-
Windows LNK files remain a preferred vector for attackers seeking to establish initial access on target systems. Recently, security researchers identified a sophisticated MastaStealer campaign that exploits these shortcut files to deliver a full-featur…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors continue to evolve their techniques for bypassing macOS security controls, shifting away from traditional attack vectors that Apple has systematically patched. Following Apple’s removal of the “right-click and open” Gatekeeper override in August 2024, attackers have identified and weaponized a new delivery mechanism using compiled AppleScript files with deceptive naming conventions. These .scpt […] The post Hackers Weaponize AppleScript to Creatively Deliver macOS Malware Mimic as Zoom/Teams Updates appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A cybersecurity researcher has uncovered a server-side request forgery (SSRF) vulnerability in OpenAI’s ChatGPT. The flaw, hidden in the Custom GPTs feature, allowed attackers to potentially access sensitive cloud infrastructure secrets, includin…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Widespread reports suggest major law enforcement operation targeting notorious malware infrastructure has disrupted the Rhadamanthys stealer control panel, prompting urgent security alerts. In a significant development within the cybersecurity communit…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have identified a growing trend in Windows-targeted attacks that exploit fundamental operating system features to force machines into surrendering valuable credentials without requiring user interaction or system vulnerabiliti…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The English-speaking cybercriminal ecosystem known as “The COM” has evolved from a niche underground culture into a sophisticated, professional service-oriented economy that orchestrates some of the world’s most disruptive cyberattack…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Tor Browser 15.0.1 is now available for download, bringing essential security patches and bug fixes to users across all platforms. The latest release includes critical security updates from Firefox 140.5.0esr, addressing multiple vulnerabilities that could impact browser security and user privacy. The update upgrades the Tor Browser to Firefox 140.5.0esr and includes critical security fixes […] The post Tor Browser 15.0.1 Released With Fix for Multiple Security Vulnerabilities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Authentication coercion represents a sophisticated and evolving threat targeting Windows and Active Directory environments across organizations globally. This attack method exploits the fundamental communication mechanisms embedded within every Windows operating system, manipulating machines into automatically transmitting sensitive credentials to attacker-controlled infrastructure. The emergence of this threat vector reflects a significant shift in how threat actors […] The post Authentication Coercion Attack Tricks Windows Machines into Revealing Credentials to Attack-controlled Servers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s ChatGPT. The flaw, lurking in the Custom GPT “Actions” feature, allowed attackers to trick the system into accessing internal cloud metadata, potentially exposing sensitive Azure credentials. The bug, discovered by Open Security during casual experimentation, highlights the risks of user-controlled URL handling in AI tools. SSRF vulnerabilities […] The post ChatGPT Hacked Using Custom GPTs Exploiting SSRF Vulnerability to Expose Secrets appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed a critical SQL injection vulnerability in SQL Server that could allow authenticated attackers to escalate their privileges over a network. Tracked as CVE-2025-59499 and assigned an Important severity rating, the vulnerability st…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
