Luxury fashion company Kering has confirmed a data exfiltration incident in which threat actor Shiny Hunters accessed private customer records for Gucci, Balenciaga, and Alexander McQueen. The breach, detected in June but occurring in April, exposed personally identifiable information (PII)…
Tag: Cyber Security News
Threat Actors Could Misuse Code Assistant To Inject Backdoors and Generating Harmful Content
Modern development workflows increasingly rely on AI-driven coding assistants to accelerate software delivery and improve code quality. However, recent research has illuminated a potent new threat: adversaries can exploit these tools to introduce backdoors and generate harmful content without immediate…
Top 10 Best Privileged Access Management (PAM) Tools in 2025
In today’s complex digital landscape, where data breaches and cyberattacks are a constant threat, securing privileged accounts is more critical than ever. Privileged Access Management (PAM) is a core component of any robust cybersecurity strategy, focusing on managing and monitoring…
RevengeHotels Leveraging AI To Attack Windows Users With VenomRAT
RevengeHotels, a financially motivated threat group active since 2015, has escalated its operations against hospitality organizations by integrating large language model–generated code into its infection chain. Initially known for deploying bespoke RAT families such as RevengeRAT and NanoCoreRAT via phishing…
KillSec Ransomware Attacking Healthcare Industry IT Systems
The KillSec ransomware strain has rapidly emerged as a formidable threat targeting healthcare IT infrastructures across Latin America and beyond. First observed in early September 2025, KillSec operators have leveraged compromised software supply chain relationships to deploy their payloads at…
New APT28 Attack Via Signal Messenger Delivers BeardShell and Covenant Malware
Late in the summer of 2025, cybersecurity researchers uncovered a sophisticated spearphishing campaign targeting Ukrainian military personnel via the Signal messaging platform. The operation, dubbed “Phantom Net Voxel,” begins with a malicious Office document sent through private Signal chats, masquerading…
LG WebOS TV Vulnerability Let Attackers Bypass Authentication and Enable Full Device Takeover
A critical vulnerability has been discovered in LG’s WebOS for smart TVs, allowing an attacker on the same local network to bypass authentication mechanisms and achieve full control over the device. The flaw, which affects models like the LG WebOS…
Spring Framework Security Flaws Enable Authorization Bypass and Annotation Detection Issues
Two critical vulnerabilities, CVE-2025-41248 and CVE-2025-41249, have emerged in Spring Security and Spring Framework that could allow attackers to bypass authorization controls in enterprise applications. These flaws arise when using Spring Security’s @EnableMethodSecurity feature in conjunction with method-level annotations such…
Nessus vs Metasploit Comparison: How To Exploit Vulnerabilities Using These Powerful Tools
The cybersecurity landscape demands sophisticated tools to identify and exploit vulnerabilities effectively, with Nessus vs Metasploit representing one of the most powerful combinations in modern penetration testing. As cyber threats continue to evolve rapidly, security professionals require comprehensive solutions that…
AWSDoor – New Persistence Technique Allows Attackers to Hide Malware Within AWS Cloud Environment
Attackers are increasingly leveraging sophisticated techniques to maintain long-term access in cloud environments, and a newly surfaced tool named AWSDoor is emerging as a major threat. AWSDoor automates a range of IAM and resource-based persistence methods, allowing adversaries to hide…