-
Microsoft researchers have unveiled a sophisticated side-channel attack targeting remote language models that could allow adversaries to infer conversation topics from encrypted network traffic. Despite end-to-end encryption via Transport Layer Securit…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have discovered an actively exploited remote code execution vulnerability in Monsta FTP, a web-based FTP client used by financial institutions, enterprises, and individual users worldwide. The flaw, now tracked as CVE-2025-34299, a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
HackGPT Enterprise is a new tool made for security teams focuses on being scalable and compliant, meeting the growing need for effective vulnerability assessments. The platform supports multi-model AI, including OpenAI’s GPT-4 and local LLMs like Ollama, enabling pattern recognition, anomaly detection, and zero-day vulnerability discovery. Developed by Yashab Alam, this cloud-native platform integrates advanced […] The post HackGPT: AI-Powered Penetration Testing Platform Includes GPT-4 and Other AI Engine’s appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Welcome to this week’s edition of the Cybersecurity News Weekly Newsletter, where we dissect the latest threats shaking the digital landscape. As cyber risks evolve faster than ever, staying ahead means understanding the exploits that could target your devices, networks, and data. This roundup spotlights zero-day vulnerabilities in Android and Cisco systems, critical flaws in […] The post Cybersecurity News Weekly Newsletter – Android and Cisco 0-Day, Teams Flaws, HackedGPT, and Whisper Leak appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated side-channel attack that exposes the topics of conversations with AI chatbots, even when traffic is protected by end-to-end encryption. Dubbed “Whisper Leak,” this vulnerability allows eavesdroppers such as nation-state actors, ISPs, or Wi-Fi snoopers to infer sensitive prompt details from network packet sizes and timings. The discovery highlights growing privacy risks as AI […] The post New Whisper Leak Toolkit Exposes User Prompts to Popular AI Agents within Encrypted Traffic appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
QNAP has addressed seven critical zero-day vulnerabilities in its network-attached storage (NAS) operating systems, following their successful exploitation by security researchers at Pwn2Own Ireland 2025. These flaws, identified as CVE-2025-62847, CVE-2025-62848, CVE-2025-62849, and associated ZDI canonical entries ZDI-CAN-28353, ZDI-CAN-28435, ZDI-CAN-28436, enable remote code execution (RCE) and privilege escalation attacks against QTS 5.2.x, QuTS hero h5.2.x, […] The post Seven QNAP Zero-Day Vulnerabilities Exploited at Pwn2Own 2025 Now Patched appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Scammers are targeting businesses with a new extortion scheme, and Google Maps is fighting back with a dedicated reporting tool. Google has introduced a feature that allows business owners to report ransom demands directly to malicious actors who threaten them with fake negative reviews. Cybercriminals have developed a sophisticated plan to extort money from businesses […] The post Google Maps Adds Feature for Businesses to Report Ransom Demands for Removing Bad Reviews appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated spyware operation targeting Samsung Galaxy devices, dubbed LANDFALL, which exploited a zero-day vulnerability to infiltrate phones through seemingly innocuous images shared on WhatsApp. This campaign, active since mid-2024, allowed attackers to deploy commercial-grade Android malware capable of full device surveillance without user interaction. The discovery underscores ongoing threats from state-linked surveillance tools in […] The post Hackers Hijack Samsung Galaxy Phones via 0-Day Exploit Using a Single WhatsApp Image appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A comprehensive new report reveals that manufacturing organizations are grappling with a dual challenge: rapidly adopting generative AI technologies while simultaneously defending against attackers who exploit these same platforms and trusted cloud ser…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Unit 42 have uncovered a sophisticated Android spyware campaign that exploited a previously unknown zero-day vulnerability in Samsung Galaxy devices. The malware, dubbed LANDFALL, leveraged a critical vulnerability in Samsu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
