-
A sophisticated new Android malware family dubbed “Albiriox” has emerged on the cybercrime landscape, offering advanced remote access capabilities as a Malware-as-a-Service (MaaS). Identified by researchers at Cleafy, the malware is designed to execute On-Device Fraud (ODF) by granting attackers full control over infected devices, allowing them to bypass security measures and drain financial accounts. […] The post New Albiriox Malware Attacking Android Users to Take Complete Control of their Device appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Polish authorities have made a significant move in their cybercrime enforcement efforts by detaining a Russian national suspected of conducting unauthorized cyber attacks against local organizations. The arrest, made on November 16, 2025, marks a signi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council, and Hammersmith and Fulham Council confirmed they were targeted in the incident that began on Monday, November 24. The attack has forced officials to shut down systems as a p…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
KawaiiGPT emerges as an accessible, open-source tool that mimics the controversial WormGPT, providing unrestricted AI assistance via jailbroken large language models. Hosted on GitHub with over 188 stars and 52 forks, it requires no API keys and installs quickly on Linux or Termux environments. Users can deploy KawaiiGPT in minutes by updating packages, installing Python […] The post KawaiiGPT – Free WormGPT Variant Leveraging DeepSeek, Gemini, and Kimi-K2 AI Models appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated ClickFix campaign dubbed “JackFix” that uses fake adult websites to hijack screens with realistic Windows Update prompts, tricking users into running multistage malware payloads. Attackers mimic popular adult sites like xHamster clones to lure victims, likely via malvertising on shady platforms. Interaction with the phishing page triggers a full-screen overlay resembling a critical […] The post New “JackFix” Attack Leverages Windows Updates into Executing Malicious Commands appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
State-sponsored hackers from Russia and North Korea are collaborating on shared infrastructure, marking a significant shift in cyber geopolitics. Security researchers have uncovered evidence suggesting that Gamaredon, a Russia-aligned advanced persiste…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Canon has officially confirmed that it was targeted during the widespread hacking campaign exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS). The attack, orchestrated by the notorious Clop ransomware gang, has impacted dozens of major organizations worldwide. The group listed Canon on its dark web leak site, publishing the company’s domain alongside other […] The post Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new wave of ClickFix attacks is abusing highly realistic fake Windows Update screens and PNG image steganography to secretly deploy infostealing malware such as LummaC2 and Rhadamanthys on victim systems. The campaigns rely on tricking users into manually running a pre-staged command, turning simple social engineering into a multi-stage, file-light infection chain that is […] The post ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A massive supply chain attack targeting the NPM accounts of automation giant Zapier and the Ethereum Name Service (ENS). Identified by Aikido Security, the campaign is being orchestrated by the same threat actors responsible for the “Shai Hulud” self-propagating worm that first surfaced in September. This latest wave, self-titled “Shai Hulud: The Second Coming,” has […] The post Zapier’s NPM Account Hacked and Multiple Packages Infected with Self-propogating Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated cyberattack targeting Oracle E-Business Suite (EBS) customers has exposed critical vulnerabilities in enterprise resource planning systems, compromising an estimated 100 organizations worldwide between July and October 2025. The campaign, attributed to the notorious Clop ransomware group and linked to the financially motivated threat actor FIN11, exploited a zero-day vulnerability, CVE-2025-61882, to achieve unauthenticated […] The post Lessons from Oracle E-Business Suite Hack That Allegedly Compromises Nearly 30 Organizations Worldwide appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
