-
Acreed, a novel infostealer first observed in February 2025, has rapidly gained traction among threat actors seeking discreet credential and cryptocurrency data harvesting. Leveraging a unique command-and-control (C2) mechanism via the Steam platform’s…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new cross-platform information stealer known as ModStealer has emerged, targeting macOS users and demonstrating concerning capabilities to evade Apple’s built-in security mechanisms. The malware represents the latest evolution in macOS-focused threats, which have seen a dramatic surge throughout 2024 and continue accelerating into the current year. ModStealer follows established patterns seen in other […] The post New ModStealer Evade Antivirus Detection to Attack macOS Users and Steal Sensitive Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security teams face a rapidly evolving campaign that abuses compromised SonicWall SSL VPN credentials to deliver Akira ransomware in under four hours—dwell times among the shortest ever recorded for this type of threat. Within minutes of successful aut…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
WhatsApp 0-click remote code execution (RCE) vulnerability affecting Apple’s iOS, macOS, and iPadOS platforms, detailed with a proof of concept demonstration. The attack chain exploits two distinct vulnerabilities, identified as CVE-2025-55177 and CVE-2025-43300, to compromise a target device without requiring user interaction. The exploit, demonstrated in a proof-of-concept (PoC) shared by the DarkNavyOrg researchers, is […] The post WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical flaw in SUSE Rancher’s user management module allows privileged users to disrupt administrative access by modifying usernames of other accounts. Tracked as CVE-2024-58260, this vulnerability affects Rancher Manager versions 2.9.0 through 2.12.1, enabling both username takeover and full lockout of the admin account. Organizations running unsupported versions are urged to upgrade immediately or […] The post SUSE Rancher Vulnerabilities Let Attackers Lockout the Administrators Account appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malvertising campaign has been targeting organizations through a weaponized Microsoft Teams installer that delivers the dangerous Oyster malware, according to a recent investigation by cybersecurity experts. The attack demonstrates an a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Forensic-Timeliner is a fast, open-source command-line tool designed to help digital forensics and incident response (DFIR) teams quickly build a unified timeline of Windows artifacts. By automatically collecting, filtering, and merging CSV output from…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Acreed emerged in early 2025 as a lean, stealthy infostealer that quickly gained favor among Russian-speaking cybercriminal forums. First spotted on February 14, 2025, bundled with log packages sold by the threat actor “Nuez,” Acreed distinguishes itself from bulkier rivals by producing minimalistic logs that avoid revealing infection vectors. In several incidents analyzed by Intrinsec […] The post Acreed Infostealer Used Widely by Cybercriminals With C2 Via Steam Platform appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Olymp Loader, a newly emerged Malware-as-a-Service (MaaS) offering, has rapidly gained traction across underground forums and Telegram since its debut on June 5, 2025. Developed by a trio of seasoned Assembly coders under the alias “OLYMPO,” the loader…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in the open source Formbricks experience management toolbox allows attackers to reset any user’s password without authorization. Published three days ago as advisory GHSA-7229-q9pv-j6p4 by maintainer mattinannt, the f…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
