-
During late October 2025, a new malware campaign dubbed ShadowV2 emerged, coinciding with a global AWS disruption. This sophisticated threat actively exploits vulnerabilities in IoT devices to assemble a botnet for distributed denial-of-service (DDoS) attacks. The malware’s rapid deployment indicates a coordinated effort to harness compromised hardware for large-scale disruptive activities. The infection spread swiftly […] The post Hackers Actively Exploiting IoT Vulnerabilities to Deploy New ShadowV2 Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recently discovered vulnerability in Apache SkyWalking, a popular application performance monitoring tool, could allow attackers to execute malicious scripts and launch cross-site scripting (XSS) attacks. The flaw, identified as CVE-2025-54057, affec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated cyber intimidation campaign by the Handala hacker group has targeted Israeli high-tech and aerospace professionals, publishing their personal information alongside aggressive, misleading descriptions that falsely label them as criminals…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new threat has emerged in the Solana trading community. Security researchers have discovered a malicious Chrome extension named Crypto Copilot that appears to offer convenient trading features but secretly siphons cryptocurrency from users during transactions. Published on the Chrome Web Store on June 18, 2024, the extension has managed to remain available while quietly […] The post Malicious Chrome Extension Silently Steal and Injects Hidden SOL Fees Into Solana Swaps appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in the Angular framework that could allow attackers to steal sensitive user security tokens. The vulnerability, tracked as CVE-2025-66035, affects the Angular HttpClient and involves the accidental leakage of Cross-Site Request Forgery (XSRF) tokens. Angular applications use a built-in protection mechanism to prevent Cross-Site Request Forgery (CSRF) attacks. Angular HTTP Client […] The post Angular HTTP Client Vulnerability Exposes XSRF Token to an Attacker-Controlled Domain appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab’s security team has discovered a severe, ongoing attack spreading dangerous malware through npm, the world’s most extensive code library. The malware uses an alarming “dead man’s switch,” a self-destruct trigger tha…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A cybercriminal operating under the alias ByteToBreach has emerged as a notable threat actor in the underground market, actively selling and leaking sensitive data from airlines, banks, universities, and government entities worldwide. Active since at least June 2025, this threat actor runs a cross-platform operation that combines technical skill with aggressive self-promotion across DarkForums, Dread, […] The post ByteToBreach Cybercriminal Selling Sensitive Global Data from Airlines, Banks, and Governments appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors continue to exploit a dangerous vulnerability in user behavior by deploying fake software updates to deliver the SocGholish malware. This malware delivery framework has evolved significantly since its discovery in 2017, transforming from a simple web-based nuisance into a powerful tool that enables major ransomware operations targeting organizations worldwide. Recent campaigns demonstrate how […] The post Threat Actors Leverage Fake Update Lures to Deliver SocGholish Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
ReliaQuest’s Threat Research team has uncovered a significant new campaign from the notorious threat collective “Scattered Lapsus$ Hunters,” this time targeting users and organizations that leverage the widely adopted customer support…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The company has publicly revealed a security incident involving Mixpanel, a third-party analytics provider previously used to monitor activity on platform.openai.com, the frontend for its API product. The company emphasized transparency in its announcement, assuring users that the breach did not compromise OpenAI’s own systems, chat content, API keys, passwords, credentials, or payment information. On November […] The post OpenAI Discloses Mixpanel Data Breach – Name, Email Address and Operating System Details Exposed appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
