Cybersecurity News
-
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Security Attacks
Security researchers at Straiker’s AI Research (STAR) team have uncovered Villager, an AI-native penetration testing framework developed by Chinese-based group Cyberspike that has already accumulated over 10,000 downloads within two…
Read More » -
Mustang Panda Uses SnakeDisk USB Worm and Toneshell Backdoor to Target Air-Gap Systems
IBM X-Force researchers have uncovered sophisticated new malware campaigns orchestrated by the China-aligned threat actor Hive0154, also known as Mustang Panda. The discovery includes an advanced Toneshell backdoor variant that…
Read More » -
Top 10 Best Breach and Attack Simulation (BAS) Tools in 2025
Best Breach and Attack Simulation (BAS) Tools In 2025, the cybersecurity landscape is defined by its complexity and the speed of modern threats. Security teams are overwhelmed by a fragmented…
Read More » -
Leveraging AI to Steal Browser Data and Evade Detection
EvilAI, a new malware family tracked by Trend™ Research, has emerged in recent weeks disguised as legitimate AI-driven utilities. These trojans sport professional user interfaces, valid code signatures, and functional…
Read More » -
HybridPetya Exploits UEFI Vulnerability to Bypass Secure Boot on Legacy Systems
ESET Research has uncovered a sophisticated new ransomware variant called HybridPetya, discovered on the VirusTotal sample sharing platform. This malware represents a dangerous evolution of the infamous Petya/NotPetya ransomware family,…
Read More » -
Microsoft Windows Defender Firewall Vulnerabilities Allow Privilege Escalation
Microsoft has released security advisories for four newly discovered vulnerabilities in its Windows Defender Firewall Service that could enable attackers to elevate privileges on affected Windows systems. The flaws, tracked…
Read More » -
Top 10 Best Mobile Application Penetration Testing Services in 2025
Mobile Application Penetration Testing is a critical cybersecurity service in 2025, focusing on a unique and rapidly evolving attack surface. These tests go beyond static code analysis to assess an…
Read More » -
Top 10 Best Cloud Penetration Testing Companies in 2025
Cloud is the foundation of modern business, but it comes with a complex and evolving security landscape. Traditional penetration testing, which focuses on on-premise networks and applications, is not sufficient…
Read More » -
Massive L7 DDoS Botnet Exploits 5.76M Hijacked Devices for Record Attacks
In a stark reminder of how vulnerable online services remain, Qrator Labs has revealed that a sprawling Layer 7 distributed denial-of-service (DDoS) botnet has swelled to over 5.76 million compromised…
Read More » -
Multiple Vulnerabilities in GitLab Patched, Blocking DoS and SSRF Attack Vectors
GitLab has released critical security updates across multiple versions to address six significant vulnerabilities that could enable denial-of-service attacks, server-side request forgery, and information disclosure. The company released versions 18.3.2,…
Read More » -
CyberVolk Ransomware Targets Windows Systems in Critical Infrastructure and Research Institutions
CyberVolk ransomware, which first emerged in May 2024, has escalated its operations against government agencies, critical infrastructure, and scientific institutions across Japan, France, and the United Kingdom. Operating with pro-Russian…
Read More » -
Microsoft September 2025 Patch Tuesday
Microsoft has released its September 2025 Patch Tuesday update, addressing a total of 81 security vulnerabilities across its product portfolio. This extensive release includes fixes for two zero-day vulnerabilities that…
Read More » -
Top 10 Best Internal Network Penetration Testing Providers in 2025
In a world of evolving threats, the security of an organization’s internal network is just as important as its external defenses. An internal network penetration test simulates a real-world attack…
Read More » -
U.S. Cracks Down on Scam Networks in Southeast Asia Draining Billions
In a sweeping effort to curb transnational cybercrime and human rights abuses, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) today imposed sanctions on a sprawling…
Read More » -
LunaLock Ransomware Attacking Artists to Steal and Encrypt Data
LunaLock, a newly surfaced ransomware strain, has launched a targeted campaign against independent artists and their clients, demanding a hefty ransom in exchange for stolen creative works and leaked personal…
Read More » -
Hackers Exploit Amazon SES to Blast Over 50,000 Malicious Emails Daily
A sophisticated cyberattack campaign where threat actors exploited compromised AWS credentials to hijack Amazon’s Simple Email Service (SES), launching large-scale phishing operations capable of sending over 50,000 malicious emails daily.…
Read More » -
Wealthsimple Data Breach – User Information Leaked Online
Canadian financial technology company Wealthsimple disclosed a data security incident on September 5, 2025, revealing that personal information belonging to less than one percent of its clients was accessed without…
Read More »