-
Clevo accidentally exposed private keys used in its Intel Boot Guard implementation, allowing attackers to sign malicious firmware that would be trusted during the earliest boot stages. The issue is tracked as Vulnerability Note VU#538470 and was publi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenAI’s newly launched Guardrails framework, designed to enhance AI safety by detecting harmful behaviors, has been swiftly compromised by researchers using basic prompt injection methods. Released on October 6, 2025, the framework employs large language models (LLMs) to judge inputs and outputs for risks like jailbreaks and prompt injections, but experts from HiddenLayer demonstrated that […] The post Hackers Can Bypass OpenAI Guardrails Using a Simple Prompt Injection Technique appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Axis Communications’ Autodesk Revit plugin has exposed Azure Storage Account credentials, creating significant security risks for customers and potentially enabling supply chain attacks targeting the architecture and engineering industry. The vulnerability stems from hardcoded credentials embedded within signed Dynamic Link Libraries (DLLs) distributed to customers through the plugin’s Microsoft Installer (MSI) […] The post Axis Communications Vulnerability Exposes Azure Storage Account Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape witnessed a concerning development as threat actors discovered a novel attack vector targeting Microsoft Edge’s Internet Explorer mode functionality. This sophisticated campaign emerged in August 2025, exploiting the inherent security weaknesses of legacy browser technology to compromise unsuspecting users’ devices. The attack represents a significant evolution in threat actor tactics, demonstrating their […] The post Hackers Leveraging Microsoft Edge Internet Explorer Mode to Gain Access to Users’ Devices appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
North Korean state-sponsored threat actors have intensified their supply chain attacks against software developers through a sophisticated campaign dubbed “Contagious Interview,” deploying 338 malicious npm packages that have accumulated over 50,000 downloads. The operation represents a dramatic escalation in the weaponization of the npm registry, targeting Web3, cryptocurrency, and blockchain developers through elaborate social engineering […] The post North Korean Hackers Attacking Developers with 338 Malicious npm Packages appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have identified a sophisticated malware campaign that exploits WhatsApp’s messaging platform to deploy banking trojans targeting Brazilian financial institutions and cryptocurrency exchanges. The self-propagating worm, which emerged on September 29, 2025, demonstrates advanced evasion techniques and multi-stage infection chains designed to circumvent modern security defenses. The threat has already affected over 400 customer […] The post New WhatsApp Worm Attacks Users with Banking Malware to Users Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Lenovo’s Dispatcher drivers has come under the spotlight after researchers released a proof-of-concept exploit that demonstrates privilege escalation on affected Windows systems. Identified as CVE-2025-8061, this flaw stems from insufficient access controls in the drivers, potentially allowing local attackers to execute arbitrary code with elevated privileges. Discovered by security firm Quarkslab, […] The post PoC Exploit Unveiled for Lenovo Code Execution Vulnerability Enabling Privilege Escalation appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Scattered Lapsus$ Hunters, a threat group previously associated with high-profile data thefts, recently claimed responsibility for exfiltrating over one billion records from Salesforce environments worldwide. Emerging in mid-2025, the group has honed its tactics to exploit misconfigurations in cloud identities and exposed APIs. Initial reports surfaced when multiple Salesforce customers observed anomalous queries against their […] The post Scattered Lapsus$ Hunters Claim to Have Stolen More Than 1 Billion Salesforce Records appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The online cybercrime marketplace, Russian Market, has evolved from selling Remote Desktop Protocol (RDP) access to becoming one of the most active underground hubs for information-stealing malware logs. Stolen user credentials are traded daily, and ea…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
New research uncovers valuable insights hidden within Microsoft Intune’s Mobile Device Management (MDM) certificates, offering a more reliable way to verify device and tenant identities compared to traditional methods like registry values. These certificates, issued to enrolled devices, contain Object Identifiers (OIDs) that, when properly decoded, reveal unique GUIDs for the MDM Device ID and […] The post Microsoft Intune MDM and Entra ID Leveraged to Elevate your Trust in Device Identity appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
