-
Cybersecurity researchers at Noma Labs have discovered a critical vulnerability in Salesforce’s Agentforce AI platform that could allow attackers to steal sensitive customer data through sophisticated prompt injection techniques. The vulnerabilit…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals are increasingly turning to artificial intelligence to enhance their attack capabilities, as demonstrated in a sophisticated phishing campaign recently uncovered by security researchers. The campaign represents a significant evolution in malware obfuscation techniques, utilizing AI-generated code to disguise malicious payloads within seemingly legitimate business documents. This development marks a concerning shift in the threat […] The post Hackers Leverage AI-Generated Code to Obfuscate Its Payload and Evade Traditional Defenses appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Trend Micro have discovered a new and dangerous variant of LockBit ransomware that targets Windows, Linux, and VMware ESXi systems, utilizing advanced obfuscation techniques and sophisticated cross-platform capabilities. Ad…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated phishing campaign has emerged targeting maintainers of packages on the Python Package Index (PyPI), employing domain confusion tactics to steal authentication credentials from unsuspecting developers. The attack leverages fraudulent emails designed to mimic official PyPI communications, directing recipients to malicious domains that closely resemble the legitimate PyPI infrastructure. The phishing operation utilizes carefully […] The post New Phishing Attack Targeting PyPI Maintainers to Steal Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign orchestrated by the Vietnamese Lone None threat actor group has been leveraging fraudulent copyright infringement takedown notices to deploy information-stealing malware onto unsuspecting victims’ systems. The campaign, which has been actively tracked since November 2024, represents a concerning evolution in social engineering tactics that exploits legitimate legal concerns to bypass traditional […] The post Threat Actors Using Copyright Takedown Claims to Deploy Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign targeting WordPress websites has been discovered employing advanced steganographic techniques and persistent backdoor mechanisms to maintain unauthorized administrator access. The malware operates through two primary components that work in tandem to create a resilient attack infrastructure, enabling cybercriminals to establish persistent footholds on compromised websites while remaining undetected by traditional security […] The post Hackers Exploiting WordPress Websites With Silent Malware to Gain Admin Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability chain in Salesforce’s Agentforce AI platform, which could have allowed external attackers to steal sensitive CRM data. The vulnerability, dubbed ForcedLeak by Noma Labs, which discovered it, carries a CVSS score of 9.4 and was executed through a sophisticated indirect prompt injection attack. This discovery highlights the expanded and fundamentally different attack surface presented […] The post Salesforce AI Agent Vulnerability Allows Let Attackers Exfiltration Sensitive Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals have orchestrated a sophisticated phishing campaign exploiting GitHub’s notification system to impersonate the prestigious startup accelerator Y Combinator, targeting developers’ cryptocurrency wallets through fake funding opportunity notifications. The attack leverages GitHub’s issue tracking system to mass-distribute phishing notifications, bypassing traditional email security filters by using the platform’s legitimate notification infrastructure. Threat actors created multiple […] The post Hackers Leverage GitHub Notifications to Mimic as Y Combinator to Steal Funds from Wallets appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recent wave of attacks leveraging malicious Windows shortcut files (.LNK) has put security teams on high alert. Emerging in late August 2025, this new LNK malware distribution exploits trusted Microsoft binaries to bypass endpoint protections and execute payloads without raising suspicions. Delivered primarily via spear-phishing emails and compromised websites, the shortcut files appear innocuous, […] The post New LNK Malware Uses Windows Binaries to Bypass Security Tools and Execute Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered a new Ransomware-as-a-Service (RaaS) strain named BQTLOCK that is actively targeting Windows users through Telegram channels and dark web forums. Since mid-July, affiliates of the service have been distributing a ZIP…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
