A newly introduced feature in ChatGPT that allows it to connect with personal data applications can be exploited by attackers to exfiltrate private information from a user’s email account. The attack requires only the victim’s email address and leverages a…
Tag: Cyber Security News
What Are The Takeaways From The Scattered LAPSUS $Hunters Statement?
The well-known group of cybercriminals called Scattered Lapsus$ Hunters released a surprising farewell statement on BreachForums. This manifesto, a mix of confession and strategic deception, offers vital insights into the changing landscape of modern cybercrime and the increasing pressure from…
AI-powered Pentesting Tool ‘Villager’ Combines Kali Linux Tools with DeepSeek AI for Automated Attacks
New AI-powered penetration testing framework Villager combines Kali Linux toolsets with DeepSeek AI models to fully automate cyber attack workflows. Initially developed by the Chinese-based group Cyberspike, this tool has rapidly gained traction since its July 2025 release on the…
Sidewinder Hacker Group Weaponizing LNK File to Execute Malicious Scripts
The notorious APT-C-24 threat actor group, commonly known as Sidewinder or Rattlesnake, has evolved its attack methodology by deploying sophisticated LNK file-based phishing campaigns targeting government, energy, military, and mining sectors across South Asia. Active since 2012, this advanced persistent…
K2 Think AI Model Jailbroken Within Hours After The Release
Within mere hours of its public unveiling, the K2 Think model experienced a critical compromise that has sent ripples throughout the cybersecurity community. The newly launched reasoning system, developed by MBZUAI in partnership with G42, was designed to offer unprecedented…
Samsung Zero-Day Vulnerability Actively Exploited to Execute Remote Code
Samsung has released its September 2025 security update, addressing a critical zero-day vulnerability that is being actively exploited in the wild. The patch resolves a total of 25 Samsung Vulnerabilities and Exposures (SVEs), alongside fixes from Google and Samsung Semiconductor,…
New ToneShell Backdoor With New Features Leverage Task Scheduler COM Service for Persistence
Since its first appearance earlier this year, the ToneShell backdoor has demonstrated a remarkable capacity for adaptation, toyed with by the Mustang Panda group to maintain an enduring foothold in targeted environments. This latest variant, discovered in early September, arrives…
Scattered LAPSUS$ Hunters 4.0 Announced That Their Going Dark Permanently
A sudden and definitive statement emerged from the “Scattered LAPSUS$ Hunters 4.0” Telegram channel on September 8, signaling an abrupt end to their public operations. After months of high-profile campaigns targeting major corporations and critical infrastructure, the collective declared a…
New Clickfix Attack Promises “Free WiFi” But Delivers Powershell-Based Malware
The Cybersecuritynews researcher team uncovered a sophisticated social engineering campaign that is exploiting the public’s need for free internet access, using deceptive Wi-Fi portals to trick users into downloading and executing PowerShell-based malware. Dubbed the “Clickfix” attack, this method turns…
New HybridPetya Weaponizing UEFI Vulnerability to Bypass Secure Boot on Outdated Systems
In late July 2025, a series of ransomware samples surfaced on VirusTotal under filenames referencing the notorious Petya and NotPetya attacks. Unlike its predecessors, this new threat—dubbed HybridPetya by ESET analysts—exhibited capabilities that extended beyond conventional userland execution, directly targeting…