A malicious Model Context Protocol (MCP) server has been discovered exfiltrating thousands of emails daily through AI assistant integrations, marking the first documented case of a supply chain attack targeting the emerging MCP ecosystem. The compromised package, postmark-mcp, has been downloaded approximately 1,500 times weekly and has been quietly stealing sensitive email communications since version […] The post Malicious MCP Server Discovered Stealing Sensitive Email Data Through AI Age...| Cyber Security News
In Apache Airflow’s milestone 3.0 release, the development team introduced a “write-only” model that restricts sensitive Connection fields, such as passwords, tokens, and private keys, to users with Connection Editing privileges. Unfortunately, in version 3.0.3, this access control model was inadvertently bypassed, allowing any user with READ permissions to retrieve confidential data via both the […] The post Apache Airflow Bug Leaks Sensitive Details to Users with Read-Only Access ap...| Cyber Security News
A comprehensive white paper presented at Virus Bulletin 2025 reveals the intricate operations of DeceptiveDevelopment, a North Korea-aligned threat actor that collaborates with fraudulent IT workers to compromise organizations worldwide. The campaign represents a hybrid threat combining cybercrime with employment fraud, targeting software developers through elaborate social engineering schemes. Deceptive development operators pose as recruiters […] The post North Korean IT Operatives Collab...| Cyber Security News
In September 2025, Zscaler ThreatLabz uncovered a sophisticated multi-stage ClickFix campaign targeting members of Russian civil society. Attributed with moderate confidence to the Russia-linked APT group COLDRIVER, also known as Star Blizzard, Callisto, and UNC4057, this operation blends social engineering with lightweight malware to achieve document theft and persistent access. COLDRIVER’s ClickFix infection chain begins […] The post ClickFix Multi Stage Campaign Delivering a PowerShell...| Cyber Security News
A sophisticated botnet campaign exploiting exposed command-and-control (C2) logs has surged by 230% between July and August 2025, compromising thousands of SOHO routers, embedded Linux devices, and enterprise web servers. CloudSEK’s TRIAD threat hunters uncovered six months of panel logs revealing a Loader-as-a-Service model that automates authentication probes, command injection, and payload delivery across diverse […] The post New Loader as a Service Botnet Targets Routers and IoT Devic...| Cyber Security News
Cybersecurity firm Resecurity has uncovered extensive evidence of collaboration and operational convergence among three of the most notorious English-speaking cybercrime groups: LAPSUS$, Scattered Spider, and ShinyHunters. The research reveals these groups now function as part of a “loosely connected and highly adaptive cybercrime ecosystem” that has targeted Fortune 100 corporations and government agencies throughout 2023-2025. […] The post Researchers Reveal Links Among LAPSUS$, Scatt...| Cyber Security News
In early 2025, LummaStealer emerged as a prolific information stealer targeting industries ranging from telecom and healthcare to banking and marketing. A coordinated law enforcement operation in May briefly disrupted its activities; however, recent months have seen novel LummaStealer variants resurface. Netskope Threat Labs’ analysis of sample hash 87118baadfa7075d7b9d2aff75d8e730 reveals advanced obfuscation, sophisticated evasion, and robust persistence […] The post Uncovering LummaS...| Cyber Security News
A sophisticated new malware family dubbed LAMEHUG has emerged as the first known threat to weaponize artificial intelligence for dynamic attack execution, marking a significant evolution in cybercriminal tactics. First identified by CERT-UA in July 2025, this Python-based malware leverages large language models hosted on Hugging Face to generate real-time Windows commands for reconnaissance and data exfiltration. […] The post Dynamic Command Generation by LLM Based LAMEHUG Malware for Rec...| Cyber Security News
Active Directory (AD) holds the digital keys to an organization’s network. Threat actors targeting the NTDS.dit file, which contains hashed credentials and critical domain data, can achieve full domain compromise if they succeed. This article walks through a real-world scenario where attackers dumped and exfiltrated NTDS.dit, bypassing common defenses, and highlights how Trellix Network Detection […] The post Active Directory Compromise – NTDS.dit Exfiltration Enables Complete Credentia...| Cyber Security News
Today, the National Cyber Security Centre (NCSC) – part of GCHQ – issued further advice to help network defenders mitigate| Cyber Security News
According to the Dmpdump report, the campaign first emerged on VirusTotal on August 28, 2025, when a file uploaded from Malaysia triggered alarms.| Cyber Security News
The vulnerability arises from how Axios decodes data: URLs, allowing an attacker to trigger unbounded memory allocation and crash Node.js processes.| Cyber Security News
RatOn Android trojan uses NFC relay, ATS, and remote access to hijack devices and drain bank accounts, first hitting Czech, Slovak users.| Cyber Security News
Empire, introducing enhanced agent capabilities and comprehensive API support designed to streamline post-exploitation operations.| GBHackers Security | #1 Globally Trusted Cyber Security News Platform
ESPHome vulnerability - A critical vulnerability has been discovered in the ESPHome web server component on the ESP-IDF platform.| Cyber Security News
A significant global effort to patch a critical zero-day remote code execution (RCE) vulnerability in Citrix NetScaler devices has seen the number of exposed systems drop from approximately 28,200 to 12,400 in just one week.| Cyber Security News
The vulnerabilities, tracked as CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424, pose significant risks to organizations relying on these network infrastructure components for application delivery and secure remote access.| Cyber Security News
China-linked APT MURKY PANDA targets North American gov, tech & legal sectors, exploiting cloud flaws & stealing sensitive data.| Cyber Security News
Telegram SSH brute-force - Socket's Threat Research Team has uncovered a sophisticated supply chain attack targeting cybersecurity.| Cyber Security News
Wolf's Assault - A sophisticated APT group known as Scaly Wolf has executed a persistent multi-year campaign against a Russian.| Cyber Security News
An alleged threat actor has listed a Windows Zero-Day Remote Code Execution (RCE) exploit for sale, claiming it targets fully updated Windows 10, Windows 11, and Windows Server 2022 systems.| Cyber Security News
Workday recently disclosed that it was targeted in a social engineering campaign designed to compromise employee trust and gain unauthorized access to sensitive systems.| Cyber Security News
Best NDR solutions 1. Darktrace 2. Vectra AI 3. ExtraHop 4. Corelight 5. Arista 6. Cisco Secure Network Analytics 7. Trend Micro 8. Fidelis| GBHackers Security | #1 Globally Trusted Cyber Security News Platform
A sophisticated social engineering campaign by the EncryptHub threat group that combines impersonation tactics with technical exploitation to compromise corporate networks.| Cyber Security News
PS1Bot malware targets Windows via malvertising, using PowerShell+C# for stealthy info theft, modular design, and in-memory execution.| Cyber Security News
Released on August 14, 2025, this major update introduces groundbreaking features that extend VirtualBox's capabilities across multiple platforms| Cyber Security News
The flaw, tracked as CVE-2025-2183 with a CVSS score of 4.5, affects the certificate validation process in GlobalProtect applications running on Windows and Linux systems.| Cyber Security News
Qilin ransomware - The Qilin ransomware group has once again dominated the cyberthreat landscape in July 2025, claiming 73 victims.| Cyber Security News
CISA has issued urgent warnings regarding two critical security vulnerabilities in N-able N-Central remote monitoring and management (RMM) software that are actively being exploited by threat actors.| Cyber Security News
Fake Ukrainian Web3 team lures job seekers via malicious NPM repo in interviews, stealing crypto wallets, browser data & personal info.| Cyber Security News
A critical security vulnerability in Fortinet FortiSIEM platform that allows unauthenticated attackers to execute arbitrary commands remotely.| Cyber Security News
Global operation seizes BlackSuit ransomware servers, domains & $1.09M crypto, crippling attacks on US critical infrastructure.| Cyber Security News
Microsoft has released the Windows 11 August 2025 Cumulative Updates, KB5063878 for version 24H2 and KB5063875| Cyber Security News
EA’s Javelin anti-cheat blocked 330K cheating attempts in Battlefield 6 beta, using multi-layered defenses including Secure Boot.| Cyber Security News
Zoom has disclosed a critical vulnerability affecting multiple Windows-based clients, potentially allowing attackers to escalate privileges and compromise user systems.| Cyber Security News
Researchers have detected an unprecedented surge in brute-force attacks targeting Fortinet SSL VPN infrastructure, with over 780 unique IP addresses participating in coordinated assault campaigns.| Cyber Security News
Ivanti has released critical security updates addressing multiple high and medium-severity vulnerabilities across its Connect Secure, Policy Secure, and Zero Trust Access (ZTA) gateway products.| Cyber Security News
A massive leak of internal tooling, backdoors, and intelligence-gathering artifacts attributed to North Korea’s state-sponsored APT group Kimsuky has been published online by presumed insiders.| Cyber Security News
A severe flaw in a major automaker’s dealer portal that allowed unauthorized attackers to register for dealer accounts, escalate privileges to a national administrator, and ultimately control vehicles remotely.| Cyber Security News
Reddit has announced plans to significantly restrict the Internet Archive's Wayback Machine from indexing its platform, citing concerns that AI companies have been exploiting the archival service to circumvent Reddit's data protection policies.| Cyber Security News
ClickFix campaign targets Israeli firms via phishing to run malicious PowerShell, using fake wartime webinar invites & Teams pages.| Cyber Security News
Threat actors are leveraging sophisticated phishing campaigns by creating fake Microsoft OAuth applications to impersonate legitimate enterprises.| GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Grafana Labs has released critical security patches addressing two significant vulnerabilities, redirect users to malicious websites.| GBHackers Security | #1 Globally Trusted Cyber Security News Platform
MixMode has been recognized by USA Today as one of the Top 10 AI Companies to Watch in 2024. This prestigious acknowledgment highlights MixMode’s vital contributions to cybersecurity and ability to shape the industry's future through advanced AI.| MixMode
Jeremiah Fowler, an ethical researcher, discovered an unsecured database with 245,949 entries totaling 286.9 GB in a huge cybersecurity issue.| GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Microsoft has rolled out a comprehensive set of security enhancements aimed at countering the surge in AiTM phishing attacks.| Cyber Security News
A critical security vulnerability in ChatGPT has been discovered that allows attackers to embed malicious SVG (Scalable Vector Graphics) and image files directly into shared conversations, potentially exposing users to sophisticated phishing attacks and harmful content.| Cyber Security News
MixMode, a leader in AI-powered cybersecurity, today released State of AI in Cybersecurity Report 2025, its second annual report, independently conducted by the Ponemon Institute. Based on a survey of 685 U.S. IT and security professionals, the report reveals how organizations, especially in Critical Infrastructure, SLED, and U.S. Federal sectors, are adopting AI to counter evolving cyber threats.| MixMode
Apple has released critical security updates for macOS Sequoia, addressing multiple vulnerabilities that could allow malicious applications to access sensitive user data.| Cyber Security News
Dell Technologies has issued a security advisory regarding multiple vulnerabilities in its RecoverPoint for Virtual Machines (RP4VM) software.| Cyber Security News
The directory, located at https://server.xcode.co.id/files/mimikatz/Win32/, has raised sconcerns about potential misuse by malicious actors.| Cyber Security News
The victims, all based in France, include Omydoo, Ayomi.fr, and ADULLACT, marking a significant escalation in their cyber extortion campaign.| Cyber Security News
The breach underscores persistent vulnerabilities in the nation’s cybersecurity infrastructure and raises pressing concerns about data protection.| Cyber Security News
In October 2023, Microsoft introduced native support for 11 additional compression formats in Windows 11 through the KB5031455 update.| Cyber Security News
This marks yet another chapter in the group's ongoing campaign of digital extortion and data breaches.| Cyber Security News
This incident underscores the growing threat of ransomware targeting architecture and engineering (A&E) firms.| Cyber Security News
Microsoft Entra ID has introduced a robust security mechanism called protected actions, aimed at preventing attackers from permanently deleting user accounts.| Cyber Security News
A critical vulnerability in SolarWinds' Web Help Desk (WHD) software has been identified, allowing remote, unauthenticated attackers to exploit hardcoded credentials embedded in the system.| Cyber Security News
The pursuit of single-bit fault injection attacks has long been regarded as a challenging frontier in hardware security.| Cyber Security News
A critical security vulnerability, identified as CVE-2025-1077, has been disclosed in IBL Software Engineering's Visual Weather software and its derived products.| Cyber Security News
The incident underscores the growing threat posed by this ransomware group, which has targeted various industries worldwide.| Cyber Security News
The EarlyCrow system introduces a groundbreaking approach to detecting Advanced Persistent Threat (APT) malware command and control (C&C) communications.| Cyber Security News
A new attack vector exploiting vulnerabilities in Kerberos delegation within Active Directory (AD) networks has been uncovered.| Cyber Security News
Hackers primarily target Windows systems due to their significant market share, with over 80% of desktop operating systems running| Cyber Security News
In this blog Morphisec researchers provide technical analysis of CVE-2024-30103, a remote code execution vulnerability impacting Microsoft Outlook.| blog.morphisec.com
This blog provides an analysis by Morphisec of responding to actual Citrix Bleed attacks (CVE-2023-4966), detailing threat actor tactics and recommended safeguards.| blog.morphisec.com