Tag: Cyber Security News

A malicious Chrome extension called MEXC API Automator is abusing trust in browser add-ons to steal cryptocurrency trading access from MEXC users. Posed as a tool that helps automate trading and API key creation, it quietly takes control of newly…

Read more →

Hikvision, a leading provider of surveillance and access control systems, faces serious security risks from two newly disclosed stack overflow vulnerabilities. These flaws, tracked as CVE-2025-66176 and CVE-2025-66177, allow attackers on the same local area network (LAN) to trigger device…

Read more →

A stealthy flaw in Telegram’s mobile clients that lets attackers unmask users’ real IP addresses with a single click, even those hiding behind proxies. Dubbed a “one-click IP leak,” the vulnerability turns seemingly innocuous username links into potent tracking weapons.…

Read more →

Attackers have successfully infiltrated n8n’s community node ecosystem using a malicious npm package disguised as a legitimate Google Ads integration tool. The attack reveals a critical vulnerability in how workflow automation platforms handle third-party integrations and user credentials. The malicious…

Read more →

Google announced Monday it’s integrating its Gemini AI model into Gmail, introducing features that transform the email service into a proactive personal assistant for its 3 billion users. The company is launching AI Overviews, a feature that synthesizes long email threads…

Read more →

VirusTotal has released YARA-X version 1.11.0, introducing an important new feature designed to improve rule reliability and reduce false negatives in malware detection. The latest update introduces hash-function warnings that help security researchers catch common mistakes when writing YARA detection rules.…

Read more →

InvisibleJS, a new open-source tool that conceals JavaScript code using invisible zero-width Unicode characters, raises alarms about potential misuse in malware campaigns. InvisibleJS, hosted on GitHub by developer With alias oscarmine, employs steganography to embed source code into seemingly blank…

Read more →

The surge in Electronic Health Records (EHRs), telemedicine, and interconnected medical devices has forged a intricate healthcare ecosystem ripe for cyber exploitation. Robust network security solutions are non-negotiable to shield sensitive patient data from advanced threats. Healthcare-focused providers deliver multi-layered…

Read more →

India faces an unprecedented surge in mobile malware attacks, with a staggering 38% increase in threats compared to the previous year, according to the latest findings from the Zscaler ThreatLabz 2025 Mobile, IoT, and OT Threat Report. The country has…

Read more →

The cybersecurity landscape is experiencing a major shift in how attackers operate. Threat actors have moved away from traditional hunting methods like phishing emails and cold outreach. Instead, they are now creating sophisticated traps designed to make high-value targets walk…

Read more →

A critical XML external entity (XXE) injection vulnerability has been discovered in Apache Struts 2, potentially exposing millions of applications to data theft and server compromise. The vulnerability, tracked as CVE-2025-68493, affects multiple versions of the widely used framework and requires…

Read more →

Threat actor HawkSec claims to be auctioning a Discord dataset comprising 78,541,207 files. The collection, organized into messages, voice sessions, actions, and servers, stems from an abandoned OSINT/CSINT project spanning several months. HawkSec promoted the dataset in their Discord server,…

Read more →

Security researchers have identified critical vulnerabilities in React Router that allow attackers to access or modify server files via directory traversal. The flaws affect multiple packages within the React Router ecosystem and carry a CVSS v3 score of 9.8, classifying…

Read more →

The cryptocurrency crime landscape reached an unprecedented milestone in 2025, with illicit cryptocurrency addresses receiving at least 154 billion dollars. This staggering figure represents a 162 percent increase compared to the previous year, driven largely by nation-states moving into cryptocurrency…

Read more →

Cybersecurity threats continue to evolve with attackers using more creative social engineering techniques to target organizations. A recent threat has emerged involving the Guloader malware, which is being disguised as employee performance reports to trick users into downloading and executing…

Read more →

A new wave of attacks is using the ValleyRAT_S2 malware to quietly break into organizations, stay hidden for long periods, and steal sensitive financial information. ValleyRAT_S2 is the second-stage payload of the ValleyRAT family and is written in C++. Once…

Read more →

X has suspended the iconic @twitter handle on its platform, replacing its profile with a standard notice stating the account violates rules. Screenshots of the suspension screen began circulating widely late last week, igniting discussions about the platform’s rebranding efforts.…

Read more →

A severe global buffer overflow vulnerability has been discovered in the zlib untgz utility version 1.3.1.2. Allowing attackers to corrupt memory and potentially execute malicious code through specially crafted command-line input.​ The security flaw resides in the TGZfname() function of…

Read more →

Everest hacking group has allegedly claimed a major breach of Nissan Motor Co., Ltd., raising fresh concerns about data security at large automotive manufacturers. According to early reports, the cybercrime group says it exfiltrated around 900 GB of sensitive data…

Read more →

Critical vulnerabilities in InputPlumber, a Linux input device utility used in SteamOS, could allow attackers to inject UI inputs and cause denial-of-service conditions on affected systems. The SUSE researchers tracked as CVE-2025-66005 and CVE-2025-14338, which affect InputPlumber versions before v0.69.0 and stem from…

Read more →