A sophisticated malware campaign targeting WordPress websites has been discovered employing advanced steganographic techniques and persistent backdoor mechanisms to maintain unauthorized administrator access. The malware operates through two primary components that work in tandem to create a resilient attack infrastructure, enabling cybercriminals to establish persistent footholds on compromised websites while remaining undetected by traditional security […] The post Hackers Exploiting WordPress Websites With Silent Malware to Gain Admin Access appeared first on Cyber Security News.

A recent wave of attacks leveraging malicious Windows shortcut files (.LNK) has put security teams on high alert. Emerging in late August 2025, this new LNK malware distribution exploits trusted Microsoft binaries to bypass endpoint protections and execute payloads without raising suspicions. Delivered primarily via spear-phishing emails and compromised websites, the shortcut files appear innocuous, […] The post New LNK Malware Uses Windows Binaries to Bypass Security Tools and Execute Malware appeared first on Cyber Security News.

BRICKSTORM has surfaced as a highly evasive backdoor targeting organizations within the technology and legal industries, exploiting trust relationships to infiltrate critical networks. First detected in mid-2025, this malware leverages multi-stage loaders and covert communication channels to avoid detection. Early victims reported unusual latency in remote desktop sessions, prompting deeper forensic investigations. As the campaign […] The post New BRICKSTORM Stealthy Backdoor Attacking Tech and Legal Sectors appeared first on Cyber Security News.

In recent weeks, security researchers have observed a surge in targeted attacks attributed to the COLDRIVER advanced persistent threat (APT) group. This adversary has introduced a new PowerShell-based backdoor, dubbed BAITSWITCH, which exhibits sophisticated command-and-control techniques while blending into legitimate Windows processes. Initial sightings trace back to late July 2025, when intrusion attempts against government […] The post COLDRIVER APT Group Uses ClickFix To Deliver a New PowerShell-Based Backdoor BAITSWITCH appeared first on Cyber Security News.

Numerous mobile applications have been found to expose critical user information through misconfigured Firebase services, allowing unauthenticated attackers to access databases, storage buckets, Firestore collections, and Remote Config secrets. This widespread issue first came to light when security researcher Mike Oude Reimer published findings on 16 September 2025, demonstrating that approximately 150 different Firebase endpoints […] The post Numerous Applications Using Google’s Firebase Platform Leaking Highly Sensitive Data appeared first on Cyber Security News.

On the eve of Moldova’s parliamentary elections scheduled for September 28, 2025, cybersecurity researchers have uncovered a sophisticated Russian-backed disinformation campaign designed to undermine public confidence in Moldova’s pro-European leadership. The campaign began surfacing in April 2025, when analysts first observed a cluster of newly registered domains publishing biased news articles in both Romanian and […] The post New Russian Disinformation Campaign Targeting Upcoming Moldova’s Elections appeared first on Cyber Security News.

Critical vulnerabilities discovered in Supermicro Baseboard Management Controller (BMC) firmware have exposed a troubling pattern where inadequate security fixes create new attack vectors, allowing sophisticated adversaries to bypass signature verification mechanisms and maintain persistent control over enterprise server infrastructure. These flaws, affecting multiple generations of Supermicro motherboards, demonstrate how design weaknesses in firmware validation processes […] The post BMC Firmware Vulnerabilities Allow Attackers to Bypass Signature Verification Features appeared first on Cyber Security News.