In recent weeks, security teams worldwide have grappled with a new ransomware strain that has shattered expectations for speed and sophistication. First detected in late September 2025, this variant encrypts critical data within seconds of execution, leaving little time for intervention. Organizations across manufacturing, healthcare, and finance sectors have reported system-wide outages as attackers deploy […] The post Chaos Emerges as Faster, Smarter, and More Dangerous Ransomware appeared first on Cyber Security News.

The cybersecurity community has witnessed the rapid emergence of a novel phishing toolkit that automates the creation of “ClickFix” attack pages, enabling threat actors with minimal technical expertise to deploy sophisticated social engineering lures. Dubbed the IUAM ClickFix Generator, this phishing kit consolidates all necessary configuration options—page title, domain, verification prompts and clipboard instructions—into a […] The post New Phishing Kit Automates Generation of ClickFix Attack Bypassing Security Measures appeared first on Cyber Security News.

In recent weeks, a sophisticated malware campaign has emerged that leverages conversational chatbots as covert entry points into enterprise systems. Initially observed in mid-September 2025, the threat actors targeted organizations running customer-facing chat applications built on large language models. By exploiting weaknesses in natural language processing and indirect data ingestion, attackers were able to pivot […] The post AI Chatbot Leveraged as a Critical Backdoor to Access Sensitive Data and Infrastructure appeared first on Cyber Security News.

The cybersecurity landscape has been shaken by the emergence of Trinity of Chaos, a sophisticated ransomware collective that has launched a data leak site containing sensitive information from 39 major corporations. This formidable alliance, presumably comprising members from the notorious Lapsus$, Scattered Spider, and ShinyHunters groups, represents a significant evolution in cybercriminal organization and operational […] The post New Hacker Alliance Trinity of Chaos Leaked 39 Companies Data Including Google, CISCO and Others appeared first on Cyber Security News.

Shuyal Stealer has rapidly ascended as one of the most versatile credential theft tools observed in recent months. First detected in early August 2025, its modular architecture allows it to target an expansive range of web browsers, including Chromium-based, Gecko-based, and legacy engines alike. Initial indicators of compromise emerged as anomalous network traffic from compromised […] The post Shuyal Stealer Attacking 19 Browsers to Steal Login Credentials appeared first on Cyber Security News.

Corporate data security faces an unprecedented crisis as new research reveals widespread employee misuse of generative AI platforms. A comprehensive study examining enterprise browsing behavior has uncovered alarming patterns of sensitive data exposure across organizations worldwide. The research, based on real-world telemetry from enterprise browsers, demonstrates that artificial intelligence tools have become the primary vector […] The post 77% of Employees Share Company Secrets on ChatGPT Compromising Enterprise Policies appeared first on Cyber Security News.

Since emerging in the mid-2010s as a persistent threat actor, the IRGC-linked APT35 collective has continually adapted its tactics to target government entities, energy firms, and diplomatic missions across the Middle East and beyond. Initially focused on credential harvesting via targeted phishing campaigns, the group has evolved a modular toolkit capable of deep network infiltration […] The post IRGC-Linked APT35 Structure, Tools, and Espionage Operations Disclosed appeared first on Cyber Security News.

A sophisticated technique known as hidden text salting has emerged as a significant threat to email security systems, allowing cybercriminals to bypass detection mechanisms through the strategic abuse of cascading style sheets (CSS) properties. This attack vector enables threat actors to embed irrelevant content, or “salt,” within various components of malicious emails while rendering it […] The post Hackers Abuse CSS Properties With Messages to Inject Malicious Codes in Hidden Text Salting Attack appeared first on Cyber Security News.

A critical SQL injection vulnerability in FreePBX has emerged as a significant threat to VoIP infrastructure worldwide, enabling attackers to manipulate database contents and achieve arbitrary code execution. FreePBX, a widely deployed PBX system built around the open-source Asterisk VoIP platform, provides organizations with web-based administrative capabilities for managing telecommunications infrastructure. The vulnerability, designated as […] The post FreePBX SQL Injection Vulnerability Exploited to Modify The Database appeared first on Cyber Security News.