-
South Korean e-commerce giant Coupang has confirmed a massive security incident affecting approximately 33.7 million customers—nearly the company’s entire user base. The breach, which exposed names, phone numbers, email addresses, shipping addresses, and order histories, has been traced back to a former employee who exploited unrevoked internal access credentials. While the scale of the leak […] The post Coupang Data Breach Exposed Personal Data of 33.7 Million Customers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
“ShadyPanda,” a sophisticated threat actor responsible for a seven-year campaign that has successfully infected 4.3 million Chrome and Edge users. By exploiting the inherent trust in browser marketplaces, ShadyPanda weaponized “Featured” and “Verified” extensions to deploy remote code execution (RCE) backdoors and massive spyware operations without triggering traditional security alarms. The investigation reveals that ShadyPanda’s […] The post 4.3 Million Chrome and Edge Users Hacked in 7-Year ShadyPanda Malware Campaign appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals have found a more effective method to compromise Windows computers while evading detection by security software. Ivan Spiridonov observed that uploading malicious tools, hackers are now using legitimate Windows programs already installed on target systems, a tactic known as “living off the land” (LOLBins, or Living Off the Land Binaries). Unlike traditional attacks that […] The post Hackers are Moving to “Living Off the Land” Techniques to Attack Windows Systems Bypassing EDR appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenAI has patched a command injection flaw in its Codex CLI tool that allowed attackers to execute arbitrary commands on developers’ machines simply by getting a malicious configuration file into a project repository. The issue, now fixed in Codex CLI version 0.23.0, effectively turned routine use of the codex command into a silent remote‑code‑execution trigger. […] The post OpenAI Codex CLI Command Injection Vulnerability Let Attackers Execute Arbitrary Commands appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability in Microsoft Azure API Management (APIM) Developer Portal enables attackers to register accounts across different tenant instances, even when administrators have explicitly disabled user signup through the portal interface. The flaw, which Microsoft has classified as “by design,” remains unpatched as of December 1, 2025, leaving organizations potentially exposed to unauthorized […] The post Microsoft Azure API Management Flaw Enables Cross-Tenant Account Creation, Bypassing Admin Restrictions appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Tomiris hacker group has resurfaced with a sophisticated campaign targeting foreign ministries and government entities worldwide. Beginning in early 2025, this advanced persistent threat (APT) actor shifted its operational strategy to focus on high-value diplomatic infrastructure. By leveraging a diverse array of programming languages—including Go, Rust, C/C++, and Python—the group has enhanced its ability […] The post Tomiris Hacker Group Added New Tools and Techniques to Attack Organizations Globally appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Qualcomm Technologies, Inc. has issued an urgent security bulletin warning customers about multiple critical vulnerabilities affecting millions of devices worldwide. The most severe flaw threatens the secure boot process, a fundamental security mechani…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Chinese government’s cyber ecosystem continues to attract significant scrutiny from security researchers worldwide. Following revelations from Intrusion Truth, the i-Soon leaks, tracking of EagleMsgSpy, and exposure of Great Firewall componen…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A Perth man has been sent to jail for stealing private videos from women and creating a fake Wi-Fi network to trick airline passengers. The 44-year-old’s crimes have shocked the aviation industry and left many victims feeling violated. The Fake W…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new threat has emerged in the cybersecurity landscape as security experts discover a private Out-of-Band Application Security Testing (OAST) service operating on Google Cloud infrastructure. This mystery operation stands out from typical exploit scanning activities because it uses custom infrastructure rather than relying on public services. The attackers have been running a focused campaign […] The post Mystery OAST With Exploit for 200 CVEs Leveraging Google Cloud to Launch Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
