-
A large-scale phishing campaign was conducted by threat actors who abused Google Classroom to distribute over 115,000 malicious emails to more than 13,500 organizations globally. The campaign uncovered by Check Point unfolded in five distinct waves between August 6 and August 12, 2025, and weaponized the trusted educational platform to bypass conventional security filters. The […] The post Hackers Leverage Google Classroom for 115,000+ Phishing Emails Targeting 13,500+ Organizations appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly observed malware campaign has emerged targeting a broad range of network appliances, including routers from DrayTek, TP-Link, Raisecom, and Cisco. Throughout July 2025, threat researchers observed a stealthy loader spread by exploiting unauthenticated command injection flaws in embedded web services. Initial compromise is achieved through straightforward HTTP requests, which silently deliver a downloader […] The post New Stealthy Malware Exploiting Cisco, TP-Link and Other Routers to Gain Remote Control appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A comprehensive security analysis of vtenext CRM version 25.02 has revealed multiple critical vulnerabilities that allow unauthenticated attackers to bypass authentication mechanisms through three distinct attack vectors, ultimately leading to remote code execution on target systems. The Italian CRM solution, utilized by numerous small and medium enterprises across Italy, faces significant security exposure despite attempted […] The post Multiple vtenext Vulnerabilities Let Attackers Bypass Authentication and Execute Remote Codes appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-click vulnerability in Zendesk’s Android SDK has been uncovered, enabling attackers to hijack support accounts and harvest every ticket without any user interaction. Discovered during a private bug bounty program, the flaw stems from we…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals have unveiled a novel variation of the ClickFix social engineering technique that weaponizes AI-powered summarization tools to stealthily distribute ransomware instructions. By leveraging invisible prompt injection and a “prompt overdose…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Over the past year, security teams have observed an uptick in adversaries leveraging native Windows Scheduled Tasks to maintain footholds in compromised environments. Unlike elaborate rootkits or zero-day exploits, these techniques exploit built-in system functionality, enabling threat actors to persist without deploying additional binaries or complex toolchains. By integrating malicious commands directly into Task Scheduler […] The post Threat Actors Weaponizing Windows Scheduled Tasks to Establish Persistence Without Requiring Extra Tools appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Doctor Web’s antivirus laboratory has identified a sophisticated Android backdoor malware, designated Android.Backdoor.916.origin, which has been evolving since its initial detection in January 2025. This multifunctional spyware primarily targets…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Arch Linux Project has officially confirmed that its primary infrastructure services have been subjected to an ongoing distributed denial-of-service (DDoS) attack that has persisted for over a week. The attack severely impacted user access to critical resources, including the main website, Arch User Repository (AUR), and community forums. Key Takeaways1. A week-long DDoS has […] The post Arch Linux Confirms Week-Long DDoS Attack Disrupted its Website, Repository, and Forums appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A Chinese national has been sentenced to four years in federal prison for orchestrating a sophisticated insider cyberattack against his former employer’s global network infrastructure. Davis Lu, 55, utilized his privileged access as a software developer to deploy destructive malware that crippled operations across thousands of users worldwide, demonstrating the severe risks posed by malicious […] The post Chinese Hacker Jailed for Deploying Kill Switch on Ohio-based Key Company’s Global Network appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated obfuscation technique that threat actors are using to bypass detection systems and exploit Python’s eval() and exec() functions for malicious code execution. With over 100 supply chain attacks reported on PyPI in the past five years, these techniques pose a significant risk to organizations relying on Python packages. Key Takeaways1. Hackers hide malicious […] The post Hackers Can Exploit (eval) or (exec) Python Calls to Execute Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
