In recent weeks, a sophisticated phishing campaign has emerged, targeting corporate and consumer accounts by impersonating both OpenAI and Sora-branded login portals. Attackers distribute emails crafted to appear as legitimate service notifications, warning recipients of account suspension or unusual activity. These messages include links directing victims to counterfeit login pages that closely replicate the original […] The post Hackers Mimic as OpenAI and Sora Services to Steal Login Credentials appeared first on Cyber Security News.

Since at least 2018, a covert network of thousands of North Korean IT contractors has infiltrated global technology and infrastructure firms by masquerading as legitimate freelancers. These operatives, operating under fabricated identities with AI-generated headshots, routinely use VPN services and “laptop farms” to disguise their geographic origins and circumvent platform verification checks. Posing as developers, […] The post Thousands of North Korean IT Workers Using VPNs and ‘Laptop Farms’ to Bypass Origin Verification appeared first on Cyber Security News.

The cybersecurity landscape continues to face new threats as sophisticated threat actors develop increasingly complex attack methodologies. A newly identified cybercriminal group, designated TA585, has emerged as a significant concern due to its innovative approach to malware distribution and its sophisticated web injection techniques. This threat actor operates an entire attack chain independently, from infrastructure […] The post TA585 Hackers Uses Unique Web Injection Technique to Deliver MonsterV2 Malware Targeting Windows Systems appeared first on Cyber Security News.

In early October 2025, cybersecurity researcher Jeremiah Fowler discovered a publicly accessible database belonging to Invoicely, a Vienna-based invoicing and billing platform used by over 250,000 businesses worldwide. The repository contained 178,519 files in XLSX, CSV, PDF, and image formats, each harboring sensitive personal and financial information. Among the exposed documents were invoices, scanned checks, […] The post 178,000+ Invoices With Customers Personal Records Exposes from Invoice Platform Invoicely appeared first on Cyber Security News.

Remote monitoring and management (RMM) tools have long served as indispensable assets for IT administrators, providing seamless remote control, unattended access, and scripted automation across enterprise endpoints. In recent months, security researchers have observed a surge in adversaries repurposing ScreenConnect—a ConnectWise RMM solution—as a clandestine backdoor for initial intrusion and ongoing control. Emerging from widespread […] The post ScreenConnect Abused by Threat Actors to Gain Unauthorized Remote Access to Your Computer appeared first on Cyber Security News.

A new evolution is underway in the Russian cybercrime ecosystem: market operators and threat actors are rapidly shifting from selling compromised Remote Desktop Protocol (RDP) access to trading malware stealer logs for unauthorized system entry. This transition marks a significant change in both tactics and impact within the underground forums, affecting organizations and individuals worldwide. […] The post Russian Cybercrime Market Hub Transferring from RDP Access to Malware Stealer Logs to Access appeared first on Cyber Security News.

A sophisticated campaign targeting macOS users has emerged through spoofed Homebrew installer websites that deliver malicious payloads alongside legitimate package manager installations. The attack exploits the widespread trust users place in the popular Homebrew package manager by creating pixel-perfect replicas of the official brew[.]sh installation page, complete with deceptive clipboard manipulation techniques. Security researchers have […] The post Hackers Attacking macOS Users With Spoofed Homebrew Websites to Inject Malicious Payloads appeared first on Cyber Security News.

A newly identified pro-Russian hacktivist group has successfully infiltrated operational technology and industrial control systems belonging to critical infrastructure organizations, employing sophisticated techniques to steal login credentials and disrupt vital services. The threat actor, known as TwoNet, represents an emerging class of hacktivists who have expanded beyond traditional distributed denial-of-service attacks to target human-machine interfaces […] The post Pro-Russian Hacktivist Attacking OT/ICS Devices to Steal Login Credentials appeared first on Cyber Security News.

A critical vulnerability in Axis Communications’ Autodesk Revit plugin has exposed Azure Storage Account credentials, creating significant security risks for customers and potentially enabling supply chain attacks targeting the architecture and engineering industry. The vulnerability stems from hardcoded credentials embedded within signed Dynamic Link Libraries (DLLs) distributed to customers through the plugin’s Microsoft Installer (MSI) […] The post Axis Communications Vulnerability Exposes Azure Storage Account Credentials appeared first on Cyber Security News.