-
Security researchers at Imperva have disclosed a critical pre-handshake memory exhaustion vulnerability in the widely-used LSQUIC QUIC implementation that enables remote attackers to crash servers through denial-of-service attacks. The flaw, designated…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated attack chain that combines MITM6 with NTLM relay techniques to achieve full Active Directory domain compromise. The attack exploits Windows’ default IPv6 auto-configuration behavior, allowing attackers to escalate from network access to Domain Admin privileges in minutes. Key Takeaways1. Abuses Windows IPv6 auto-config and AD’s 10-machine account quota for domain compromise.2. Uses mitm6 […] The post New MITM6 + NTLM Relay Attack Let Attackers Escalate Privileges and Compromise Entire Domain appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign targeting macOS users has emerged between June and August 2025, successfully attempting to compromise over 300 customer environments through deceptive help websites. The malicious operation deploys SHAMOS, a variant of the notorious Atomic macOS Stealer (AMOS), developed by the cybercriminal group COOKIE SPIDER who operates this information stealer as malware-as-a-service for […] The post New SHAMOS Malware Attacking macOS Via Fake Help Websites to Steal Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Federal authorities have charged a 22-year-old Oregon man with operating one of the most powerful distributed denial-of-service (DDoS) botnets ever discovered, marking a significant victory in the ongoing battle against cybercriminal infrastructure. Et…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in Microsoft’s VS Code Remote-SSH extension that allows attackers to execute malicious code on developers’ local machines through compromised remote servers. Security researchers have demonstrated how this attack, dubbed “Vibe Hacking,” exploits the inherent trust relationship between remote development environments and local machines, affecting both VS Code and […] The post Microsoft VS Code Remote-SSH Extension Hacked to Execute Malicious Code on Developer’s Machine appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) released four critical Industrial Control Systems (ICS) advisories on August 19, 2025, alerting organizations to current security vulnerabilities and potential exploits affecting critical infr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has issued an emergency security update for iOS 18.6.2 and iPadOS 18.6.2 to address a critical zero-day vulnerability that the company confirms is being actively exploited in sophisticated attacks against targeted individuals. The update, release…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical XML External Entity (XXE) vulnerability has been discovered in Apache Tika’s PDF parser module, potentially allowing attackers to access sensitive data and compromise internal systems. The flaw, tracked as CVE-2025-54988, affects a wid…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered a sophisticated campaign where threat actors leverage a Microsoft Help Index File (.mshi) to deploy the PipeMagic backdoor, marking a notable evolution in malware delivery methods. This development ties into the…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity experts discovered a complex supply chain attack that originated from the Python Package Index (PyPI) in a recent disclosure from Zscaler ThreatLabz. The package in question, termed “termncolor,” masquerades as a benign color …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
