Modern development workflows increasingly rely on AI-driven coding assistants to accelerate software delivery and improve code quality. However, recent research has illuminated a potent new threat: adversaries can exploit these tools to introduce backdoors and generate harmful content without immediate detection. This vulnerability manifests through the misuse of context‐attachment features, where contaminated external data sources […] The post Threat Actors Could Misuse Code Assistant To Inject Backdoors and Generating Harmful Content appeared first on Cyber Security News.

Late in the summer of 2025, cybersecurity researchers uncovered a sophisticated spearphishing campaign targeting Ukrainian military personnel via the Signal messaging platform. The operation, dubbed “Phantom Net Voxel,” begins with a malicious Office document sent through private Signal chats, masquerading as urgent administrative forms or compensation requests. Upon opening, the document’s embedded macros drop a […] The post New APT28 Attack Via Signal Messenger Delivers BeardShell and Covenant Malware appeared first on Cyber Security News.

A critical authentication bypass vulnerability in the Case Theme User WordPress plugin has emerged as a significant security threat, allowing unauthenticated attackers to gain administrative access to websites by exploiting the social login functionality. The vulnerability, tracked as CVE-2025-5821 with a CVSS score of 9.8, affects all versions of the plugin up to 1.0.3 and […] The post WordPress Plugin Vulnerability Let Attackers Bypass Authentication via Social Login appeared first on Cyber Security News.

In recent months, threat actors have begun exploiting the Model Context Protocol (MCP)—a universal “plug-in bus” designed to streamline AI-assistant integrations—as a novel supply chain attack vector. MCP servers allow AI assistants and development tools to translate natural-language requests into executable commands, but this convenience comes at a steep price: unvetted MCP servers can run […] The post Threat Actors Can Weaponize MCP Servers To Harvests Sensitive Data appeared first on Cyber Security News.

SmokeLoader, first seen on criminal forums in 2011, has evolved into a highly modular malware loader designed to deliver a variety of second-stage payloads, including trojans, ransomware, and credential stealers. After Operation Endgame disrupted numerous campaigns in mid-2024, the loader reemerged in early 2025 as two distinct variants: version 2025 alpha and version 2025. Both […] The post SmokeLoader Utilizes Optional Plugins To Perform Tasks Such as Stealing Data and DoS Attacks appeared first on Cyber Security News.

Since early 2025, the cybersecurity community has witnessed an unprecedented surge in distributed denial-of-service (DDoS) bandwidth, culminating in a record-shattering 11.5 Tbps assault attributed to a botnet named AISURU. Emerging from XLab’s continuous monitoring of global DDoS incidents, this botnet leveraged compromised router firmware to amass approximately 300,000 active devices worldwide. Researchers first detected unusual […] The post AISURU Botnet With 300,000 Hijacked Routers Behind The Recent Massive 11.5 Tbps DDoS Attack appeared first on Cyber Security News.

Since May 2025, a novel credential stealer dubbed Maranhão Stealer has emerged as a significant threat to users of pirated gaming software. Distributed through deceptive websites hosting cracked launchers and cheats, the malware leverages cloud-hosted platforms to deliver trojanized installers that appear innocuous. Upon execution, the installer unpacks a Node.js–compiled binary encapsulated in an Inno […] The post New Maranhão Stealer Via Pirated Software Leveraging Cloud-Hosted Platforms to Steal Login Credentials appeared first on Cyber Security News.

The eruption of widespread protests across Nepal in early September 2025 provided fertile ground for a sophisticated campaign orchestrated by the Sidewinder APT group. As demonstrators mobilized against government policies and social media restrictions, threat actors exploited the turbulence to distribute malicious applications masquerading as legitimate emergency services. Victims seeking live updates or assistance were […] The post Sidewinder APT Hackers Leverage Nepal Protests to Push Mobile and Windows Malware appeared first on Cyber Security News.

Cybercriminals are increasingly exploiting legitimate remote monitoring and management (RMM) tools to establish persistent access to compromised systems through sophisticated phishing campaigns. Joint research conducted by Red Canary Intelligence and Zscaler threat hunters has identified multiple malicious campaigns utilizing ITarian (also known as Comodo), PDQ, SimpleHelp, and Atera RMM solutions as attack vectors. The appeal […] The post Threat Actors Leverage Several RMM Tools in Phishing Attack to Maintain Remote Access appeared first on Cyber Security News.

A sophisticated pro-Russian cybercriminal group known as SectorJ149 (also identified as UAC-0050) has emerged as a significant threat to critical infrastructure worldwide, conducting targeted attacks against manufacturing, energy, and semiconductor companies across multiple nations. The group’s activities represent a strategic shift from traditional financially motivated cybercrime to geopolitically driven operations that align with broader Russian […] The post Pro-Russian Hackers Attacking Key Industries in Major Countries Around The World appeared first on Cyber Security News.