-
A sophisticated threat actor known as Curly COMrades has demonstrated advanced evasion capabilities by leveraging legitimate Windows virtualization features to establish covert, long-term access to victim networks. Operating to support Russian geopolit…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Two individuals with security backgrounds have been federally charged for orchestrating a coordinated ransomware attack campaign against American businesses using the dangerous BlackCat strain. Ryan Clifford Goldberg from Georgia and Kevin Tyler Martin…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The notorious FIN7 cybercriminal group, also known as Savage Ladybug, continues to rely on a sophisticated Windows SSH backdoor infrastructure with minimal modifications since 2022, according to threat intelligence analysis. The threat actor has mainta…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Silent Lynx, a sophisticated threat group that has been tracked since 2024, continues its relentless espionage campaign against government entities across Central Asia. Seqrite analysts identified the group as the first to assign this nomenclature, distinguishing it from multiple overlapping aliases including YoroTrooper, Sturgeon Phisher, and ShadowSilk. The group has become notorious for orchestrating spear-phishing […] The post Silent Lynx APT New Attack Targeting Governmental Employees Posing as Officials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have discovered a sophisticated attack technique that exploits Microsoft’s OneDrive application to execute malicious code without detection. The method, known as DLL sideloading, leverages the way Windows loads library files …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Seqrite Labs’ APT Team has documented fresh campaigns from Silent Lynx, a sophisticated threat actor group known for orchestrating spear-phishing operations that impersonate government officials to target diplomatic and governmental employees acr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The HydraPWK project’s latest Apes-T1 snapshot refines its penetration-testing Linux distribution by replacing Elasticsearch with the open-source OpenSearch, resolving licensing issues and enhancing tools for industrial security assessments. This update, released shortly after the major Apes version, highlights HydraPWK’s focus on compliance and usability, positioning it as a streamlined rival to the ubiquitous Kali Linux […] The post HydraPWK Penetration Testing OS With Necessary Hacking Tools and Simplified Interface appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Check Point Research uncovered four critical vulnerabilities in Microsoft Teams that could allow attackers to impersonate executives, manipulate messages, alter notifications, and forge identities during video and audio calls. The research team discove…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Acronis Threat Research Unit has analyzed recent activity linked to the DragonForce ransomware group and identified a new malware variant in the wild. The latest sample uses vulnerable drivers such as truesight.sys and rentdrv2.sys to disable security …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in the WordPress Post SMTP plugin has left more than 400,000 websites vulnerable to account takeover attacks. The vulnerability, identified as CVE-2025-11833, enables unauthenticated attackers to access email logs containing sensitive password reset information, potentially compromising administrator accounts and entire websites. The flaw stems from a missing authorization check in the […] The post WordPress Post SMTP Plugin Vulnerability Exposes 400,000 Websites to Account Takeover Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
