-
SonicWall has confirmed that an unauthorized party accessed and stole the entire repository of customer firewall configuration backup files from its cloud service. The confirmation comes after the completion of an investigation with the cybersecurity firm Mandiant, which determined that all customers who used the cloud backup feature are affected by the breach. The investigation […] The post SonicWall Confirms That Hackers Stole All Customers Firewall Configuration Backup Files appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In recent weeks, a sophisticated malware campaign has emerged that leverages conversational chatbots as covert entry points into enterprise systems. Initially observed in mid-September 2025, the threat actors targeted organizations running customer-facing chat applications built on large language models. By exploiting weaknesses in natural language processing and indirect data ingestion, attackers were able to pivot […] The post AI Chatbot Leveraged as a Critical Backdoor to Access Sensitive Data and Infrastructure appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated quishing campaign leveraging weaponized QR codes has been uncovered, specifically targeting Microsoft users with seemingly innocuous document review requests. By exploiting advanced evasion techniques—splitting the QR code into two sepa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape has been shaken by the emergence of Trinity of Chaos, a sophisticated ransomware collective that has launched a data leak site containing sensitive information from 39 major corporations. This formidable alliance, presumably comprising members from the notorious Lapsus$, Scattered Spider, and ShinyHunters groups, represents a significant evolution in cybercriminal organization and operational […] The post New Hacker Alliance Trinity of Chaos Leaked 39 Companies Data Including Google, CISCO and Others appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
VirusTotal, the collaborative malware analysis platform, has announced a major update to simplify access and reward contributors. The changes aim to make the platform easier to use for individual researchers while ensuring engine partners receive prior…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A proof-of-concept exploit has been published for a critical flaw in the secure boot process of the Nothing Phone (2a) and CMF Phone 1. This exploit can break the chain of trust and allow full code execution at the highest privilege level, posing a sev…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A seemingly legitimate Zoom document share from “HR” redirected victims through a fake bot-protection gate into a Gmail login phish. User credentials are exfiltrated live via WebSocket and validated in real time. This report breaks down the social engi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A significant security flaw has been discovered within the Microsoft Events platform, which could have allowed attackers to access the personal information of users from two separate databases: the event registration list and the waitlist. The vulnerability, uncovered by a 15-year-old bug bounty hunter known as Faav, exposed sensitive user data, including full names, email […] The post Microsoft Events Vulnerability Exposes Users Personal Data From Registration And Waitlist Databases appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Shuyal Stealer has rapidly ascended as one of the most versatile credential theft tools observed in recent months. First detected in early August 2025, its modular architecture allows it to target an expansive range of web browsers, including Chromium-based, Gecko-based, and legacy engines alike. Initial indicators of compromise emerged as anomalous network traffic from compromised […] The post Shuyal Stealer Attacking 19 Browsers to Steal Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical authentication bypass in the Service Finder Bookings plugin has enabled unauthenticated attackers to assume administrator privileges on thousands of WordPress sites. Exploitation began within 24 hours of public disclosure, and over 13,800 ex…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
