In recent weeks, a sophisticated malware campaign has emerged that leverages conversational chatbots as covert entry points into enterprise systems. Initially observed in mid-September 2025, the threat actors targeted organizations running customer-facing chat applications built on large language models. By exploiting weaknesses in natural language processing and indirect data ingestion, attackers were able to pivot […] The post AI Chatbot Leveraged as a Critical Backdoor to Access Sensitive Data and Infrastructure appeared first on Cyber Security News.

The cybersecurity landscape has been shaken by the emergence of Trinity of Chaos, a sophisticated ransomware collective that has launched a data leak site containing sensitive information from 39 major corporations. This formidable alliance, presumably comprising members from the notorious Lapsus$, Scattered Spider, and ShinyHunters groups, represents a significant evolution in cybercriminal organization and operational […] The post New Hacker Alliance Trinity of Chaos Leaked 39 Companies Data Including Google, CISCO and Others appeared first on Cyber Security News.

Shuyal Stealer has rapidly ascended as one of the most versatile credential theft tools observed in recent months. First detected in early August 2025, its modular architecture allows it to target an expansive range of web browsers, including Chromium-based, Gecko-based, and legacy engines alike. Initial indicators of compromise emerged as anomalous network traffic from compromised […] The post Shuyal Stealer Attacking 19 Browsers to Steal Login Credentials appeared first on Cyber Security News.

Corporate data security faces an unprecedented crisis as new research reveals widespread employee misuse of generative AI platforms. A comprehensive study examining enterprise browsing behavior has uncovered alarming patterns of sensitive data exposure across organizations worldwide. The research, based on real-world telemetry from enterprise browsers, demonstrates that artificial intelligence tools have become the primary vector […] The post 77% of Employees Share Company Secrets on ChatGPT Compromising Enterprise Policies appeared first on Cyber Security News.

Since emerging in the mid-2010s as a persistent threat actor, the IRGC-linked APT35 collective has continually adapted its tactics to target government entities, energy firms, and diplomatic missions across the Middle East and beyond. Initially focused on credential harvesting via targeted phishing campaigns, the group has evolved a modular toolkit capable of deep network infiltration […] The post IRGC-Linked APT35 Structure, Tools, and Espionage Operations Disclosed appeared first on Cyber Security News.

A sophisticated technique known as hidden text salting has emerged as a significant threat to email security systems, allowing cybercriminals to bypass detection mechanisms through the strategic abuse of cascading style sheets (CSS) properties. This attack vector enables threat actors to embed irrelevant content, or “salt,” within various components of malicious emails while rendering it […] The post Hackers Abuse CSS Properties With Messages to Inject Malicious Codes in Hidden Text Salting Attack appeared first on Cyber Security News.

A critical SQL injection vulnerability in FreePBX has emerged as a significant threat to VoIP infrastructure worldwide, enabling attackers to manipulate database contents and achieve arbitrary code execution. FreePBX, a widely deployed PBX system built around the open-source Asterisk VoIP platform, provides organizations with web-based administrative capabilities for managing telecommunications infrastructure. The vulnerability, designated as […] The post FreePBX SQL Injection Vulnerability Exploited to Modify The Database appeared first on Cyber Security News.

A new threat group calling itself Crimson Collective has emerged as a significant cybersecurity concern, targeting Amazon Web Services (AWS) cloud environments with sophisticated data exfiltration and extortion campaigns. The group has recently claimed responsibility for attacking Red Hat, asserting they successfully compromised and stole private repositories from Red Hat’s GitLab infrastructure. This development represents […] The post Crimson Collective Leverages AWS Services to Exfiltrate Sensitive Data appeared first on Cyber Security News.

A sophisticated new breed of ransomware attacks is leveraging legitimate database commands to compromise organizations worldwide, bypassing traditional security measures through “malware-less” operations. Unlike conventional ransomware that encrypts files using malicious binaries, threat actors are exploiting exposed database services by abusing standard database functionality to steal, wipe, and ransom critical data. The attack methodology represents […] The post Hackers Actively Compromising Databases Using Legitimate Commands appeared first on Cyber Security News.