Category: CyberSecurityNews

175 Malicious npm Packages With 26,000 Downloads Attacking Technology, and Energy Companies Worldwide
10
Oct
2025

175 Malicious npm Packages With 26,000 Downloads Attacking Technology, and Energy Companies Worldwide

Socket’s Threat Research Team has uncovered a sophisticated phishing campaign involving 175 malicious npm packages that collectively accumulated over 26,000…

RondoDox Botnet Exploits 50+ Vulnerabilities to Attack Routers, CCTV Systems and Web Servers
10
Oct
2025

RondoDox Botnet Exploits 50+ Vulnerabilities to Attack Routers, CCTV Systems and Web Servers

Since its emergence in early 2025, RondoDox has rapidly become one of the most pervasive IoT-focused botnets in operation, targeting…

Microsoft Defender Incorrectly Flags SQL Server Software as End-of-life
10
Oct
2025

Microsoft Defender Incorrectly Flags SQL Server Software as End-of-life

Microsoft Defender for Endpoint is incorrectly flagging specific versions of SQL Server as having reached their end-of-life, causing potential confusion…

Critical GitHub Copilot Vulnerability Let Attackers Exfiltrate Source Code From Private Repos
10
Oct
2025

Critical GitHub Copilot Vulnerability Let Attackers Exfiltrate Source Code From Private Repos

A critical vulnerability in GitHub Copilot Chat, rated 9.6 on the CVSS scale, could have allowed attackers to exfiltrate source…

Gladinet CentreStack And Triofox 0-Day RCE Vulnerability Actively Exploited In Attacks
10
Oct
2025

Gladinet CentreStack And Triofox 0-Day RCE Vulnerability Actively Exploited In Attacks

An active in-the-wild exploitation of a zero-day vulnerability in Gladinet CentreStack and Triofox products. Tracked as CVE-2025-11371, the unauthenticated Local…

SnakeKeylogger via Weaponized E-mails Leverage PowerShell to Exfiltrate Sensitive Data
10
Oct
2025

SnakeKeylogger via Weaponized E-mails Leverage PowerShell to Exfiltrate Sensitive Data

Emerging from a recent wave of targeted campaigns, SnakeKeylogger has surfaced as a potent infostealer that capitalizes on PowerShell and…

New Android Malware ClayRat Mimic as WhatsApp, Google Photos to Attack Users
10
Oct
2025

New Android Malware ClayRat Mimic as WhatsApp, Google Photos to Attack Users

A sophisticated Android spyware campaign dubbed ClayRat has emerged as one of the most concerning mobile threats of 2025, masquerading…

LLM-enabled MalTerminal Malware Leverages GPT-4 To Generate Ransomware Code
10
Oct
2025

LLM-enabled MalTerminal Malware Leverages GPT-4 To Generate Ransomware Code

Cybersecurity researchers have identified what is believed to be the earliest known instance of malware that leverages a Large Language…

Microsoft Warns of Hackers Compromising Employee Accounts to Steal Salary Payments
10
Oct
2025

Microsoft Warns of Hackers Compromising Employee Accounts to Steal Salary Payments

A sophisticated financially motivated threat actor known as Storm-2657 has been orchestrating elaborate “payroll pirate” attacks targeting US universities and…

Google Warns of CL0P Ransomware Group Actively Exploiting Oracle E-Business Suite Zero-Day
10
Oct
2025

Google Warns of CL0P Ransomware Group Actively Exploiting Oracle E-Business Suite Zero-Day

The cybersecurity landscape faces a new and significant threat as the notorious CL0P ransomware group has launched a large-scale extortion…

Authorities Seize BreachForums New Clearnet Cybercrime Marketplace Domain
10
Oct
2025

Authorities Seize BreachForums New Clearnet Cybercrime Marketplace Domain

International law enforcement agencies have seized the latest clearnet domain of the notorious cybercrime marketplace, BreachForums. The domain, breachforums[.]hn, now…

7-Zip Vulnerabilities Allows Remote Attackers to Execute Arbitrary Code
10
Oct
2025

7-Zip Vulnerabilities Allows Remote Attackers to Execute Arbitrary Code

Two high-severity vulnerabilities have been discovered in the popular open-source file archiver, 7-Zip, which could allow remote attackers to execute…