Latest Cybersecurity News and Articles
21 October 2025
The malware uses invisible Unicode characters to hide its code and blockchain-based infrastructure to prevent takedowns.
The post Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware appeared first on SecurityWeek.
21 October 2025
Artificial intelligence (AI) holds tremendous promise for improving cyber defense and making the lives of security practitioners easier. It can help teams cut through alert fatigue, spot patterns faster, and bring a level of scale that human analysts alone can’t match. But realizing that potential depends on securing the systems that make it possible.
Every organization experimenting with AI in
21 October 2025
Affecting the Fireware OS iked process, the vulnerability can lead to remote code execution and does not require authentication.
The post Over 73,000 WatchGuard Firebox Devices Impacted by Recent Critical Flaw appeared first on SecurityWeek.
21 October 2025
Myanmar is notorious for hosting cyberscam operations responsible for bilking people all over the world.
The post Myanmar Military Shuts Down Major Cybercrime Center and Detains Over 2,000 People appeared first on SecurityWeek.
21 October 2025
The cybersecurity agency has added CVE-2025-61884 to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Confirms Exploitation of Latest Oracle EBS Vulnerability appeared first on SecurityWeek.
21 October 2025
A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased "operations tempo" from the threat actor.
The findings come from Google Threat Intelligence Group (GTIG), which said the state-sponsored hacking crew has rapidly refined and retooled its malware arsenal merely five days following
21 October 2025
A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon.
The organization, per Darktrace, was targeted in the first week of July 2025, with the attackers exploiting a Citrix NetScaler Gateway appliance to obtain initial access.
Salt Typhoon, also known as Earth Estries, FamousSparrow,
20 October 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite (EBS) has been weaponized in real-world attacks.
The security defect in question is CVE-2025-61884 (CVSS score: 7.5), which has been described as a
20 October 2025
South Korea faces public calls to take stronger action to protect its nationals from being forced into overseas online scam centers.
The post South Korea Seeks to Arrest Dozens of Online Scam Suspects Repatriated From Cambodia appeared first on SecurityWeek.
20 October 2025
The individuals ran a highly sophisticated cybercrime-as-a-service (CaaS) platform that caused roughly €5 million (~$5.8 million) in losses.
The post SIM Farm Dismantled in Europe, Seven Arrested appeared first on SecurityWeek.
20 October 2025
The identities of alleged core members of the Lumma Stealer group were exposed in an underground doxxing campaign.
The post Lumma Stealer Activity Drops After Doxxing appeared first on SecurityWeek.
20 October 2025
Attackers could exploit vulnerable deployments to intercept and tamper with communications in certain configurations.
The post ConnectWise Patches Critical Flaw in Automate RMM Tool appeared first on SecurityWeek.
20 October 2025
It’s easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn’t just patching fast, but watching smarter and staying alert for what you don’t expect.
Here’s a quick look at this week’s top threats, new tactics, and security stories shaping
20 October 2025
ClickFix, FileFix, fake CAPTCHA — whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches.
ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser — most commonly a CAPTCHA, but also things like fixing an error on a webpage.
The name is a little misleading, though
20 October 2025
Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale.
The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users.
"
20 October 2025
On Android, the out-of-bounds write issue can be triggered during the processing of media files without user interaction.
The post Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks appeared first on SecurityWeek.
20 October 2025
The judge ruled that punitive damages of $167 million awarded by a jury were excessive.
The post NSO Ordered to Stop Hacking WhatsApp, but Damages Cut to $4 Million appeared first on SecurityWeek.
20 October 2025
Envoy Air, which operates the American Eagle brand, has confirmed that business information was stolen by hackers.
The post American Airlines Subsidiary Envoy Air Hit by Oracle Hack appeared first on SecurityWeek.
20 October 2025
China on Sunday accused the U.S. National Security Agency (NSA) of carrying out a "premeditated" cyber attack targeting the National Time Service Center (NTSC), as it described the U.S. as a "hacker empire" and the "greatest source of chaos in cyberspace."
The Ministry of State Security (MSS), in a WeChat post, said it uncovered "irrefutable evidence" of the agency's involvement in the intrusion
19 October 2025
The Ministry of State Security alleged that the NSA exploited vulnerabilities in the messaging services of a foreign mobile phone brand to steal sensitive information.
The post China Accuses US of Cyberattack on National Time Center appeared first on SecurityWeek.