Latest Cybersecurity News and Articles
Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique
23 May 2025
The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector.
"The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk," Expel said in a report shared with The Hacker News. "This removes many opportunities for browsers or security
Russian-led cybercrime network dismantled in global operation
23 May 2025
Arrest warrants issued for ringleaders after investigation by police in Europe and North AmericaEuropean and North American cybercrime investigators say they have dismantled the heart of a malware operation directed by Russian criminals after a global operation involving British, Canadian, Danish, Dutch, French, German and US police.International arrest warrants have been issued for 20 suspects, most of them living in Russia, by European investigators while indictments were unsealed in the US against 16 individuals. Continue reading...
Signal Adds Screenshot-Blocker to Thwart ‘Windows Recall’
23 May 2025
Signal said the privacy feature is on by default for every Windows 11 user to block Microsoft from taking screenshots for Windows Recall.
The post Signal Adds Screenshot-Blocker to Thwart ‘Windows Recall’ appeared first on SecurityWeek.
In Other News: Volkswagen App Hacked, DR32 Sentenced, New OT Security Solution
23 May 2025
Noteworthy stories that might have slipped under the radar: serious vulnerabilities found in a Volkswagen app, Australian hacker DR32 sentenced in the US, and Immersive launches OT security training solution.
The post In Other News: Volkswagen App Hacked, DR32 Sentenced, New OT Security Solution appeared first on SecurityWeek.
ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices
23 May 2025
Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge devices across 84 countries and turned them into a honeypot-like network.
The threat actor has been observed exploiting a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers (CVE-2023-20118) to corral them into
Alabama State Government Experiences Cyber Incident
23 May 2025
The Alabama State Government has experienced a cyber incident.
Cybercriminals Take Advantage of ChatGPT and Other Generative AI Models
23 May 2025
A recent cybercrime report by Malwarebytes found that AI agents will soon usher in a world of far more frequent, sophisticated and difficult-to-detect cyberattacks.
Russian Qakbot Gang Leader Indicted in US
23 May 2025
Russian national Rustam Gallyamov was indicted in the US for his leading role in the development and distribution of Qakbot malware.
The post Russian Qakbot Gang Leader Indicted in US appeared first on SecurityWeek.
300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide
23 May 2025
As part of the latest "season" of Operation Endgame, a coalition of law enforcement agencies have taken down about 300 servers worldwide, neutralized 650 domains, and issued arrest warrants against 20 targets.
Operation Endgame, first launched in May 2024, is an ongoing law enforcement operation targeting services and infrastructures assisting in or directly providing initial or consolidating
Companies Warned of Commvault Vulnerability Exploitation
23 May 2025
CISA warns companies of a widespread campaign targeting a Commvault vulnerability to hack Azure environments.
The post Companies Warned of Commvault Vulnerability Exploitation appeared first on SecurityWeek.
SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection
23 May 2025
From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater.
SafeLine is currently the most starred open-source Web Application Firewall (WAF) on GitHub, with over 16.4K stars and a rapidly growing global user base.
This walkthrough covers what SafeLine is, how it works, and why it’s
Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks
23 May 2025
A Chinese threat actor exploited a zero-day vulnerability in Trimble Cityworks to hack local government entities in the US.
The post Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks appeared first on SecurityWeek.
DanaBot Botnet Disrupted, 16 Suspects Charged
23 May 2025
The DanaBot botnet ensnared over 300,000 devices and caused more than $50 million in damages before being disrupted.
The post DanaBot Botnet Disrupted, 16 Suspects Charged appeared first on SecurityWeek.
Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors
23 May 2025
A Chinese espionage group has been chaining two recent Ivanti EPMM vulnerabilities in attacks against organizations in multiple critical sectors.
The post Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors appeared first on SecurityWeek.
U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
23 May 2025
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization.
The malware, the DoJ said, infected more than 300,000
CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
23 May 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday revealed that Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment.
"Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," the agency said.
"This
GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts
23 May 2025
Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites.
GitLab Duo is an artificial intelligence (AI)-powered coding assistant that enables users to write,
Oops: DanaBot Malware Devs Infected Their Own PCs
22 May 2025
The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware.
Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw
22 May 2025
Akamai documents a privilege escalation flaw in Windows Server 2025 after Redmond declines to ship an immediate patch.
The post Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw appeared first on SecurityWeek.
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
22 May 2025
A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell.
"UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access," Cisco Talos researchers