-
A sophisticated side-channel attack that exposes the topics of conversations with AI chatbots, even when traffic is protected by end-to-end encryption. Dubbed “Whisper Leak,” this vulnerability allows eavesdroppers such as nation-state actors, ISPs, or Wi-Fi snoopers to infer sensitive prompt details from network packet sizes and timings. The discovery highlights growing privacy risks as AI […] The post New Whisper Leak Toolkit Exposes User Prompts to Popular AI Agents within Encrypted Traffic appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
QNAP has addressed seven critical zero-day vulnerabilities in its network-attached storage (NAS) operating systems, following their successful exploitation by security researchers at Pwn2Own Ireland 2025. These flaws, identified as CVE-2025-62847, CVE-2025-62848, CVE-2025-62849, and associated ZDI canonical entries ZDI-CAN-28353, ZDI-CAN-28435, ZDI-CAN-28436, enable remote code execution (RCE) and privilege escalation attacks against QTS 5.2.x, QuTS hero h5.2.x, […] The post Seven QNAP Zero-Day Vulnerabilities Exploited at Pwn2Own 2025 Now Patched appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Scammers are targeting businesses with a new extortion scheme, and Google Maps is fighting back with a dedicated reporting tool. Google has introduced a feature that allows business owners to report ransom demands directly to malicious actors who threaten them with fake negative reviews. Cybercriminals have developed a sophisticated plan to extort money from businesses […] The post Google Maps Adds Feature for Businesses to Report Ransom Demands for Removing Bad Reviews appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated spyware operation targeting Samsung Galaxy devices, dubbed LANDFALL, which exploited a zero-day vulnerability to infiltrate phones through seemingly innocuous images shared on WhatsApp. This campaign, active since mid-2024, allowed attackers to deploy commercial-grade Android malware capable of full device surveillance without user interaction. The discovery underscores ongoing threats from state-linked surveillance tools in […] The post Hackers Hijack Samsung Galaxy Phones via 0-Day Exploit Using a Single WhatsApp Image appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A comprehensive new report reveals that manufacturing organizations are grappling with a dual challenge: rapidly adopting generative AI technologies while simultaneously defending against attackers who exploit these same platforms and trusted cloud ser…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Unit 42 have uncovered a sophisticated Android spyware campaign that exploited a previously unknown zero-day vulnerability in Samsung Galaxy devices. The malware, dubbed LANDFALL, leveraged a critical vulnerability in Samsu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft is poised to roll out a significant update to Teams, enabling users to initiate chats with anyone using just an email address—even if the recipient isn’t a Teams user. While the feature, launching in targeted releases by early November 2025 a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly identified ransomware group, Cephalus, has emerged as a significant threat to organizations worldwide, exploiting stolen Remote Desktop Protocol (RDP) credentials to gain access to networks and deploy powerful encryption attacks. The AhnLab researchers observed in mid-June 2025 that the group poses a persistent, financially motivated threat that exploits security gaps in remote access […] The post Threat Actors Leveraging RDP Credentials to Deploy Cephalus Ransomware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
German hosting provider aurologic GmbH has emerged as a central facilitator within the global malicious infrastructure ecosystem, providing upstream transit and data center services to numerous high-risk hosting networks. Operating from its primary facility at Tornado Datacenter GmbH & Co. KG in Langen, Germany, aurologic markets itself as a high-capacity European carrier offering dedicated server […] The post German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
ClickFix attacks have experienced a dramatic surge over the past year, establishing themselves as a cornerstone of modern social engineering tactics. These sophisticated attacks manipulate victims into executing malicious code directly on their devices through deceptive copy-and-paste mechanisms. The threat has evolved beyond traditional email-based phishing, now leveraging multiple delivery channels including poisoned search results […] The post ClickFix Attacks Evolved With Weaponized Videos That Tricks Users via Self-infection Process appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
