China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies acr…
The Scam That Won’t Quit: Malicious “TradingView Premium” Ads Jump from Meta to Google and YouTube
Over the past year, Bitdefender researchers have been monitoring a persistent malicious campaign that initially spread via Facebook Ads,…
Teen suspected of Vegas casino cyberattacks released to parents
A 17-year-old hacker who surrendered to face charges over cyberattacks targeting Vegas casinos in 2023 has been released into the custody of…
Microsoft will offer free Windows 10 security updates in Europe
Microsoft will offer free extended security updates for Windows 10 users in the European Economic Area (EEA), which includes Iceland,…
CTEM's Core: Prioritization and Validation
Despite a coordinated investment of time, effort, planning, and resources, even the most up-to-date cybersecurity systems continue to fail.…
Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More
Welcome to this week's Threatsday Bulletin—your Thursday check-in on the latest twists and turns in cybersecurity and hacking. The…
Chinese Hackers Use 'BRICKSTORM' Backdoor to Breach US Firms
Chinese cyber threat actors are suspected of deploying a recently identified backdoor to get a foothold into the systems of US organizations…
Co-op Records £206m Revenue Loss Following Cyber-Attack
The Co-op has revealed that it has lost approximately £206m ($277m) in revenue as a direct result of the “malicious” cyber-attack it…
Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems
Thousands of companies using Fortra’s GoAnywhere Managed File Transfer (MFT) solution are facing an immediate threat of full system…
Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds
The latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year increase in total attack volume. The…
Experts Warn of Global Breach Risk from Indian Suppliers
Global supply chains could be at risk after a new report revealed a surprisingly high share of Indian vendors have suffered a third-party…
China-Linked Hackers Hit US Tech Firms with BRICKSTORM Malware
A group of hackers with links to China has been caught running a long-term spying operation against US companies. Cybersecurity researchers at…
NCA Arrest Man as HardBit Ransomware Blamed for Airport Outages
British investigators have arrested a man in connection with a suspected ransomware attack which continues to cause flight delays across…
Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and…
Gcore Radar Report Reveals 41% Surge in DDoS Attack Volumes
Luxembourg, Luxembourg, September 25th, 2025, CyberNewsWire Gcore, the global edge AI, cloud, network, and security solutions provider, today…
Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software
Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary…
Critical DNN Platform Vulnerability Let Attackers Execute Malicious Scripts
A critical stored cross-site scripting vulnerability has emerged in the popular DotNetNuke (DNN) Platform, threatening websites powered by…
Cisco SNMP Flaw (CVE-2025-20352) Actively Exploited: Patch Now to Stop Root Access!
Cisco has issued a security advisory warning of a critical flaw in its IOS and IOS XE Software, tracked as CVE-2025-20352 with a CVSS score of…
US Federal Agency Breached Via GeoServer Vulnerability
IntroductionIn September 2025, CISA confirmed that a major breach had impacted a US federal agency through the exploitation of a critical…
Hidden Backdoors in WordPress: How Attackers Use Fake Plugins and Core Files for Persistent Access
Security researcher Puja Srivastava from Sucuri uncovered two malicious files designed to guarantee persistent attacker access by manipulating…
New Phishing Campaign Targets PyPI Maintainers with Fake Domain
The Python Package Index (PyPI) is once again the target of a phishing campaign aimed at maintainers, with attackers using domain confusion…
CVE-2025-41715 (CVSS 9.8): Unauthenticated Flaw Exposes WAGO Industrial Databases
VDE CERT has issued a security advisory disclosing two vulnerabilities in WAGO Device Sphere and WAGO Solution Builder, software widely used…
ShadowV2: How a New DDoS Botnet Mimics Cloud-Native Apps
The login UI | Image: Darktrace Researchers at Darktrace have identified a sophisticated new campaign that merges traditional malware…
New Supermicro BMC flaws can create persistent backdoors
Two vulnerabilities affecting the firmware of Supermicro hardware, including Baseboard Management Controller (BMC) allow attackers to…
OpenAI is testing a new GPT-5-based AI agent "GPT-Alpha"
OpenAI is internally testing a new version of its AI agent, which uses a special version of GPT-5 dubbed "GPT-Alpha." Earlier today, OpenAI…
Kali Linux 2025.3 released with 10 new tools, wifi enhancements
Kali Linux has released version 2025.3, the third version of 2025, featuring ten new tools, Nexmon support, and NetHunter improvements. Kali…
Cisco IOS 0-Day RCE Vulnerability Actively Exploited in the Wild
Cisco has disclosed a zero-day vulnerability, CVE-2025-20352, in its widely used IOS and IOS XE software, confirming it is being actively…
PSF Warns of Fake PyPI Login Site Stealing User Credentials
The Python Software Foundation (PSF) is warning developers about a fresh phishing campaign that targets users of the Python Package Index…
Cisco warns of IOS zero-day vulnerability exploited in attacks
Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that is currently being…
CVE-2025-23298: Getting Remote Code Execution in NVIDIA Merlin
While investigating the security posture of various machine learning (ML) and artificial intelligence (AI) frameworks, the Trend Micro Zero…
Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike
A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning…
Unpatched flaw in OnePlus phones lets rogue apps text messages
A vulnerability in multiple versions of OxygenOS, the Android-based operating system from OnePlus, allows any installed app to access SMS data…
npm Package Uses QR Code Steganography to Steal Credentials
A malicious npm package named Fezbox has been found using an unusual technique to conceal harmful code. The package employs a QR code as part…
Police seizes $439 million stolen by cybercrime rings worldwide
In a five-month joint operation led by Interpol, law enforcement agencies have seized more than $439 million in cash and cryptocurrency linked…
Artificial Intelligence – Supported Internet of Things Security
Milica D. DjekicSeptember 24, 2025 Transforming digital technology landscape and encompassing global product and service marketplace are…
ShadowV2 Botnet Exposes Rise of DDoS-as-a-service Platforms
A new campaign that combines traditional malware with modern DevOps tooling has been observed by cybersecurity analysts. The ShadowV2 DDoS…
UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors
Companies in the legal services, software-as-a-service (SaaS) providers, Business Process Outsourcers (BPOs), and technology sectors in the…
Google warns China-linked spies lurking in 'numerous' enterprises since March
Unknown intruders – likely China-linked spies – have broken into "numerous" enterprise networks since March and deployed…
Google: Brickstone malware used to steal U.S. orgs' data for over a year
Suspected Chinese hackers have used the Brickstorm malware in long-term persistence espionage operations against U.S. organizations in the…
UK arrests suspect for RTX ransomware attack causing airport disruptions
The UK's National Crime Agency has arrested a suspect linked to a ransomware attack that is causing widespread disruptions across European…
Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models
Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the…
SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399)
SolarWinds has fixed yet another unauthenticated remote code execution vulnerability (CVE-2025-26399) in Web Help Desk (WHD), its popular…
PyPI urges users to reset credentials after new phishing attacks
The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset…