Geek-Guy.com

Category: Exploits

Explore the latest software exploits, zero-day vulnerabilities, and security PoCs. Geek-Guy provides expert analysis on emerging threats and how to stay protected.

Exploits, Global Security News, Security, Software Development, Vulnerabilities

RCE in React Native CLI opens Dev Servers to attacks

A critical remote-code execution (RCE) flaw in the widely used @react-native-community/cli (and its server API) lets attackers run arbitrary OS commands via the Metro development server, the default JavaScript bundler for React Native. In essence, launching the development server through standard commands (eg, npm start or npx react-native start) could expose the machine to external…

Read more →

Exploits, Global Security News, ISO 27001

Threat Intelligence – ISO 27001:2022 Control 5.7 Explained

Cyber attacks evolve faster than traditional security review cycles. So, to stay secure, organisations need a clearer understanding of the threats that are most relevant to their systems, data and business operations. Threat intelligence is the process of collecting and analysing information about these threats so that security decisions are informed by real-world attack patterns…

Read more →

Breaking News, Cyber warfare, Exploits, Global Security News, hacking, intelligence, malware

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

Curly COMrades threat actors exploit Windows Hyper-V to hide Linux VMs, evade EDR tools, and deploy custom malware undetected. Bitdefender researchers, aided by Georgia’s CERT, uncovered that Curly COMrades, a group linked to Russian interests, abused Windows Hyper-V to gain covert, long-term access to victims. Threat actors created hidden Alpine Linux VMs (120MB/256MB) hosting custom…

Read more →

Exploits, Global Security News

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection

The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware. According to a new report from Bitdefender, the adversary is said to have enabled the Hyper-V role on selected victim systems to deploy a minimalistic, Alpine Linux-based virtual machine. “This hidden…

Read more →

Exploits, Global Security News, Hacking, Security Practices, Software Development, Vulnerabilities

9 top bug bounty programs launched in 2025

Bug bounty programs remain a crucial component of cybersecurity strategies in 2025, offering organizations the ability to draw in help from a diverse pool of cybersecurity professionals and researchers. The schemes offer continuous testing against emerging threats. What are bug bounty programs? Bug bounty programs are structured systems for individuals to identify and report security…

Read more →

Exploits, Global Security News

Google researchers detect first operational use of LLMs in active malware campaigns

Threat actors are now actively deploying AI-enabled malware in their operations. Google Threat Intelligence Group (GTIG) has identified cybercriminal use of “just-in-time” AI which employs large language models (LLMs) on the fly to create malicious scripts and functions, and to obfuscate code. Additionally, GTIG investigations have revealed that models are just as susceptible to social…

Read more →

AI, china, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, privacy, Risk Management, Russia

The hack that messed with time, and rogue ransomware negotiators

Time itself comes under attack as a state-backed hacking gang spends two years tunnelling toward a nation’s master clock — with chaos potentially only a tick away. Plus when ransomware negotiators turn to the dark side, what could possibly go wrong? All this and more is discussed in episode 442 of the “Smashing Security” podcast…

Read more →

Cybercrime, Cybersecurity, Department of Justice (DOJ), Exploits, Global Security News

Court reimposes original sentence for Capital One hacker 

A federal judge has reimposed a sentence on Paige Thompson, the former Amazon Web Services engineer convicted in the 2019 Capital One data breach that compromised the personal information of more than 100 million people. U.S. District Judge Robert Lasnik sentenced Thompson to time served, plus five years of supervised release with three years of…

Read more →

Exploits, Global Security News

Office sandbox file security to disappear from enterprise Windows by late 2027, Microsoft confirms

Windows enterprise administrators will have until December 2027 at the latest to put in place alternatives to the security protection offered by Microsoft Defender Application Guard (MDAG) for Office, the company has confirmed. MDAG’s purpose is to protect customers from the threat of boobytrapped Office documents sent via email. The feature was added to some…

Read more →

Exploits, Global Security News

Office sandbox file security to disappear from enterprise Windows by late 2027, Microsoft confirms

Windows enterprise administrators will have until December 2027 at the latest to put in place alternatives to the security protection offered by Microsoft Defender Application Guard (MDAG) for Office, the company has confirmed. MDAG’s purpose is to protect customers from the threat of boobytrapped Office documents sent via email. The feature was added to some…

Read more →

Exploits, Global Security News

Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data

Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI’s ChatGPT artificial intelligence (AI) chatbot that could be exploited by an attacker to steal personal information from users’ memories and chat histories without their knowledge. The seven vulnerabilities and attack techniques, according to Tenable, were found in OpenAI’s GPT-4o and GPT-5 models. OpenAI has

Read more →

Commentary, Cybersecurity, Election Security, Exploits, Global Security News, Government, Policy

How the F5 breach, CISA job cuts, and a government shutdown are eroding U.S. cyber readiness

The federal cybersecurity system is weathering a series of crises that couldn’t have arrived at a worse time. The F5 security breach from Oct. 15, the proposed elimination of more than 1,000 jobs at the Cybersecurity and Infrastructure Security Agency (CISA), and the ongoing federal government shutdown have created a perfect storm that is not…

Read more →

Exploits, Global Security News, Mac OS, Microsoft, operating system, Reviews, Windows 10

Best Windows 7 Operating System Alternatives

Looking for the best Windows 7 alternative Operating System? We have made the perfect list for you. Microsoft ended extended support for Windows 7 in January 2020. This means the operating system no longer receives security updates, leaving users vulnerable to exploits and malware. Upgrading is crucial, but with a vast landscape of options, choosing…

Read more →

Breaking News, CISA, Exploits, Global Security News, hacking, hacking news, Security

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added XWiki Platform, and Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the…

Read more →

Exploits, Global Security News

CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below – CVE-2025-11371 (CVSS score: 7.5) – A vulnerability in files or directories…

Read more →

Apple, Cybersecurity, Exploits, Global Security News, Research, Technology, Threats

Apple addresses more than 100 vulnerabilities in security updates for iPhones, Macs and iPads

Apple disclosed an exceptionally high number of vulnerabilities in core services and components used across its most popular devices, as the tech giant addressed 105 vulnerabilities in MacOS 26.1 and 56 vulnerabilities with the release of iOS 26.1 and iPadOS 26.1.  The company’s latest security update includes some flaws that affect software spanning iPhones, Macs…

Read more →

Android, Breaking News, Exploits, Global Security News, Google, hacking, Security

Google fixed a critical remote code execution in Android

Google’s November 2025 Android update fixes two flaws in the System component, including a critical remote code execution issue. Google’s November 2025 Android security updates addressed two vulnerabilities impacting the System component. The fixes are included in the 2025-11-01 security patch level, the only patch level released this month by the IT giant. “The most…

Read more →

Exploits, Global Security News

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

Details have emerged about a now-patched critical security flaw in the popular “@react-native-community/cli” npm package that could be potentially exploited to run malicious operating system (OS) commands under certain conditions. “The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli’s

Read more →

Exploits, Global Security News

Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed

Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The vulnerabilities “allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications,” Check Point said in a report shared with The Hacker News. Following responsible disclosure in March

Read more →

Exploits, Global Security News

Cybersecurity platform KnowBe4 has released its Q3 2025 Phishing Roundup

Cybersecurity platform provider KnowBe4, has today released its Q3 2025 Phishing Roundup, with the research revealing that simulated  phishing emails personalised to appear from internal departments, particularly HR and IT, continue to drive the highest user interaction rates – highlighting a “persistent trend of employee vulnerability to techniques exploiting familiarity”.

Read more →

Exploits, Global Security News

New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations

In a newly uncovered campaign, threat actors embedded a previously undocumented backdoor, dubbed SesameOp, which exploits the OpenAI Assistants API for relaying commands and exfiltrating results. According to researchers at Microsoft, the campaign was active for months before detection, and relied on obfuscated .NET libraries loaded via AppDomainManager injection into compromised Visual Studio utilities. “Instead…

Read more →

Exploits, Global Security News

Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit

Google’s artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit component used in its Safari web browser that, if successfully exploited, could result in a browser crash or memory corruption. The list of vulnerabilities is as follows – CVE-2025-43429…

Read more →

Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, hacking, malware

Crooks exploit RMM software to hijack trucking firms and steal cargo

Hackers target trucking firms with RMM tools to steal freight, teaming with organized crime to loot goods, mainly food and beverages. Cybercriminals are targeting trucking and logistics firms with RMM tools (remote monitoring and management software) to steal freight. Active since June 2025, the group works with organized crime to loot goods, mainly food and…

Read more →

Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, hacking, malware

Crooks exploit RMM software to hijack trucking firms and steal cargo

Hackers target trucking firms with RMM tools to steal freight, teaming with organized crime to loot goods, mainly food and beverages. Cybercriminals are targeting trucking and logistics firms with RMM tools (remote monitoring and management software) to steal freight. Active since June 2025, the group works with organized crime to loot goods, mainly food and…

Read more →

Breaking News, Chrome, Exploits, Global Security News, Google, Security

Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid

Google released Chrome 142, fixing 20 flaws, including two high-severity V8 bugs, and awarded $100,000 in bug bounties. Google addressed 20 flaws in Chrome version 142, including high-severity bugs that impact the V8 engine. The IT giant awarded $100,000 in bounties for two issues in the V8 JavaScript engine. The two vulnerabilities are tracked as…

Read more →

Exploits, Global Security News

XWiki SolrSearch Exploit Attempts (CVE-2025-24893) with link to Chicago Gangs/Rappers, (Mon, Nov 3rd)

XWiki describes itself as “The Advanced Open-Source Enterprise Wiki” and considers itself an alternative to Confluence and MediaWiki. In February, XWiki released an advisory (and patch) for an arbitrary remote code execution vulnerability. Affected was the SolrSearch component, which any user, even with minimal “Guest” privileges, can use. The advisory included PoC code, so it is…

Read more →

Exploits, Global Security News

Hacktivists increasingly target industrial control systems, Canada Cyber Centre warns

Security experts have long warned about the dangers of exposing industrial control systems (ICS) to the internet, where they can become easy targets for government-affiliated threat groups and hacktivists. In a new alert urging CISOs to take action, the Canadian government’s Centre for Cyber Security provides recent examples of real-world attacks that impacted operations at…

Read more →

Exploits, Global Security News

Anthropic Claude – Unternehmensdaten gefährdet

Ein aktueller Report zeigt, wie sich über Anthropic Claude sensible Daten extrahieren lassen. Photo Agency | shutterstock.com Eine kürzlich bekannt gewordene Schwachstelle im KI-Assistenten Claude von Anthropic könnte von Angreifern ausgenutzt werden, um heimlich Unternehmensdaten zu exfiltrieren. Dabei lassen sich auch Sicherheitskonfigurationen umgehen, die solche Attacken eigentlich verhindern sollen. Wie sich das mithilfe indirekter Prompt-Injection-Techniken…

Read more →

Exploits, Global Security News

Scans for Port 8530/8531 (TCP). Likely related to WSUS Vulnerability CVE-2025-59287, (Sun, Nov 2nd)

Sensors reporting firewall logs detected a significant increase in scans for port 8530/TCP and 8531/TCP over the course of last week. Some of these reports originate from Shadowserver, and likely other researchers, but there are also some that do not correspond to known research-related IP addresses. CVE-2025-59287 is exploited by connecting to affected WSUS servers…

Read more →

Breaking News, Cybercrime, Exploits, Global Security News, hacking, Security, Uncategorized

Security Affairs newsletter Round 548 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government China-linked UNC6384 exploits Windows zero-day…

Read more →

Breaking News, Exploits, Global Security News, hacking, malware, Security

BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government

Australia warns of attacks on unpatched Cisco IOS XE devices exploiting CVE-2023-20198, allowing BadCandy webshell install. The Australian Signals Directorate (ASD) warns of ongoing attacks on unpatched Cisco IOS XE devices exploiting CVE-2023-20198, allowing BadCandy webshell infections and admin takeover. “Cyber actors are installing an implant dubbed ‘BADCANDY’ on Cisco IOS XE devices that are vulnerable…

Read more →

Exploits, Global Security News

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability

The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY. The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 (CVSS score: 10.0), a critical vulnerability that allows a remote, unauthenticated attacker to create…

Read more →

Email Security, IT Management, Security, Exploits, Global Security News

Cyber agencies produce ‘long overdue’ best practices for securing Microsoft Exchange Server

Cyber agencies from three countries including the US have issued a list of security best practices for protecting Microsoft Exchange Server, a venerable on-premises email server that many IT departments still cling to. The advisory, also endorsed by Australia and Canada, comes at a good time: Threat actors are still poking at holes in Exchange…

Read more →

Exploits, Global Security News, Security

Cyber agencies produce ‘long overdue’ best practices for securing Microsoft Exchange Server

Cyber agencies from three countries including the US have issued a list of security best practices for protecting Microsoft Exchange Server, a venerable on-premises email server that many IT departments still cling to. The advisory, also endorsed by Australia and Canada, comes at a good time: Threat actors are still poking at holes in Exchange…

Read more →

Cybercrime, Cybersecurity, Exploits, Global Security News, Threats

Alleged 764 leader arrested in Arizona, faces life in prison

Federal law enforcement said a leader of 764, a violent extremist group, has been in federal custody since he was arrested in December and faces 29 charges for running a loose-knit collective involved in child exploitation, cyberstalking, kidnapping, animal torture, wire fraud and murder. Baron Cain Martin, 21, of Tucson, Arizona, allegedly joined the child…

Read more →

Endpoint Protection, Security, Vulnerabilities, Windows Security, Exploits, Global Security News

Chinese hackers target Western diplomats using hard-to-patch Windows shortcut flaw

Chinese hackers have been spotted targeting European diplomats using a longstanding Windows shortcut vulnerability that’s been popular with threat groups as far back as 2017. According to security company Arctic Wolf, whose researchers uncovered the latest campaign, the latest attacks saw spear phishing emails sent to officials working for the governments of Hungary, Belgium, Serbia,…

Read more →

Breaking News, Exploits, Global Security News, hacking, malware, Security

Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks

CISA warns ransomware gangs exploit CVE-2024-1086, a Linux kernel flaw in netfilter: nf_tables, introduced in 2014 and patched in Jan 2024. CISA warned that ransomware gangs are exploiting CVE-2024-1086, a high-severity Linux kernel flaw introduced in 2014 and patched in January 2024. CISA didn’t provide details about the ransomware attacks exploiting the flaw or name…

Read more →

Exploits, Global Security News

Claude AI vulnerability exposes enterprise data through code interpreter exploit

A newly disclosed vulnerability in Anthropic’s Claude AI assistant has revealed how attackers can weaponize the platform’s code interpreter feature to silently exfiltrate enterprise data, bypassing even the default security settings designed to prevent such attacks. Security researcher Johann Rehberger demonstrated that Claude’s code interpreter can be manipulated through indirect prompt injection to steal sensitive…

Read more →

Exploits, Global Security News

China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems

The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick. The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. JPCERT/CC, in an alert issued this…

Read more →

Exploits, Global Security News

OpenAI launches Aardvark to detect and patch hidden bugs in code

OpenAI has unveiled Aardvark, a GPT-5-powered autonomous agent designed to act like a human security researcher capable of scanning, understanding, and patching code with the reasoning skills of a professional vulnerability analyst. Announced on Thursday and currently available in private beta, Aardvark is being positioned as a major leap toward AI-driven software security. Unlike conventional…

Read more →

Breaking News, data breach, Ernst & Young, Exploits, EY, Global Security News

EY Exposes 4TB SQL Server Backup Publicly on Microsoft Azure

A massive 4TB SQL Server backup file belonging to global accounting giant Ernst & Young (EY) was discovered publicly accessible on Microsoft Azure. Cybersecurity firm Neo Security discovered a 4TB SQL Server backup belonging to accounting giant Ernst & Young (EY) publicly accessible on Microsoft Azure during a routine scan. Neo Security’s lead researcher identified a…

Read more →

Exploits, Global Security News

The unified linkage model: A new lens for understanding cyber risk

When Okta’s support credentials were stolen in 2023, the breach didn’t stop at the identity provider. It rippled outward — through SaaS integrations, internal legacy applications and downstream development pipelines. Okta’s systems were not directly exploited. Instead, the attack propagated through the quiet linkages that bound those systems together. Most security programs don’t model those…

Read more →

Exploits, Global Security News

CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation. “By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security

Read more →

Exploits, Global Security News

AI-powered bug hunting shakes up bounty industry — for better or worse

AI-powered bug hunting has changed the calculus of what makes for an effective bounty program by accelerating vulnerability discovery — and subjecting code maintainers to ballooning volumes of AI flaw-hunting slop. Security researchers are using large language models (LLMs) to automate reconnaissance, reverse engineer APIs, and scan codebases faster than ever. By applying AI tools…

Read more →

Exploits, Global Security News

CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to…

Read more →

AI, AI Security, Cybersecurity, Exploits, Global Security News, Research, Technology

OpenAI releases ‘Aardvark’ security and patching model 

A new security-focused AI model released Thursday by OpenAI aims to automate bug hunting, patching and remediation. The model, powered by ChatGPT-5 and given the name Aardvark, has been used internally at OpenAI and among external partners. Currently offered in an invite-only Beta, it’s designed to continuously scan source code repositories to find known vulnerabilities…

Read more →

Exploits, Global Security News, Open Source, Security, Software Development

Malicious packages in npm evade dependency detection through invisible URL links: Report

Threat actors are finding new ways to insert invisible code or links into open source code to evade detection of software supply chain attacks. The latest example was found by researchers at Israel-based Koi Security, who this week said they have discovered a threat actor’s campaign that has been running since August, contaminating 126 packages…

Read more →

Breaking News, CISA, Exploits, Global Security News, hacking, information security news, Security

U.S. CISA adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws…

Read more →

Australia, Cybersecurity, Exploits, Global Security News, Government, Technology, Threats

CISA, NSA offer guidance to better protect Microsoft Exchange Servers

Cybersecurity experts from multiple federal agencies released guidance to help organizations bolster their defenses against attacks on on-premises Microsoft Exchange Servers, resurfacing and building upon previously shared advice that generally applies to most technology. The Cybersecurity and Infrastructure Security Agency said the security blueprint for Microsoft Exchange Server is a follow-up effort to an emergency…

Read more →

Editor's Pick, Exploits, Global Security News, videos

The Role of Artificial Intelligence in Cybersecurity

In this post, I will show you the role of artificial intelligence in cybersecurity. In an increasingly interconnected world where our lives are intricately woven with digital threads, the importance of cybersecurity cannot be overstated. As technology advances, so do the threats posed by cybercriminals, who constantly seek new ways to exploit vulnerabilities and infiltrate…

Read more →

Artificial Intelligence, Security, Exploits, Global Security News

Strengthening security with a converged security and networking platform

Today’s IT environment of multiple clouds, hybrid work, and the exploding popularity of AI has given cybercriminals unprecedented opportunities for launching attacks — and the traditional arsenal of tools organizations use to stop them isn’t working. The network perimeter has disappeared, and every new device, app, cloud connection, and AI tool expands the threat surface.…

Read more →

Breaking News, Chrome, Exploits, Global Security News, hacking, Security

Brush exploit can cause any Chromium browser to collapse in 15-60 seconds

“Brash” flaw in Chromium’s Blink engine lets attackers crash browsers instantly via a single malicious URL, researcher Jose Pino revealed. Security researcher Jose Pino found a severe vulnerability, named Brash, in Chromium’s Blink rendering engine that can be exploited to crash many Chromium-based browsers within a few seconds. “Brash is a critical vulnerability in Blink, the rendering engine that…

Read more →

Exploits, Global Security News

New “Brash” Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL

A severe vulnerability disclosed in Chromium’s Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash. “It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations…

Read more →

Artificial Intelligence, Generative AI, Security, Exploits, Global Security News

Atlas-Browser-Exploit ermöglicht Angriff auf ChatGPT-Speicher

Security-Forscher haben eine neue Schwachstelle entdeckt, die den ChatGPT Atlas-Browser von OpenAI betrifft. jackpress – shutterstock.com Nur wenige Tage, nachdem Cybersicherheitsanalysten davor gewarnt hatten, den neuen Atlas-Browser von OpenAI zu installieren, haben Forscher von LayerX Security eine Schwachstelle entdeckt. Die Lücke soll es Angreifen ermöglichen, bösartige Befehle direkt in den ChatGPT-Speicher der Anwender einzuschleusen und…

Read more →

Exploits, Global Security News

Chromium flaw crashes Chrome, Edge, Atlas: Researcher publishes exploit after Google’s silence

A vulnerability in Chromium’s rendering engine can crash Chrome, Microsoft Edge, and seven other browsers within seconds if exploited by attackers, a security researcher warned after Google ignored his vulnerability report for two months. Jose Pino published proof-of-concept code for the flaw on October 29, potentially exposing more than three billion users to browser crashes…

Read more →

Exploits, Global Security News, Hacking, Malware, Security

Typo hackers sneak cross-platform credential stealer into 10 npm packages

In a newly disclosed multi-stage supply-chain campaign, a threat actor published ten typosquatted npm packages that mimicked popular libraries to deploy a cross-platform credential stealer. According to a Socket analysis, the packages were published on July 4 and had collectively amassed nearly 10000 downloads in four months before being flagged for removal. “Each package leverages…

Read more →

Breaking News, Exploits, Global Security News, hacking, intelligence, Security

Ex-Defense contractor exec pleads guilty to selling cyber exploits to Russia

Former US defense contractor exec Peter Williams pled guilty to stealing trade secrets and selling cyber exploits to a Russian broker, per the US DOJ. Ex-US defense contractor Peter Williams (39) admits stealing US trade secrets and selling cyber exploits to a Russian broker. Williams, an Australian national, pleaded guilty to stealing and selling U.S.…

Read more →

Breaking News, Canada, Exploits, Global Security News, hacking, hacktivism, Hacktivists

Hacktivists breach Canada’s critical infrastructure, cyber Agency warns

Canada’s cyber agency warns hacktivists breached critical infrastructure, altering industrial controls and risking public safety. The Canadian Centre for Cyber Security revealed that hacktivists have repeatedly breached systems of country’s critical infrastructure systems in the country. Attackers tampered with industrial controls at a water treatment facility, an oil & gas firm, and an agricultural facility.…

Read more →

Cybercrime, Cybersecurity, Exploits, Global Security News

Alleged 764 member faces up to 69 years in prison for string of suspected violent crimes

A 19-year-old California man associated with the nihilistic violent extremist group 764 pleaded not guilty to multiple charges of animal crushing, sexual exploitation of a minor, possession of child sexual abuse material (CSAM), cyberstalking and interstate extortion in a federal court Tuesday.  Tony Christopher Long of Porterville, Calif., allegedly committed the various criminal acts in…

Read more →

Cybersecurity, Department of Justice (DOJ), Exploits, Geopolitics, Global Security News, Government, Technology

Ex-L3Harris exec pleads guilty to selling zero-day exploits to Russian broker

An ex-L3 Harris executive pleaded guilty to two counts of theft of trade secrets Wednesday, admitting to selling eight zero-day exploits to a Russian broker in exchange for millions of dollars.  Peter Williams, 39, pleaded guilty in the District Court of the District of Columbia to two counts of theft of trade secrets. Court records…

Read more →

APT, Breaking News, Cyber warfare, Exploits, Global Security News, hacking, intelligence

Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets

Russian actors, likely linked to Sandworm, targeted Ukrainian firms using LotL tactics and dual-use tools to steal data and stay hidden, says Symantec and Carbon Black. Russian threat actors, likely linked to the APT Sandworm, targeted Ukrainian organizations to steal sensitive data and maintain long-term network access, Symantec Threat Hunter Team and Carbon Black report.…

Read more →

Exploits, Global Security News

Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices

Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi. “These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks,” the Qualys Threat Research Unit (TRU) said…

Read more →

ANYRUN, Cybersecurity, Exploits, Global Security News, Malware Analysis

Major Cyber Attacks in October 2025: Phishing via Google Careers & ClickUp, Figma Abuse, LockBit 5.0, and TyKit 

Phishing campaigns and ransomware families evolved rapidly this October, from fake Google Careers pages and ClickUp redirect chains to Figma-hosted credential theft and LockBit’s move into ESXi and Linux systems. ANY.RUN analysts also uncovered TyKit, a reusable phishing kit hiding JavaScript inside SVG files to steal Microsoft 365 credentials across multiple sectors.  Each of these…

Read more →

Breaking News, CISA, Exploits, Global Security News, hacking, Security

U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2025-6204 Dassault Systèmes DELMIA Apriso Code Injection Vulnerability CVE-2025-6205 Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability Dassault Systèmes…

Read more →

Exploits, Global Security News

Atroposia malware kit lowers the bar for cybercrime — and raises the stakes for enterprise defenders

Cybercrime is increasingly being commoditized, significantly lowering the bar for hackers and making things tougher for defenders. Researchers at Varonis have discovered a turnkey plug-and-play toolkit, dubbed Atroposia, that even the least experienced threat actor can effectively use for just $200 a month. The remote access trojan (RAT) uses near-invisible tools and encrypted command channels…

Read more →

Botnet, Breaking News, cyber crime, Exploits, Global Security News, malware

Aisuru botnet is behind record 20Tb/sec DDoS attacks

A new Mirai-based IoT botnet, dubbed Aisuru, was used to launch multiple high-impact DDoS attacks exceeding 20Tb/sec and/or 4gpps. In October 2025, the Aisuru Mirai-based IoT botnet launched massive DDoS attacks of over 20Tb/sec, mainly targeting online gaming, cybersecurity firm Netscout reports. The botnet uses residential proxies to reflect HTTPS DDoS attacks. Its nodes are…

Read more →

Exploits, Global Security News

Cyber Security Must Be a Board Priority – And It Starts With Cyber Essentials

Senior ministers and national security officials have called on boards to take urgent action to strengthen their organisations’ cyber resilience. The Chancellor of the Exchequer, the Secretaries of State for Science, Innovation and Technology and for Business and Trade, the Minister for Security, the Chief Executive of the NCSC (National Cyber Security Centre) and the…

Read more →

Breaking News, Exploits, Global Security News, hacking, hacking news, information security news, Security

Critical ASP.NET flaw hits QNAP NetBak PC Agent

QNAP warns of critical ASP.NET flaw (CVE-2025-55315) in NetBak PC Agent, letting attackers hijack credentials or bypass security via HTTP smuggling. QNAP urges users to patch a critical ASP.NET Core vulnerability, tracked as CVE-2025-55315 (CVSS score of 9.9), in its NetBak PC Agent for Windows. The flaw resides in the Kestrel server and lets low-privilege…

Read more →

Exploits, Generative AI, Security, Vulnerabilities, Global Security News

Copilot diagrams could leak corporate emails via indirect prompt injection

Microsoft has patched an indirect prompt injection flaw in Microsoft 365 Copilot that could have allowed attackers to steal sensitive data using clickable Mermaid diagrams. According to findings published by security researcher Adam Logue, the exploit could be triggered through specially crafted Office documents containing hidden instructions. When processed by Copilot, these prompts caused the…

Read more →

Exploits, Global Security News

Atlas browser exploit lets attackers hijack ChatGPT memory

Days after cybersecurity analysts warned enterprises against installing OpenAI’s new Atlas browser, researchers have discovered a vulnerability that allows attackers to infect systems with malicious code, granting themselves access privileges, or deploy malware. The development raises immediate questions about the enterprise readiness of AI-native browsers. The Atlas browser has come under scrutiny after researchers at…

Read more →