1010.cx – Page 91 – cybersecurity / defense / intelligence

Critical Apache StreamPipes Flaw Allows Attackers to Take Over Admin Accounts

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

Apache StreamPipes has released an urgent security advisory addressing CVE-2025-47411, a critical privilege escalation vulnerability affecting versions 0.69.0 through 0.97.0. The flaw allows attackers with legitimate non-administrator accounts to exploit the user ID creation mechanism and hijack administrator credentials, gaining full control over the streaming data platform. The Vulnerability The vulnerability stems from improper handling […]

The post Critical Apache StreamPipes Flaw Allows Attackers to Take Over Admin Accounts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
APT36 Targets Indian Government Systems Using Malicious Windows LNK Files

·

cyber security, Cyber Security News, Windows

A sophisticated cyber-espionage operation attributed to APT36, also known as Transparent Tribe, has been identified targeting Indian governmental, academic, and strategic entities through weaponized Windows shortcut files designed to evade detection and establish persistent remote access. The Pakistan-aligned threat actor deployed a deceptive LNK-based infection chain that leverages trusted system binaries and fileless execution techniques […]

The post APT36 Targets Indian Government Systems Using Malicious Windows LNK Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware

·

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator, from the specially designated nationals list. The names of the individuals are as follows – Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara Aleksandra Fayssal Hamou

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
New AI-Enhanced Crypter Promoted as Capable of Evading Windows Defender

·

AI, cyber security, Cyber Security News, Windows

Cybersecurity researchers have spotted a new high-sophistication malware loader being advertised on dark web forums, marketed as a commercial solution for evading modern endpoint protection. The tool, dubbed InternalWhisper x ImpactSolutions, is being promoted by a threat actor known as “ImpactSolutions.” The seller claims the crypter utilizes an AI-driven metamorphic engine capable of rewriting the majority […]

The post New AI-Enhanced Crypter Promoted as Capable of Evading Windows Defender appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
New Open-Source C2 Framework AdaptixC2 Debuts With Improved Stability and Speed

·

cyber security, Cyber Security News

The open-source community has received a major update with the release of AdaptixC2 Version 1.0. This new version brings significant enhancements to the Command and Control (C2) framework, with a focus on network stability, user interface (UI) performance, and operational speed. The most notable technical improvement in Version 1.0 is the complete overhaul of the […]

The post New Open-Source C2 Framework AdaptixC2 Debuts With Improved Stability and Speed appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution

·

The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691, carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring any

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
HoneyMyte (aka Mustang Panda) Deploys ToneShell Backdoor in New Attacks

·

backdoor, Bronze President, Cyber Attack, cybersecurity, East Asia, HoneyMyte, Kaspersky, Malware, Mustang Panda, Myanmar, Securelist, Security, South Asia, Thailand, ToneShell

HoneyMyte (Mustang Panda) is back with a new ToneShell backdoor. Read how this stealthy attack blinds Microsoft Defender to target government entities in Asia.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
The Top Cybersecurity Predictions For 2026

·

Blogs
This week in cybersecurity from the editors at Cybercrime Magazine

Sausalito, Calif. – Dec. 30, 2025

–Read the full story in Government Technology

Dan Lohrmann, internationally recognized cybersecurity leader, technologist, keynote speaker and author covered “The Top 26 Security Predictions for 2026” in Government Technology this week.

“Cybersecurity Ventures and Cybercrime Magazine always offer a mountain of excellent information, statistics and also predictions,” according to Lohrmann, who called out our “Official 2026 Cybersecurity Market Report: Predictions And Statistics” and this PDF version of the details.

Here are some highlights, but Lohrmann encourages readers to “please read this excellent report” at the links provided (above):

Cybersecurity Ventures predicts that the world will spend $522 billion on cybersecurity products and services in 2026;

Cybersecurity Ventures predicts that cybercrime will cost the world $10.5 trillion annually by 2025, up from $3 trillion in 2015;

The U.S. spends more than $25 billion on cybersecurity every year, more than any other nation.

The Government Technology article features predictions from Forbes, IDC, Coursera, Deloitte, Microsoft, PwC, TechRepublic, and others.

Read the Full Story

Cybercrime Magazine is Page ONE for Cybersecurity. Go to any of our sections to read the latest:
- SCAM. The latest schemes, frauds, and social engineering attacks being launched on consumers globally.
- NEWS. Breaking coverage on cyberattacks and data breaches, and the most recent privacy and security stories.
- HACK. Another organization gets hacked every day. We tell you who, what, where, when, and why.
- VC. Cybersecurity venture capital deal flow with the latest investment activity from various sources around the world.
- M&A. Cybersecurity mergers and acquisitions including big tech, pure cyber, product vendors and professional services.
- BLOG. What’s happening at Cybercrime Magazine. Plus the stories that don’t make headlines (but maybe they should).
- PRESS. Cybersecurity industry news and press releases in real time from the editors at Business Wire.
- PODCAST. New episodes daily on the Cybercrime Magazine Podcast feature victims, law enforcement, vendors, and cybersecurity experts.
- RADIO. Tune into WCYB Digital Radio at Cybercrime.Radio, the first and only round-the-clock internet radio station devoted to cybersecurity.
Contact us to send story tips, feedback and suggestions, and for sponsorship opportunities and custom media productions.

The post The Top Cybersecurity Predictions For 2026 appeared first on Cybercrime Magazine.
¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Magecart Campaign Deploys 50+ Malicious Scripts to Hijack E-Commerce Transactions

·

cyber security, Cyber Security News

A sophisticated and expansive Magecart campaign has been uncovered, marking a dangerous evolution in client-side attacks. Security researchers have identified a global operation utilizing over 50 distinct malicious scripts to hijack checkout and account creation flows across dozens of e-commerce platforms. Unlike traditional skimming attacks that “listen” for data, this campaign actively manipulates the user […]

The post Magecart Campaign Deploys 50+ Malicious Scripts to Hijack E-Commerce Transactions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Hackers Promote “VOID” AV Killer Claiming Kernel-Level Defense Evasion

·

cyber security, Cyber Security News

A threat actor operating under the handle Crypt4You has begun advertising a sophisticated new offensive tool on underground cybercrime forums, marketed as a “kernel-level” security neutralization utility. Dubbed VOID KILLER, the malware is designed explicitly to terminate antivirus (AV) and Endpoint Detection and Response (EDR) processes, positioning itself as a more aggressive alternative to traditional “crypters” that merely […]

The post Hackers Promote “VOID” AV Killer Claiming Kernel-Level Defense Evasion appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

This week in cybersecurity from the editors at Cybercrime Magazine