-
Adobe has issued an emergency security patch for a critical vulnerability in its Magento and Adobe Commerce platforms, dubbed “SessionReaper”. The vulnerability is considered one of the most severe in Magento’s history, prompting an out-of-band update on Tuesday, September 9th, well ahead of the next scheduled patch release on October 14th. The vulnerability uncovered by […] The post Magento and Adobe SessionReaper Vulnerability Exposes Thousands Of Online Stores to Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
APT37, the North Korean-aligned threat actor also known as ScarCruft, Ruby Sleet, and Velvet Chollima, has expanded its arsenal with sophisticated new malware targeting Windows systems. Active since 2012, the group primarily focuses on South Korean individuals connected to the North Korean regime or involved in human rights activism. The threat actor has now introduced […] The post New APT37 Attacking Windows Machines With New Rust and Python Based Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Chinese Salt Typhoon and UNC4841 Hackers Teamed Up to Attack Government and Corporate Infrastructure
Cybersecurity researchers began tracking a sophisticated campaign in the closing months of 2024, targeting both government and corporate networks across multiple continents. The threat actors behind this operation, known colloquially as Salt Typhoon and UNC4841, leveraged overlapping infrastructure and shared tactics to maximize stealth and persistence. Initial infiltration was achieved through exploitation of unpatched remote […] The post Chinese Salt Typhoon and UNC4841 Hackers Teamed Up to Attack Government and Corporate Infrastructure appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SAP’s Security Patch Day on September 9, 2025, introduced fixes for 21 newly discovered vulnerabilities across its product portfolio and provided updates to four previously released security notes. With four issues rated as Critical, organizations…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An emerging threat campaign has been identified that weaponizes a trojanized version of DeskSoft’s EarthTime application to deploy sophisticated malware, leveraging Remote Desktop Protocol (RDP) access for command execution and network reconnaissance. …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A novel AI-driven email attack toolkit named SpamGPT has surfaced on underground hacking forums, promising cybercriminals an all-in-one platform for launching large-scale phishing campaigns. Advertised as an “AI-powered spam-as-a-service” sol…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Elastic has disclosed a security incident stemming from a third-party breach at Salesloft Drift, which resulted in unauthorized access to an internal email account containing valid credentials. While the company’s core Salesforce environment was not impacted, the incident exposed sensitive information contained within a limited number of emails. The chain of events began on August […] The post Elastic Security Incident – Hackers Accessed Email Account Contains Valid Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Akamai Hunt Team has uncovered a new strain of malware that targets exposed Docker APIs with expanded infection capabilities. First observed in August 2025 within Akamai’s honeypot infrastructure, this variant diverges from the June 2025 Trend Micr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new cybercrime toolkit named SpamGPT is enabling hackers to launch massive and highly effective phishing campaigns by combining artificial intelligence with the capabilities of professional email marketing platforms. Marketed on the dark web as a “spam-as-a-service” platform, SpamGPT automates nearly every aspect of fraudulent email operations, significantly lowering the technical barrier for criminals. […] The post SpamGPT – AI-powered Attack Tool Used By Hackers For Massive Phishing Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new technique to exploit a complex use-after-free (UAF) vulnerability in the Linux kernel successfully bypasses modern security mitigations to gain root privileges. The method targets CVE-2024-50264, a difficult-to-exploit race condition bug in the AF_VSOCK subsystem that was recognized with a Pwnie Award for its complexity. The vulnerability, introduced in Linux v4.8, presents significant challenges for exploitation. […] The post New Technique Uncovered To Exploit Linux Kernel Use-After-Free Vulnerability appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶