-
The North Korean-linked threat group BlueNoroff, also known by aliases including Sapphire Sleet, APT38, and Alluring Pisces, continues to evolve its attack tactics while maintaining its primary focus on financial gain. The group has shifted its strateg…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new zero-click attack dubbed Shadow Escape exploits the Model Context Protocol (MCP) to silently steal sensitive data via popular AI agents such as ChatGPT, Claude, and Gemini. This vulnerability, uncovered by Operant, allows malicious actors to exfiltrate personally identifiable information, including Social Security numbers and medical records, without user interaction or detection by traditional […] The post First Zero Click Attack Exploits MCP and Connected Popular AI Agents To Exfiltrate Data Silently appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A significant security vulnerability has emerged affecting QNAP’s NetBak PC Agent software through a critical flaw in Microsoft ASP.NET Core. The vulnerability, tracked as CVE-2025-55315, exploits HTTP Request Smuggling techniques to bypass essen…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Svenska kraftnät, Sweden’s national power grid operator, has confirmed it suffered a significant data breach that exposed certain information to unauthorized parties. The incident, disclosed on October 26, 2025, is linked to the notorious Everest…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Trend Micro Research has identified a significant evolution in the aggressive Water Saci malware campaign, revealing a new infection chain that abandons traditional .NET-based delivery methods in favor of sophisticated script-driven techniques. On Octo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark advisory highlighting two severe vulnerabilities in Veeder-Root’s TLS4B Automatic Tank Gauge System, a critical tool used in fuel storage and management across the energy sector. These flaws, if exploited, could enable attackers to run arbitrary system-level commands on affected devices, potentially leading to […] The post CISA Warns Of Critical Veeder-Root Vulnerabilities Let Attackers Execute System-level Commands appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding serious vulnerabilities in Veeder-Root’s TLS4B Automatic Tank Gauge System. Released on October 23, 2025, the alert warns that attackers co…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new vulnerability in early versions of OpenVPN has been disclosed, potentially allowing malicious servers to execute arbitrary commands on client machines. The flaw affects OpenVPN releases from 2.7_alpha1 to 2.7_beta1, enabling script-injection attacks on POSIX-based systems such as Linux, macOS, and BSD variants. The issue stems from inadequate sanitization of the –dns and –dhcp-option […] The post OpenVPN Vulnerability Exposes Linux, macOS Systems to Script Injection Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered a sophisticated phishing campaign orchestrated by the notorious Gamaredon threat group, specifically targeting government entities through exploitation of a critical WinRAR vulnerability. The attack leverages CV…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Apache Software Foundation has disclosed two security vulnerabilities affecting multiple versions of Apache Tomcat, with one flaw posing a serious risk of remote code execution on vulnerable servers. The flaws impact Apache Tomcat versions 9, 10, a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
