-
The English-speaking cybercriminal ecosystem, commonly known as “The COM,” has transformed from a niche community of social media account traders into a sophisticated, organized operation fueling some of the world’s most damaging cyberattacks. What started as simple forums for trading rare social media handles has evolved into a professional, service-driven criminal marketplace targeting multinational corporations, […] The post English-Speaking Cybercriminal Ecosystem ‘The COM’ Drives a Wide Spectrum of Cyberattacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Law enforcement agencies disrupted a vast network of cybercrime tools between November 10 and 14, 2025, coordinated from Europol’s headquarters in The Hague, Netherlands. Dubbed the latest phase of Operation Endgame, the effort targeted three notorious malware families: the infostealer Rhadamanthys, the Remote Access Trojan (RAT) VenomRAT, and the Elysium botnet. These stealers and botnets […] The post Operation Endgame – 1,000+ Servers Used by Rhadamanthys, VenomRAT, and Elysium Dismantled appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Between November 10 and 14, 2025, law enforcement agencies executed one of the most significant coordinated operations against cybercriminals in recent history. Operation Endgame, coordinated from Europol’s headquarters in The Hague, successfully…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Elastic has released a security advisory addressing an origin validation error in Kibana that could expose systems to Server-Side Request Forgery (SSRF) attacks. The vulnerability, tracked as CVE-2025-37734, affects multiple versions of the popular dat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new ClickFix campaign is tricking users with a fake Windows update that runs in their browser. Called “Fake OS Update,” this scam takes advantage of people’s trust in the familiar blue screen of death (BSOD) from Microsoft. It delivers malware and shows how social engineering can be more effective than technical tricks. Cybersecurity researcher […] The post New ClickFix Attack Tricks Users with ‘Fake OS Update’ to Execute Malicious Commands appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered a sophisticated supply chain attack disguised as a legitimate cryptocurrency wallet. Socket’s Threat Research Team discovered a malicious Chrome extension called “Safery: Ethereum Wallet,” published…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Dell Technologies has disclosed a critical security vulnerability in its Data Lakehouse platform that could allow remote attackers to escalate privileges and compromise system integrity. The flaw, tracked as CVE-2025-46608, affects all versions before 1.6.0.0 and has been assigned a CVSS score of 9.1, placing it in the critical severity category. The security flaw stems from an improper […] The post Critical Dell Data Lakehouse Vulnerability Let Remote Attacker Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab has released critical security patches addressing nine vulnerabilities across Community Edition (CE) and Enterprise Edition (EE), including a concerning prompt injection flaw in GitLab Duo that could expose sensitive information from confidentia…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Businesses today are dealing with faster, stealthier email threats that look routine yet unleash aggressively malicious scripts the moment a user engages. This is especially true when the lure arrives as an attachment that resembles a harmless image file. The perception gap is exactly what attackers exploit with SVG phishing, whereby what appears to be […] The post How Attackers Turn SVG Files Into Phishing Lures appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has released a warning about a serious vulnerability affecting WatchGuard Firebox security appliances. This flaw, tracked as CVE-2025-9242, potentially allows remote attackers to take control of affected systems. The security issue involves an out-of-bounds write in the device’s operating system, specifically the OS iked process. This means a […] The post CISA Warns WatchGuard Firebox Out-of-Bounds Write Vulnerability Exploited Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
