-
A new Android banking trojan has emerged that combines traditional overlay attacks with a stealthy hidden Virtual Network Computing (VNC) server to achieve full remote control of compromised devices. First detected in late September 2025, the malware is distributed through SMS-based phishing campaigns that lure victims into installing a fake “security” app. Once granted the […] The post New Android Banking Trojan Uses Hidden VNC to Gain Complete Remote Control Over Device appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has confirmed two serious vulnerabilities impacting its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls. Tracked as CVE-2025-20333 and CVE-2025-20362, both issues allow attackers to run arbitrary code on unpatched d…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The OpenSSL Project has released a critical security advisory, addressing three significant vulnerabilities that could allow attackers to execute remote code and potentially recover private cryptographic keys. These flaws affect multiple OpenSSL versions across different platforms and could lead to memory corruption, denial of service attacks, and unauthorized access to sensitive cryptographic materials. The most […] The post OpenSSL Vulnerabilities Let Attackers Execute Malicious Code and Recover Private Key Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Organizations face an ever-evolving cyberthreat landscape marked by faster, more complex attacks. Today, Microsoft is answering this call with the general availability of an agentic security platform built on Microsoft Sentinel. This new wave…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A concerning cybersecurity trend has emerged as threat actors exploit the growing popularity of artificial intelligence tools by distributing malicious Chrome extensions masquerading as legitimate platforms. These deceptive extensions target users seeking convenient access to popular services like ChatGPT, Claude, Perplexity, and Meta Llama, creating a significant security risk for unsuspecting individuals and organizations. The […] The post Beware! Threat Actors Distributing Malicious AI Tools as Chrome Extensions appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals are turning a trusted file format against users in a sophisticated new attack campaign. MatrixPDF represents a concerning evolution in social engineering attacks that split malicious activities across multiple platforms to evade detectio…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Research has uncovered three significant vulnerabilities in Google’s Gemini AI assistant suite, dubbed the “Gemini Trifecta,” that could have allowed cybercriminals to steal users’ saved data and live location information. The v…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In late September 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued a public alert regarding the active exploitation of a critical command injection vulnerability tracked as CVE-2025-59689 in Libraesva Email Security Gateway (ESG) devices. This flaw has rapidly emerged as a favored target for threat actors due to its ease of exploitation and the […] The post CISA Warns of Libraesva ESG Command Injection Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated attack campaign targeting improperly managed Microsoft SQL servers has emerged, deploying the XiebroC2 command and control framework to establish persistent access to compromised systems. The attack leverages vulnerable credentials on publicly accessible database servers, allowing threat actors to gain initial foothold and escalate privileges through a multi-stage deployment process. XiebroC2, a publicly available […] The post Threat Actors Hijacking MS-SQL Server to Deploy XiebroC2 Framework appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In recent months, a surge in targeted intrusions attributed to the Iranian-aligned threat group APT35 has set off alarm bells across government and military networks worldwide. First detected in early 2025, the campaign leverages custom-built malware to infiltrate secure perimeters and harvest user credentials. Initial indicators of compromise point to spear-phishing emails with HTML attachments […] The post APT35 Hackers Attacking Government, Military Organizations to Steal Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
