-
Apple has released visionOS 26, addressing eighteen security flaws that could allow unauthorized access to sensitive user data. The update, issued on September 15, 2025, covers a wide range of components in the Apple Vision Pro platform. Apple’s …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Attackers are increasingly leveraging sophisticated techniques to maintain long-term access in cloud environments, and a newly surfaced tool named AWSDoor is emerging as a major threat. AWSDoor automates a range of IAM and resource-based persistence methods, allowing adversaries to hide in plain sight within AWS accounts without deploying traditional malware. Key Takeaways1. AWSDoor exploits IAM […] The post AWSDoor – New Persistence Technique Allows Attackers to Hide Malware Within AWS Cloud Environment appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In today’s complex digital landscape, the volume and sophistication of cyber threats have outpaced the ability of most organizations to manage their security on their own. The escalating costs of in-house security teams, the global cybersecurity …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Unvetted Model Context Protocol (MCP) servers introduce a stealthy supply chain attack vector, enabling adversaries to harvest credentials, configuration files, and other secrets without deploying traditional malware. The Model Context Protocol (MCP)—t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Active since 2011, SmokeLoader (also known as Smoke or Dofoil) has cemented its reputation as a versatile malware loader engineered to deliver second-stage payloads, including trojans, ransomware, and information stealers. Over the years, it has evolve…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Two critical vulnerabilities, CVE-2025-41248 and CVE-2025-41249, have emerged in Spring Security and Spring Framework that could allow attackers to bypass authorization controls in enterprise applications. These flaws arise when using Spring Security’s @EnableMethodSecurity feature in conjunction with method-level annotations such as @PreAuthorize and @PostAuthorize. In applications where service interfaces or abstract base classes employ unbounded […] The post Spring Framework Security Flaws Enable Authorization Bypass and Annotation Detection Issues appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SmokeLoader, first seen on criminal forums in 2011, has evolved into a highly modular malware loader designed to deliver a variety of second-stage payloads, including trojans, ransomware, and credential stealers. After Operation Endgame disrupted numerous campaigns in mid-2024, the loader reemerged in early 2025 as two distinct variants: version 2025 alpha and version 2025. Both […] The post SmokeLoader Utilizes Optional Plugins To Perform Tasks Such as Stealing Data and DoS Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Since early 2025, the cybersecurity community has witnessed an unprecedented surge in distributed denial-of-service (DDoS) bandwidth, culminating in a record-shattering 11.5 Tbps assault attributed to a botnet named AISURU. Emerging from XLab’s continuous monitoring of global DDoS incidents, this botnet leveraged compromised router firmware to amass approximately 300,000 active devices worldwide. Researchers first detected unusual […] The post AISURU Botnet With 300,000 Hijacked Routers Behind The Recent Massive 11.5 Tbps DDoS Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new variation of the Rowhammer attack, named Phoenix, breaks through the built-in defenses of modern DDR5 memory modules. Researchers reverse-engineered the in-DRAM protections on SK Hynix chips and found blind spots that let them flip bits desp…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The newly identified AISURU botnet, leveraging an estimated 300,000 compromised routers worldwide, has been pinpointed as the force behind a record-shattering 11.5 Tbps distributed denial-of-service (DDoS) attack in September 2025. This unprecedented a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
