaign legitimacy. Recent incident response data reveals phishing remains a dominant attack vector, accounting for…
Secret Blizzard Group’s ApolloShadow Malware Install Root Certificates on Devices to Trust Malicious Sites
A sophisticated cyberespionage campaign targeting foreign embassies in Moscow has been uncovered, revealing the deployment of a custom malware strain designed to manipulate digital trust mechanisms. The Russian state-sponsored threat group Secret Blizzard has been orchestrating an adversary-in-the-middle operation since…
APT36 Hackers Weaponizing PDF Files to Attack Indian Railways, Oil & Government Systems
The Pakistan-linked Advanced Persistent Threat (APT) group APT36, also known as Transparent Tribe, has significantly expanded its cyber operations beyond traditional military targets to encompass critical Indian infrastructure including railway systems, oil and gas facilities, and key government ministries. This…
LLMs Accelerating Offensive R&D, Helps to Identify and Exploit Trapped COM Objects
The cybersecurity landscape has witnessed a significant evolution in offensive research methodologies with the integration of Large Language Models (LLMs) into malware development workflows. Security researchers at Outflank have pioneered the use of artificial intelligence to accelerate the discovery and…
Threat Actors Impersonating Microsoft OAuth Applications to Steal Login Credentials
A sophisticated phishing campaign exploiting Microsoft OAuth applications has emerged as a significant threat to enterprise security, with cybercriminals successfully bypassing multifactor authentication systems to steal user credentials. The campaign, which began in early 2025 and remains ongoing, leverages fake…