-
Over the past several years, a concerted campaign by Chinese state-sponsored Advanced Persistent Threat (APT) groups has exploited critical vulnerabilities in enterprise-grade routers to establish long-term footholds within global telecommunications and government networks. These actors, often identified under monikers such as Salt Typhoon and OPERATOR PANDA, have systematically targeted provider edge (PE) and customer edge […] The post Chinese APT Hackers Exploit Router Vulnerabilities to Infiltrate Enterprise Environments appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated phishing campaign targeting PayPal’s massive user base has emerged, utilizing deceptive “Set up your account profile” emails to compromise user accounts through an ingenious secondary user addition scheme. The attack leverages advanced email spoofing techniques and psychological manipulation tactics to bypass traditional security awareness measures, representing a significant evolution in financial fraud methodologies. […] The post Threat Actors Attack PayPal Users in New Account Profile Set up Scam appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Malicious actors have found a new way to slip harmful links into X’s promoted posts by tricking Grok, the platform’s AI assistant. Although X explicitly bans links in paid promotions to curb malvertising, scammers now harness Grok’s content amplificati…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Emerging quietly in mid-2025, the XWorm backdoor has evolved into a deceptively sophisticated threat that preys on both user confidence and system conventions. Initial reports surfaced when organizations noted a sudden uptick in obscure .lnk-based phishing emails masquerading as benign documents. Security teams quickly observed that these shortcuts triggered hidden PowerShell routines rather than opening […] The post XWorm Malware With New Infection Chain Evade Detection Exploiting User and System Trust appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A highly sophisticated phishing campaign is targeting PayPal users with a deceptive email designed to grant scammers direct access to their accounts. The attack, which has been circulating for at least a month, uses a clever trick that bypasses traditi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers revealed that three unauthorized TLS certificates were issued in May 2025 for 1.1.1.1, the widely used public DNS service run by Cloudflare and APNIC. These certificates, improperly issued by the Fina RDC 2020 certificate authority…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Russian state-sponsored hackers have developed a sophisticated new backdoor malware called “NotDoor” that specifically targets Microsoft Outlook users, enabling attackers to steal sensitive data and gain complete control over compromised sy…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered a critical vulnerability in the artificial intelligence supply chain that enables attackers to achieve remote code execution across major cloud platforms including Microsoft Azure AI Foundry, Google Vertex AI, and thousands of open-source projects. The newly discovered attack method, termed “Model Namespace Reuse,” exploits a fundamental flaw in how AI platforms […] The post New Namespace Reuse Vulnerability Allows Remote Code Execution in Microsoft Azure AI, Google Vertex AI, and Hugging Face appeared first on Cyber…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have identified a sophisticated evolution in XWorm malware operations, with the backdoor campaign implementing advanced tactics to evade detection systems. The Trellix Advanced Research Center has documented this significant s…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The discovery of three improperly issued TLS certificates for 1.1.1.1, the popular public DNS service from Cloudflare, and the Asia Pacific Network Information Centre (APNIC). The certificates, which were issued in May 2025, could allow attackers to intercept and decrypt encrypted DNS lookups, potentially exposing users’ browsing habits. The existence of the unauthorized certificates was […] The post Mis-issued TLS Certificates for 1.1.1.1 DNS Service Enable Attackers to Decrypt Traffic appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
