-
A newly disclosed flaw in HubSpot’s open-source Jinjava template engine could allow attackers to bypass sandbox restrictions and achieve remote code execution (RCE) on thousands of websites relying on versions prior to 2.8.1. Tracked as CVE-2025-59340 and rated Critical with a CVSS v3.1 score of 10.0, the issue stems from JavaType‐based deserialization, enabling threat actors […] The post HubSpot’s Jinjava Engine Vulnerability Exposes Thousands of Websites to RCE Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Silhouetted hooded figures represent Russian hackers operating under the auspices of the FSB against targeted organizations. Two prominent Russian state-sponsored hacking groups, Gamaredon and Turla, have been observed collaborating in sophisticated c…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In recent months, security teams have observed the emergence of a sophisticated malware loader, dubbed CountLoader, which leverages weaponized PDF files to deliver ransomware payloads. First detected in late August 2025, CountLoader is linked to multiple Russian-speaking cybercriminal groups, including affiliates of LockBit, BlackBasta, and Qilin. By masquerading as legitimate documents—often impersonating Ukrainian law enforcement—this […] The post New Malware Loader ‘CountLoader’ Weaponized PDF File to Deliver Ransomware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cyber threat actors have weaponized two critical Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities—CVE-2025-4427 and CVE-2025-4428—to deploy sophisticated malicious loaders and listeners on compromised servers. The malware consists of two sets of c…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The ransomware threat landscape witnessed a dramatic shift in August 2025 as the Qilin group claimed responsibility for 104 separate attacks worldwide. Emerging earlier this year, Qilin quickly cemented its position through aggressive double-extortion tactics and a broad affiliate recruitment strategy. Initial compromises have predominantly leveraged exposed Remote Desktop Protocol (RDP) servers and publicly facing […] The post Qilin Led Ransomware Attack Claimed to Compromised 104 Organizations in August appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The global spyware market continues its alarming expansion, with new research revealing the emergence of 130 additional entities spanning 46 countries between 1992 and 2024. This shadowy ecosystem of surveillance technologies has grown from 435 documented entities in the initial assessment to 561 organizations, fundamentally reshaping the landscape of offensive cyber capabilities. The proliferation extends […] The post Global Spyware Markets to Identify New Entities Entering The Market appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Russian regional carrier KrasAvia is grappling with a major IT outage after what appears to be a cyberattack. Passengers have been unable to buy tickets online, and flight operations have been forced to switch to manual procedures. The airline confirme…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered video injection tool for iOS devices that have been jailbroken poses a serious threat to modern digital identity verification. Developed to run on iOS 15 or later, this highly specialized toolkit can circumvent weak biometric checks …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Remote Monitoring and Management tools such as ConnectWise ScreenConnect have earned a reputation for simplifying IT administration, but they have also drawn the attention of sophisticated attackers. By abusing ScreenConnect’s trusted installation foot…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated phishing campaign has recently emerged, targeting Facebook users with carefully crafted emails designed to harvest login credentials. Attackers leverage the platform’s own external URL warning system to cloak malicious links, presenting URLs that appear legitimate while redirecting victims to counterfeit Facebook login pages. The initial lure arrives as an urgent security notification, warning […] The post New Phishing Attack Targets Facebook Users to Steal Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
