Cybersecurity News from Across the Internet
Cephalus is a relatively new ransomware operation that emerged in mid-2025, and has already been linked to a wave of high-profile data leaks. Read more about it in my article on the Fortra blog. – Read More – Graham Cluley
A financially motivated threat group operating since 2021 has refined its technical tradecraft, honing its focus on cloud-based systems that allow it to expand ransomware operations beyond the scope of on-premises infrastructure, Microsoft Threat Intelligence said in a report released Wednesday. By leveraging cloud-native capabilities, Storm-0501 has exfiltrated large volumes of data with speed, destroying … Read More “Microsoft details Storm-0501’s focus on ransomware in the cloud – CyberScoop” »
Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock. Written in Golang, the newly identified strain uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real-time. The open-weight language model was released by OpenAI earlier this month. “PromptLock – Read … Read More “Someone Created First AI-Powered Ransomware Using OpenAI’s gpt-oss:20b Model – The Hacker News” »
CISA has launched a new Software Acquisition Guide Web Tool to enhance security in software procurement – Read More –
While still in development, PromptLock is described as the “first known AI-powered ransomware” by ESET researchers – Read More –
Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025. “The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government, and religious institutions,” the company said. ” – Read … Read More “Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors – The Hacker News” »
The Office of the Governor of Nevada revealed that the incident has shut down in-person State services, while government phone lines and websites are offline – Read More –
A series of cyber-attacks against government organizations in Central Asia and Asia- Pacific has been linked to the ShadowSilk threat cluster – Read More –
Approaches to the design, development and assessment of products capable of resisting elevated threats. – Read More – NCSC Feed
Advice for organisations on the acquisition, management and disposal of network devices. – Read More – NCSC Feed
A new advisory from Google and Mandiant reveals a widespread data breach in Salesforce. Learn how UNC6395 bypassed… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia-Pacific (APAC). According to Group-IB, nearly three dozen victims have been identified, with the intrusions mainly geared towards data exfiltration. The hacking group shares toolset and infrastructural overlaps with campaigns undertaken by … Read More “ShadowSilk Hits 36 Government Targets in Central Asia and APAC Using Telegram Bots – The Hacker News” »
The catalog revision is part of NIST’s response to a recent Executive Order on strengthening the nation’s cybersecurity. – Read More – News and Events Feed by Topic
Employees are experimenting with AI at record speed. They are drafting emails, analyzing data, and transforming the workplace. The problem is not the pace of AI adoption, but the lack of control and safeguards in place. For CISOs and security leaders like you, the challenge is clear: you don’t want to slow AI adoption down, … Read More “The 5 Golden Rules of Safe AI Adoption – The Hacker News” »
A vulnerability has been discovered in Git, which could allow for remote code execution. Git is a free and open-source distributed version control system (VCS). It is designed to track changes in source code during software development and is widely used for coordinating work among multiple developers on the same project. Successful exploitation of this … Read More “A Vulnerability in Git Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
Multiple Vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway, which could allow for remote code execution. NetScaler ADC is a networking product that functions as an Application Delivery Controller (ADC), a tool that optimizes, secures, and ensures the reliable availability of applications for businesses. NetScaler Gateway is a secure remote access solution … Read More “Multiple Vulnerabilities in NetScaler ADC and NetScaler Gateway Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
Citrix customers are urged to patch their vulnerable NetScaler appliances, but “patching alone won’t cut it,” experts said – Read More –
Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025. These attacks, observed by Recorded Future Insikt Group, targeted various victims, but primarily within the Colombian government across local, municipal, and federal levels. The threat intelligence firm is tracking the activity … Read More “Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra – The Hacker News” »
A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent. The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked by Google Threat Intelligence Group and Mandiant, tracked as UNC6395. … Read More “Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data – The Hacker News” »
EU security agency ENISA is being handed €36m to operate the EU Cybersecurity Reserve – Read More –
Google is warning of a new credential theft campaign targeting Salesforce customers via Salesloft Drift – Read More –
Abnormal AI said the campaign, which lures victims into downloading legitimate RMM software, marks a major evolution in phishing tactics – Read More –
Multiple vulnerabilities have been discovered in Commvault Backup & Recovery, which when chained together, could allow for remote code execution. Commvault Backup & Recovery is a comprehensive data protection solution that offers a range of services for safeguarding data across various environments, including on-premises, cloud, and hybrid setups. Successful exploitation of these vulnerabilities could allow … Read More “Multiple Vulnerabilities in Commvault Backup & Recovery Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
A vulnerability has been discovered in Apple products which could allow for arbitrary code execution. Successful exploitation could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with … Read More “A Vulnerability in Apple Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Focus for iOS is a private mobile browser … Read More “Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user or exploited process. Depending on the privileges associated with the user or process, an … Read More “Multiple Vulnerabilities in Microsoft Products Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
Citrix and cybersecurity researchers warn a critical, zero-day vulnerability affecting multiple versions of Citrix NetScaler products is under active exploitation. Citrix issued a security bulletin about the vulnerability — CVE-2025-7775 — and urged customers on affected versions to install upgrades Tuesday. The memory-overflow vulnerability, which has an initial CVSS rating of 9.2, can be exploited … Read More “Citrix NetScaler customers hit by third actively exploited zero-day vulnerability since June – CyberScoop” »
Google Threat Intelligence Group warned about a “widespread data theft campaign” that compromised hundreds of Salesforce customers over a 10-day span earlier this month. According to a report published Thursday, researchers say a threat group Google tracks as UNC6395 stole large volumes of data from Salesforce customer instances by using stolen OAuth tokens from Salesloft … Read More “Hundreds of Salesforce customers impacted by attack spree linked to third-party AI agent – CyberScoop” »
The post DOGE employees uploaded Social Security database to ‘vulnerable’ cloud, agency whistleblower says appeared first on CyberScoop. – Read More – CyberScoop
Researchers at cybersecurity firm ESET claim to have identified the first piece of AI-powered ransomware in the wild. The malware, called PromptLock, essentially functions as a hard-coded prompt injection attack on a large language model, causing the model to assist in carrying out a ransomware attack. Written in Golang programming code, the malware sends its … Read More “Researchers flag code that uses AI systems to carry out ransomware attacks – CyberScoop” »
Zscaler reports 77 Android apps on Google Play with 19 million installs spread malware, hitting 831 banks and… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A court injunction in the long fight between Fortnite publisher Epic Games and Google could have “catastrophic results for the nation’s security” and “risks creating massive cybersecurity vulnerabilities in the online ecosystem,” a group of former top government officials said in a filing Monday. At issue, they wrote, is a district court injunction requiring Google … Read More “Court ruling in Epic-Google fight could have ‘catastrophic’ cyber consequences, former gov’t officials say – CyberScoop” »
A team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without relying on a rogue base station (gNB). The attack, per the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design (SUTD), relies on a new open-source software … Read More “New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station – The Hacker News” »
Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway, including one that it said has been actively exploited in the wild. The vulnerabilities in question are listed below – CVE-2025-7775 (CVSS score: 9.2) – Memory overflow vulnerability leading to Remote Code Execution and/or Denial-of-Service CVE-2025-7776 (CVSS score: 8.8) – … Read More “Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775 – The Hacker News” »
A new version of the Hook Android banking Trojan features 107 remote commands, including ransomware overlays – Read More –
In episode 65 of The AI Fix, a pigeon gives a PowerPoint presentation, Mark plays Graham a song about the Transformer architecture, a robot dog delivers parcels, some robots fall over at the World Humanoid Robot Games, and Graham takes credit for one of computing’s greatest insights. Plus, Graham explains why Microsoft doesn’t want you … Read More “The AI Fix #65: Excel Copilot will wreck your data, and can AI fix social media? – Graham Cluley” »
A global phishing campaign has been identified using personalized emails and fake websites to deliver malware via UpCrypter – Read More –
Enhancing Hardware Security for the Future of National Defense and Emerging Technologies In an era of geopolitical uncertainty, global semiconductor disruptions, and a rising demand for digital sovereignty, hardware security has become a critical – Read More – News and Events Feed by Topic
The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they’d made with company called DSLRoot, which was paying $250 a month to plug a pair of laptops into the Redditor’s high-speed Internet connection in the United States. This … Read More “DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ – Krebs on Security” »
A suspected hacker, believed to be the mastermind behind an organised campaign of attacks that stole millions of dollars worth of stocks from celebrities, including BTS singer Jung Kook, has been extradited to South Korea. Read more in my article on the Hot for Security blog. – Read More – Graham Cluley
Incogni finds top foreign apps downloaded in the US harvest names, locations, and emails, sharing them with third parties for ads and profiling. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that’s targeting supply chain-critical manufacturing companies with an in-memory malware dubbed MixShell. The activity has been codenamed ZipLine by Check Point Research. “Instead of sending unsolicited phishing emails, attackers initiate contact through a company’s public ‘Contact Us’ form, tricking – Read More – The … Read More “MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers – The Hacker News” »
A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners. The large-scale cybercrime campaign, first detected in August 2025, has been codenamed ShadowCaptcha by the Israel National – … Read More “ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners – The Hacker News” »
Zimperium’s research reveals the Hook Android malware is now a hybrid threat, using ransomware and spyware to steal… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Silver Spring, USA / Maryland, 26th August 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Menlo Park, United States, 26th August 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
All previously scheduled mobility trips across Maryland for this week will be honored, said the state’s transportation administration – Read More –
Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages. “A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which aims to coerce the victim into remitting a ransom payment,” Zimperium zLabs researcher Vishnu Pratapagiri … Read More “HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands – The Hacker News” »
A new CIISec poll finds the majority of industry professionals would prefer more rigorous cybersecurity laws – Read More –
