Tag: CySecurity News – Latest Information Security and Hacking Incidents

Security researchers have identified a previously undocumented cyber espionage group that infiltrated at least 70 government and critical infrastructure organizations across 37 countries within the past year. The same activity cluster also conducted wide-scale scanning and probing of government-related systems…

Read more →

Fortinet products targeted Threat actors are targeting Fortinet FortiGate devices via automated attacks that make rogue accounts and steal firewall settings info.  The campaign began earlier this year when threat actors exploited an unknown bug in the devices’ single-sign-on (SSO)…

Read more →

  Appearing without warning on the internet, a massive collection of personal login details became reachable to any passerby. This trove – spanning about 96 gigabytes – included close to 150 million distinct credentials gathered from various sources. Not shielded…

Read more →

  A critical vulnerability in the Advanced Custom Fields: Extended (ACF Extended) WordPress plugin has exposed around 50,000 sites to potential hacker takeovers. Tracked as CVE-2025-14533, this flaw affects versions up to 0.9.2.1 and allows unauthenticated attackers to gain administrator…

Read more →

  Despite adversaries increasing their focus on the network edge, recent findings suggest a sustained and deliberate effort to weaponize routing infrastructure itself for surveillance and delivery purposes. An attacker can observe, modify, and selectively redirect data streams in transit…

Read more →

  Spain’s Ministry of Science, Innovation and Universities has temporarily disabled parts of its digital infrastructure following what it described as a technical problem. The disruption has affected several online services used by citizens, universities, researchers, and businesses for official…

Read more →

Infy group’s new attack tactic  An Iranian hacking group known as Infy (aka Prince of Persia) has advanced its attack tactics to hide its operations. The group also made a new C2 infrastructure while there was a wave of internet…

Read more →

For six months last year the update system of Notepad++, one of the world’s most widely used Windows text editors, was quietly subverted by hackers linked by investigators to the Chinese state. The attackers used their access not to disrupt…

Read more →

  A massive distributed denial-of-service (DDoS) assault reaching an unprecedented peak of 31.4 terabits per second (Tbps) has been attributed to the AISURU/Kimwolf botnet. The attack, which lasted just 35 seconds, is now being described as one of the largest…

Read more →

  An AI-assisted cyberattack hijacked a company’s AWS cloud infrastructure in just eight minutes after attackers discovered exposed test credentials in a public S3 bucket, demonstrating how configuration errors can fuel lightning-fast breaches in the era of automated threats. This…

Read more →

  Initially appearing as a routine security warning for mobile devices, this warning has evolved into a carefully engineered malware distribution pipeline. Researchers at Bitdefender have identified an Android campaign utilizing counterfeit security applications that serve as the first stage…

Read more →

  Modern organizations rely on a wide range of software systems to run daily operations. While identity and access management tools were originally designed to control users and directory services, much of today’s identity activity no longer sits inside those…

Read more →

Threat actors exploit extensions Cybersecurity experts found 17 extensions for Chrome, Edge, and Firefox browsers which track user’s internet activity and install backdoors for access. The extensions were downloaded over 840,000 times.  The campaign is not new. LayerX claimed that…

Read more →

Threat actors linked to China have been blamed for a new wave of cyber-espionage campaigns targeting government and law-enforcement agencies across South-East Asia during 2025, according several media reports. Researchers at Check Point Research said they are tracking a previously…

Read more →

  Most households today use some form of internet of things (IoT) technology, whether it’s a smartphone, tablet, smart plugs, or a network of cameras and sensors. Learning that nearly 120,000 home security cameras were compromised in South Korea and…

Read more →

  Microsoft has introduced a new lightweight scanner designed to detect hidden backdoors in open‑weight large language models (LLMs), aiming to boost trust in artificial intelligence systems. The tool, built by the company’s AI Security team, focuses on subtle behavioral…

Read more →

  One moment it was operating normally – then suddenly, price feeds went haywire. About 1,299 ETH vanished during what looked like routine activity. That sum now exceeds four million dollars in value. The trigger? A flash loan attack targeting…

Read more →

  In response to findings that exposed weaknesses in the way user-supplied data was processed within interactive components, Foxit Software has issued a set of security fixes intended to address newly identified cross-site scripting vulnerabilities.  Due to the flaws in…

Read more →

  Patients receiving care at several tribal healthcare clinics in California have been warned that a cyber incident led to the exposure of both personal identification details and private medical information. The clinics are operated by a regional health organization…

Read more →

Researchers have disclosed details of a previously fixed security flaw in Ask Gordon, an artificial intelligence assistant integrated into Docker Desktop and the Docker command-line interface, that could have been exploited to execute code and steal sensitive data. The vulnerability,…

Read more →