A severe security vulnerability in OnePlus OxygenOS has been discovered that allows any installed application to read SMS and MMS messages without requesting permission or notifying users. The flaw, designated CVE-2025-10184, affects multiple OnePlus devices running OxygenOS versions 12 through…
Tag: Cyber Security News
Weaponized Malwarebytes, LastPass, Citibank, SentinelOne, and Others on GitHub Deliver Malware
In recent weeks, cybersecurity teams have observed a surge in malicious GitHub repositories masquerading as legitimate security and financial software. Threat actors have crafted convincing forks of projects bearing names like Malwarebytes, LastPass, Citibank, and SentinelOne, populated with trojanized installers…
Hackers Can Bypass EDR by Downloading a Malicious File as an In-Memory PE Loader
A sophisticated technique that allows attackers to execute malicious code directly in memory is gaining traction, posing a significant challenge to modern Endpoint Detection and Response (EDR) solutions. This method, which involves an in-memory Portable Executable (PE) loader, enables a…
UK Police Arrested Man Linked to Ransomware Attack That Crippeled European Airports
A man in his forties has been arrested in West Sussex, England, in connection with a cyber-attack that has caused days of widespread disruption at several major European airports, including London’s Heathrow. The UK’s National Crime Agency (NCA) confirmed the…
New YiBackdoor Allows Attackers to Execute Arbitrary Commands and Exfiltrate Sensitive Data from Hacked Systems
A sophisticated new malware family dubbed YiBackdoor has emerged in the cybersecurity landscape, posing a significant threat to organizations worldwide. First observed in June 2025, this malicious software represents a concerning evolution in backdoor technology, featuring advanced capabilities that enable…
ShadowV2 Botnet Exploits Docker Containers on AWS to Turn Thems as Infected System for DDoS Attack
A sophisticated cybercrime campaign has emerged that transforms legitimate AWS infrastructure into weaponized attack platforms through an innovative combination of containerization and distributed denial-of-service capabilities. The ShadowV2 botnet represents a significant evolution in cyber threats, leveraging exposed Docker daemons on…
Hackers Exploiting Libraesva Email Security Gateway Vulnerability to Inject Malicious Commands
Libraesva has issued an emergency patch for a significant command injection vulnerability in its Email Security Gateway (ESG) after confirming state-sponsored hackers exploited it. The flaw, identified as CVE-2025-59689, allowed attackers to execute arbitrary commands by sending a malicious email…
CISA Warns of Shai-Hulud Self-Replicating Worm Compromised 500+ Packages in npm Registry
CISA has issued an urgent security Alert in response to a large-scale software supply chain attack on npmjs.com, the world’s largest JavaScript package registry. A self-replicating worm, dubbed Shai-Hulud, has infiltrated more than 500 npm packages and injected malicious code…
Hackers Exploit WerFaultSecure.exe Tool to Steal Cached Passwords From LSASS on Windows 11 24H2
Threat actors are leveraging the legacy Windows error‐reporting utility WerFaultSecure.exe to extract the memory region of the Local Security Authority Subsystem Service (LSASS.EXE) and harvest cached credentials from fully patched Windows 11 24H2 systems. After gaining initial access to a…
CISA Warns of Google Chrome 0-Day Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a high-severity zero-day vulnerability in Google Chrome that is being actively exploited in attacks. The vulnerability, tracked as CVE-2025-10585, has been added to CISA’s Known Exploited Vulnerabilities…
CISA Details That Hackers Gained Access to a U.S. Federal Agency Network Via GeoServer RCE Vulnerability
CISA has released a comprehensive cybersecurity advisory detailing how threat actors successfully compromised a U.S. federal civilian executive branch agency’s network by exploiting CVE-2024-36401, a critical remote code execution vulnerability in GeoServer. The incident, which remained undetected for three weeks,…
Kali Linux 2025.3 Released With New Features and 10 New Hacking Tools
Kali team has released Kali Linux 2025.3, the third major update of the year for the popular penetration testing and ethical hacking distribution. This release introduces 10 new tools, brings significant updates to its mobile platform, Kali NetHunter, and enhances…
Chrome High-severity Vulnerabilities Let Attackers Access Sensitive Data and Crash System
Google has issued an urgent security update for its Chrome web browser to address three high-severity vulnerabilities that could allow attackers to access sensitive information or cause the system to crash. The company is advising users to update their browsers…
Threat Actors Breaking to Enterprise Infrastructure Within 18 Minutes From Initial Access
Cybersecurity professionals are facing an unprecedented acceleration in threat actor capabilities as the average breakout time—the period from initial access to lateral movement—has plummeted to a mere 18 minutes during the June-August 2025 reporting period. This alarming statistic represents a…
Zloader Malware Repurposed to Act as Entry Point Into Corporate Environments to Deploy Ransomware
Zloader, a sophisticated Zeus-based modular trojan that first emerged in 2015, has undergone a significant transformation from its original banking-focused operations to become a dangerous entry point for ransomware attacks in corporate environments. Originally designed to facilitate financial fraud, this…
New Malware in npm Package Steals Browser Passwords Using Steganographic QR Code
A sophisticated malware campaign has emerged in the npm ecosystem, utilizing an innovative steganographic technique to conceal malicious code within QR codes. The malicious package, identified as “fezbox,” presents itself as a legitimate JavaScript/TypeScript utility library while secretly executing password-stealing…
Beware of Fake Online Speedtest Application With Obfuscated JS Codes
A sophisticated malware campaign has emerged that leverages fake online speed test applications to deploy obfuscated JavaScript payloads on Windows systems. These malicious utilities masquerade as legitimate network speed testing tools, manual readers, PDF utilities, and various search frontends to…
Hackers Weaponizing SVG Files to Stealthily Deliver Malicious Payloads
Cybercriminals have embraced a new deceptive technique that transforms seemingly harmless vector graphics into dangerous malware delivery systems. A recent campaign targeting Latin America demonstrates how attackers are exploiting oversized SVG files containing embedded malicious payloads to distribute AsyncRAT, a…
Nimbus Manticore Attacking Defense and Telecom Sectors With New Malware
The Iranian threat actor known as Nimbus Manticore has intensified its campaign targeting defense manufacturing, telecommunications, and aviation sectors across Western Europe with sophisticated new malware variants. This mature advanced persistent threat group, also tracked as UNC1549 and Smoke Sandstorm,…
U.S. Secret Service Dismantles 300 SIM Servers and 100,000 SIM Cards Disabling Cell Phone Towers
The U.S. Secret Service has dismantled a massive, sophisticated network of electronic devices in the New York tristate area, thwarting what it described as an “imminent threat” to senior U.S. government officials and the agency’s protective operations. The operation led…