1010.cx

1010.cx

/

Archive

/

Category: Cyber Security News

  • Critical 0-Click Vulnerability Enables Attackers to Takeover Email Access Using Punycode

    A critical, zero-click vulnerability that allows attackers to hijack online accounts by exploiting how web applications handle international email addresses. The flaw, rooted in a technical discrepancy known as a “canonicalization mismatch,” affects password reset and “magic link” login systems, which are foundational to modern web security. According to NullSecurityX, the attack requires no interaction […] The post Critical 0-Click Vulnerability Enables Attackers to Takeover Email Access Using Punycode appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hackers Leverages Google Calendar APIs With Serverless MeetC2 Communication Framework

    Cybersecurity researchers have identified a sophisticated new command-and-control framework that exploits legitimate Google Calendar APIs to establish covert communication channels between attackers and compromised systems. The MeetC2 framework, discovered in September 2025, represents a concerning evolution in adversarial tactics where threat actors abuse trusted cloud services to bypass traditional security controls and evade detection mechanisms. […] The post Hackers Leverages Google Calendar APIs With Serverless MeetC2 Communication Framework appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • New Malware Exploits Windows Character Map to Evade Defender and Mine Crypto

    A sophisticated cryptojacking campaign that hijacks Windows’ native Character Map utility (“charmap.exe”) to evade Windows Defender and covertly mine cryptocurrency on compromised machines. First detected in late August 2025, this attack exploits legit…

    ·

    , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • New NightshadeC2 Botnet Uses ‘UAC Prompt Bombing’ to Bypass Windows Defender Protections

    Security teams began observing a novel botnet strain slipping beneath the radar of standard Windows Defender defenses in early August 2025. Dubbed NightshadeC2, this malware family leverages both C and Python-based payloads to establish persistent, remote-control access on compromised hosts. Initial infection chains often start with customized “ClickFix” landing pages that trick users into executing […] The post New NightshadeC2 Botnet Uses ‘UAC Prompt Bombing’ to Bypass Windows Defender Protections appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • North Korean Hackers Expose Their Playbook for Swapping Infrastructure

    A sophisticated North Korean cyber operation has been exposed, revealing how state-sponsored hackers systematically monitor cybersecurity intelligence platforms to detect when their malicious infrastructure is discovered and rapidly deploy replacement …

    ·

    ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hackers Use AI Platforms to Steal Microsoft 365 Credentials in Phishing Campaign

    Cybercriminals are increasingly exploiting the trust organizations place in artificial intelligence platforms to conduct sophisticated phishing attacks, according to a new report from cybersecurity firm Cato Networks. The company’s Managed Detection and Response (MDR) service recently uncovered a campaign where threat actors leveraged Simplified AI, a popular marketing platform, to steal Microsoft 365 credentials from […] The post Hackers Use AI Platforms to Steal Microsoft 365 Credentials in Phishing Campaign appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hackers Exploit Google Calendar API with Serverless MeetC2 Framework

    A novel serverless command-and-control (C2) technique that abuses Google Calendar APIs to obscure malicious traffic inside trusted cloud services. Dubbed MeetC2, this lightweight, cross-platform proof-of-concept demonstrates how adversaries can seamles…

    ·

    , , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Colombian Malware Weaponizing SWF and SVG to Bypass Detection

    A previously unseen malware campaign began circulating in early August 2025, through email attachments and web downloads, targeting users in Colombia and beyond. By leveraging two distinct vector-based file formats—Adobe Flash SWF and Scalable Vector Graphics (SVG)—the attackers crafted a multiphase operation that evaded traditional antivirus detection. Initial reports surfaced when a benign-looking SWF file […] The post Colombian Malware Weaponizing SWF and SVG to Bypass Detection appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • CISA Warns of Linux Kernel Race Condition Vulnerability Exploited in Attacks

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new high-severity vulnerability in the Linux kernel to its Known Exploited Vulnerabilities (KEV) catalog, signaling that it is being actively exploited in attacks. The warning, issued on September 4, 2025, calls for urgent action from federal agencies and private sector organizations to mitigate the […] The post CISA Warns of Linux Kernel Race Condition Vulnerability Exploited in Attacks appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hackers Exploit Raw Disk Reads to Evade EDR and Steal Sensitive Files

    Attackers can bypass Endpoint Detection and Response (EDR) tools and file locks by reading raw disk sectors directly, highlighting the urgent need for organizations to audit and secure the drivers installed on their Windows systems. In modern Windows e…

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶