When users authenticate to Microsoft cloud services, their activities generate authentication events recorded across multiple logging systems. Microsoft Entra sign-in logs and Microsoft 365 audit logs capture identical authentication events but represent this critical security data using different formats. Security analysts investigating incidents frequently encounter the UserAuthenticationMethod field in Microsoft 365 sign-in events, which displays […] The post Decoding Microsoft 365 Audit Log Events Using Bitfield Mapping Technique – Investigation Report appeared first on Cyber Security News.

Monolock ransomware has surfaced in underground forums, with threat actors advertising version 1.0 for sale alongside stolen corporate credentials. First detected in late September, the malware exploits phishing emails containing malicious Word documents. Upon opening, the embedded macro downloads the ransomware binary from a compromised server. Victims report file encryption using a mix of AES-256 […] The post Threat Actors Allegedly Selling Monolock Ransomware on Dark Web Forums appeared first on Cyber Security News.

Over the past week, cybersecurity professionals have been gripped by the emergence of GlassWorm, a highly sophisticated, self-propagating malware campaign targeting VS Code extensions on the OpenVSX Marketplace. The scale and technical complexity of this attack signal a turning point for supply chain security in developer ecosystems. As of October 2025, over 35,800 installations have […] The post New GlassWorm Using Invisible Code Hits Attacking VS Code Extensions on OpenVSX Marketplace appeared first on Cyber Security News.

A critical authorization bypass vulnerability has emerged in ZYXEL’s ATP and USG series network security appliances, allowing attackers to circumvent two-factor authentication protections and gain unauthorized access to sensitive system configurations. Tracked as CVE-2025-9133, this security flaw affects devices running ZLD firmware version 5.40 and was publicly disclosed on October 21, 2025, following a coordinated […] The post ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration appeared first on Cyber Security News.

A sophisticated threat campaign has emerged targeting Russia’s public sector and critical industries between May and August 2025. The Cavalry Werewolf APT group, also known as YoroTrooper and Silent Lynx, has been actively deploying custom-built malware toolsets through highly targeted phishing operations that exploit trusted governmental relationships. The campaign focuses on organizations within energy, mining, […] The post Cavalry Werewolf APT Hackers Attacking Multiple Industries with FoalShell and StallionRAT appeared first on Cyber Security News.

The emergence of the AdaptixC2 post-exploitation framework in 2025 marked a significant milestone in the evolution of attacker toolsets targeting open-source supply chains. Positioning itself as a formidable alternative to established tools like Cobalt Strike, AdaptixC2 quickly attracted threat actors seeking agility and stealth in post-exploitation scenarios. This October, researchers uncovered its delivery through the […] The post Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework appeared first on Cyber Security News.

A sophisticated phishing campaign orchestrated by Pakistan-linked threat actors has been discovered targeting Indian government entities by impersonating the National Informatics Centre’s email services. The operation, attributed to APT36, also known as TransparentTribe, leverages social engineering tactics to compromise sensitive government infrastructure through deceptive email communications designed to appear as legitimate NIC eEmail Services correspondence. […] The post Pakistani Threat Actors Targeting Indian Govt. With Email Mimic as ‘NIC eEmail Services’ appeared first on Cyber Security News.

Over the summer of 2025, a novel malware family emerged following the public disclosure of the LOSTKEYS implant. This new strain was rapidly weaponized in a series of highly targeted campaigns against policy advisors, non-governmental organizations, and dissidents. Leveraging a refreshed lure known as COLDCOPY ClickFix, threat actors masqueraded the payload as a CAPTCHA verification […] The post New LOSTKEYS Malware Linked to Russia State-Sponsored Hacker Group COLDRIVER appeared first on Cyber Security News.

Over the past several months, cybersecurity researchers have observed a surge of fraudulent Chrome extensions masquerading as legitimate WhatsApp Web automation tools. These 131 rebranded clones, each presenting as distinct offerings, share an identical codebase designed to automate bulk messaging and scheduling without user consent. By injecting custom scripts directly into the WhatsApp Web interface, […] The post 131 Malicious Extensions Targeting WhatsApp Used Found in Chrome Web Store appeared first on Cyber Security News.