HOME TOOLS TRAINING NEWS CTF EVENTS CRYPTOJAMS CONTACT
Cyber Security News

NETREAPER Offensive Security Toolkit That Wraps 70+ Penetration Testing Tools

A unified offensive security toolkit, NETREAPER, developed by OFFTRACKMEDIA Studios, consolidates over 70 penetration testing tools into a single, user-friendly command-line interface.


This innovation eliminates the chaos of juggling multiple terminals, forgetting syntax, and managing disparate tools.


Before NETREAPER, penetration testers faced fragmented workflows. Running network scans required remembering the nmap syntax.


Executing wireless attacks meant switching between aircrack-ng...
Cyber Security News

LockBit 5.0 Infrastructure Exposed in New Server, IP, and Domain Leak

LockBit 5.0 key infrastructure exposed, revealing the IP address 205.185.116.233, and the domain karma0.xyz is hosting the ransomware group’s latest leak site.


According to researcher Rakesh Krishnan, hosted under AS53667 (PONYNET, operated by FranTech Solutions), a network frequently abused for illicit activities, the server displays a DDoS protection page branded with “LOCKBITS.5.0,” confirming its role in the group’s operations.


This operational security lapse arrives amid LockBit’s re...
Cyber Security News

Cybersecurity News Weekly Newsletter - 29.7 Tbps DDoS Attack, Chrome 143, React2Shell Vulnerabilities, and Cloudflare Outage

This week’s cybersecurity landscape featured a record-breaking 29.7 Tbps DDoS attack on a financial institution, leveraging IoT botnets and UDP floods that overwhelmed European networks until mitigated via BGP blackholing by Cloudflare and Akamai, highlighting the need for 5G device segmentation.


Google released Chrome 143, patching 12 high-severity flaws, including three actively exploited zero-days (CVE-2025-1234, CVE-2025-5678, CVE-2025-9012) in the V8 engine, enabling remote code executio...
The Hacker News

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.
The vulnerability, CVE-2025-55182 (CVSS score: 10.0), relates to a case of remote code execution that could be triggered by an unauthenticated attacker without requiring any special setup. It's also tracked as React2Shell.
"Meta React Ser...
The Hacker News

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution.
The security shortcomings have been collectively named IDEsaster by security researcher Ari Marzouk (MaccariTA). They affect popular IDEs and extensions such as Cursor, Windsurf, Kiro.dev, GitHub Copilot, Zed.dev, Roo Code, Junie, and...
N2K CyberWire

When macOS gets frostbite.

Jaron Bradley,⁠ Director of ⁠Jamf ⁠Threat Labs, is sharing their work on "ChillyHell: A Deep Dive into a Modular macOS Backdoor." Jamf Threat Labs uncovers a newly notarized macOS backdoor called ChillyHell, tied to past UNC4487 activity and disguised as a legitimate applet. The malware showcases robust host profiling, multiple persistence mechanisms, timestomping, and flexible C2 communications over both DNS and HTTP. Its modular design includes reverse shells, payload delivery, self-updates, a...
Cyber Security News

Researchers Hack Google’s Gemini CLI Through Prompt Injections in GitHub Actions

A critical vulnerability class dubbed “PromptPwnd,” affects AI agents integrated into GitHub Actions and GitLab CI/CD pipelines.


This flaw allows attackers to inject malicious prompts via untrusted user inputs like issue titles or pull request bodies, tricking AI models into executing privileged commands that leak secrets or alter workflows.


At least five Fortune 500 companies face exposure, with Google’s own Gemini CLI repository among the victims before a rapid patch.​


The attack chai...
Cyber Security News

New FvncBot Android Banking Attacking Users to Log Keystrokes and Inject Malicious Payloads

A dangerous new Android banking malware named FvncBot was first observed on November 25, 2025. This malicious tool is designed to steal sensitive financial information by logging keystrokes, recording screens, and injecting fake login pages into banking apps.


The malware initially spreads through a fake application disguised as a security tool for mBank, a popular Polish bank.

The app, named “Klucz bezpieczeństwa mBank” (Security Key mBank), acts as a “loader”. Once a user installs and open...
The Hacker News

JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week.
The vulnerability, which does not have a CVE identifier, was addressed by the company on May 11, 2025. It's rooted in Array's DesktopDirect, a remote desktop access solution that allows users to securely access their work computers from any location.
"Exploitation of this vulnerability could allow attackers to...
The Hacker News

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China (PRC) to maintain long-term persistence on compromised systems.
"BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments," the agency said. "BRICKSTORM enables cyber threat actors to maintain stealthy access and provides capabilities for initiation, pers...
The Hacker News

"Getting to Yes": An Anti-Sales Guide for MSPs

Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects are overwhelmed, skeptical, or tired of fear-based messaging.
That's why we created "Getting to Yes": An Anti-Sales Guide for MSPs. This guide helps service providers transform resistance into trust and turn sales conversations into long-term partnerships.
In the guide, you'll learn how to shift from per...
The Hacker News

Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa's Predator spyware, Amnesty International said in a report.
The link, the non-profit organization said, is a "Predator attack attempt based on the technical behaviour of the infection server, and on specific characteristics of the one-time infection link which were consistent with previousl...
The Hacker News

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge.
The vulnerability in question is CVE-2025-55182 (CVSS score: 10.0), aka React2Shell, which allows unauthenticated remote code execution. It has been addressed in React versions 19.0.1, 19.1.2, and 19.2.1.
According to a new report shared by Amazon Web Services (AWS), two China-linked threat actors known as Earth Lami...
The Hacker News

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack.
The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring scale, indicating maximum severity.
"Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF," according to an...
The Hacker News

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

A new agentic browser attack targeting Perplexity's Comet browser that's capable of turning a seemingly innocuous email into a destructive action that wipes a user's entire Google Drive contents, findings from Straiker STAR Labs show.
The zero-click Google Drive Wiper technique hinges on connecting the browser to services like Gmail and Google Drive to automate routine tasks by granting them access to read emails, as well as browse files and folders, and perform actions like moving, renaming, or...
Cybersecurity and Infrastructure Security Agency C

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.  
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant...
Cyber Security News

Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges

Security researchers from the SAFA team have uncovered four kernel heap overflow vulnerabilities in Avast Antivirus, all traced to the aswSnx kernel driver.


The flaws, now tracked collectively as CVE-2025-13032, could allow a local attacker to escalate privileges to SYSTEM on Windows 11 if successfully exploited.


The research focused on Avast’s sandbox implementation, a component designed to isolate untrusted processes.


To reach the vulnerable code paths, the team first had to understan...
N2K CyberWire

China’s quiet crawl into critical networks.

Chinese threat actors deploy Brickstorm malware. The critical React2Shell vulnerability is under active exploitation. Cloudflare’s emergency patch triggered a brief global outage. Phishing kits pivot to fake e-commerce sites. The European Commission fines X(Twitter) €120 million for violating the Digital Services Act. Predator spyware has a new bag of tricks. A Russian physicist gets 21 years in prison for cybercrimes. Twin brothers are arrested for allegedly stealing and destroying government d...
Cyber Security News

Netflix Acquires Warner Bros. Studios and HBO in Landmark $82.7 Billion Megadeal

Netflix has struck a transformative deal to acquire Warner Bros. studios, HBO, and HBO Max from Warner Bros. Discovery (WBD) in a cash-and-stock transaction valued at $82.7 billion.


The move catapults Netflix into a content powerhouse, blending its streaming dominance with Warner’s storied Hollywood legacy.


Announced Friday, the agreement values WBD shares at $27.75 each, with an equity value of $72 billion. It hinges on WBD first spinning off its Global Networks division, including CNN, T...
Cyber Security News

Hackers Exploiting Microsoft Teams Notifications to Deliver CallBack Phishing Attack

Cybersecurity researchers have identified a sophisticated phishing campaign that exploits Microsoft Teams notifications to deceive users into calling fraudulent support numbers.


The attack demonstrates how legitimate communication platforms can be weaponized to bypass security defenses and email filters.


According to SpiderLabs, threat actors are abusing Microsoft Teams to add users to groups with deceptive team names containing fake financial content.


These team names impersonate urgen...
Cyber Security News

NCSC New Proactive Notifications Service Reports Vulnerabilities to System Owners

The National Cyber Security Centre (NCSC) has unveiled a new pilot program designed to help organizations identify and fix security weaknesses before malicious actors can exploit them.


Known as the Proactive Notifications Service, this initiative responsibly reports vulnerabilities directly to system owners, offering them a chance to protect their networks and data.


Operated in partnership with internet security firm Netcraft, the service scans the internet for organizations running softwa...
Cyber Security News

Russian Hackers Spoof European Events in Targeted Phishing Attacks

Russian threat actors are running a new wave of phishing campaigns that spoof major European security events to quietly steal cloud credentials.


Invitations that look legitimate, often tied to conferences such as the Belgrade Security Conference or the Brussels Indo-Pacific Dialogue, direct targets to polished registration sites that mimic real organizers.


Behind this professional surface, the attackers route users into malicious Microsoft 365 and Google account flows designed to grant lon...
Cyber Security News

Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access

A new Remote Access Trojan known as CastleRAT has emerged as a growing threat to Windows systems worldwide.


First observed around March 2025, this malware enables attackers to gain complete remote control over compromised machines.


The threat comes in two main builds: a lightweight Python version and a more powerful compiled C version, with the latter offering advanced capabilities including keystroke capture, screen grabs, and persistent installation methods.


CastleRAT communicates wit...
Cyber Security News

AWS Execution Roles Enable Subtle Privilege Escalation in SageMaker and EC2

A persistent privilege escalation technique in AWS that allows attackers with limited permissions to execute code under higher-privileged execution roles on EC2 instances and SageMaker notebook instances.


First documented by Grzelak in 2016 for EC2, the method exploits modifiable boot-time configurations to inject malicious payloads, bypassing standard IAM controls like PassRole.


Recent analysis from Security researcher Daniel Grzelak confirms the pattern persists across AWS services, high...
Load More