Cloud account takeover attacks have evolved into a sophisticated threat as cybercriminals and state-sponsored actors increasingly weaponize OAuth applications to establish persistent access within compromised environments. These malicious actors are exploiting the fundamental trust mechanisms of cloud authentication systems, specifically targeting Microsoft Entra ID environments where they can hijack user accounts, conduct reconnaissance, exfiltrate sensitive […] The post Hackers Weaponizing OAuth Applications for Persistent Cloud Access Even After Password Reset appeared first on Cyber Security News.

A sophisticated cyberespionage campaign dubbed PassiveNeuron has resurfaced with infections targeting government, financial, and industrial organizations across Asia, Africa, and Latin America. First detected in 2024, the campaign remained dormant for six months before re-emerging in December 2024, with the latest infections observed as recently as August 2025. The threat involves deploying previously unknown advanced […] The post New PassiveNeuron Attacking Servers of High-Profile Organizations to Implant Malware appeared first on Cyber Security News.

Since its emergence in August 2022, Lumma Infostealer has rapidly become a cornerstone of malware-as-a-service platforms, enabling even unskilled threat actors to harvest high-value credentials. Delivered primarily via phishing sites masquerading as cracked software installers, the malicious payload is encapsulated within a Nullsoft Scriptable Install System (NSIS) package designed to evade signature-based detection. Upon execution, […] The post Lumma Infostealer Malware Attacks Users to Steal Browser Cookies, Cryptocurrency Wallets and VPN/RDP Accounts appeared first on Cyber Security News.

When users authenticate to Microsoft cloud services, their activities generate authentication events recorded across multiple logging systems. Microsoft Entra sign-in logs and Microsoft 365 audit logs capture identical authentication events but represent this critical security data using different formats. Security analysts investigating incidents frequently encounter the UserAuthenticationMethod field in Microsoft 365 sign-in events, which displays […] The post Decoding Microsoft 365 Audit Log Events Using Bitfield Mapping Technique – Investigation Report appeared first on Cyber Security News.

Monolock ransomware has surfaced in underground forums, with threat actors advertising version 1.0 for sale alongside stolen corporate credentials. First detected in late September, the malware exploits phishing emails containing malicious Word documents. Upon opening, the embedded macro downloads the ransomware binary from a compromised server. Victims report file encryption using a mix of AES-256 […] The post Threat Actors Allegedly Selling Monolock Ransomware on Dark Web Forums appeared first on Cyber Security News.

Over the past week, cybersecurity professionals have been gripped by the emergence of GlassWorm, a highly sophisticated, self-propagating malware campaign targeting VS Code extensions on the OpenVSX Marketplace. The scale and technical complexity of this attack signal a turning point for supply chain security in developer ecosystems. As of October 2025, over 35,800 installations have […] The post New GlassWorm Using Invisible Code Hits Attacking VS Code Extensions on OpenVSX Marketplace appeared first on Cyber Security News.

A critical authorization bypass vulnerability has emerged in ZYXEL’s ATP and USG series network security appliances, allowing attackers to circumvent two-factor authentication protections and gain unauthorized access to sensitive system configurations. Tracked as CVE-2025-9133, this security flaw affects devices running ZLD firmware version 5.40 and was publicly disclosed on October 21, 2025, following a coordinated […] The post ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration appeared first on Cyber Security News.

A sophisticated threat campaign has emerged targeting Russia’s public sector and critical industries between May and August 2025. The Cavalry Werewolf APT group, also known as YoroTrooper and Silent Lynx, has been actively deploying custom-built malware toolsets through highly targeted phishing operations that exploit trusted governmental relationships. The campaign focuses on organizations within energy, mining, […] The post Cavalry Werewolf APT Hackers Attacking Multiple Industries with FoalShell and StallionRAT appeared first on Cyber Security News.

The emergence of the AdaptixC2 post-exploitation framework in 2025 marked a significant milestone in the evolution of attacker toolsets targeting open-source supply chains. Positioning itself as a formidable alternative to established tools like Cobalt Strike, AdaptixC2 quickly attracted threat actors seeking agility and stealth in post-exploitation scenarios. This October, researchers uncovered its delivery through the […] The post Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework appeared first on Cyber Security News.