-
A sophisticated threat actor has been conducting a persistent phishing campaign against United States educational institutions since April 2025, leveraging the open-source Evilginx framework to bypass multi-factor authentication (MFA). The campaign, wh…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Glassworm malware campaign has resurfaced with unprecedented scale, deploying 24 malicious extensions across Microsoft Visual Studio Marketplace and OpenVSX over the past week. This latest wave of attacks demonstrates the persistent threat posed by supply chain compromises targeting developer tools. The malware specifically clones legitimate extensions for popular frameworks, including Flutter, Tailwind, Vim, Yaml, […] The post Glassworm Malware Hits OpenVSX and Microsoft Visual Studio Platforms with 24 New Packages appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new malware campaign has emerged that exploits the trust users place in popular applications. Threat actors are distributing trojanized installers for Telegram, WinSCP, Google Chrome, and Microsoft Teams to deploy ValleyRat, a remote access trojan designed for long-term system compromise. The campaign has been attributed to the China-aligned APT group known as Silver Fox, […] The post Hackers Leverages Telegram, WinSCP, Google Chrome, and Microsoft Teams to Deploy ValleyRat appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SmartTube, a popular open-source YouTube client for Android TV devices with over 25,900 GitHub stars, has been compromised after its digital signing keys were exposed, prompting an urgent security response from developer Yurii Liskov (yuliskov). The in…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers at Insikt Group have uncovered new infrastructure linked to multiple operational clusters associated with Israeli spyware vendor Candiru, revealing an ongoing campaign deploying the sophisticated DevilsTongue malware against Windows users a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Evil Crow Cable Wind is a stealthy tool for red teamers that hides a powerful hacking implant inside what appears to be a standard USB charging cable. Designed by security researcher Joel Serna Moreno, this device functions as a Human Interface Device (HID) capable of executing automated keystroke attacks at speeds of up to […] The post Charging Cable that Hacks your Device to Record Keystrokes and Control Wi-Fi appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in the Azure API Management Developer Portal enables attackers to bypass administrator controls and register accounts across multiple tenants, even when user sign-up has been explicitly disabled. The vulnerability remains unpat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in Apache Struts could allow attackers to trigger disk exhaustion attacks, rendering affected systems unusable. The vulnerability, tracked as CVE-2025-64775, stems from a file leak in multipart request processing that enables denial-of-service conditions. Apache Struts researcher discovered the vulnerability in Apache Struts’ multipart request processing mechanism. The flaw allows attackers to […] The post Apache Struts Vulnerability Let Attackers Trigger Disk Exhaustion Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered three significant vulnerabilities in OpenVPN, one of the world’s most trusted open-source virtual private network (VPN) solutions. The discovered flaws could allow attackers to crash VPN services, bypass essent…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers have uncovered a sophisticated malware campaign where threat actors weaponize trojanized installers for popular productivity applications to deploy ValleyRat, a persistent remote access tool. The operation demonstrates advanced evasion tech…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
