-
A newly formed ransomware collective calling itself the Trinity of Chaos has published a data leak site (DLS) on the TOR network exposing the stolen records of 39 prominent corporations, including Google Adsense, CISCO, Toyota, FedEx and Disney/Hulu. T…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical flaw in the AWS Client VPN for macOS has been disclosed, presenting a local privilege escalation risk to non-administrator users. The vulnerability tracked as CVE-2025-11462 allows attackers to gain root privileges by abusing the client’s log rotation mechanism. AWS Client VPN is a managed, client-based VPN service that secures access to AWS and […] The post Critical AWS ClientVPN for macOS Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Amazon Web Services (AWS) released bulletin AWS-2025-020 detailing a serious flaw in the macOS version of its Client VPN software. The issue, tracked as CVE-2025-11462, arises when the VPN client fails to validate the log destination directory during l…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers set out to test leading large language models (LLMs) for resilience against the long-standing ASCII Smuggling technique. By embedding invisible control characters within seemingly harmless text, ASCII Smuggling abuses Unicode “tag” blocks to hide malicious instructions from human reviewers while feeding them directly into the raw input stream consumed by LLMs. FireTail researcher Viktor […] The post ASCII Smuggling Attack Lets Hackers Manipulate Gemini to Deliver Smuggled Data to Users appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new proof-of-concept exploit has been released for three severe vulnerabilities in the Lua scripting engine used by Redis 7.4.5. Security researchers discovered that attackers can trigger remote code execution and privilege escalation by abusing flaw…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Enterprise AI assistants face a hidden menace when invisible control characters are used to smuggle malicious instructions into prompts. In September 2025, FireTail researcher Viktor Markopoulos tested several large language models (LLMs) for susc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Three newly disclosed vulnerabilities have been identified in the Lua scripting engine of Redis 7.4.5, each presenting severe risks of remote code execution and privilege escalation. Redrays has released a detailed proof-of-concept (PoC) to exploit these vulnerabilities, which is now publicly available. Organizations are urged to act immediately. Use-After-Free Flaw (CVE-2025-49844) This vulnerability arises when […] The post PoC Exploit Released for Critical Lua Engine Vulnerabilities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Shuyal Stealer is a recently uncovered infostealer that pushes the boundaries of traditional browser-targeted malware. Unlike most variants that zero in on popular platforms like Chrome and Edge, Shuyal dramatically widens its scope by targeting 19 dif…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In an era where AI and SaaS applications underpin daily workflows, organizations face an unprecedented challenge: the invisible exfiltration of sensitive information. Traditional, file-based data loss prevention (DLP) measures were designed for attachm…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenAI announced it has banned a series of ChatGPT accounts linked to Chinese state-affiliated hacking groups that used the AI models to refine malware and create phishing content. The October 2025 report details the disruption of several malicious networks as part of the company’s ongoing commitment to preventing the abuse of its AI technologies by […] The post OpenAI Banned ChatGPT Accounts Used by Chinese Hackers to Develop Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
