-
Two critical security vulnerabilities have been discovered in the Common Unix Printing System (CUPS), a widely used printing subsystem for Unix-like operating systems. The flaws, designated as CVE-2025-58364 and CVE-2025-58060, expose Linux systems to …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new proof-of-concept (PoC) tool named BitlockMove demonstrates a novel lateral movement technique that leverages BitLocker’s Distributed Component Object Model (DCOM) interfaces and COM hijacking. Released by security researcher Fabian Mosch of r-tec Cyber Security, the tool enables attackers to execute code on remote systems within the session of an already logged-on user, bypassing the […] The post BitlockMove Tool Enables Lateral Movement via Bitlocker DCOM & COM Hijacking appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
This week in cybersecurity serves as a critical reminder of the pervasive risks within the digital supply chain, as several industry-leading companies disclosed significant data breaches. The incidents, affecting vulnerability management giants Tenable and Qualys, as well as enterprise software provider Workday, all stemmed from a security flaw in a common third-party service. This chain […] The post Weekly Cybersecurity News Recap : Tenable, Qualys, Workday Data Breaches and Security Updates appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Federal Bureau of Investigation (FBI) has released a flash alert detailing the activities of two cybercriminal groups, UNC6040 and UNC6395, that are actively compromising Salesforce environments to steal data for extortion purposes. The advisory, published by the FBI on September 12, 2025, provides indicators of compromise (IOCs) and defensive measures to help organizations protect […] The post FBI Unveils IOCs for Cyber Attacks Targeting Salesforce Instances for Data Exfiltration appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
IBM X-Force researchers have uncovered sophisticated new malware campaigns orchestrated by the China-aligned threat actor Hive0154, also known as Mustang Panda. The discovery includes an advanced Toneshell backdoor variant that evades detection systems…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers at Straiker’s AI Research (STAR) team have uncovered Villager, an AI-native penetration testing framework developed by Chinese-based group Cyberspike that has already accumulated over 10,000 downloads within two months of its…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Nmap vs Wireshark are the most popular Network penetration testing tools. Security professionals face an increasingly complex threat landscape, and picking the right penetration testing tools can make the difference between a secure infrastructure and a compromised network. While both serve critical roles in network analysis and security assessment, they address fundamentally different aspects of […] The post Nmap vs. Wireshark: Choosing the Right Tool for Network Penetration Testing appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign has emerged that leverages artificial intelligence to create deceptively legitimate applications, marking a significant evolution in cyberthreat tactics. The EvilAI malware family represents a new breed of threats that combines AI-generated code with traditional trojan techniques to infiltrate systems worldwide while maintaining an unprecedented level of stealth. The malware operates by […] The post EvilAI as AI-enhanced Tools to Exfiltrate Sensitive Browser Data and Evade Detections appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malvertising campaign has emerged, exploiting GitHub repositories through dangling commits to distribute malware via fake GitHub Desktop clients. This novel attack vector represents a significant evolution in cybercriminal tactics, leveraging the trust and legitimacy associated with GitHub’s platform to deceive unsuspecting users into downloading malicious software. The campaign operates by promoting compromised GitHub […] The post New Malvertising Campaign Leverages GitHub Repository to Deliver Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated backdoor malware known as Backdoor.WIN32.Buterat has emerged as a significant threat to enterprise networks, demonstrating advanced persistence techniques and stealth capabilities that enable attackers to maintain long-term unauthorized access to compromised systems. The malware has been identified targeting government and corporate environments through carefully orchestrated phishing campaigns, malicious email attachments, and trojanized software […] The post Buterat Backdoor Attacking Enterprises to Establish Persistence and Control Endpoints appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
