-
Threat actors are weaponizing Blender Foundation project files to deliver the notorious StealC V2 infostealer, targeting 3D artists and game developers who download community assets from popular marketplaces. In recent months, Morphisec has blocked mul…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Exposure Management is a proactive cybersecurity discipline that systematically identifies, assesses, prioritizes, and remediates security vulnerabilities and misconfigurations across an organization’s entire attack surface both internal and external. Unlike traditional, periodic vulnerability scanning, EM leverages continuous monitoring, threat intelligence, and a holistic, graph-based view of risk to anticipate and neutralize potential attack paths before adversaries […] The post Top 10 Best Exposure Management Tools In 2026 appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new wave of ClickFix attacks is abusing highly realistic fake Windows Update screens and PNG image steganography to secretly deploy infostealing malware such as LummaC2 and Rhadamanthys on victim systems. The campaigns rely on tricking users into manually running a pre-staged command, turning simple social engineering into a multi-stage, file-light infection chain that is […] The post ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NVIDIA has disclosed two critical code injection vulnerabilities affecting its Isaac-GR00T robotics platform. The vulnerabilities, tracked as CVE-2025-33183 and CVE-2025-33184, exist within Python components and could allow authenticated attackers to execute arbitrary code, escalate privileges, and alter system data. The flaws pose a significant threat to organizations deploying NVIDIA’s robotics solutions across industrial automation, research […] The post NVIDIA’s Isaac-GROOT Robotics Platform Vulnerability Let Attackers Inject Malicious Codes appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new malware campaign targeting Brazilian users has emerged, using WhatsApp as its primary distribution channel to spread banking trojans and harvest sensitive information. This sophisticated attack leverages social engineering by exploiting the trust victims place in their existing contacts, making the malicious files appear legitimate. The campaign begins with phishing emails containing archived VBS […] The post Hackers Leveraging WhatsApp That Silently Harvest Logs and Contact Details appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A proof-of-concept exploit has been publicly released for CVE-2025-9501, a critical, unauthenticated command-injection vulnerability affecting W3 Total Cache, one of WordPress’s most widely deployed caching plugins. With over 1 million active installations, the vulnerability poses a significant risk to countless websites worldwide. RCE Security discovers that the flaw exists in W3 Total Cache’s dynamic content […] The post PoC released for W3 Total Cache Vulnerability that Exposes 1+ Million Websites to RCE Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A massive resurgence of the Sha1-Hulud supply chain malware has struck the open-source ecosystem, compromising over 800 npm packages and tens of thousands of GitHub repositories in a campaign the attackers have dubbed “The Second Coming.” This sophisticated wave targets high-profile dependencies from major organizations, including AsyncAPI, Postman, PostHog, Zapier, and ENS, affecting an estimated […] The post Sha1-Hulud Supply Chain Attack: 800+ npm Packages and Thousands of GitHub Repos Compromised appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
India-aligned threat group Dropping Elephant has launched a sophisticated multi-stage cyberattack targeting Pakistan’s defense sector using a Python-based remote access trojan disguised within an MSBuild dropper. Idan Tarab has identified this advanced campaign that leverages fake defense-related phishing lures to compromise military research and development units and procurement facilities linked to Pakistan’s National Radio and […] The post Dropping Elephant Hacker Group Attacks Defense Sector Using Python Backdoor via MSBuild Dropper appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In October 2025, a significant breach exposed the internal workings of APT35, also known as Charming Kitten, a cyber unit operating within Iran’s Islamic Revolutionary Guard Corps Intelligence Organization. Thousands of leaked documents revealed the group’s systematic approach to targeting governments and businesses across the Middle East and Asia. The exposure included performance reports, technical […] The post APT35 Hacker Groups Internal Documents Leak Exposes their Targets and Attack Methods appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Tenda N300 wireless routers and 4G03 Pro portable LTE devices face severe security threats from multiple command injection vulnerabilities that allow attackers to execute arbitrary commands with root privileges. The affected devices currently lack vendor patches, leaving users vulnerable. The vulnerabilities stem from improper handling of user input within critical service functions on these Tenda […] The post Tenda N300 Vulnerabilities Let Attacker to Execute Arbitrary Commands as Root User appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
