-
The emergence of a new campaign weaponizing legitimate remote monitoring and management software has alarmed security teams worldwide. Attackers are distributing trojanized installers for ConnectWise ScreenConnect—now known as ConnectWise Control—to deliver dual payloads: the widely used AsyncRAT and a custom PowerShell-based RAT. By leveraging trusted software footprints and open directories, adversaries bypass signature-based defenses and […] The post Beware of Weaponized ScreenConnect App That Delivers AsyncRAT and PowerShell RAT appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have identified a potential connection between two Yemen-based cybercriminal organizations, the Belsen Group and ZeroSevenGroup, following an extensive investigation into their operational patterns and attack methodologies. The discovery comes amid growing concerns about sophisticated network intrusion campaigns targeting critical infrastructure and enterprise systems across multiple continents. The Belsen Group first emerged in January […] The post Researchers Uncover Link Between Belsen and ZeroSeven Cybercriminal Groups appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The emergence of the SystemBC botnet marks a significant evolution in proxy-based criminal infrastructure. Rather than co-opt residential devices for proxying, SystemBC operators have shifted to compromising large commercial Virtual Private Servers (VPS), enabling high-volume proxy services with minimal disruption to end users. In recent months, Lumen Technologies has observed an average of 1,500 newly […] The post SystemBC Botnet Hacked 1,500 VPS Servers Daily to Hire for DDoS Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA issued a warning of two critical path traversal flaws in Delta Electronics’ DIALink industrial control system software. With a maximum CVSS v4 base score of 10.0, these vulnerabilities could be exploited remotely with low attack complexity to bypass authentication and gain unauthorized access to critical manufacturing environments. Delta Electronics Path Traversal Flaws Delta Electronics […] The post CISA Warns of Delta Electronics Vulnerabilities Let Attackers Bypass Authentication appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in HubSpot’s Jinjava template engine, potentially exposing thousands of websites and applications to remote code execution attacks. The flaw, tracked as CVE-2025-59340, carries the maximum CVS…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Since January, Trend Micro has tracked a surge in phishing campaigns using AI-powered platforms (Lovable, Netlify, Vercel) to host fake captcha pages that lead to phishing websites. This ploy misleads users and evades security tools. Victims are first …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Luxury jeweler Tiffany and Company has confirmed a data breach that exposed the personal information of 2,590 customers. The company discovered unauthorized access to an external system on September 9, 2025, but determined the incident first occur…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A deserialization flaw in the License Servlet component of Fortra GoAnywhere Managed File Transfer (MFT) platform. Identified as CVE-2025-10035, this vulnerability permits an unauthenticated attacker who can deliver a forged license response signature to trigger Java deserialization of attacker-supplied objects, potentially resulting in arbitrary command execution and full system compromise. Deserialization Flaw (CVE-2025-10035) GoAnywhere MFT’s […] The post Critical GoAnywhere MFT Platform Vulnerability Exposes Enterprises to Remote Exploitation appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
UK law enforcement agencies have arrested two individuals linked to the notorious Scattered Spider cybercriminal group. The arrests, announced on Tuesday, pertain to a sophisticated attack on London’s transport systems. Authorities say the suspects inf…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
On September 18, 2025, Orange Cert publicly disclosed a critical authentication bypass vulnerability affecting Nokia’s CBIS (CloudBand Infrastructure Software) and NCS (Nokia Container Service) Manager API (CVE-2023-49564). With a CVSS 3.1 score of 9.6…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
