-
A sophisticated attack campaign has leveraged a previously unknown zero-day vulnerability in WhatsApp on Apple devices to target specific users, the company has confirmed. The vulnerability, now identified as CVE-2025-55177, was combined with a separate vulnerability in Apple’s operating systems to compromise devices and access user data. WhatsApp has since patched the vulnerability and has […] The post WhatsApp 0-Day Vulnerability Exploited to Hack Mac and iOS Users appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has confirmed that a security breach involving the Salesloft Drift platform is more extensive than initially reported, potentially compromising all authentication tokens connected to the service. The new findings from the Google Threat Intelligence Group (GTIG) indicate that the incident, previously thought to be limited to Salesforce integrations, affects all third-party applications connected to […] The post Google Confirms Potential Compromise of All Salesloft Drift Customer Authentication Tokens appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
TransUnion, one of the nation’s three major credit reporting agencies, has disclosed a significant data breach that exposed the personal information of more than four million U.S. customers. The company is now alerting affected individuals about the cyber incident, which involved unauthorized access to data stored on a third-party application. On July 28, 2025, TransUnion […] The post TransUnion Hack Exposes 4M+ Customers Personal Information appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated supply chain attack has compromised the popular Nx build platform, affecting millions of weekly downloads and resulting in widespread credential theft. The attack, dubbed “s1ngularity,” represents one of the most comprehensive credential harvesting campaigns targeting the developer ecosystem in 2025. GitGuardian observed that malicious actors infiltrated multiple Nx package versions (20.9.0 through 21.8.0) […] The post Nx Packages With Millions of Weekly Downloads Hacked With Credential Stealer Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated phishing campaign has been identified, where threat actors impersonate IT helpdesk personnel through Teams’ external communication features, exploiting the platform’s default configuration to bypass traditional email security measures and gain unauthorized screen-sharing and remote-control capabilities. The attacks leverage Teams’ external collaboration features, which are enabled by default in Microsoft 365 tenants, allowing attackers […] The post Hackers Exploit Microsoft Teams, Posing as IT Help Desk for Screen Sharing and Remote Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a sophisticated campaign uncovered during a recent Advanced Continual Threat Hunt (ACTH) by Trustwave’s SpiderLabs team, threat actors weaponized a legitimate remote management tool, ScreenConnect, to deploy the Xworm Remote Access Trojan (RAT) through a deceptive, multi-stage infection chain. By abusing fake AI-themed content and manipulating digital signatures, the attackers bypassed Endpoint Detection and […] The post Weaponized ScreenConnect RMM Tool Tricks Users into Downloading Xworm RAT appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals are increasingly weaponizing Microsoft Teams, exploiting the platform’s trusted role in corporate communications to deploy malware and seize control of victim systems. In a sophisticated campaign, threat actors are impersonating IT support staff in Microsoft Teams chats to trick employees into granting remote access, marking a dangerous evolution from traditional email-based phishing attacks. Social […] The post Hackers Abuse Microsoft Teams to Gain Remote Access With PowerShell-based Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
MathWorks, Inc., the developer of the popular MATLAB and Simulink software, confirmed today that it was the target of a significant cyberattack, resulting in the theft of sensitive personal information belonging to an undisclosed number of users. In a notice sent to affected individuals, the company disclosed that it discovered a security incident on May […] The post MathWorks Confirms Cyberattack, User Personal Information Stolen appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Anthropic has thwarted multiple sophisticated attempts by cybercriminals to misuse its Claude AI platform, according to a newly released Threat Intelligence report. Despite layered safeguards designed to prevent harmful outputs, malicious actors have adapted to exploit Claude’s advanced capabilities, weaponizing agentic AI to execute large-scale extortion, employment fraud, and ransomware operations. In one high-profile case […] The post Hackers Attempted to Misuse Claude AI to Launch Cyber Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-day exploit targeting exposed FreePBX 16 and 17 systems. Threat actors are abusing an unauthenticated privilege escalation vulnerability in the commercial Endpoint Manager module, allowing remote code execution (RCE) when the Administrator Control Panel is reachable from the public internet. With active compromises detected since August 21, 2025, admins must act immediately to […] The post FreePBX Servers Hacked in 0-Day Attack – Admins are Urged to Disable Internet Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
