-
A sophisticated malware campaign targeting macOS users has emerged between June and August 2025, successfully attempting to compromise over 300 customer environments through deceptive help websites. The malicious operation deploys SHAMOS, a variant of the notorious Atomic macOS Stealer (AMOS), developed by the cybercriminal group COOKIE SPIDER who operates this information stealer as malware-as-a-service for […] The post New SHAMOS Malware Attacking macOS Via Fake Help Websites to Steal Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Federal authorities have charged a 22-year-old Oregon man with operating one of the most powerful distributed denial-of-service (DDoS) botnets ever discovered, marking a significant victory in the ongoing battle against cybercriminal infrastructure. Et…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in Microsoft’s VS Code Remote-SSH extension that allows attackers to execute malicious code on developers’ local machines through compromised remote servers. Security researchers have demonstrated how this attack, dubbed “Vibe Hacking,” exploits the inherent trust relationship between remote development environments and local machines, affecting both VS Code and […] The post Microsoft VS Code Remote-SSH Extension Hacked to Execute Malicious Code on Developer’s Machine appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) released four critical Industrial Control Systems (ICS) advisories on August 19, 2025, alerting organizations to current security vulnerabilities and potential exploits affecting critical infr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has issued an emergency security update for iOS 18.6.2 and iPadOS 18.6.2 to address a critical zero-day vulnerability that the company confirms is being actively exploited in sophisticated attacks against targeted individuals. The update, release…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical XML External Entity (XXE) vulnerability has been discovered in Apache Tika’s PDF parser module, potentially allowing attackers to access sensitive data and compromise internal systems. The flaw, tracked as CVE-2025-54988, affects a wid…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered a sophisticated campaign where threat actors leverage a Microsoft Help Index File (.mshi) to deploy the PipeMagic backdoor, marking a notable evolution in malware delivery methods. This development ties into the…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity experts discovered a complex supply chain attack that originated from the Python Package Index (PyPI) in a recent disclosure from Zscaler ThreatLabz. The package in question, termed “termncolor,” masquerades as a benign color …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
tLab Technologies, a Kazakhstan-based company that specializes in advanced threat prevention, discovered one of the first known phishing attempts in the region that targeted public sector clients in a recent cybersecurity incident. The attack leveraged…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A series of critical vulnerabilities across multiple internal Intel websites allowed for the complete exfiltration of the company’s global employee database and access to confidential supplier information. The flaws, stemming from basic security oversights, exposed the personal details of over 270,000 Intel employees and workers. The investigation from Eaton Works revealed that at least four […] The post Intel Websites Exploited to Hack Every Intel Employee and View Confidential Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
