Yurei ransomware first emerged in early September 2025, targeting Windows environments with a sophisticated Go-based payload designed for rapid, large-scale encryption. Once executed, the malware enumerates all accessible local and network drives, appends a .Yurei extension to each file, and…
Tag: Cyber Security News
Google’s New AI Agent, CodeMender, Automatically Rewrites Vulnerable Code
Google has introduced CodeMender, a new artificial intelligence-powered agent that automatically enhances software security by identifying and fixing vulnerabilities. This initiative addresses the growing gap between the rapid, AI-assisted discovery of security flaws and the time-consuming manual effort required to…
TamperedChef Malware as PDF Editor Harvest Browser Credentials and Allows Backdoor Access
In recent weeks, security teams have observed a surge in malvertising campaigns distributing what appears to be a fully functional PDF editor. Dubbed TamperedChef, this malware masquerades as a legitimate application—AppSuite PDF Editor—leveraging convincing advertisements to lure European organizations and…
OpenAI Banned ChatGPT Accounts Used by Chinese and North Korean Hackers to Develop Malware
OpenAI announced it has banned a series of ChatGPT accounts linked to Chinese state-affiliated hacking groups that used the AI models to refine malware and create phishing content. The October 2025 report details the disruption of several malicious networks as…
PoC Exploit Released for Critical Lua Engine Vulnerabilities
Three newly disclosed vulnerabilities have been identified in the Lua scripting engine of Redis 7.4.5, each presenting severe risks of remote code execution and privilege escalation. Redrays has released a detailed proof-of-concept (PoC) to exploit these vulnerabilities, which is now…
Hackers Weaponizing WordPress Websites by Injecting Malicious PHP Codes Silently
WordPress websites have become a prime target for threat actors seeking to monetize traffic and compromise visitor security. In recent months, a new malvertising campaign has emerged, leveraging silent PHP code injections within theme files to serve unwanted third-party scripts.…
Multiple Chrome Vulnerabilities Expose Users to Arbitrary Code Execution Attacks
Google has released Chrome version 141.0.7390.65/.66 for Windows and Mac, along with 141.0.7390.65 for Linux, addressing multiple critical security vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update, announced on October 7, 2025, includes three…
Attacks on Palo Alto PAN-OS Global Protect Login Portals Surge from 2,200 IPs
A massive escalation in attacks targeting Palo Alto Networks PAN-OS GlobalProtect login portals, with over 2,200 unique IP addresses conducting reconnaissance operations as of October 7, 2025. This represents a significant surge from the initial 1,300 IPs observed just days…
CISA Warns of Zimbra Collaboration Suite (ZCS) XSS Zero-Day Vulnerability Actively Exploited in Attacks
CISA has issued a critical warning regarding a zero-day cross-site scripting (XSS) vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS), designated as CVE-2025-27915. This vulnerability has been actively exploited in attacks and poses significant risks to organizations using the popular email…
BK Technologies Data Breach – Hackers Compromise IT Systems and Exfiltrate Data
BK Technologies Corporation, a provider of communications equipment for public safety and government agencies, has disclosed a cybersecurity incident in which an unauthorized third party breached its information technology systems and potentially exfiltrated sensitive data. In a recent Form 8-K…
Why Threat Prioritization Is the Key SOC Performance Driver
CISOs face a paradox in their SOCs every day: more data and detections than ever before, yet limited capacity to act on them effectively. Hundreds of alerts stream in daily, but without clear prioritization, the team’s focus is scattered. Critical…
Microsoft Warns of Hackers Abuse Teams Features and Capabilities to Deliver Malware
Microsoft has issued a warning that both cybercriminals and state-sponsored threat actors are increasingly abusing the features and capabilities of Microsoft Teams throughout their attack chains. The platform’s extensive adoption for collaboration makes it a high-value target, with its core…
Cisco ASA/FTD 0-Day Vulnerability Exploited for Authentication Bypass – PoC Released
Cisco has released advisories for a zero-day exploit chain affecting its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software, which is reportedly being used in highly targeted attacks by an unknown threat actor. According to…
Threat Actors Behind WARMCOOKIE Malware Added New Features to It’s Arsenal
The WARMCOOKIE backdoor first surfaced in mid-2024, delivered primarily via recruiting-themed phishing campaigns that coaxed victims into executing malicious documents. Initially designed as a lightweight implant for remote command execution, its modular codebase enabled rapid adaptation to new objectives. Over…
CrowdStrike Warns of New Mass Exploitation Campaign Leveraging Oracle E-Business Suite 0-Day
A widespread campaign observed exploiting a novel zero-day vulnerability in Oracle E-Business Suite (EBS) applications, now tracked as CVE-2025-61882. First observed on August 9, 2025, this unauthenticated remote code execution (RCE) flaw is being weaponized to bypass authentication, deploy web…
Researchers Reversed Asgard Malware Protector to Uncover it’s Antivirus Bypass Techniques
In recent months, security researchers have turned their attention to Asgard Protector, a sophisticated crypter employed by cybercriminals to obfuscate and deploy malicious payloads. First advertised on underground forums in late 2023, Asgard Protector has gained traction among threat actors…
Red Hat Breach Exposes 5000+ High Profile Enterprise Customers at Risk
A sophisticated cyberattack has compromised Red Hat Consulting’s infrastructure, potentially exposing sensitive data from over 5,000 enterprise customers worldwide. The breach, executed by the extortion group Crimson Collective, has raised serious concerns about the security of critical business documentation and…
Kibana Crowdstrike Connector Vulnerability Exposes Protected Credentials
Elastic has released a security advisory detailing a medium-severity vulnerability in the Kibana CrowdStrike Connector that could allow for the exposure of sensitive credentials. The flaw, tracked as CVE-2025-37728, affects multiple versions of Kibana and could allow a malicious user…
GoAnywhere 0-Day RCE Vulnerability Exploited in the Wild to Deploy Medusa Ransomware
A critical deserialization flaw in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035, has already been weaponized by the Storm-1175 group to execute the Medusa ransomware. The vulnerability affects GoAnywhere MFT versions up to 7.8.3. It resides in the License Servlet…
CISA Warns of Windows Privilege Escalation Vulnerability Exploited in Attacks
CISA has issued an urgent security advisory, adding Microsoft Windows privilege escalation vulnerability CVE-2021-43226 to its Known Exploited Vulnerabilities (KEV) catalog on October 6, 2025. The vulnerability affects the Microsoft Windows Common Log File System (CLFS) Driver and poses significant…