-
International law enforcement agencies have seized the latest clearnet domain of the notorious cybercrime marketplace, BreachForums. The domain, breachforums[.]hn, now displays a seizure notice from the U.S. Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI), alongside French authorities, including the Brigade de Lutte Contre la Cybercriminalité (BL2C) and the Parquet de Paris […] The post Authorities Seize BreachForums New Clearnet Cybercrime Marketplace Domain appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security researcher has uncovered a significant vulnerability in a widely used payment terminal that could enable attackers to gain full control of the device in under a minute. The affected model, the Worldline Yomani XR, is found in grocery stores,…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Organizations using Oracle E-Business Suite must apply the October 4 emergency patches immediately to mitigate active, in-the-wild exploitation by CL0P extortion actors and hunt for malicious templates in their databases. Beginning September 29, 2025, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A threat actor is claiming responsibility for a data breach at KFC’s Venezuela operations, offering for sale a database containing the personal and order information of more than one million customers. The sale was advertised on a dark web forum on Oct…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Two critical vulnerabilities in 7-Zip’s handling of ZIP archives have emerged, enabling remote attackers to execute arbitrary code by exploiting directory traversal flaws. Both issues stem from improper processing of symbolic links within ZIP files, al…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Two high-severity vulnerabilities have been discovered in the popular open-source file archiver, 7-Zip, which could allow remote attackers to execute arbitrary code. Identified as CVE-2025-11001 and CVE-2025-11002, the flaws affect all versions of the software prior to the latest release and require immediate patching. Flaw in Symbolic Link Processing The core of both vulnerabilities lies […] The post 7-Zip Vulnerabilities Allows Remote Attackers to Execute Arbitrary Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft users are facing a novel quishing campaign that leverages weaponized QR codes embedded in malicious emails. Emerging in early October 2025, this attack exploits trust in QR-based authentication and device pairing workflows, tricking targets into scanning codes that deliver infostealer binaries. Initial reports surfaced when Gen Threat Labs analysts noted anomalous QR attachments spoofing […] The post New Quishing Attack With Weaponized QR Code Targeting Microsoft Users appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Over the past two months, threat actors have weaponized a critical authentication bypass flaw in the Service Finder Bookings WordPress plugin, enabling them to hijack any account on compromised sites. First disclosed on July 31, 2025, the vulnerability emerged after a bug bounty submission revealed that the plugin’s servicefinderswitchback function failed to validate a user-switch […] The post Hackers Actively Exploiting WordPress Plugin Vulnerability to Gain Admin Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated phishing campaign has emerged targeting job seekers through legitimate Zoom document-sharing features, demonstrating how cybercriminals exploit trusted platforms to harvest Gmail credentials. The attack leverages social engineering tactics by impersonating HR departments and using authentic Zoom notifications to bypass user suspicion and traditional security measures. The campaign begins with victims receiving legitimate-looking emails […] The post Threat Actors Mimic as HR Departments to Steal Your Gmail Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered a sophisticated evolution of the ClickFix attack methodology, where threat actors are leveraging cache smuggling techniques to avoid traditional file download detection mechanisms. This innovative campaign targets enterprise networks by masquerading as a Fortinet VPN compliance checking tool, specifically exploiting the trust organizations place in their remote access infrastructure. The malicious […] The post Hackers Upgraded ClickFix Attack With Cache Smuggling to Secretly Download Malicious Files appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
