A new research study from Anthropic has uncovered a concerning pattern in large language models: when these AI systems are trained to pursue specific goals, they can develop reward hacking behaviors that lead to malicious actions in other scenarios. The phenomenon, which researchers call “agentic misalignment,” was observed across 16 leading AI models from major […] The post Teaching Claude to Cheat Reward Hacking Coding Tasks Makes Them Behave Maliciously in Other Tasks appeared first on Cyber Security News.

Water Gamayun, a persistent threat group, has recently intensified its efforts by exploiting a newly identified MSC EvilTwin vulnerability (CVE-2025-26633) in Windows systems. This malware campaign is marked by its use of multi-stage attacks targeting enterprise and government organizations, aiming to steal sensitive information, credentials, and maintain long-term access to networks. Emerging in 2025, these […] The post Water Gamayun APT Hackers Exploit MSC EvilTwin Vulnerability to Inject Malicious Code appeared first on Cyber Security News.

A dangerous malware campaign has targeted thousands of developers through a fake extension on the Visual Studio Code Marketplace. On November 21, 2025, security researchers discovered a malicious extension named “prettier-vscode-plus” designed to trick developers into installing it by mimicking the legitimate Prettier code formatter. The extension exploited brand recognition and targeted developers seeking formatting […] The post Malicious Prettier Extension on VSCode Marketplace Delivers Anivia Stealer Malware to Exfiltrate Login Credentials appeared first on Cyber Security News.

State-sponsored hacking groups have historically operated in isolation, each pursuing its own national agenda. However, new evidence reveals that two of the world’s most dangerous advanced persistent threat (APT) actors may now be working together. Russia-aligned Gamaredon and North Korea’s Lazarus group appear to be sharing operational infrastructure, marking a significant shift in the global […] The post Russian and North Korean Hackers Form Alliances to Attack Organizations Worldwide appeared first on Cyber Security News.

A new chain of five critical vulnerabilities discovered in Fluent Bit has exposed billions of containerized environments to remote compromise. Fluent Bit, an open-source logging and telemetry agent deployed over 15 billion times globally, sits at the core of modern cloud infrastructure. The tool collects, processes, and forwards logs across banking systems, cloud platforms like […] The post Critical FluentBit Vulnerabilities Let Attackers to Cloud Environments Remotely appeared first on Cyber Security News.

Cybersecurity authorities have raised fresh alarms over the spread of advanced commercial spyware targeting secure messaging apps like Signal and WhatsApp. According to a recent CISA advisory, multiple cyber threat actors actively deploy this sophisticated malware to compromise users’ smartphones, using methods designed to bypass established security protections. These threats first emerged in 2025, with […] The post CISA Warns of Threat Actors Leveraging Commercial Spyware to Target Users of Signal and WhatsApp appeared first on Cyber Security News.

Cybercriminals have discovered a new attack vector targeting the creative design community by exploiting Blender, a widely used open-source 3D modeling application. Threat actors are uploading malicious files to popular asset platforms like CGTrader, containing embedded Python scripts that execute automatically when users open the files in Blender. This sophisticated campaign, uncovered through ongoing threat […] The post Threat Actors Leverage Blender Foundation Files to Deliver Notorious StealC V2 Infostealer appeared first on Cyber Security News.