Criminal IP to Showcase ASM and CTI Innovations at GovWare 2025 in Singapore

Torrance, United States, 14th October 2025, CyberNewsWire...

Sweet Security Named Cloud Security Leader and CADR Leader in Latio Cloud Security Report

Tel Aviv, Israel, 14th October 2025, CyberNewsWire...

From Prompts to Protocols: How Agentic Systems, MCP, Vibe Coding, and Schema-Aware Tools Are Rewiring Software Engineering

Modern software engineering faces growing complexity across codebases, environments, and workflows. Traditional tools, although effective, rely heavily on…...

Police Bust GXC Team, One of the Most Active Cybercrime Networks

Spanish Guardia Civil and Group-IB arrest 'GoogleXcoder,' the 25-year-old Brazilian mastermind of the GXC Team, for selling AI-powered phishing kits and malware used to steal millions from banks across the US, UK, Spain, and Brazil...

How Top SOCs Stay Up-to-Date on Current Threat Landscape

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings...

Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns

Astaroth banking trojan has evolved to use GitHub and steganography for resilient C2, hiding its vital commands in images. Learn how this sophisticated malware employs fileless techniques to steal banking and crypto credentials from users across Latin America...

Gcore Mitigates Record-Breaking 6 Tbps DDoS Attack

Luxembourg, Luxembourg, 14th October 2025, CyberNewsWire...

ShinyHunters Leak Data from Qantas, Vietnam Airlines and Other Major Firms

ShinyHunters and its affiliate hackers have leaked data from 6 firms, including Qantas and Vietnam Airlines, after claiming to breach 39 companies via a Salesforce vulnerability...

OpenAI’s Guardrails Can Be Bypassed by Simple Prompt Injection Attack

Just weeks after its release, OpenAI’s Guardrails system was quickly bypassed by researchers. Read how simple prompt injection attacks fooled the system’s AI judges and exposed an ongoing security concern for OpenAI...

Invoicely Database Leak Exposes 180,000 Sensitive Records

Cybersecurity researcher Jeremiah Fowler discovered nearly 180,000 files, including PII and banking details, left exposed on an unprotected database linked to the Invoicely platform. Read about the identity theft and financial fraud risks for over 250,000 businesses worldwide...

Auth Bypass Flaw in Service Finder WordPress Plugin Under Active Exploit

An Authentication Bypass CVE-2025-5947 in Service Finder Bookings plugin allows any unauthenticated attacker to log in as an administrator. Over 13,800 exploit attempts detected. Update to v6.1 immediately...

Stealit Malware Using Node.js to Hide in Fake Game and VPN Installers

Fortinet warns of Stealit, a MaaS infostealer, now targeting Windows systems and evading detection by using Node.js’s SEA feature while hiding in fake game and VPN installers...

Nanoprecise partners with AccuKnox to strengthen its Zero Trust Cloud Security and Compliance Posture

Menlo Park, USA, 10th October 2025, CyberNewsWire...

SonicWall Says All Firewall Backups Were Accessed by Hackers

SonicWall has confirmed that attackers accessed cloud backup configuration files for all customers using its backup service exposing encrypted credentials and network configurations...

Fake TikTok and WhatsApp Apps Infect Android Devices with ClayRat Spyware

Zimperium's zLabs warns of ClayRat, a fast-spreading Android spyware targeting Russia. It hides in fake apps like TikTok and steals texts, calls records, and camera photos...

Discord Says Hackers Stole 70,000 ID Photos, Dismisses Extortion Claims

70,000 Discord users had government ID photos and private data exposed via a third-party vendor breach. See Discord's full response and critical security steps to protect your identity...

Your Shipment Notification is Now a Malware Dropper

Forcepoint X-Labs reports a surge in sophisticated email attacks using obfuscated JavaScript and steganography to deliver dangerous RATs and info-stealers like Formbook and Agent Tesla. Learn how to defend against the threat...

SquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution

Palo Alto, California, 9th October 2025, CyberNewsWire...

Lightship Security and the OpenSSL Corporation Submit OpenSSL 3.5.4 for FIPS 140-3 Validation

Newark, United States, 9th October 2025, CyberNewsWire...

New Chaos-C++ Ransomware Targets Windows by Wiping Data, Stealing Crypto

FortiGuard Labs reveals Chaos-C++, a new Chaos ransomware variant that deletes files over 1.3 GB instead of encrypting them and uses clipboard hijacking to steal cryptocurrency...

Fake Teams Installers Dropping Oyster Backdoor (aka Broomstick)

Hackers are using fake Microsoft Teams installers found in search results and ads to deploy the Oyster backdoor. Learn how to protect your PC from this remote-access threat...

UK Police Arrest Two Teens Over Kido Nursery Ransomware Attack

Met Police arrested two teenagers over the Kido nursery ransomware attack, which exposed data for 8,000 children. Full details on the hack and police investigation...

Miggo Security Named a Gartner® Cool Vendor in AI Security

Tel Aviv, Israel, 8th October 2025, CyberNewsWire...

OpenAI Finds Growing Exploitation of AI Tools by Foreign Threat Groups

OpenAI's new report warns hackers are combining multiple AI tools for cyberattacks, scams, and influence ops linked to China, Russia, and North Korea...

New Shuyal Stealer Targets 17 Web Browsers for Login Data and Discord Tokens

Researchers warn of Shuyal Stealer, malware that gathers browser logins, system details, and Discord tokens, then erases evidence via Telegram...

13-Year-Old RediShell Vulnerability Puts 60,000 Redis Servers at Risk

Critical Redis flaw RediShell CVE-2025-49844 exposes 60,000 servers to remote code execution. Patch immediately to prevent full system compromise...

Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft

Latest reports suggest the critical GoAnywhere MFT vulnerability CVE-2025-10035, CVSS 10.0 is actively exploited by the Medusa ransomware gang for unauthenticated RCE. Patch immediately...

INE Security Releases Industry Benchmark Report: “Wired Together: The Case for Cross-Training in Networking and Cybersecurity”

Raleigh, United States, 7th October 2025, CyberNewsWire...

New Mic-E-Mouse Attack Shows Computer Mice Can Capture Conversations

Security researchers at UC Irvine reveal the 'Mic-E-Mouse' attack, showing how high-DPI optical sensors in modern mice can detect desk vibrations and reconstruct user speech with high accuracy. Learn how this side-channel vulnerability affects your privacy...

Spyware Disguised as Signal and ToTok Apps Targets UAE Android Users

ESET warns of fake Signal and ToTok apps spreading Android spyware in the UAE, stealing contacts, messages, and chat backups from users...

Reemo Unveils Bastion+: A Scalable Solution for Global Privileged Access Management

Paris, France, 6th October 2025, CyberNewsWire...

Rainwalk Pet Insurance Exposes 158 GB of US Customer and Pet Data

A misconfigured database belonging to a pet insurance company, "Rainwalk Pet Insurance," exposed sensitive PII and veterinary claim data. The data exposure reveals new fraud tactics, including microchip and reimbursement scams...

Patch Now: Dell UnityVSA Flaw Allows Command Execution Without Login

WatchTowr finds a serious flaw in Dell UnityVSA CVE-2025-36604 letting attackers run commands without login. Dell issues patch 5.5.1 - update now...

Android Not Reading SD Card? Here’s How to Fix it

As we all know, the SD card usually stores your multimedia and important mobile files. When Android suddenly…...

iPhone Software Update Failed? Here’s How to Fix It Without Data Loss

You tap Update, wait for the progress indicator, and then error. Your iPhone freezes and displays "Update Failed,"…...

Discord Data Breach: Hackers Access IDs, Billing Details and Support Chats

Discord confirms a data breach via a third-party vendor, exposing government-issued photo IDs, names, emails, and limited billing data of users who contacted customer support. Learn the full risk...

New Study Warns Several Free iOS and Android VPN Apps Leak Data

A Zimperium zLabs analysis of 800 free Android and iOS VPN apps exposes critical security flaws, including the Heartbleed bug, excessive system permissions, and non-transparent data practices. Learn how these 'privacy' tools are actually major security risks, especially for BYOD environments...

Scattered LAPSUS$ Hunters Claim Salesforce Breach, 1B Records, 39 Firms Listed

A leak site from Scattered LAPSUS$ Hunters alleges Salesforce breach, with hackers claiming 1B records stolen and 39 major companies affected...

Global Exposure of 180,000 ICS/OT Devices Raises Safety Concerns

Bitsight warns ICS/OT exposure jumped 12% in 2024, leaving 180,000+ critical infrastructure systems open to attack. Learn about the possible vulnerabilities and new malware strains...

Cl0p-Linked Gang Attempts to Extort Oracle E-Business Customers

A ‘high-volume’ extortion campaign possibly linked to FIN11 and Cl0p is targeting Oracle E-Business executives. Mandiant and GTIG are investigating unproven data theft claims...

Renault UK Customer Records Stolen in Third-Party Breach

Renault UK warns customers of a third-party data breach exposing personal details, stressing vigilance against fraud and confirming no bank data lost...

$20 YoLink IoT Gateway Vulnerabilities Put Home Security at Risk

Four critical zero-day flaws found in the $20 YoLink Smart Hub allow remote physical access, threatening your home security. See the urgent steps you must take now...

Google Patches “Gemini Trifecta” Vulnerabilities in Gemini AI Suite

Cybersecurity firm Tenable found three critical flaws allowing prompt injection and data exfiltration from Google's Gemini AI. Learn why AI assistants are the new weak link...

Malicious ZIP Files Use Windows Shortcuts to Drop Malware

Cybersecurity firm Blackpoint Cyber reveals a new spear phishing campaign targeting executives. Learn how attackers use fraudulent document ZIPs containing malicious shortcut files, leveraging 'living off the land' tactics, and a unique Anti-Virus check to deliver a custom payload...

Small Businesses and Ransomware: Navigating the AI Era Threat

Ransomware has evolved from a niche hacker tactic into a mainstream threat, and small businesses are increasingly in…...

WestJet Confirms Passenger IDs and Passports Stolen in Cyberattack

WestJet confirms a data breach starting June 13, 2025, stole passport/ID and personal data. Credit cards and passwords are safe. The airline offers 24 months of free identity monitoring, including $1M insurance...

Meet SpamGPT and MatrixPDF, AI Toolkits Driving Malware Attacks

Cybersecurity researchers at Varonis have discovered two new plug-and-play cybercrime toolkits, MatrixPDF and SpamGPT. Learn how these AI-powered tools make mass phishing and PDF malware accessible to anyone, redefining online security risks...

Detour Dog’s DNS Hijacking Infects 30,000 Websites with Strela Stealer

Infoblox reveals how the Detour Dog group used server-side DNS to compromise 30,000+ sites across 89 countries, installing the stealthy Strela Stealer malware...

London Court Convicts Chinese Mastermind Behind £5bn Crypto Seizure

Zhimin Qian, the 'Bitcoin Queen,' pleads guilty in the UK after police seized over £5 billion in stolen crypto, the world's largest crypto seizure. Details on the Ponzi scam and fight for the funds...

Quantum Resistance and Coding for a Post-Quantum Bitcoin

Bitcoin was created with strong cryptography, based on mathematical problems so complex that even the most powerful computers…...