A recent wave of attacks leveraging malicious Windows shortcut files (.LNK) has put security teams on high alert. Emerging in late August 2025, this new LNK malware distribution exploits trusted Microsoft binaries to bypass endpoint protections and execute payloads without…
Tag: Cyber Security News
Hackers Leverage GitHub Notifications to Mimic as Y Combinator to Steal Funds from Wallets
Cybercriminals have orchestrated a sophisticated phishing campaign exploiting GitHub’s notification system to impersonate the prestigious startup accelerator Y Combinator, targeting developers’ cryptocurrency wallets through fake funding opportunity notifications. The attack leverages GitHub’s issue tracking system to mass-distribute phishing notifications, bypassing…
COLDRIVER APT Group Uses ClickFix To Deliver a New PowerShell-Based Backdoor BAITSWITCH
In recent weeks, security researchers have observed a surge in targeted attacks attributed to the COLDRIVER advanced persistent threat (APT) group. This adversary has introduced a new PowerShell-based backdoor, dubbed BAITSWITCH, which exhibits sophisticated command-and-control techniques while blending into legitimate…
New BRICKSTORM Stealthy Backdoor Attacking Tech and Legal Sectors
BRICKSTORM has surfaced as a highly evasive backdoor targeting organizations within the technology and legal industries, exploiting trust relationships to infiltrate critical networks. First detected in mid-2025, this malware leverages multi-stage loaders and covert communication channels to avoid detection. Early…
SetupHijack Tool Exploits Race Conditions and Insecure File Handling in Windows Installer Processes
SetupHijack, an open-source research utility, has emerged as a powerful method for red teaming and security research by targeting race conditions and insecure file handling within Windows installer and update mechanisms. By polling world-writable directories such as %TEMP%, %APPDATA%, and…
ZendTo Vulnerability Let Attackers Bypass Security Controls and Access Sensitive Data
A critical path traversal flaw in ZendTo has been assigned CVE-2025-34508 researchers discovered that versions 6.15–7 and prior enable authenticated users to manipulate file paths and retrieve sensitive data from the host system. This issue underscores the persistent risk in…
New LockBit 5.0 Ransomware Variant Attacking Windows, Linux, and ESXi Systems
Following a major law enforcement disruption in February 2024, the notorious LockBit ransomware group has resurfaced, marking its sixth anniversary with the release of a new version: LockBit 5.0. Trend Micro has identified and analyzed binaries for Windows, Linux, and…
Volvo Group Discloses Data Breach After Ransomware Attack on HR Supplier
Volvo Group North America has begun notifying employees and associates about a data breach that exposed their personal information, including names and Social Security numbers. The security incident did not originate within Volvo’s own networks but was the result of…
NVIDIA Merlin Vulnerability Allow Attacker to Achieve Remote Code Execution With Root Privileges
A critical vulnerability in NVIDIA’s Merlin Transformers4Rec library (CVE-2025-23298) enables unauthenticated attackers to achieve remote code execution (RCE) with root privileges via unsafe deserialization in the model checkpoint loader. The discovery underscores the persistent security risks inherent in ML/AI frameworks’…
New Domain-fronting Attack Uses Google Meet, YouTube, Chrome and GCP to Tunnel Traffic
Organizations commonly allow traffic to core services like Google Meet, YouTube, Chrome update servers, and Google Cloud Platform (GCP) to ensure uninterrupted operations. A newly demonstrated domain fronting technique weaponizes this trust to establish covert command-and-control (C2) channels, enabling attackers…
Numerous Applications Using Google’s Firebase Platform Leaking Highly Sensitive Data
Numerous mobile applications have been found to expose critical user information through misconfigured Firebase services, allowing unauthenticated attackers to access databases, storage buckets, Firestore collections, and Remote Config secrets. This widespread issue first came to light when security researcher Mike…
Linux Kernel ksmbd Vulnerability Allows Remote Attackers to Execute Arbitrary Code
A severe vulnerability in the Linux kernel’s ksmbd SMB server implementation has been disclosed, potentially allowing authenticated remote attackers to execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2025-38561 and assigned a CVSS score of 8.5, represents a…
BMC Firmware Vulnerabilities Allow Attackers to Bypass Signature Verification Features
Critical vulnerabilities discovered in Supermicro Baseboard Management Controller (BMC) firmware have exposed a troubling pattern where inadequate security fixes create new attack vectors, allowing sophisticated adversaries to bypass signature verification mechanisms and maintain persistent control over enterprise server infrastructure. These…
Hackers Exploiting Hikvision Camera Vulnerability to Access Sensitive Information
A critical vulnerability in Hikvision security cameras, first disclosed in 2017, is being actively exploited by hackers to gain unauthorized access to sensitive information. SANS researchers observed a recent surge in malicious activity targeting a specific flaw, identified as CVE-2017-7921,…
Banking Trojans Attacking Android Users Mimic as Government and Legitimate Payment Apps
A sophisticated cybercriminal campaign has emerged targeting Indonesian and Vietnamese Android users with banking trojans disguised as legitimate government identity applications and payment services. The malicious operation, active since approximately August 2024, employs advanced evasion techniques to deliver variants of…
Cisco IOS 0-Day RCE Vulnerability Actively Exploited in the Wild
Cisco has disclosed a zero-day vulnerability, CVE-2025-20352, in its widely used IOS and IOS XE software, confirming it is being actively exploited in the wild. The flaw exists in the Simple Network Management Protocol (SNMP) subsystem and can allow a…
Malicious SVGs in Phishing Campaigns: How to Detect Hidden Redirects and Payloads
Phishing campaigns are getting harder to spot, sometimes hiding in files you’d never suspect. ANY.RUN’s cybersecurity analysts recently uncovered one such case: a malicious SVG disguised as a PDF, hosted on a legitimate domain and packed with hidden redirects. By…
Hackers Can Compromise Chromium Browsers in Windows by Loading Arbitrary Extensions
Chromium-based browsers, including Chrome, Edge, and Brave, manage installed extensions via JSON preference files stored under %AppData%\Google\User Data\Default\Preferences (for domain-joined machines) or Secure Preferences (for standalone systems). Synacktiv research indicates that by directly altering these files, attackers can make the browser…
New North Korean IT Worker With Innocent Job Application Get Access to Organization’s Network
In recent months, a sophisticated threat actor leveraging North Korean IT worker employment fraud has surfaced, demonstrating how social engineering can bypass traditional security controls. The adversary’s modus operandi involves posing as remote software engineers, submitting legitimate-looking résumés, completing coding…
Salesforce CLI Installer Vulnerability Let Attackers Execute Code and Gain SYSTEM-Level Access
A critical vulnerability in the Salesforce CLI installer (sf-x64.exe) enables attackers to achieve arbitrary code execution, privilege escalation, and SYSTEM-level access on Windows systems. Tracked as CVE-2025-9844, the flaw stems from improper handling of executable file paths by the installer,…