A critical security vulnerability in the AI Engine WordPress plugin has put more than 100,000 active installations at risk of privilege escalation attacks. The flaw, tracked as CVE-2025-11749 with a CVSS score of 9.8, allows unauthenticated attackers to extract bearer tokens and gain complete administrative control over vulnerable WordPress sites. Security researcher Emiliano Versini discovered […] The post AI Engine WordPress Plugin Exposes 100,000 WordPress Sites to Privilege Escalation Attacks appeared first on Cyber Security News.

A sophisticated threat actor known as Curly COMrades has deployed an innovative attack methodology that leverages legitimate Windows virtualization features to establish covert, long-term access to victim networks. The campaign, which began in early July 2025, represents a significant evolution in adversary tactics as threat actors increasingly seek methods to bypass endpoint detection and response […] The post Curly COMrades Hacker Group Using New Tools to Create Hidden Remote Access on Compromised Windows 10 appeared first on Cyber Security News.

The notorious FIN7 threat group, also known by the nickname Savage Ladybug, continues to pose a significant risk to enterprise environments through an increasingly refined Windows SSH backdoor campaign. The group has been actively deploying this sophisticated backdoor mechanism to establish persistent remote access and facilitate data exfiltration operations. First documented in 2022, the malware […] The post FIN7 Hackers Using Windows SSH Backdoor to Establish Stealthy Remote Access and Persistence appeared first on Cyber Security News.

DragonForce, a ransomware-as-a-service operation active since 2023, has dramatically evolved into what researchers now describe as a structured cybercriminal cartel, leveraging the publicly leaked Conti v3 source code to establish a formidable threat infrastructure. The group initially relied on the LockBit 3.0 builder for developing encryptors before transitioning to a customized Conti v3 codebase, giving […] The post DragonForce Cartel Emerges From the Leaked Source Code of Conti v3 Ransomware appeared first on Cyber Security News.

A significant security threat has emerged from the Google Play Store, where threat actors have successfully deployed 239 malicious applications that have been collectively downloaded more than 42 million times. This discovery marks a disturbing trend in mobile malware campaigns targeting users during a period when remote and hybrid work environments have become the norm. […] The post 239 Malicious Android Apps on Google Play With Downloaded Over 40 Million Times appeared first on Cyber Security News.

Silent Lynx, a sophisticated threat group that has been tracked since 2024, continues its relentless espionage campaign against government entities across Central Asia. Seqrite analysts identified the group as the first to assign this nomenclature, distinguishing it from multiple overlapping aliases including YoroTrooper, Sturgeon Phisher, and ShadowSilk. The group has become notorious for orchestrating spear-phishing […] The post Silent Lynx APT New Attack Targeting Governmental Employees Posing as Officials appeared first on Cyber Security News.

A critical security flaw in the WordPress Post SMTP plugin has left more than 400,000 websites vulnerable to account takeover attacks. The vulnerability, identified as CVE-2025-11833, enables unauthenticated attackers to access email logs containing sensitive password reset information, potentially compromising administrator accounts and entire websites. The flaw stems from a missing authorization check in the […] The post WordPress Post SMTP Plugin Vulnerability Exposes 400,000 Websites to Account Takeover Attacks appeared first on Cyber Security News.

XLoader remains one of the most challenging malware families confronting cybersecurity researchers. This sophisticated information-stealing loader emerged in 2020 as a rebrand of FormBook and has evolved into an increasingly complex threat. The malware’s code decrypts only at runtime and sits protected behind multiple encryption layers, each locked with different keys hidden throughout the binary. […] The post XLoader Malware Analyzed Using ChatGPT’s, Breaks RC4 Encryption Layers in Hours appeared first on Cyber Security News.

The Tycoon 2FA phishing kit has emerged as one of the most sophisticated Phishing-as-a-Service platforms since its debut in August 2023, specifically engineered to circumvent two-factor authentication and multi-factor authentication protections on Microsoft 365 and Gmail accounts. This advanced threat employs an Adversary-in-the-Middle approach, utilizing reverse proxy servers to host convincing phishing pages that perfectly […] The post Attack Techniques of Tycoon 2FA Phishing Kit Targeting Microsoft 365 and Gmail Accounts Detailed appeared first on Cyber Security News.