-
The SideWinder advanced persistent threat group has emerged with a sophisticated new attack methodology that leverages ClickOnce applications to deploy StealerBot malware against diplomatic and governmental targets across South Asia. In September 2025, security researchers detected a targeted campaign affecting institutions in Sri Lanka, Pakistan, Bangladesh, and diplomatic missions based in India. The attacks represent […] The post SideWinder Hacking Group Uses ClickOnce-Based Infection Chain to Deploy StealerBot Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Advanced Persistent Threat group MuddyWater, widely recognized as an Iran-linked espionage actor, has orchestrated a sophisticated phishing campaign targeting more than 100 government entities and international organizations across the Middle East, North Africa, and beyond. The operation, which became active in mid-August 2025, represents a significant escalation in the group’s tradecraft, introducing version 4 […] The post MuddyWater Using New Malware Toolkit to Deliver Phoenix Backdoor Malware to International Organizations appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
RedTiger is an open-source red-teaming tool repurposed by attackers to steal sensitive data from Discord users and gamers. Released in 2025 on GitHub, RedTiger bundles penetration-testing utilities, including network scanners and OSINT tools. But its infostealer module has gone rogue, with malicious payloads circulating online since early 2025. Netskope Threat Labs reported multiple variants targeting […] The post New Red Teaming Tool RedTiger Attacking Gamers and Discord Accounts in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A significant vulnerability in OpenAI’s newly released ChatGPT Atlas browser reveals that it stores unencrypted OAuth tokens in a SQLite database with overly permissive file settings on macOS, potentially allowing unauthorized access to user accounts. This flaw, discovered by Pete Johnson just days after the browser’s October 21, 2025, launch, bypasses standard encryption practices used […] The post ChatGPT Atlas Stores OAuth Tokens Unencrypted Leads to Unauthorized Access to User Accounts appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Amazon Web Services experienced a major outage that affected millions of customers and Amazon’s own operations on October 19 and 20, 2025. The company has now confirmed that a DNS resolution issue with regional DynamoDB service endpoints was the …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
After months of disruption following Operation Cronos in early 2024, the notorious LockBit ransomware group has resurfaced with renewed vigor and a formidable new arsenal. In September 2025 alone, researchers identified a dozen organizations targeted b…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers at Doctor Web have uncovered a sophisticated Android backdoor disguised as Telegram X that grants cybercriminals complete control over victims’ accounts and devices. The malware, identified as Android.Backdoor.Baohuo.1.origin…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
At Pwn2Own Ireland 2025 hacking competition, cybersecurity researchers from Team Z3 have withdrawn their high-stakes demonstration of a potential zero-click remote code execution (RCE) vulnerability in WhatsApp, opting instead for a private coordinated disclosure to Meta. The event, held in Cork, Ireland, from October 21-23, featured a record-breaking $1 million bounty for such a WhatsApp […] The post WhatsApp Exploit Privately Disclosed To Meta At The Pwn2Own Ireland appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A major cybersecurity investigation has uncovered a sophisticated criminal operation called Vault Viper that exploits online gambling platforms to distribute a malicious custom browser with remote access capabilities. The threat actor, linked to the Ba…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google’s Threat Intelligence Group (GTIG) has uncovered a sophisticated social engineering campaign orchestrated by financially motivated threat actors based in Vietnam. The ultimate objective is to compromise corporate advertising accounts and s…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
