Breaking (Cyber) News
Keep abreast of breaking cyber security news and evolution in the cyber threat landscape
The Hacker News
- ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double ExtortionCybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka […]
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview LuresNorth Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. "In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry—BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)—to spread
- New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel FrameworkThreat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. "The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue," ReliaQuest said in a report published this […]
SAP NetWeaver customers urged to deploy patch for critical zero-day vulnerability | CSO Online
- SAP NetWeaver customers urged to deploy patch for critical zero-day vulnerabilityAttackers have been exploiting a critical zero-day vulnerability in the Visual Composer component of the SAP NetWeaver application server since early this week. SAP released an out-of-band fix that’s available through its support portal and it should be applied immediately, especially on systems that are directly exposed to the internet. “Unauthenticated attackers can abuse built-in […]
- Proof-of-concept bypass shows weakness in Linux security tools, claims Israeli vendorAn Israeli vendor was able to evade several leading Linux runtime security tools using a new proof-of-concept (PoC) rootkit that it claims reveals the limitations of many products in this space. The work of cloud and Kubernetes security company Armo, the PoC is called ‘Curing’, a portmanteau word that combines the idea of a ‘cure’ […]
- Die Bösen kooperieren, die Guten streiten sichEine Koalition einflussreicher CISOs sieht den G7-Gipfel 2025 als ideale Gelegenheit, die G7- und OECD-Mitgliedsstaaten zu einer stärkeren Zusammenarbeit und Harmonisierung der Cybersicherheitsvorschriften zu bewegen.Maxx-Studio – shutterstock.com Da Cyberangriffe immer weiter zunehmen und internationale Banden vermehrt miteinander kooperieren, bedarf es einer stärkeren, grenzüberschreitenden Zusammenarbeit der „Guten“. Das zumindest behaupten Führungskräfte namhafter Unternehmen wie Salesforce, Microsoft, […]
Sophos News
- Moving CVEs past one-nation controlA near-miss episode of attempted defunding spotlights a need for a better way
- Sophos India Volunteers Bring Color to Local SchoolsSophos India volunteers transformed two rural schools with vibrant murals, enhancing learning spaces and strengthening community ties.
- Sophos Annual Threat Report appendix: Most frequently encountered malware and abused softwareThese are the tools of the trade Sophos detected in use by cybercriminals over 2024
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
- Two Systemic Jailbreaks Uncovered, Exposing Widespread Vulnerabilities in Generative AI ModelsTwo significant security vulnerabilities in generative AI systems have been discovered, allowing attackers to bypass safety protocols and extract potentially dangerous content from multiple popular AI platforms. These “jailbreaks” affect services from industry leaders including OpenAI, Google, Microsoft, and Anthropic, highlighting a concerning pattern of systemic weaknesses across the AI industry. Security researchers have identified […]
- New AI-Generated ‘TikDocs’ Exploits Trust in the Medical Profession to Drive SalesAI-generated medical scams across TikTok and Instagram, where deepfake avatars pose as healthcare professionals to promote unverified supplements and treatments. These synthetic “doctors” exploit public trust in the medical field, often directing users to purchase products with exaggerated or entirely fabricated health claims. With advancements in generative AI making deepfakes increasingly accessible, experts warn that […]
- Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer MalwareThe cybersecurity landscape faces an escalating crisis as AgeoStealer joins the ranks of advanced infostealers targeting global gaming communities. Documented in Flashpoint’s 2025 Global Threat Intelligence Report, this malware strain exploits gaming enthusiasts’ trust through socially engineered distribution channels, leveraging double-layered encryption, sandbox evasion, and real-time data exfiltration to compromise credentials at scale. With infostealers […]