-
New release brings significant improvements to the penetration testing framework, introducing enhanced GUI features, REST API support, and powerful new evasion techniques that security researchers can leverage for offensive operations. The latest release features a completely redesigned graphical interface with multiple theme options, including Dracula, Solarized, and Monokai. All visualizations have been updated, including an […] The post Cobalt Strike 4.12 Released With New Process Injection, UAC Bypasses and Malleable C2 Options appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A significant issue has been disclosed that affects multiple versions of the identity and access management platform. The flaw stems from a hardcoded default encryption key used for password storage, allowing attackers with database access to recover plaintext passwords. The vulnerability impacts Apache Syncope when configured to store user passwords in the internal database with […] The post Apache Syncope Vulnerability Allows Attacker to Access Internal Database Content appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A major accounting and financial services provider disclosed a significant data breach affecting client business records and sensitive corporate documents. The incident occurred on or about November 12, 2025, but the company only announced the breach publicly on November 22, 2025. The breach exposed accounting records and legal agreements belonging to SitusAMC clients. The company […] The post Retail Finance Giant SitusAMC Data Breach Exposes Accounting Records and Legal Agreements appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A non-profit dental insurance provider based in Roanoke, Virginia, disclosed a significant data breach affecting over 145,900 individuals. The external system breach exposed customers’ personal information, prompting immediate notification and protective measures. The breach occurred on March 21, 2025, but wasn’t discovered until August 22, 2025, a delay of over five months. This extended detection […] The post Delta Dental of Virginia Data Breach Exposes 146,000+ Customers Personal Details appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
KawaiiGPT, a free malicious large language model (LLM) first spotted in July 2025 and now at version 2.5, empowers novice cybercriminals with tools for phishing emails, ransomware notes, and attack scripts, drastically lowering the entry barrier for cybercrime. Unlike paid rivals like WormGPT 4, which charges $50 monthly for similar capabilities, KawaiiGPT’s open-source availability on […] The post KawaiiGPT – New Black-Hat AI Tool Used by Hackers to Launch Cyberattacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
State-sponsored hacking groups have historically operated in isolation, each pursuing its own national agenda. However, new evidence reveals that two of the world’s most dangerous advanced persistent threat (APT) actors may now be working together. Russia-aligned Gamaredon and North Korea’s Lazarus group appear to be sharing operational infrastructure, marking a significant shift in the global […] The post Russian and North Korean Hackers Form Alliances to Attack Organizations Worldwide appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new chain of five critical vulnerabilities discovered in Fluent Bit has exposed billions of containerized environments to remote compromise. Fluent Bit, an open-source logging and telemetry agent deployed over 15 billion times globally, sits at the core of modern cloud infrastructure. The tool collects, processes, and forwards logs across banking systems, cloud platforms like […] The post Critical FluentBit Vulnerabilities Let Attackers to Cloud Environments Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity authorities have raised fresh alarms over the spread of advanced commercial spyware targeting secure messaging apps like Signal and WhatsApp. According to a recent CISA advisory, multiple cyber threat actors actively deploy this sophisticated malware to compromise users’ smartphones, using methods designed to bypass established security protections. These threats first emerged in 2025, with […] The post CISA Warns of Threat Actors Leveraging Commercial Spyware to Target Users of Signal and WhatsApp appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortra has officially released Cobalt Strike 4.12, introducing a comprehensive suite of new features designed to enhance red team operations and offensive security research. The update delivers a modernized GUI, a groundbreaking REST API, User Defined …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recently discovered malicious Visual Studio Code (VSCode) extension masquerading as the well-known “Prettier” formatter briefly infiltrated the official VSCode Marketplace, delivering a variant of the Anivia Stealer malware in a targeted attack to st…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
