KillSec Ransomware Attacking Healthcare Industry IT Systems
The KillSec ransomware strain has rapidly emerged as a formidable threat targeting healthcare IT infrastructures across Latin America and beyond. First observed in early September…
Category: CyberSecurityNews
Threat Actors Could Misuse Code Assistant To Inject Backdoors and Generating Harmful Content
Modern development workflows increasingly rely on AI-driven coding assistants to accelerate software delivery and improve code quality. However, recent research has illuminated a potent new…
LG WebOS TV Vulnerability Let Attackers Bypass Authentication and Enable Full Device Takeover
A critical vulnerability has been discovered in LG’s WebOS for smart TVs, allowing an attacker on the same local network to bypass authentication mechanisms and…
WordPress Plugin Vulnerability Let Attackers Bypass Authentication via Social Login
A critical authentication bypass vulnerability in the Case Theme User WordPress plugin has emerged as a significant security threat, allowing unauthenticated attackers to gain administrative…
New Persistence Technique Allows Attackers to Hide Malware Within AWS Cloud Environment
Attackers are increasingly leveraging sophisticated techniques to maintain long-term access in cloud environments, and a newly surfaced tool named AWSDoor is emerging as a major…
AISURU Botnet With 300,000 Hijacked Routers Behind The Recent Massive 11.5 Tbps DDoS Attack
Since early 2025, the cybersecurity community has witnessed an unprecedented surge in distributed denial-of-service (DDoS) bandwidth, culminating in a record-shattering 11.5 Tbps assault attributed to…
Spring Framework Security Flaws Enable Authorization Bypass and Annotation Detection Issues
Two critical vulnerabilities, CVE-2025-41248 and CVE-2025-41249, have emerged in Spring Security and Spring Framework that could allow attackers to bypass authorization controls in enterprise applications. …
SmokeLoader Utilizes Optional Plugins To Perform Tasks Such as Stealing Data and DoS Attacks
SmokeLoader, first seen on criminal forums in 2011, has evolved into a highly modular malware loader designed to deliver a variety of second-stage payloads, including…
New Maranhão Stealer Via Pirated Software Leveraging Cloud-Hosted Platforms to Steal Login Credentials
Since May 2025, a novel credential stealer dubbed Maranhão Stealer has emerged as a significant threat to users of pirated gaming software. Distributed through deceptive…
Open Source CyberSOCEval Sets New Standards for AI in Malware Analysis and Threat Intelligence
A groundbreaking open-source benchmark suite called CyberSOCEval has emerged as the first comprehensive evaluation framework for Large Language Models (LLMs) in Security Operations Center (SOC)…
New Phoenix Rowhammer Attack Variant Bypasses Protection With DDR5 Chips
A new Rowhammer attack variant named Phoenix can bypass the latest protections in modern DDR5 memory chips, researchers have revealed. The attack is the first…
Massive Supply Chain Attack Hijacks ctrl/tinycolor With 2 Million Downloads
A sophisticated and widespread supply chain attack has struck the NPM ecosystem, compromising the popular @ctrl/tinycolor package, which is downloaded over 2 million times per…