New WordPress Malware Hides on Checkout Pages and Imitates Cloudflare

Wordfence exposes a sophisticated WordPress malware campaign using a rogue WordPress Core plugin. Active since 2023, it steals credit cards and credentials with advanced anti-detection...

SparkKitty Spyware on App Store and Play Store, Steals Photos for Crypto Data

Kaspersky uncovers SparkKitty, new spyware in Apple App Store & Google Play. Steals photos, targets crypto info, active since early 2024 via malicious apps...

Androxgh0st Botnet Expands Reach, Exploiting US University Servers

New CloudSEK findings show Androxgh0st botnet evolving. Academic institutions, including UC San Diego, hit. Discover how this sophisticated…...

Kali Linux 2025.1c Fixes Key Issue, Adds New Tools and Interface Updates

Kali Linux 2025.1c includes a new signing key to fix update errors, adds new tools, a redesigned menu with MITRE ATT&CK, and major system upgrades...

Salt Typhoon Targets Telecoms via Router Flaws, Warn FBI and Canada

Salt Typhoon, a China-linked group, is exploiting router flaws to spy on global telecoms, warns a joint FBI and Canadian advisory issued in June 2025...

China-linked LapDogs Campaign Drops ShortLeash Backdoor with Fake Certs

ShortLeash backdoor, used in the China-linked LapDogs campaign since 2023, enables stealth access, persistence, and data theft via compromised SOHO routers and fake certs...

1inch rolls out expanded bug bounties with rewards up to $500K

DUBAI, United Arab Emirates, 23rd June 2025, CyberNewsWire...

Speaker Proposal Deadline Approaches for OpenSSL Conference 2025 in Prague

Newark, United States, 23rd June 2025, CyberNewsWire...

Fake DMV Texts Scam Hit Thousands in Widespread Phishing Campaign

A series of fraudulent text messages impersonating state Departments of Motor Vehicles DMVs has spread throughout the United…...

Fake Minecraft Mods on GitHub Found Stealing Player Data

Malware hidden in fake Minecraft Mods on GitHub is stealing passwords and crypto from players. Over 1,500 devices may be affected, researchers warn...

Zyxel Devices Hit by Active Exploits Targeting CVE-2023-28771 Vulnerability

Zyxel users beware: A critical remote code execution flaw CVE-2023-28771 in Zyxel devices is under active exploitation by a Mirai-like botnet. GreyNoise observed a surge on June 16, targeting devices globally...

Scammers Use Inferno Drainer to Steal $43K from CoinMarketCap Users

Scammers used Inferno Drainer to steal $43,000 in crypto from 110 CoinMarketCap users through a fake wallet prompt embedded in the site’s front-end...

Report Warns of Sophisticated DDoS Campaigns Crippling Global Banks

A new FS-ISAC and Akamai report warns that sophisticated DDoS attacks are severely impacting the global financial sector, leading to multi-day outages. Learn about these evolving threats and how institutions can strengthen defences...

Violence-as-a-Service: Encrypted Apps Used in Recruiting Teens as Hitmen

European police, led by Denmark and Sweden, are arresting individuals in a crackdown on violence-as-a-service, where criminal groups recruit teenagers online for contract killings. Learn about Europol's OTF GRIMM task force and how they're fighting this disturbing trend...

Anubis Ransomware Lists Disneyland Paris as New Victim

Anubis ransomware group claims a 64GB data breach at Disneyland Paris, leaking some engineering files and attraction plans via its dark web site...

New Detection Method Uses Hackers’ Own Jitter Patterns Against Them

A new detection method from Varonis Threat Labs turns hackers' sneaky random patterns into a way to catch hidden cyberattacks. Learn about Jitter-Trap and how it boosts cybersecurity defenses...

Hackers Use Social Engineering to Target Expert on Russian Operations

Citizen Lab and Google uncovered a new, sophisticated cyberattack linked to Russian state actors that exploits App-Specific Passwords, bypassing Multi-Factor Authentication. Discover how to protect yourself from these evolving threats...

New Mocha Manakin Malware Deploys NodeInitRAT via Clickfix Attack

Red Canary uncovers 'Mocha Manakin,' a new threat using paste and runs to deliver custom NodeInitRAT malware, potentially leading to ransomware. Learn to protect your systems...

Banana Squad Hides Data-Stealing Malware in Fake GitHub Repositories

Banana Squad hid data-stealing malware in fake GitHub repos posing as Python tools, tricking users and targeting sensitive info like browser and wallet data...

Scammers Insert Fake Support Numbers on Real Apple, Netflix, PayPal Pages

Cybercriminals are injecting fake support phone numbers onto official sites like Bank of America and Netflix. Learn how 'search parameter injection' scams work and protect yourself now...

N. Korean Hackers Use PylangGhost Malware in Fake Crypto Job Scam

North Korean hackers deploy PylangGhost malware through fake crypto job interviews targeting blockchain professionals with phishing and remote access tools...

GodFather Android Malware Runs Real Apps in a Sandbox to Steal Data

Zimperium zLabs reveals GodFather malware’s advanced virtualization that hijacks mobile banking and crypto apps. Learn how it steals data on your phone...

Halo Security Honored with 2025 MSP Today Product of the Year Award

Miami, Florida, 18th June 2025, CyberNewsWire...

AgentSmith Flaw in LangSmith’s Prompt Hub Exposed User API Keys, Data

A CVSS 8.8 AgentSmith flaw in LangSmith's Prompt Hub exposed AI agents to data theft and LLM manipulation. Learn how malicious AI agents could steal API keys and hijack LLM responses. Fix deployed...

The importance of managing your SEO strategy in a safe way

As SEO leans towards AI, site owners are more in need of third-party tools, and agencies and updating…...

WormGPT Makes a Comeback Using Jailbroken Grok and Mixtral Models

Cato CTRL uncovers new WormGPT variants on Telegram powered by jailbroken Grok and Mixtral. Learn how cybercriminals jailbreak top LLMs for uncensored, illegal activities in this latest threat research...

Scattered Spider Aims at US Insurers After UK Retail Hit, Google Warns

Scattered Spider targets US insurance firms after UK retail attacks, using social engineering to breach help desks and disrupt services, Google warns...

Hacklink Market Linked to SEO Poisoning Attacks in Google Results

Cybersecurity researchers at Netcraft have discovered a series of new SEO poisoning related attacks exploiting Google’s search results…...

Rapid Rebuild Hackathon 2025: When Legacy Meets Innovation

Consider this: Berkshire Hathaway, Warren Buffett's $700 billion conglomerate, operates one of the most influential investor websites on…...

Zoomcar Data Breach Exposes Personal Info of 8.4 Million Users

Zoomcar confirms 2025 breach affecting 8.4M users, echoing its 2018 data leak. Personal info exposed, financial data safe, investigation ongoing...

Report Links Los Pollos and RichAds to Malware Traffic Operations

New research by Infoblox Threat Intel exposes a hidden alliance between major cybercrime groups like VexTrio and seemingly…...

Archetyp Dark Web Market Seized, Admin Arrested in Spain

European law enforcement agencies have dismantled Archetyp Market, a long-running dark web platform used primarily for drug sales,…...

Hackers Leak Data of 10,000 VirtualMacOSX Customers in Alleged Breach

Hackers leak data of 10,000 VirtualMacOSX customers in alleged breach, exposing names, emails, passwords, and financial details on a hacking forum...

How to Monetize Unity Apps: Best Practices

Unity is one of the most popular game engines for mobile and cross-platform app development. It powers millions…...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Paris, France, 13th June 2025, CyberNewsWire...

EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data

Aim Labs uncovers EchoLeak, a zero-click AI flaw in Microsoft 365 Copilot that allows data theft via email. Learn how this vulnerability enables sensitive information exfiltration without user interaction and its implications for AI security...

US Tops List of Unsecured Cameras Exposing Homes and Offices

A BitSight report reveals over 40,000 internet-connected security cameras globally are exposed, streaming live footage without protection. Learn how common devices, from home cameras to factory surveillance, pose privacy and security risks and get simple tips to secure your own...

CISA Warns of Remote Control Flaws in SinoTrack GPS Trackers

The US CISA reports critical vulnerabilities in SinoTrack GPS devices that could let attackers remotely control vehicles and track locations. Discover the vulnerabilities and essential steps to secure your device...

Operation Secure: INTERPOL Disrupts 20,000 Infostealer Domains, 32 Arrested

INTERPOL disrupts 20,000 infostealer domains in major cybercrime crackdown across Asia-Pacific, 32 arrested, 216K victims notified in Operation Secure...

Salesforce Industry Cloud Hit by 20 Vulnerabilities Including 0days

AppOmni research reveals over 20 security vulnerabilities, including zero-days, in the Salesforce Industry Cloud. Learn about critical risks, customer responsibilities, and how to protect sensitive data...

June 2025 Patch Tuesday: Microsoft Fixes 66 Bugs, Including Active 0-Day

June 2025 Patch Tuesday fixes 66 bugs, including a zero-day in WebDAV. Update Windows, Office, and more now to block active threats...

Two Mirai Botnets, Lzrd and Resgod Spotted Exploiting Wazuh Flaw

Akamai's latest report reveals two Mirai botnets exploiting the critical CVE-2025-24016 flaw in Wazuh. Learn about these fast-spreading IoT threats and urgent patching advice...

OpenAI Shuts Down 10 Malicious AI Ops Linked to China, Russia, Iran, N. Korea

OpenAI, a leading artificial intelligence company, has revealed it is actively fighting widespread misuse of its AI tools…...

20 Top-Level Domain Names Abused by Hackers in Phishing Attacks

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings...

Getty Images Sues Stability AI for Using Its Photos to Train AI Models

Getty Images accuses Stability AI of illegally using its content to train AI models in a high-stakes London…...

How LMS Software Supports Secure Online Employee Learning

Explore how learning management systems LMS software supports safe online learning, protects employee data, and ensures compliance in…...

Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems

Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api...

Limited Canva Creator Data Exposed Via AI Chatbot Database

A Chroma database operated by Russian AI chatbot startup My Jedai was found exposed online, leaking survey responses…...

Chinese-Linked Hackers Targeted 70+ Global Organizations, SentinelLABS

SentinelLABS uncovers widespread China-linked cyber espionage targeting over 70 global organizations and cybersecurity firms between July 2024 and…...

Seraphic Security Unveils BrowserTotal™ – Free AI-Powered Browser Security Assessment for Enterprises

Tel Aviv, Israel, 9th June 2025, CyberNewsWire...