-
Google Threat Intelligence Group (GTIG) has unveiled details of an experimental malware family called PROMPTFLUX, which leverages the company’s Gemini AI API to dynamically rewrite its own code, marking a chilling evolution in AI-assisted cyber threats. This development, detailed in GTIG’s latest AI Threat Tracker report released on November 4, 2025, highlights how adversaries are […] The post Google Warns of New PROMPTFLUX Malware Using Gemini API to Rewrite its Own Source Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have discovered a resurgent Gootloader malware campaign employing sophisticated new evasion techniques that exploit ZIP archive manipulation to evade detection and analysis. Credit for uncovering this latest threat goes to sec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Tenable have uncovered a series of critical vulnerabilities in OpenAI’s ChatGPT that could allow malicious actors to steal private user data and launch attacks without any user interaction. The security flaws affect h…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated espionage campaign targeting recruitment professionals has emerged, with the APT-C-60 threat group weaponizing VHDX files to compromise organizations. The threat actors impersonate job seekers in spear-phishing emails sent to recruitment staff, exploiting trust relationships to deliver malicious payloads. While earlier campaigns directed victims to download VHDX files from Google Drive, recent attacks have […] The post APT-C-60 Attacking Job Seekers to Download Weaponized VHDX File from Google Drive to Steal Sensitive Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has rolled out an urgent security patch for its Chrome browser, addressing five vulnerabilities that could enable attackers to execute malicious code remotely. The update, version 142.0.7444.134/.135 for Windows, 142.0.7444.135 for macOS, and 142.0.7444.134 for Linux, targets critical flaws in core components like WebGPU and the V8 JavaScript engine. The patch arrives amid heightened […] The post Chrome Emergency Update to Patch Multiple Vulnerabilities that Enable Remote Code Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
European organizations are facing an unprecedented wave of ransomware attacks as cybercriminals increasingly integrate artificial intelligence tools into their operations. Since January 2024, big game hunting threat actors have named approximately 2,100 Europe-based victims on more than 100 dedicated leak sites, representing a 13% year-over-year increase in attacks. The region now accounts for nearly 22% […] The post Ransomware Attack on European Organizations Surge as Hackers Leveraging AI-Tools for Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A privilege escalation flaw in Windows Cloud Files Mini Filter Driver has been discovered, allowing local attackers to bypass file write protections and inject malicious code into system processes. Security researchers have uncovered CVE-2025-55680, a high-severity privilege-escalation vulnerability in the Windows Cloud Files Mini Filter Driver. The flaw exists in the Cloud Files Filter (cldsync.sys) […] The post Windows Cloud Files Mini Filter Driver Vulnerability Exploited to Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
October 2025 marked a notable escalation in cyber threats, with phishing campaigns and ransomware variants exploiting trusted cloud services to target corporate credentials and critical infrastructure. Attackers increasingly abused platforms like Google, Figma, and ClickUp for credential theft, while LockBit’s latest iteration extended its reach to virtualized environments. These incidents, analyzed by cybersecurity firms such […] The post October Sees Rise in Phishing and Ransomware Attacks, Including TyKit and Google Careers Scams appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability in the AI Engine WordPress plugin has put more than 100,000 active installations at risk of privilege escalation attacks. The flaw, tracked as CVE-2025-11749 with a CVSS score of 9.8, allows unauthenticated attackers to extract bearer tokens and gain complete administrative control over vulnerable WordPress sites. Security researcher Emiliano Versini discovered […] The post AI Engine WordPress Plugin Exposes 100,000 WordPress Sites to Privilege Escalation Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Curly COMrades Hacker Group Using New Tools to Create Hidden Remote Access on Compromised Windows 10
A sophisticated threat actor known as Curly COMrades has deployed an innovative attack methodology that leverages legitimate Windows virtualization features to establish covert, long-term access to victim networks. The campaign, which began in early July 2025, represents a significant evolution in adversary tactics as threat actors increasingly seek methods to bypass endpoint detection and response […] The post Curly COMrades Hacker Group Using New Tools to Create Hidden Remote Access on Compromised Windows 10 appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶