-
Security researcher Eaton Zveare has disclosed critical vulnerabilities in Tata Motors’ systems that exposed over 70 terabytes of sensitive data, including customer personal information, financial reports, and fleet management details. The flaws, uncovered during ethical hacking in 2023 but publicly shared only now, involved hardcoded AWS access keys on public-facing websites, granting unauthorized access to […] The post Tata Motors Data Leak – 70+ TB of Sensitive Info and Test Drive Data Exposed via AWS Keys appeared first on Cyber…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Pentest Copilot is an innovative open-source tool that leverages AI to help ethical hackers streamline penetration testing workflows. This browser-based assistant integrates large language models to automate tasks while preserving human oversight, marking a significant advancement over traditional methods. Pentest Copilot addresses key challenges in penetration testing by combining AI-driven automation with practical tools for […] The post Pentest Copilot – AI-based Ethical Hacking Tool to Streamline Penetration Testing appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated information-stealing malware named Anivia Stealer has emerged on underground forums, marketed by a threat actor known as ZeroTrace. The malware represents a dangerous evolution in credential theft operations, specifically designed to compromise Windows systems from legacy XP installations through the latest Windows 11 environments. Built using C++17, Anivia Stealer incorporates advanced evasion techniques […] The post Threat Actors Advertising Anivia Stealer Malware on Dark Web bypassing UAC Controls appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered a sophisticated phishing campaign that combines two emerging attack techniques to bypass conventional security defenses. The hybrid approach merges FileFix social engineering tactics with cache smuggling to deliver malware payloads without triggering network-based detection systems. This evolution represents a significant shift in how threat actors are circumventing endpoint detection and response […] The post Threat Actors Merging FileFix and Cache Smuggling Attacks to Evade Security Controls appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated Android banking trojan dubbed GhostGrab has emerged in the threat landscape, targeting financial institutions across multiple regions with advanced credential theft capabilities. The malware operates silently on infected devices, harvesting sensitive banking credentials while intercepting one-time passwords through SMS messages. Security teams have observed active campaigns distributing GhostGrab through compromised application stores and […] The post New GhostGrab Android Malware Silently Steals Banking Login Details and Intercept SMS for OTPs appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The BlueNoroff threat group, also tracked as Sapphire Sleet, APT38, and TA444, has significantly evolved its targeting capabilities with sophisticated new infiltration strategies designed specifically to compromise C-level executives and senior managers within the Web3 and blockchain sectors. The group, historically focused on financial gain through cryptocurrency theft, has unveiled two coordinated campaigns dubbed GhostCall […] The post BlueNoroff Hackers Adopts New Infiltration Strategies To Attack C-Level Executives, and Managers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Mozilla is implementing a significant transparency requirement for Firefox extensions, mandating that all new browser add-ons disclose their data collection practices to users before installation. Starting November 3rd, 2025, developers submitting fresh extensions to the Firefox ecosystem must declare whether their software collects or transmits personal data through a new standardized framework embedded in the […] The post Mozilla Wants All New Firefox Extensions to Disclose Data Collection Policies appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical remote code execution (RCE) flaw in XWiki, a popular open-source wiki platform, was exploited in the wild to deploy cryptocurrency mining malware on compromised servers. The vulnerability, tracked as CVE-2025-24893, allows unauthenticated attackers to inject malicious templates and execute arbitrary code, bypassing authentication entirely. This discovery highlights the growing threat to web applications, […] The post XWiki RCE Vulnerability Actively Exploted In Wild To Deliver Coinminer appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Organizations today face constant threats from malware, including ransomware, phishing attacks, and zero-day exploits. These threats are evolving faster than ever. Threat intelligence feeds emerge as a game-changer, delivering real-time, actionable data that empowers security teams to detect and neutralize attacks before they cause widespread damage. These feeds aggregate indicators of compromise such as IP […] The post How Threat Intelligence Feeds Help Organizations Quickly Mitigate Malware Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign targeting Brazilian users has emerged with alarming capabilities. The Water Saci campaign, identified by Trend Micro analysts as leveraging the SORVEPOTEL malware, exploits WhatsApp as its primary distribution vector for rapid propagation across victim networks. First identified in September 2025, the campaign evolved dramatically by October 2025, introducing a new script-based […] The post Water Saci Hackers Leverage WhatsApp to Deliver Multi-Vector Persistent SORVEPOTEL Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
