A newly uncovered vulnerability in large language models (LLMs) has raised significant concerns about the security and ethical use of AI systems like OpenAI’s ChatGPT. Dubbed “Time Bandit,” this exploit manipulates the temporal reasoning capabilities of LLMs. This enables the…
Tag: Cyber Security News
Intruder Added Free Vulnerability Intelligence Platform ‘Intel’ with AI-Generated CVE Descriptions
Intel by Intruder now uses AI to contextualize NVD descriptions, helping security teams assess risk faster. Intruder, a leader in attack surface management, has launched AI-generated descriptions for Common Vulnerabilities and Exposures (CVEs) within its free vulnerability intelligence platform, Intel.…
Hackers Hiding Credit Card Stealer Script Within ![]()
Tag
Cybercriminals have developed a sophisticated method to steal credit card information by embedding malicious scripts within <img> tags on e-commerce websites. This technique, often associated with MageCart attacks, exploits the trustworthiness of image tags to evade detection while targeting platforms…
EagerBee Malware Attacking Government Entities & ISPs To Deploy Backdoor
A sophisticated malware framework dubbed EagerBee is actively targeting government agencies and Internet Service Providers (ISPs). EagerBee is actively targeting these organizations across the Middle East. While the EagerBee was found deploying advanced backdoor capabilities through novel technical implementations. The…
Earth Preta Abuse Microsoft Application Virtualization Injector To Inject Malicious Payloads
Advanced Persistent Threat (APT) group Earth Preta (a.k.a. Mustang Panda) has been observed weaponizing the Microsoft Application Virtualization Injector (MAVInject.exe) to bypass security software and implant backdoors in government systems across Asia-Pacific regions. The campaign, analyzed by Trend Micro’s Threat…
Free Security Incident Response Toolkit Released to Detect Cyber Intrusions
In a significant development for cybersecurity professionals and organizations worldwide, SecTemplates has announced the release of its Incident Response Program Pack 1.5, a free, open-source toolkit designed to streamline the implementation of robust security incident response protocols. This release provides…
Juniper Warns of Critical Authentication Bypass Vulnerability Affecting Multiple Products
Juniper Networks has issued an urgent security advisory addressing a critical API authentication bypass vulnerability (CVE-2025-21589) affecting its Session Smart Router, Session Smart Conductor, and WAN Assurance Managed Router product lines. The flaw, carrying a maximum CVSS base score of…
Indian Authorities Seize Loot From Collapsed BitConnect Crypto Scam
In a significant crackdown on one of India’s largest cryptocurrency frauds, the Enforcement Directorate (ED) has seized digital assets valued at ₹1,646 crore linked to the now-defunct BitConnect lending program. The operation, conducted under the Prevention of Money Laundering Act (PMLA),…
DarkMind A Novel Backdoor Attack Exploits Reasoning Capabilities of Customized LLMs
A groundbreaking study by researchers Zhen Guo and Reza Tourani at Saint Louis University has exposed a novel vulnerability in customized large language models (LLMs) like GPT-4o and LLaMA-3. Dubbed DarkMind, this backdoor attack exploits the reasoning capabilities of LLMs…
Unauthorized Access to Grok-3 AI Achieved via Client-Side Code Exploitation – Researcher Claim
A researcher with the handle “single mode” has demonstrated how client-side code manipulation can bypass access controls and gain unauthorized access to Grok-3, an AI model integrated into Elon Musk’s X platform. The exploit involves running a custom JavaScript snippet…
Vgod RANSOMWARE Encrypt Your Entire System and Set A Ransom Notes As Wallpaper
A new ransomware strain dubbed Vgod has emerged recently as a critical cybersecurity threat. This new ransomware employs advanced encryption techniques and psychological pressure tactics. While the ransomware do so by altering the desktop wallpapers of the targeted victims. First…
LibreOffice Vulnerabilities Let Attackers Write to Arbitrary File & Extract Values
Critical vulnerabilities in LibreOffice (CVE-2024-12425 and CVE-2024-12426) allow attackers to overwrite arbitrary files and retrieve sensitive system data via malicious documents. These flaws affect both desktop users and server-side implementations, posing significant risks to enterprises and individual users relying on…
WinRAR 7.10 Latest Version Released For 500 Million Users – What’s New
The latest version of the widely-used file compression tool, WinRAR 7.10, introduces a suite of significant updates aimed at enhancing user experience, performance, and security. Released on February 18, 2025, this iteration marks a major overhaul of the software’s interface,…
Beware of Fake Timesheet Report Email Leading to the Tycoon 2FA Phishing Kit
A new wave of phishing attacks is exploiting fake timesheet report emails to lure victims into the sophisticated Tycoon 2FA phishing kit. This campaign leverages Pinterest Visual Bookmarks as intermediaries, adding a deceptive layer of legitimacy to its tactics. Spider…
ChatGPT Operator Prompt Injection Exploit Leaking Private Data
OpenAI’s ChatGPT Operator, a cutting-edge research preview tool designed for ChatGPT Pro users, has recently come under scrutiny for vulnerabilities that could expose sensitive personal data through prompt injection exploits. ChatGPT Operator is an advanced AI agent equipped with web…
Ransomware Gangs Encrypt Systems After 17hrs From Initial Infection
New research reveals ransomware gangs are accelerating encryption timelines while adopting advanced evasion techniques and data extortion strategies. A 2025 threat report by cybersecurity firm Huntress reveals ransomware gangs now take just 17 hours on average to encrypt systems after…
Xerox Printers Vulnerability Let Attackers Capture Authentication Data From LDAP & SMB
Multiple vulnerabilities in enterprise-grade Xerox Versalink C7025 multifunction printers (MFPs) enable attackers to intercept authentication credentials from Lightweight Directory Access Protocol (LDAP) and Server Message Block (SMB) services. Designated as CVE-2024-12510 and CVE-2024-12511, these flaws allow malicious actors to execute…
CISA Warns of Apple iOS Vulnerability Exploited in Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and iPadOS, tracked as CVE-2025-24200, being actively exploited in targeted attacks. The flaw, an authorization bypass in Apple’s USB…
RansomHub Evolves To Attack Windows, ESXi, Linux and FreeBSD Operating Systems
The RansomHub ransomware group has rapidly emerged as one of the most prolific cybercrime syndicates of 2024–2025. As this ransomware group done by expanding its arsenal to target Windows, VMware ESXi, Linux, and FreeBSD systems in global attacks. RansomHub ransomware…
New XCSSET Malware Attacking macOS Users by Infecting Xcode Projects
Microsoft Threat Intelligence has identified an evolved iteration of the XCSSET malware family actively exploiting macOS developers via weaponized Xcode projects. This modular backdoor, first documented in 2020, now employs advanced obfuscation techniques, refined persistence mechanisms, and novel infection vectors…