-
The newly identified AISURU botnet, leveraging an estimated 300,000 compromised routers worldwide, has been pinpointed as the force behind a record-shattering 11.5 Tbps distributed denial-of-service (DDoS) attack in September 2025. This unprecedented a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A groundbreaking open-source benchmark suite called CyberSOCEval has emerged as the first comprehensive evaluation framework for Large Language Models (LLMs) in Security Operations Center (SOC) environments. Released as part of CyberSecEval 4, this innovative benchmark addresses critical gaps in cybersecurity AI evaluation by focusing on two essential defensive domains: Malware Analysis and Threat Intelligence Reasoning. […] The post Open Source CyberSOCEval Sets New Standards for AI in Malware Analysis and Threat Intelligence appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Since May 2025, a novel credential stealer dubbed Maranhão Stealer has emerged as a significant threat to users of pirated gaming software. Distributed through deceptive websites hosting cracked launchers and cheats, the malware leverages cloud-hosted platforms to deliver trojanized installers that appear innocuous. Upon execution, the installer unpacks a Node.js–compiled binary encapsulated in an Inno […] The post New Maranhão Stealer Via Pirated Software Leveraging Cloud-Hosted Platforms to Steal Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A 0-Click Linux Kernel KSMBD RCE Exploit From N-Day Vulnerabilities, achieving remote code execution on a two-year-out-of-date Linux 6.1.45 instance running the kernelspace SMB3 daemon, ksmbd. By chaining two authenticated N-day flaws, CVE-2023-52440 and CVE-2023-4130, the exploit attains an unauthenticated SLUB overflow and an out-of-bounds heap read primitive, culminating in a user-mode helper invocation and reverse shell […] The post 0-Click Linux Kernel KSMBD RCE Exploit From N-Day Vulnerabilities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has released a comprehensive security update for iOS 26 and iPadOS 26, addressing 27 vulnerabilities across multiple system components. The update, released on September 15, 2025, targets devices including iPhone 11 and later models, al…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A pair of medium-severity vulnerabilities in the Spring Framework and Spring Security libraries were disclosed on September 15, 2025. Both flaws involve the annotation detection mechanism used by Spring Security’s method security features and can lead …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new Rowhammer attack variant named Phoenix can bypass the latest protections in modern DDR5 memory chips, researchers have revealed. The attack is the first to demonstrate a practical privilege escalation exploit on a commodity system equipped with DDR5 RAM, undermining the assumption that these newer memory modules were immune to such threats. Rowhammer is […] The post New Phoenix Rowhammer Attack Variant Bypasses Protection With DDR5 Chips appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new information-stealing malware campaign dubbed Maranhão Stealer has emerged, targeting gaming enthusiasts through malicious pirated software distributed via cloud-hosted platforms. The campaign, first identified by security researcher…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The NPM ecosystem is under attack once again, with a sophisticated supply chain compromise targeting the widely-used @ctrl/tinycolor package and over 40 other JavaScript packages. This latest incident represents a significant escalation in supply chain…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recent vulnerability in the Linux Kernel’s KSMBD module allows an attacker to execute arbitrary code on a target system without any user interaction. KSMBD is a kernel-space SMB3 server that handles network file sharing. Researchers demonstrated a st…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
