-
Protecting digital infrastructure is critical in 2025, as cyber threats escalate in complexity and diversity. Next‑Generation Firewalls (NGFWs) have become the cornerstone for enterprise security, offering not just robust traffic filtering, but also de…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A zero-click vulnerability discovered in ChatGPT’s Deep Research agent allowed attackers to exfiltrate sensitive data from a user’s Gmail account without any user interaction. The flaw, which OpenAI has since patched, leveraged a sophisticated form of indirect prompt injection hidden within an email, tricking the agent into leaking personal information directly from OpenAI’s cloud infrastructure. […] The post 0-Click ChatGPT Agent Vulnerability Allows Sensitive Data Exfiltration from Gmail appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security Orchestration, Automation, and Response (SOAR) tools are revolutionizing how organizations defend against evolving threats, streamline security workflows, and automate incident response. In an era of complex attack surfaces and alert fatigue, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In 2025, the Model Context Protocol (MCP) revolutionizes AI agent integration, making it seamless for tools, databases, and workflows to work harmoniously in enterprises and developer workspaces. Top MCP servers power next-generation automation and data-driven applications, connecting everything from cloud docs to enterprise CRM and relational databases. Choosing the best MCP server unlocks dramatic efficiency, […] The post Top 10 Best Model Context Protocol (MCP) Servers in 2025 appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Attackers injected malicious code into GitHub Actions workflows in a widespread campaign to steal Python Package Index (PyPI) publishing tokens. While some tokens stored as GitHub secrets were successfully exfiltrated, PyPI administrators have confirmed that the platform itself was not compromised and the stolen tokens do not appear to have been used. The attack campaign […] The post Hackers Injecting Malicious Code into GitHub Actions Workflows to Steal PyPI Publishing Tokens appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Critical Microsoft’s Entra ID Vulnerability Allows Attackers to Gain Complete Administrative Control
A critical vulnerability in Microsoft’s Entra ID could have allowed an attacker to gain complete administrative control over any tenant in Microsoft’s global cloud infrastructure. The flaw, now patched, was discovered in July 2025 and has been assigned CVE-2025-55241. The vulnerability, described by the researcher as the most impactful he will probably ever find, resided […] The post Critical Microsoft’s Entra ID Vulnerability Allows Attackers to Gain Complete Administrative Control appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In August, Qilin once again reigned supreme in the global ransomware arena, claiming 104 victims and nearly doubling the total of second-place Akira, which reported 56 attacks. This marks the fourth time in five months that Qilin topped the list, under…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Everest ransomware group has claimed a major breach at Bayerische Motoren Werke AG (BMW), alleging the theft of 600,000 lines of sensitive internal documents. The group has posted BMW on its leak site, complete with a countdown timer and instructio…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Emerging in mid-2025, the shinysp1d3r ransomware-as-a-service (RaaS) platform represents the next evolution of cloud-focused extortion tools. Unlike traditional ransomware that targets Windows endpoints or network file shares, shinysp1d3r is engineered specifically to infect and encrypt VMware ESXi hypervisors and their attached datastores. Early deployments have demonstrated a two-stage payload delivery: initial access is gained through […] The post New ‘shinysp1d3r’ Ransomware-as-a-service in Active Development to Encrypt VMware ESXi Environments appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
EclecticIQ analysts assess with high confidence that ShinyHunters is expanding its operations by combining AI-enabled voice phishing, supply chain compromises, and leveraging malicious insiders, such as employees or contractors, who can provide direct …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶