-
Early this month, cybersecurity researchers uncovered a novel phishing campaign attributed to the Lazarus Group that targets developers and crypto professionals through a cleverly crafted Git symlink vulnerability. Rather than relying solely on traditional malware distribution channels, the attackers have weaponized the way Git handles repository paths, embedding malicious hooks within symbolic links to trigger […] The post Lazarus Hackers Exploiting Git Symlink Vulnerability in Sophisticated Phishing Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recent incident uncovered how a threat actor inadvertently exposed its entire operational workflow by installing a popular endpoint detection and response (EDR) agent on their own attacking infrastructure. The scenario unfolded when the adversary, while evaluating various security platforms, triggered alerts that led Huntress analysts to investigate unusual telemetry data. Initial observations of system […] The post Threat Actor Installed EDR on Their Systems, Revealing Workflows and Tools Used appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated phishing campaign has emerged targeting Google Workspace organizations through fraudulent emails impersonating Google’s AppSheet platform. The attack demonstrates how cybercriminals exploit legitimate cloud services to bypass traditional email security measures and steal user credentials. Discovered in September 2025, this campaign represents a significant escalation in social engineering tactics, leveraging the inherent trust organizations […] The post New Phishing Attack Mimics Google AppSheet to Steal Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In recent weeks, security teams have observed a sophisticated new strain of malware—dubbed GONEPOSTAL—that subverts Microsoft Outlook to relay command and control (C2) instructions. Emerging through spear-phishing campaigns targeting corporate environments, GONEPOSTAL disguises itself as a benign Office document. Upon opening the weaponized attachment, victims unknowingly activate a multi-stage payload that interfaces directly with Outlook’s […] The post New GONEPOSTAL Malware Hijacking Outlook to Enable Command and Control Communication appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has announced that the upcoming iPhone 17 and iPhone Air will feature a groundbreaking security capability called Memory Integrity Enforcement (MIE), designed to thwart sophisticated mercenary spyware attacks. This new feature, the result of a five-year engineering initiative, integrates Apple silicon hardware with advanced operating system security to provide what the company calls “industry-first, […] The post Apple iPhone 17 With New Memory Integrity Enforcement Feature to Block Mercenary Spyware Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have observed a sophisticated campaign in recent weeks targeting critical infrastructure and government entities across South Asia. Dubbed the DarkSamural operation, this attack chain leverages deceptively crafted LNK and PDF files to infiltrate networks, establish persistence, and exfiltrate sensitive information. Initial reconnaissance indicates that the adversaries disguise malicious MSC (Microsoft Management Console) files […] The post DarkSamural APT Group Malicious LNK and PDF Files to Steal Critical Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CyberVolk ransomware, which first emerged in May 2024, has escalated its operations against government agencies, critical infrastructure, and scientific institutions across Japan, France, and the United Kingdom. Operating with pro-Russian leanings, Cyb…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The North Korea-backed APT group Kimsuky has escalated its cyber operations by weaponizing GitHub repositories for malware delivery and data exfiltration, marking a sophisticated evolution in their attack methodology. This latest campaign demonstrates the group’s growing expertise in abusing legitimate cloud infrastructure to evade traditional security measures while maintaining persistent access to compromised systems. The […] The post Kimsuky Hackers Via Weaponized LNK File Abuses GitHub for Malware Delivery appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
At the recent DefCon security conference, researchers demonstrated a critical exploit chain that allows attackers to gain root access on vehicle infotainment systems by targeting Apple CarPlay. The multi-stage attack, named “Pwn My Ride,” leverages a series of vulnerabilities in the protocols that underpin wireless CarPlay, culminating in remote code execution on the car’s multimedia […] The post Apple CarPlay Exploited To Gain Root Access By Executing Remote Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab has released critical security updates across multiple versions to address six significant vulnerabilities that could enable denial-of-service attacks, server-side request forgery, and information disclosure. The company released versions 18.3.2…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
