Topic: cybersecurity research
-
Unveiling the Forces Behind Influential Cybersecurity Research
The study analyzed two decades of research from the SOUPS and FC cybersecurity conferences, revealing that smaller, diverse, and focused teams often produce higher-impact work than larger consortia, challenging common institutional assumptions. A stark contrast in gender representation was found,...
Read More » -
OpenAI's 'Aardvark' AI Agent Automates Cybersecurity Research
OpenAI has launched Aardvark, an AI-powered cybersecurity researcher that uses GPT-5 to automate the discovery and remediation of software vulnerabilities, currently available in a private beta. The tool analyzes code repositories to identify and annotate vulnerabilities, tests them in a sandboxe...
Read More » -
Critical Flaws Found in Fluent Bit Logging Agent
Severe security vulnerabilities have been discovered in Fluent Bit, a widely used telemetry logging tool installed over 15 billion times, impacting core functions in banking, cloud, and SaaS environments. The flaws include input validation issues, tag manipulation, path traversal, buffer overflow...
Read More » -
UNC2891: Inside the ATM Fraud Money Mule Network
Cybersecurity group UNC2891 executed sophisticated ATM fraud attacks in Indonesia, using a money mule recruitment network and custom malware like STEELCORGI to target banks over multiple years. The criminals employed advanced tools including the CAKETAP rootkit to bypass security checks and multi...
Read More » -
Pro-Russia Hackers Target Water Utility in Honeypot Sting
A Russia-aligned hacktivist group called TwoNet was tricked into attacking a decoy water treatment facility, revealing their shift from website disruptions to targeting industrial infrastructure. The group used default credentials to access the system, performed disruptive actions like deleting c...
Read More » -
19 Malicious Visual Studio Code Extensions Uncovered
A malicious campaign used 19 Visual Studio Code extensions to hide malware, often by embedding a tampered npm package or disguising a binary archive as a PNG image to evade detection. The attacks targeted developers by mimicking trusted tools, with some extensions executing a Trojan upon launch a...
Read More » -
Beware Malicious VS Code Extensions Stealing Data
Malicious extensions named Bitcoin Black and Codo AI were discovered on the VS Code marketplace, using social engineering and functional facades to steal sensitive developer data. The malware employed sophisticated techniques like DLL hijacking to deploy a powerful infostealer that harvested clip...
Read More » -
AI Supply Chains at Risk from Critical PickleScan Flaws
Researchers discovered three critical zero-day vulnerabilities (CVSS 9.3) in PickleScan, a tool for inspecting Python pickle files and PyTorch models, which allow attackers to bypass security checks and distribute malicious machine learning models. The flaws include a file extension bypass, a dis...
Read More » -
New Atroposia RAT Emerges on Dark Web
Atroposia is a newly discovered remote access trojan sold on dark web marketplaces, offering encrypted remote control, credential theft, and cryptocurrency wallet data extraction. The malware is modular and integrates with tools like SpamGPT for AI-driven phishing campaigns and MatrixPDF for weap...
Read More » -
Deep Learning: An Early Warning System for DDoS Attacks
A novel deep learning approach, using long short-term memory (LSTM) networks, is being developed to forecast DDoS attacks by analyzing historical patterns, shifting cybersecurity from reactive detection to proactive prevention. Research on nearly 200,000 DDoS incidents revealed a near doubling of...
Read More » -
Beware: Malicious npm Package Impersonates Email Library
A malicious npm package named "nodejs-smtp" impersonates the legitimate nodemailer library, compromising cryptocurrency wallets by altering transaction details to redirect funds to attackers. The package uses Electron-based tools to secretly modify the Atomic Wallet application on Windows, replac...
Read More » -
Google Admits Fake Law Enforcement Account in Portal
Google confirmed that cybercriminals created a fake law enforcement account in its Law Enforcement Request System but deactivated it before any data was accessed or requests processed. The breach was claimed by a hacking group linked to known cybercrime organizations, which used social engineerin...
Read More » -
ESET Uncovers "PromptLock" AI-Driven Ransomware Threat
Slovakia-based cyber security vendor ESET said it has discovered "the first known" artificial intelligence-powered ransomware that generates malicious scripts on-the-fly on infected machines. ESET called the ransomware "PromptLock", and has uploaded Microsoft Windows and Linux samples to Google's VirusTotal scanning site. PromptLock accesses the Apache-licensed open source GPT-OSS:20b AI model from OpenAI via the Ollama API to generate scripts written in the Lua language. Lua scripts used by Pro...
Read More » -
Don't Paste That TikTok Code! The Dangerous Scam Explained
A dangerous scam on TikTok, known as ClickFix, tricks users into installing information-stealing malware by posing as helpful tech support or free software guides, convincing them to run malicious commands on their own computers. These fraudulent videos, which promote fake methods for accessing p...
Read More » -
Satellites Are Leaking Your Private Data: Calls, Texts, and Secrets
Researchers found that approximately half of geostationary satellite signals are unencrypted, allowing interception of sensitive communications like phone calls and military data with basic equipment. Using affordable hardware, the team captured private data including T-Mobile customer communicat...
Read More » -
Indian Bank Data Breach Exposes Thousands of Transfer Records
A significant data breach exposed 273,000 sensitive bank transfer documents from an unsecured Amazon S3 server, compromising account numbers, transaction details, and personal information linked to India's NACH payment system. The Indian fintech firm Nupay acknowledged responsibility for the leak...
Read More » -
Beware: Google Ads Push Malware via Fake ChatGPT, Grok Guides
A new malware campaign called "ClickFix" uses Google Ads impersonating AI platform guides to distribute the AMOS infostealer, tricking users searching for macOS help into executing malicious Terminal commands. The AMOS malware-as-a-service operation steals sensitive data like cryptocurrency walle...
Read More » -
DeadLock Ransomware Evades Security with BYOVD Attack
The DeadLock ransomware campaign uses a BYOVD technique, exploiting a known vulnerability (CVE-2024-51324) in a Baidu Antivirus driver to disable security software and delete recovery options before deploying its payload. The ransomware itself, written in C++, uses process hollowing and a custom ...
Read More » -
Security Researchers Uncover New LockBit Ransomware Targets
The LockBit ransomware group has officially resumed operations in late summer 2025, with at least a dozen new victims confirmed across multiple continents, indicating their infrastructure and affiliate network are fully functional again. A new LockBit 5.0 variant is being used in half of the rece...
Read More » -
Radware Exposes Critical ChatGPT Zero-Click Vulnerability
Radware discovered "ShadowLeak," a zero-click vulnerability in ChatGPT's Deep Research agent that autonomously extracts sensitive data from OpenAI's cloud servers without user interaction. The exploit allows attackers to trigger a data breach simply by sending an email, as the AI agent processes ...
Read More » -
ConsentFix Attack Hijacks Microsoft Accounts via Azure CLI
A new phishing campaign called **ConsentFix** compromises Microsoft accounts by exploiting the legitimate Azure CLI OAuth application, bypassing passwords and multi-factor authentication. The attack deceives users into authenticating themselves via a fake CAPTCHA and a Microsoft login page, then ...
Read More » -
Gootloader Malware Returns With New Evasion Tactics
The Gootloader malware has returned with enhanced SEO poisoning tactics, using fake legal document websites to trick users into downloading malicious .js files that deploy additional malware like Cobalt Strike and backdoors. New evasion techniques include a custom web font that disguises filename...
Read More » -
Urgent CISA Alert: Active Attacks Exploit Critical Linux Sudo Flaw
A critical vulnerability (CVE-2025-32463) in Linux sudo versions 1.9.14 to 1.9.17 allows local attackers to escalate privileges to root using the -R option, even without sudoers file authorization. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known E...
Read More » -
China-Linked Hackers Trained at Cisco Academy
Cisco's Networking Academy, a global IT training program, has been linked to state-sponsored cyberespionage, as individuals associated with the Chinese hacking group Salt Typhoon appear to have participated in its educational contests. The foundational networking skills taught by the academy may ...
Read More » -
Chinese Spies Used AI to Automate 90% of Cyberattacks, Report Says
A state-sponsored Chinese group used an advanced AI system to autonomously perform 80-90% of the tactical work in a multi-stage cyberattack, marking a significant shift in AI weaponization. The attackers leveraged open-source tools and manipulated the AI through social engineering to bypass ethic...
Read More » -
Qilin Ransomware Attacks Spike, Targeting Small Businesses
The Qilin ransomware group exploits common security weaknesses like unpatched VPNs and lack of multi-factor authentication, primarily targeting small and medium-sized enterprises in sectors such as construction, healthcare, and finance. Recent intelligence indicates increased collaboration among ...
Read More » -
Stealthy Fileless Malware Spreads RAT via Legitimate Tools
A fileless malware campaign uses trusted tools like ScreenConnect and PowerShell to deploy a remote access Trojan, leaving minimal forensic traces and evading detection. The attack loads payloads directly into memory via reflection, employs a .NET launcher to establish persistence and disable sec...
Read More » -
McDonald’s AI Hiring Bot Leaked Millions of Applicants’ Data Due to Weak Security
McDonald’s AI hiring chatbot, Olivia, exposed millions of job applicants' personal data due to weak security, including a default password like "123456" granting full database access. Security researchers Ian Carroll and Sam Curry easily breached the system, uncovering sensitive applicant details...
Read More » -
Stolen Police Logins Expose Flock Cameras to Hackers
Federal lawmakers are demanding an FTC investigation into Flock Safety's license plate scanning network due to its failure to mandate multi-factor authentication for all law enforcement users, leaving sensitive data vulnerable. Unauthorized access to Flock's system could allow hackers to exploit ...
Read More » -
ClickFix Phishing Kit Exposed by Cybersecurity Experts
Palo Alto Networks has identified the IUAM ClickFix Generator, a phishing toolkit that enables even novice cybercriminals to create convincing fake browser verification pages to deploy malware. The toolkit allows customization of phishing pages, detects the user's device and OS to tailor maliciou...
Read More » -
Gladinet patches critical zero-day flaw in file-sharing software
Gladinet has released a critical security update for CentreStack to address CVE-2025-11371, a zero-day vulnerability that allowed attackers to bypass protections and execute remote code on systems. The flaw, discovered by Huntress, involved inadequate input sanitization enabling directory travers...
Read More » -
ClayRat Spyware Evolves with New Android Threats
The ClayRat Android spyware has evolved with significantly expanded surveillance and remote-control capabilities, including advanced keylogging and screen recording, posing a major threat to personal and corporate security. It abuses Android's Accessibility Services and SMS permissions to seize n...
Read More » -
FileFix Attack Evades Security with Cache Smuggling
A new FileFix social engineering attack uses cache smuggling to deliver malware undetected by disguising itself as a Fortinet VPN Compliance Checker and tricking users into executing hidden PowerShell commands. The attack involves copying a text string that secretly contains a script to search br...
Read More » -
Spyware Firm CEO Admits Government Client Misused Its Malware
Kaspersky uncovered the Dante spyware, linked to Italy's Memento Labs, which targeted Windows users in Russia and Belarus and was acknowledged by the firm's CEO as their outdated product. Memento Labs, formed from the remnants of the notorious Hacking Team, has shifted focus to mobile spyware and...
Read More » -
Microsoft Azure Hit by Record 15 Tbps DDoS Attack
Microsoft's Azure cloud platform successfully defended against a record-breaking 15.72 Tbps DDoS attack from the Aisuru botnet, which utilized over 500,000 IP addresses and targeted a single Australian IP with up to 3.64 billion packets per second. The Aisuru botnet, known for compromising IoT de...
Read More » -
Salesforce AgentForce Vulnerability: What You Need to Know
A critical vulnerability named ForcedLeak, rated 9.4 in severity, was discovered in Salesforce's AgentForce platform, allowing attackers to exfiltrate confidential CRM data through indirect prompt injection. The flaw highlights that autonomous AI agents like AgentForce create a larger attack surf...
Read More »