-
Over the past year, federal agents struggled to uncover who operated a notorious child exploitation site on the dark web. Their search took an unexpected turn when the suspect revealed their use of ChatGPT, marking a significant moment in digital inves…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat researchers at Netskope have uncovered a sophisticated new Remote Access Trojan (RAT) written in Python that masquerades as “Nursultan Client,” a legitimate Minecraft application popular in Eastern-European and Russian gaming communi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The popular Impacket toolkit, a staple in penetration testing and now integrated into the Kali Linux repository, is set for a major upgrade. Maintained by Fortra’s cybersecurity team, the forthcoming release, building on version 0.12, addresses long-standing community requests with enhanced relay capabilities, protocol hardening, and new scripting tools. This update promises to streamline red […] The post Impacket Tool in Kali Repo Upgraded With New Attack Paths and Relay Tricks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The notorious SideWinder advanced persistent threat (APT) group has evolved its cyber espionage tactics with a sophisticated new attack method, combining PDF lures with ClickOnce technology to deploy StealerBot malware against diplomatic targets across…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A severe vulnerability in the async-tar Rust library and its popular forks, including the widely used tokio-tar. Dubbed TARmageddon and tracked as CVE-2025-62518, the bug carries a CVSS score of 8.1, classifying it as high severity. It allows attackers to manipulate TAR archive parsing, potentially overwriting critical files like configuration scripts and triggering remote code […] The post TARmageddon Vulnerability In Rust Library Let Attackers Replace Config Files And Execute Remote Codes appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Oracle has disclosed multiple critical vulnerabilities in its Oracle VM VirtualBox virtualization software, potentially allowing attackers to achieve complete control over the VirtualBox environment. These flaws, detailed in the October 2025 Critical Patch Update (CPU), affect the Core component of VirtualBox versions 7.1.12 and 7.2.2, enabling high-privileged local attackers to compromise confidentiality, integrity, and availability […] The post Multiple Oracle VM VirtualBox Vulnerabilities Enables Complete Takeover Of VirtualBox appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Internet Systems Consortium (ISC) has disclosed three critical vulnerabilities in BIND 9, the most widely deployed DNS software globally. All three vulnerabilities were publicly disclosed on October 22, 2025, affecting DNS resolvers and potentially…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar. Dubbed TARmageddon and assigned CVE-2025-62518, this flaw carries a CVSS score of 8.1 (High) and ena…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Group-IB Threat Intelligence has uncovered a sophisticated phishing campaign orchestrated by the Iran-linked Advanced Persistent Threat group MuddyWater, targeting international organizations worldwide to gather foreign intelligence. The campaign demon…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Internet Systems Consortium (ISC) disclosed three high-severity vulnerabilities in BIND 9 on October 22, 2025, potentially allowing remote attackers to conduct cache poisoning attacks or cause denial-of-service (DoS) conditions on affected DNS resolvers. These flaws, tracked as CVE-2025-8677, CVE-2025-40778, and CVE-2025-40780, primarily impact recursive resolvers used by organizations for domain name resolution, leaving authoritative […] The post Multiple BIND 9 DNS Vulnerabilities Enable Cache Poisoning and Denial Of Service Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
