-
Detour Dog, a stealthy website malware campaign tracked since August 2023, has evolved from redirecting victims to tech-support scams into a sophisticated DNS-based command-and-control (C2) distribution system that delivers the Strela Stealer informati…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In recent weeks, security teams worldwide have observed a surge in covert operations orchestrated by a clandestine group known colloquially as the “Chinese Nexus” APT. This actor has been tailoring highly targeted campaigns against organizations in the finance, telecommunication, and manufacturing sectors, exploiting spear-phishing emails and compromised VPN credentials to gain initial footholds. Victims report […] The post New Chinese Nexus APT Hackers Attacking Organizations to Deliver NET-STAR Malware Suite appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated phishing campaign has emerged targeting job seekers through fake Google career recruitment opportunities, leveraging social engineering tactics to harvest Gmail credentials and personal information. The malicious operation exploits the trust associated with Google’s brand reputation, crafting convincing recruitment emails that direct victims to fraudulent login portals designed to capture authentication details. The attack […] The post Hackers Posing as Google Careers Recruiter to Steal Gmail Login Details appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered a new macOS malware campaign in which threat actors are abusing Extended Validation (EV) code-signing certificates to distribute completely undetectable (FUD) disk image (DMG) payloads. While EV certificate abuse has…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers have recently leveraged a vulnerability in the web-based management interfaces of certain cellular routers to co-opt their built-in SMS functionality for nefarious purposes. By targeting exposed APIs, attackers are able to dispatch large volumes of malicious SMS messages containing weaponized links that lead to drive-by downloads or credential-stealing pages. This emerging threat vector exploits […] The post Hackers Exploit Cellular Router’s API to Send Malicious SMS Messages With Weaponized Links appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A serious vulnerability in the Red Hat OpenShift AI service (RHOAI) enables attackers with minimal access to escalate privileges and take control of entire clusters. Identified as CVE-2025-10725, the flaw resides in an overly permissive ClusterRole ass…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google’s Threat Intelligence Group (GTIG) has published a comprehensive guide to help organizations strengthen their SaaS security posture—particularly Salesforce—against UC6040’s sophisticated voice-phishing and malicious connected-app attacks. By com…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cloud providers rely on hardware-based memory encryption to keep user data safe. This encryption shields sensitive information like passwords, financial records, and personal files from hackers and curious insiders. Leading technologies such as Intel S…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-day vulnerability affecting thousands of Cisco firewalls is being actively exploited by threat actors in the wild. The vulnerability, tracked as CVE-2025-20333, poses an immediate risk to organizations worldwide with a CVSS score of 9.9, representing one of the most severe security flaws discovered in enterprise firewall infrastructure this year. According to data […] The post 48+ Cisco Firewalls Vulnerable to Actively Exploited 0-Day Vulnerability in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about critical vulnerabilities in Cisco’s IOS and IOS XE Software SNMP subsystem that are actively being exploited by threat actors. CVE-2025-20352, which involves a stack…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
