New Gmail Phishing Attack Uses AI Prompt Injection to Evade Detection
Phishing has always been about deceiving people. But in this campaign, the attackers weren’t only targeting users; they also attempted to manipulate AI-based defenses. This…
Category: CyberSecurityNews
Hundreds of Thousands of Users Grok Chats Exposed in Google Search Results
A significant data exposure has revealed hundreds of thousands of private user conversations with Elon Musk’s AI chatbot, Grok, in public search engine results. The…
Microsoft 365 Exchange Online Outage Blocks Email on Outlook Mobile App
Microsoft is investigating a significant service incident within Exchange Online, identified as EX1137017, which is preventing some users from sending or receiving emails through the…
Microsoft Confirms August 2025 Update Causes Severe Lag in Windows 11 24H2, Windows 10 Versions
Microsoft has officially confirmed that its August 2025 security update is causing significant performance problems for users of NDI (Network Device Interface) technology. Content creators,…
Microsoft to Limit Onmicrosoft Domain Usage for Sending Emails
Microsoft has announced significant restrictions on email sending capabilities for organizations using default onmicrosoft.com domains, implementing a throttling system that limits external email delivery to…
Hackers Can Exfiltrate Windows Secrets and Credentials Silently by Evading EDR Detection
A method to silently exfiltrate Windows secrets and credentials, evading detection from most Endpoint Detection and Response (EDR) solutions. This technique allows attackers who have…
South Asian APT Hackers Using Novel Tools to Compromise Phones of Military-Adjacent Members
A sophisticated South Asian Advanced Persistent Threat (APT) group has been conducting an extensive espionage campaign targeting military personnel and defense organizations across Sri Lanka,…
BQTLOCK Ransomware Operates as RaaS With Advanced Evasion Techniques
A sophisticated new ransomware strain named BQTLOCK has emerged in the cyberthreat landscape since mid-July 2025, operating under a comprehensive Ransomware-as-a-Service (RaaS) model that democratizes…
New HTTP Smuggling Attack Technique Let Hackers Inject Malicious Requests
A sophisticated HTTP request smuggling attack that exploits inconsistent parsing behaviors between front-end proxy servers and back-end application servers. This newly discovered technique leverages malformed…
Help TDS Weaponize Legitimate Sites’ PHP Code Templates With Fake Microsoft Windows Security Alert Pages
A sophisticated traffic direction system known as Help TDS has been weaponizing compromised websites since 2017, transforming legitimate sites into gateways for elaborate tech support…
CISA Warns of Apple iOS, iPadOS, and macOS 0-day Vulnerability Exploited in Attacks
CISA has issued an urgent warning regarding a critical zero-day vulnerability affecting Apple’s iOS, iPadOS, and macOS operating systems that threat actors are actively exploiting. …
Hackers Abuse VPS Servers To Compromise Software-as-a-service (SaaS) Accounts
Cybercriminals are increasingly leveraging Virtual Private Server (VPS) infrastructure to orchestrate sophisticated attacks against Software-as-a-Service (SaaS) platforms, exploiting the anonymity and clean reputation of these…