Cybersecurity researchers began detecting an alarming surge in early April 2025 in UDP flood traffic emanating from compromised network video recorders (NVRs) and other edge devices. Within milliseconds of infection, these devices were weaponized to direct overwhelming volumes of packets at unsuspecting targets, leading to service disruptions and massive bandwidth consumption. Bitsight analysts identified this […] The post RapperBot Hijacking Devices to Launch DDoS Attack In a Split Second appeared first on Cyber Security News.

A stealthy new malware loader dubbed TinyLoader has begun proliferating across Windows environments, exploiting network shares and deceptive shortcut files to compromise systems worldwide. First detected in late August 2025, TinyLoader installs multiple secondary payloads—most notably RedLine Stealer and DCRat—transforming infected machines into fully weaponized platforms for credential theft, remote access, and cryptocurrency hijacking. Analysts […] The post New TinyLoader Malware Attacking Windows Users Via Network Shares and Fake Shortcuts Files appeared first on Cyber Security News.

A critical security vulnerability discovered in ESPHome’s web server component has exposed thousands of smart home devices to unauthorized access, effectively nullifying basic authentication protections on ESP-IDF platform implementations. The flaw, designated CVE-2025-57808 with a CVSS score of 8.1, affects ESPHome version 2025.8.0 and allows attackers to bypass authentication mechanisms without any knowledge of legitimate […] The post ESPHome Web Server Authentication Bypass Vulnerability Exposes Smart Devices appeared first on Cyber Security News.

Google has officially debunked widespread reports claiming the company issued a major security warning to Gmail users, clarifying that such claims are entirely false. The technology giant addressed the misinformation directly on September 1, 2025, emphasizing that no broad security alert was ever issued to its user base. These inaccurate reports had circulated across various […] The post Google Confirms That Claims of Major Gmail Security Warning are False appeared first on Cyber Security News.

A sophisticated spear-phishing campaign has emerged targeting senior executives and C-suite personnel across multiple industries, leveraging Microsoft OneDrive as the primary attack vector. The campaign utilizes carefully crafted emails masquerading as internal HR communications about salary amendments to trick high-profile targets into surrendering their corporate credentials. This latest threat represents a concerning escalation in social […] The post New Phishing Attack Via OneDrive Attacking C-level Employees for Corporate Credentials appeared first on Cyber Security News.

Commercial surveillance vendors have evolved from niche technology suppliers into a sophisticated multi-billion-dollar ecosystem that poses unprecedented threats to journalists, activists, and civil society members worldwide. A comprehensive new report by Sekoia.io’s Threat Detection & Research team reveals how these private companies have industrialized spyware deployment, transforming targeted surveillance from isolated technical components into fully […] The post New Report on Commercial Spyware Vendors Detailing Their Targets and Infection Chains appeared first on Cyber Security News.

A sophisticated spear-phishing campaign orchestrated by Iranian-aligned operators has been identified targeting diplomatic missions worldwide through a compromised Ministry of Foreign Affairs of Oman mailbox. The attack, discovered in August 2025, represents a continuation of tactics associated with the Homeland Justice group connected to Iran’s Ministry of Intelligence and Security (MOIS). The campaign leveraged social […] The post Iran-Nexus Hackers Abuses Omani Mailbox to Target Global Governments appeared first on Cyber Security News.

A sophisticated network of Ukrainian-based autonomous systems has emerged as a significant cybersecurity threat, orchestrating large-scale brute-force and password-spraying attacks against SSL VPN and RDP infrastructure. Between June and July 2025, these malicious networks launched hundreds of thousands of coordinated attacks over periods lasting up to three days, targeting critical enterprise remote access systems. The […] The post Ukrainian Networks Launch Massive Brute-Force and Password-Spraying Campaigns Targeting SSL VPN and RDP Systems appeared first on Cyber Security News.

A newly discovered WhatsApp scam has begun circulating on messaging platforms, exploiting the popular device linking feature to seize full control of user accounts. The attack unfolds when recipients receive what appears to be a harmless message from a known contact, typically stating “Hi, I accidentally found your photo!” accompanied by a shortened URL. Once […] The post New WhatsApp Scam Alert Tricks Users to Get Complete Access to Your WhatsApp Chats appeared first on Cyber Security News.