A sophisticated phishing operation has been running undetected for over three years across Google Cloud and Cloudflare infrastructure, impersonating major corporations including defense contractor Lockheed Martin. The campaign, which utilized advanced cloaking techniques and compromised expired domains, demonstrates a concerning failure in detection capabilities by two of the internet’s largest service providers. The operation began […] The post Phishing Campaign Went Undetected for Over 3 Years on Google Cloud and Cloudflare appeared first on Cyber Security News.

Disney Worldwide Services, Inc. and Disney Entertainment Operations LLC have agreed to pay $10 million in a landmark settlement to resolve allegations that they systematically collected personal data from children under 13 in violation of the Children’s Online Privacy Protection Act (COPPA) Rule. The U.S. Department of Justice, acting at the behest of the Federal […] The post Disney Agreed to Pay $10 Million for Collection Personal Data From Children appeared first on Cyber Security News.

A sophisticated new Python-based information stealer has emerged in the cybersecurity landscape, demonstrating advanced capabilities for data exfiltration through Discord channels. The malware, identified as “Inf0s3c Stealer,” represents a significant evolution in the realm of data theft tools, combining traditional system reconnaissance techniques with modern communication platforms to avoid detection while efficiently harvesting sensitive information […] The post New Stealthy Python Malware Leverages Discord to Steal Data From Windows Machines appeared first on Cyber Security News.

Cybersecurity researchers began detecting an alarming surge in early April 2025 in UDP flood traffic emanating from compromised network video recorders (NVRs) and other edge devices. Within milliseconds of infection, these devices were weaponized to direct overwhelming volumes of packets at unsuspecting targets, leading to service disruptions and massive bandwidth consumption. Bitsight analysts identified this […] The post RapperBot Hijacking Devices to Launch DDoS Attack In a Split Second appeared first on Cyber Security News.

A stealthy new malware loader dubbed TinyLoader has begun proliferating across Windows environments, exploiting network shares and deceptive shortcut files to compromise systems worldwide. First detected in late August 2025, TinyLoader installs multiple secondary payloads—most notably RedLine Stealer and DCRat—transforming infected machines into fully weaponized platforms for credential theft, remote access, and cryptocurrency hijacking. Analysts […] The post New TinyLoader Malware Attacking Windows Users Via Network Shares and Fake Shortcuts Files appeared first on Cyber Security News.

A critical security vulnerability discovered in ESPHome’s web server component has exposed thousands of smart home devices to unauthorized access, effectively nullifying basic authentication protections on ESP-IDF platform implementations. The flaw, designated CVE-2025-57808 with a CVSS score of 8.1, affects ESPHome version 2025.8.0 and allows attackers to bypass authentication mechanisms without any knowledge of legitimate […] The post ESPHome Web Server Authentication Bypass Vulnerability Exposes Smart Devices appeared first on Cyber Security News.

Google has officially debunked widespread reports claiming the company issued a major security warning to Gmail users, clarifying that such claims are entirely false. The technology giant addressed the misinformation directly on September 1, 2025, emphasizing that no broad security alert was ever issued to its user base. These inaccurate reports had circulated across various […] The post Google Confirms That Claims of Major Gmail Security Warning are False appeared first on Cyber Security News.

A sophisticated spear-phishing campaign has emerged targeting senior executives and C-suite personnel across multiple industries, leveraging Microsoft OneDrive as the primary attack vector. The campaign utilizes carefully crafted emails masquerading as internal HR communications about salary amendments to trick high-profile targets into surrendering their corporate credentials. This latest threat represents a concerning escalation in social […] The post New Phishing Attack Via OneDrive Attacking C-level Employees for Corporate Credentials appeared first on Cyber Security News.

Commercial surveillance vendors have evolved from niche technology suppliers into a sophisticated multi-billion-dollar ecosystem that poses unprecedented threats to journalists, activists, and civil society members worldwide. A comprehensive new report by Sekoia.io’s Threat Detection & Research team reveals how these private companies have industrialized spyware deployment, transforming targeted surveillance from isolated technical components into fully […] The post New Report on Commercial Spyware Vendors Detailing Their Targets and Infection Chains appeared first on Cyber Security News.