Cybersecurity News
-
Google Vulnerability Allowed Hackers to Access User Phone Numbers
A security researcher has disclosed a critical vulnerability in Google’s account recovery system that allowed attackers to brute-force and obtain the phone numbers of any Google user. The vulnerability ,…
Read More » -
New Report Reveals Chinese Hackers Attempted to Breach SentinelOne Servers
SentinelLABS, a sophisticated reconnaissance operation targeting SentinelOne, a leading cybersecurity vendor, has been detailed as part of a broader espionage campaign linked to China-nexus threat actors. Tracked under the activity…
Read More » -
Seraphic Security Unveils BrowserTotal™ – Free AI-Powered Browser Security Assessment For Enterprises
Tel Aviv, Israel, June 9th, 2025, CyberNewsWire Available to the public and debuting at the Gartner Security & Risk Management Summit,BrowserTotal is a first of its kind browser security assessment…
Read More » -
New Mirai Variant Exploits TBK DVR Flaw for Remote Code Execution
The latest wave of Mirai botnet activity has resurfaced with a refined attack chain exploiting CVE-2024-3721, a critical command injection vulnerability in TBK DVR-4104 and DVR-4216 devices. This campaign leverages…
Read More » -
Scattered Spider Hackers Target Tech Company Help-Desk Administrators
A newly identified wave of cyberattacks by the notorious Scattered Spider hacking group has zeroed in on help-desk administrators at major technology companies, leveraging advanced social engineering techniques to breach…
Read More » -
DragonForce Ransomware Reportedly Compromised Over 120 Victims in the Past Year
DragonForce, a ransomware group first identified in fall 2023, has claimed over 120 victims in the past year, marking its rapid ascent as a formidable player in the ransomware ecosystem.…
Read More » -
ClickFix Attack Uses Fake Cloudflare Verification to Silently Deploy Malware
A newly identified social engineering attack dubbed “ClickFix” has emerged as a significant threat, leveraging meticulously crafted fake Cloudflare verification pages to trick users into executing malicious code on their…
Read More » -
Hundreds of Malicious GitHub Repos Targeting Novice Cybercriminals Traced to Single User
Sophos X-Ops researchers have identified over 140 GitHub repositories laced with malicious backdoors, orchestrated by a single threat actor associated with the email address ischhfd83[at]rambler[.]ru. Initially sparked by a customer…
Read More » -
Hackers Leverage New ClickFix Tactic to Exploit Human Error with Deceptive Prompts
A sophisticated social engineering technique known as ClickFix baiting has gained traction among cybercriminals, ranging from individual hackers to state-sponsored Advanced Persistent Threat (APT) groups like Russia-linked APT28 and Iran-affiliated…
Read More » -
New Rust-Developed InfoStealer Drains Sensitive Data from Chromium-Based Browsers
A newly identified information-stealing malware, crafted in the Rust programming language, has emerged as a significant threat to users of Chromium-based browsers such as Google Chrome, Microsoft Edge, and others.…
Read More » -
Iranian APT ‘BladedFeline’ Remains Hidden in Networks for 8 Years
ESET researchers have uncovered the persistent activities of BladedFeline, an Iranian-aligned Advanced Persistent Threat (APT) group, which has maintained covert access to the networks of Kurdish and Iraqi government officials…
Read More » -
Critical Dell PowerScale Vulnerability Allows Attackers Unauthorized Access to Filesystem
Dell Technologies has issued a critical security advisory (DSA-2025-208) for its PowerScale OneFS operating system, addressing multiple vulnerabilities that could allow malicious actors to compromise affected systems. The most severe…
Read More » -
Threat Actors Exploit Malware Loaders to Circumvent Android 13+ Accessibility Safeguards
Threat actors have successfully adapted to Google’s stringent accessibility restrictions introduced in Android 13 and later versions. These safeguards, rolled out in May 2022, were designed to prevent malicious applications…
Read More » -
AMOS macOS Stealer Evades Security to Deploy Malicious Code
A newly uncovered campaign involving an Atomic macOS Stealer (AMOS) variant has emerged, showcasing the evolving sophistication of multi-platform social engineering attacks. This campaign, discovered during routine attacker infrastructure analysis,…
Read More » -
Windows Authentication Coercion Attacks Present Major Risks to Enterprise Networks
Authentication coercion remains a potent attack vector in Windows environments, enabling attackers with even low-privileged domain accounts to force targeted systems, often high-value servers or domain controllers, to authenticate to…
Read More » -
Russian Hacker Black Owl Targets Critical Industries to Steal Financial Data
A pro-Ukrainian hacktivist group known as BO Team, also operating under aliases such as Black Owl, Lifting Zmiy, and Hoody Hyena, has emerged as a formidable threat to Russian organizations…
Read More »