-
Cybercriminals are increasingly exploiting a legitimate Microsoft 365 feature designed for enterprise convenience, turning Exchange Online’s Direct Send into a dangerous vector for phishing campaigns and business email compromise attacks. Securit…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In September 2025, Texas A&M University System (TAMUS) Cybersecurity, a managed detection and response provider, in collaboration with Elastic Security Labs, uncovered a sophisticated post-exploitation campaign by a Chinese-speaking threat actor. U…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security flaws in Microsoft’s Azure ecosystem enable cybercriminals to create deceptive applications that imitate official services like the “Azure Portal. Varonis found that Azure’s safeguards, designed to block reserved names for cross-tenant apps, could be bypassed using invisible Unicode characters. By inserting characters like the Combining Grapheme Joiner (U+034F) between letters such as “Az͏u͏r͏e͏ ͏P͏o͏r͏t͏a͏l”, […] The post Azure Apps Vulnerability Lets Hackers Create Malicious Apps Mimicking Microsoft Teams appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a newly uncovered campaign, the threat group known as Bitter—also tracked as APT-Q-37—has leveraged both malicious Office macros and a previously undocumented WinRAR path traversal vulnerability to deliver a C# backdoor and siphon sensitive informat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Monolock ransomware has surfaced in underground forums, with threat actors advertising version 1.0 for sale alongside stolen corporate credentials. First detected in late September, the malware exploits phishing emails containing malicious Word documents. Upon opening, the embedded macro downloads the ransomware binary from a compromised server. Victims report file encryption using a mix of AES-256 […] The post Threat Actors Allegedly Selling Monolock Ransomware on Dark Web Forums appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Over the past week, cybersecurity professionals have been gripped by the emergence of GlassWorm, a highly sophisticated, self-propagating malware campaign targeting VS Code extensions on the OpenVSX Marketplace. The scale and technical complexity of this attack signal a turning point for supply chain security in developer ecosystems. As of October 2025, over 35,800 installations have […] The post New GlassWorm Using Invisible Code Hits Attacking VS Code Extensions on OpenVSX Marketplace appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
On October 6, 2025, the cybercriminal developer known as “Loadbaks” announced the release of Vidar Stealer v2.0 on underground forums, introducing a sophisticated information-stealing malware that employs direct memory injection to bypass m…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical authorization bypass vulnerability has emerged in ZYXEL’s ATP and USG series network security appliances, allowing attackers to circumvent two-factor authentication protections and gain unauthorized access to sensitive system configurations. Tracked as CVE-2025-9133, this security flaw affects devices running ZLD firmware version 5.40 and was publicly disclosed on October 21, 2025, following a coordinated […] The post ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sneaky hacking campaign where attackers used publicly available ASP.NET machine keys to break into Windows IIS web servers. These keys, meant to protect web apps, were found in places like Microsoft docs and online forums, making it easy for hackers to trick servers into running harmful code. The group, tracked as REF3927, then installed […] The post Hackers Abuse ASP.NET Machine Keys to Compromise IIS Servers and Deploy Malicious Modules appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybercrime ecosystem surrounding stealer malware has reached unprecedented scale, with threat actors now processing millions of stolen credentials daily through sophisticated distribution networks. Security researchers have been monitoring these op…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
