-
APT24, a sophisticated cyber espionage group linked to China’s People’s Republic, has launched a relentless three-year campaign delivering BadAudio, a highly obfuscated first-stage downloader that enables persistent network access to targeted organizations. The threat actor has demonstrated remarkable adaptability by shifting from broad strategic web compromises to precision-targeted attacks focusing on Taiwan-based entities. The group’s […] The post China-linked APT24 Hackers New BadAudio Compromised Legitimate Public Websites to Attack Users appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The underground labor market has undergone a significant transformation. According to new research analyzing 2,225 job-related posts collected from shadow forums between January 2023 and June 2025. The dark web job market now emphasizes practical skill…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cl0p ransomware group has claimed responsibility for infiltrating Broadcom’s internal systems as part of an ongoing exploitation campaign targeting Oracle E-Business Suite vulnerabilities. The hack uses a critical zero-day vulnerability (CVE-2025-61882) rated 9.8 on the CVSS scale, allowing attackers to execute arbitrary code without authentication. Broadcom, a major semiconductor and infrastructure software provider, becomes […] The post Broadcom Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Grafana Labs has disclosed a critical security vulnerability affecting Grafana Enterprise that could allow attackers to escalate privileges and impersonate users. The flaw, tracked as CVE-2025-41115, has received the maximum CVSS score of 10.0, making it one of the most severe vulnerabilities discovered in recent times. The vulnerability exists in Grafana’s SCIM (System for Cross-domain Identity […] The post Critical Grafana Vulnerability Let Attackers Escalate Privilege appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
North Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in ASUSTOR backup and synchronization software, allowing attackers to execute malicious code with elevated system privileges. The flaw, tracked as CVE-2025-13051, affects two widely used ASUSTOR applications and poses a significant risk to users running outdated versions. The DLL Hijacking Vulnerability The vulnerability stems from a DLL hijacking […] The post Critical ASUSTOR Vulnerability Let Attackers Execute Malicious Code with Elevated Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has announced a significant Windows 11 update that will prevent the Blue Screen of Death (BSOD) and other system error messages from appearing on public-facing screens. The new feature, called Digital Signage mode, addresses a critical busine…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new breed of browser-based cyberattack is sweeping the threat landscape, as BlackFog researchers have uncovered. Dubbed Matrix Push C2, this command-and-control framework arms cybercriminals with the means to launch fileless malware and phishing camp…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A secretive cybercrime group called UNC2891 has been quietly draining ATMs across Southeast Asian banks for years, using an ingenious combination of custom malware and hidden hardware. Recent research from Group-IB reveals how this financially motivate…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The notorious Cl0p ransomware gang has publicly claimed responsibility for breaching Broadcom, a leading semiconductor and infrastructure software company. According to threat intelligence sources, the attackers exploited an unpatched zero-day vulnerab…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
