-
Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job. “Some of these [companies’ are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked to North Korea’s current efforts to scale up its
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
At Pwn2Own Ireland 2025, cybersecurity researchers Ben R. and Georgi G. from Interrupt Labs showcased an impressive achievement by successfully exploiting a zero-day vulnerability in the Samsung Galaxy S25.
This allowed them to gain full control over the device, enabling them to activate the camera and track the user’s location.
The exploit, revealed on the event’s final day, highlights ongoing security challenges in flagship Android smartphones despite rigorous testing by manufacturers.
This breach underscores the high-stakes world of ethical hacking competitions, where vulnerabilities are disclosed responsibly to improve global device security.
The core issue exploited by the Interrupt Labs team stemmed from an improper input validation bug within the Galaxy S25’s software stack, allowing attackers to bypass safeguards and execute arbitrary code remotely.
Samsung Galaxy S25 0-Day Vulnerability
By crafting malicious inputs, the researchers demonstrated how an adversary could silently hijack the device without user interaction, a technique that evaded Samsung’s defenses during the live contest.
This vulnerability, undisclosed prior to the event, enabled persistent access, turning the premium smartphone into a surveillance tool capable of capturing photos, videos, and real-time GPS data.
Experts note that such flaws often arise in multimedia or system libraries, where rapid feature development outpaces security hardening.
For their sophisticated exploit chain, Ben R. and Georgi G. earned $50,000 in prize money along with 5 Master of Pwn points, contributing to the event’s massive $2 million total payout across 73 unique zero-days.
Pwn2Own, organized by the Zero Day Initiative, rewards participants for responsibly disclosing flaws, ensuring vendors like Samsung receive detailed reports for patching.
Samsung has yet to issue a specific statement on this Galaxy S25 exploit, but historical patterns suggest an imminent security update will address it, similar to recent fixes for other Android zero-days.
Users are advised to enable automatic updates and monitor official channels for patches, as unmitigated exploits could expose sensitive data in real-world attacks.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Hackers Exploited Samsung Galaxy S25 0-Day Vulnerability to Enable Camera and Track Location appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SpaceX has disabled over 2,500 Starlink satellite internet terminals linked to notorious scam centers in Myanmar. The action underscores the company’s commitment to denying the misuse of its technology amid rising global concerns over online scams originating from Southeast Asia.
SpaceX announced the proactive measure on Wednesday, revealing that the terminals were concentrated near suspected “scam centers” in the region.
These operations, often run by organized crime syndicates, have been implicated in widespread fraud schemes targeting victims worldwide, including romance scams, investment frauds, and cryptocurrency cons.
By leveraging high-speed internet, scammers exploit vulnerable populations, siphoning billions in illicit gains annually.
“SpaceX complies with local laws in all 150+ markets where @Starlink is licensed to operate,” the company stated in an official update. “SpaceX continually works to identify violations of our Acceptable Use Policy and applicable law because, as with nearly all consumer electronics and services, the same technology that can provide immense benefits has a risk of misuse.”
The firm emphasized its ongoing vigilance, noting that on rare occasions of detected violations, it collaborates with law enforcement agencies globally. In this instance, SpaceX independently pinpointed the suspicious activity and swiftly deactivated the kits, preventing further abuse.
This intervention aligns with international efforts to dismantle scam networks, which have proliferated in Myanmar’s border regions amid political instability and lax oversight.
Experts hail the move as a positive step in the tech industry’s fight against digital crime. “Starlink’s global reach is revolutionary for connectivity, but it also amplifies risks when falling into the wrong hands,” said cybersecurity analyst Dr. Lena Wong from the Asia-Pacific Cyber Institute. “SpaceX’s swift action sets a precedent for responsible innovation.”
SpaceX reiterated its dual mission: bridging the digital divide for underserved communities while safeguarding against exploitation. “We are committed to ensuring the service remains a force for good and sustains trust worldwide: both connecting the unconnected and detecting and preventing misuse by bad actors.”
As scam operations evolve, this crackdown highlights the challenges of policing satellite tech in remote areas. Law enforcement in Myanmar and neighboring countries continues raids on these centers, but SpaceX’s involvement could accelerate disruptions.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post SpaceX Disabled 2,500+ Starlink Terminals Tied to Scam Centers in Myanmar appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new vulnerability in Perplexity’s Comet AI browser allows attackers to inject malicious prompts through seemingly innocuous screenshots.
Disclosed on October 21, 2025, this flaw builds on earlier concerns about prompt injection in agentic browsers, AI-powered tools that act on users’ behalf.
The discovery highlights ongoing risks in these emerging technologies, where hidden instructions can hijack user sessions and access sensitive data.
In their latest report, Brave’s Senior Mobile Security Engineer Artem Chaikin and VP of Privacy and Security Shivan Kaul Sahib detail how Comet’s screenshot feature, designed to let users query images from websites, can be exploited.
This is the second installment in Brave’s series on security challenges in agentic browsing, following a prior disclosure of a similar issue in Comet.
The researchers emphasize that such vulnerabilities are not isolated but represent a broader systemic problem across AI browsers.
Hidden Text In Screenshots Bypasses Safeguards
The attack exploits Comet’s ability to analyze screenshots for user questions. Attackers embed nearly invisible malicious instructions into web content, such as faint light blue text on a yellow background within images.
These instructions evade human detection but are extracted by the browser’s text recognition, likely through optical character recognition (OCR), and fed directly into the large language model (LLM) without proper sanitization.
Once a user takes a screenshot of the tainted page, the hidden commands masquerade as part of the legitimate query.
This tricks the AI into executing harmful actions, like navigating to phishing sites or extracting data from authenticated accounts.
For instance, if a user is logged into their bank or email, a simple screenshot could authorize transfers or data theft, as the AI operates with the user’s privileges.
Brave demonstrated the exploit in a controlled setup, showing how hidden prompts override user intent.
“AI browsers that take actions on your behalf are powerful yet extremely risky,” the researchers note, referencing a Malwarebytes report on how even summarizing a Reddit post could lead to financial loss.
This screenshot vulnerability echoes issues in other browsers, like Fellou, where navigating to a malicious site sends page content to the LLM, allowing visible instructions to manipulate queries.
Brave has withheld details about an additional browser flaw and plans to disclose more information soon. The implications are significant because traditional web protections, such as the same-origin policy, are ineffective here; untrusted content can influence the AI’s decisions.
Attackers could target everyday scenarios, browsing social media or forums to trigger cross-domain exploits affecting banks, healthcare portals, or cloud storage.
Brave responsibly reported the Comet issue to Perplexity on October 1, 2025, with public disclosure following on October 21 after the initial response.
The company urges isolating agentic features from regular browsing and requiring explicit user confirmation for sensitive actions. As agentic browsers gain traction, experts call for industry-wide safeguards.
Brave is exploring solutions through its research team and plans to roll out secure AI features for its 100 million users. Until then, users should approach these tools cautiously, especially with logged-in sessions.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Perplexity’s Comet Browser Screenshot Feature Vulnerability Let Attackers Inject Malicious Prompts appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Arctic Wolf Labs have uncovered a cunning new threat dubbed Caminho, a Brazilian Loader-as-a-Service (LaaS) that’s turning everyday images into Trojan horses for malware. Active since March 2025 and evolved rapidly by June, this operation hides .NET payloads using Least Significant Bit (LSB) steganography inside files hosted on trusted sites like archive.org. […]
The post Caminho Malware Loader Conceals .NET Payloads inside Images via LSB Steganography appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers have discovered a critical security vulnerability in Perplexity’s Comet AI browser that allows attackers to inject malicious commands through hidden text in screenshots. The vulnerability, disclosed on October 21, 2025, demonstrates how AI-powered browsers can become dangerous gateways for attackers to access users’ sensitive accounts like banking and email services. How Attackers Hide Dangerous […]
The post Vulnerability in Perplexity’s Comet Browser Screenshot Feature Allows Malicious Prompt Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated and widespread smishing campaign originating from China has emerged as a significant threat to users worldwide. Researchers have attributed the ongoing attack to a group known as the Smishing Triad, which has demonstrated unprecedented scale and complexity through a decentralized infrastructure capable of registering and churning thousands of malicious domains daily. Since January […]
The post Global SMS Phishing Campaign Traced to China Targets Users Worldwide appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers have begun actively targeting a critical remote code execution flaw in Adobe’s Magento e-commerce platform, putting thousands of online stores at immediate risk just six weeks after Adobe issued an emergency patch.
Known as SessionReaper and tracked as CVE-2025-54236, the vulnerability allows unauthenticated attackers to hijack customer sessions and potentially execute arbitrary code, leading to data breaches and store compromises.
Security firm Sansec reported blocking over 250 exploitation attempts on October 22, 2025, with attacks originating from multiple IP addresses worldwide.
Adobe Magento RCE Vulnerability Exploited
SessionReaper stems from an improper input validation issue in Adobe Commerce and Magento Open Source versions, including 2.4.9-alpha2 and earlier, affecting the Commerce REST API.
Discovered by independent researcher Blaklis and patched by Adobe on September 9, 2025, the flaw enables attackers to upload malicious files disguised as session data via the /customer/address_file/upload endpoint, bypassing authentication.
This nested deserialization bug can lead to full remote code execution, especially on systems using file-based session storage, though Redis or database-backed setups may also be vulnerable.
A detailed technical breakdown released by Assetnote researchers on October 21, 2025, included proof-of-concept code demonstrating the exploit, effectively closing the window for undetected patching.
Sansec’s forensics team likened SessionReaper’s severity rating of 9.1 on the CVSS scale to past Magento threats like CosmicSting (CVE-2024-34102) in 2024, TrojanOrder (CVE-2022-24086) in 2022, and the infamous Shoplift vulnerability in 2015, each resulting in thousands of hacked stores shortly after disclosure.
With exploit details now public, experts predict widespread automated attacks within 48 hours, fueled by scanning tools that thrive on such high-impact flaws, Sansec said.
Despite Adobe’s urgent advisory and hotfix availability, adoption remains alarmingly low. Sansec’s monitoring shows only 38% of Magento stores have applied protections six weeks post-patch, leaving 62% or three in five exposed to this critical threat.
Initial reports from September indicated even fewer than one in three stores were secured, highlighting persistent delays in e-commerce security updates that expose sensitive customer data like payment details to theft.
This vulnerability’s broad impact on global online retailers underscores the urgency, as unpatched sites become prime targets for credential stuffing, malware injection, and supply chain disruptions.
Mitigations
Store owners must act swiftly to mitigate risks. Adobe recommends deploying the official patch from their repository or upgrading to the latest secure release, with detailed instructions in their developer guide.
For immediate defense without patching, activating a web application firewall (WAF) is crucial; Sansec Shield, for instance, has blocked SessionReaper since discovery and offers a free month via coupon code SESSIONREAPER.
Observed exploits trace back to IPs such as 34.227.25.4, 44.212.43.34, 54.205.171.35, 155.117.84.134, and 159.89.12.166, delivering payloads that probe server configurations or install backdoors.
Sansec continues real-time tracking, urging merchants to monitor for similar activity and follow their live attack dashboard for updates.
As exploitation ramps up, the e-commerce sector faces a potential wave of breaches reminiscent of historical Magento incidents.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Hackers Exploiting Adobe Magento RCE Vulnerability Exploited in the Wild – 3 in 5 Stores Vulnerable appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Scammers have intensified their efforts to defraud vulnerable populations through sophisticated impersonation schemes and fraudulent financial aid offers, according to recent intelligence monitoring and law enforcement findings. The threat landscape reveals a coordinated, international ecosystem of fraud operations targeting individuals across multiple social media platforms, with particular focus on older adults who represent a significant […]
The post Cybercriminals Impersonate Aid Agencies to Lure Victims with Fake Financial Offers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Wordfence Threat Intelligence and their Care and Response teams have observed a persistent trend in new malware that leverages heavy obfuscation techniques to evade detection. While some malware attempts to blend in as legitimate files, the more common strategy involves sophisticated obfuscation through variable functions and cookie manipulation. This article explores this […]
The post Stealthy Malware Leveraging Variable Functions and Cookies for Evasion appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
