Latest Cybersecurity News and Articles
21 September 2025
Threat actors with ties to the Democratic People's Republic of Korea (aka DPRK or North Korea) have been observed leveraging ClickFix-style lures to deliver a known malware called BeaverTail and InvisibleFerret.
"The threat actor used ClickFix lures to target marketing and trader roles in cryptocurrency and retail sector organizations rather than targeting software development roles," GitLab
20 September 2025
The disruptions to airport electronic systems meant that only manual check-in and boarding was possible.
The post Cyberattack Disrupts Check-In Systems at Major European Airports appeared first on SecurityWeek.
20 September 2025
Statement from the NCSC regarding the cyber incident affecting Collins Aerospace.
20 September 2025
LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malware-laced programs masquerading as legitimate tools.
"In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware," researchers Alex Cox, Mike Kosak, and
20 September 2025
Cybersecurity researchers have discovered what they say is the earliest example known to date of a malware with that bakes in Large Language Model (LLM) capabilities.
The malware has been codenamed MalTerminal by SentinelOne SentinelLABS research team. The findings were presented at the LABScon 2025 security conference.
In a report examining the malicious use of LLMs, the cybersecurity company
20 September 2025
Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT's Deep Research agent that could allow an attacker to leak sensitive Gmail inbox data with a single crafted email without any user action.
The new class of attack has been codenamed ShadowLeak by Radware. Following responsible disclosure on June 18, 2025, the issue was addressed by OpenAI in early August.
"The attack
19 September 2025
An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn.
Swiss cybersecurity company PRODAFT is tracking the cluster under the name Subtle Snail. It's assessed to be affiliated with Iran's Islamic
19 September 2025
Noteworthy stories that might have slipped under the radar: Eve Security seed funding, Claroty report, patches from WatchGuard and Nokia.
The post In Other News: 600k Hit by Healthcare Breaches, Major ShinyHunters Hacks, DeepSeek’s Coding Bias appeared first on SecurityWeek.
19 September 2025
A proxy network known as REM Proxy is powered by malware known as SystemBC, offering about 80% of the botnet to its users, according to new findings from the Black Lotus Labs team at Lumen Technologies.
"REM Proxy is a sizeable network, which also markets a pool of 20,000 Mikrotik routers and a variety of open proxies it finds freely available online," the company said in a report shared with
19 September 2025
Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands.
The vulnerability, tracked as CVE-2025-10035, carries a CVSS score of 10.0, indicating maximum severity.
"A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged
19 September 2025
The phishing-as-a-service (PhaaS) offering known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries.
"Phishing-as-a-Service (PhaaS) deployments have risen significantly recently," Netcraft said in a new report. "The PhaaS operators charge a monthly fee for phishing software with pre-installed templates impersonating, in some cases,
19 September 2025
Turla malware was deployed in February on select systems that Gamaredon had compromised in January.
The post Turla and Gamaredon Working Together in Fresh Ukrainian Intrusions appeared first on SecurityWeek.
19 September 2025
Hackers chained two Ivanti EPMM vulnerabilities to collect system information, dump credentials, and execute malware.
The post CISA Analyzes Malware From Ivanti EPMM Intrusions appeared first on SecurityWeek.
19 September 2025
The AI agent was able to solve different types of CAPTCHAs and adjusted its cursor movements to better mimic human behavior.
The post ChatGPT Tricked Into Solving CAPTCHAs appeared first on SecurityWeek.
19 September 2025
Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition.
The workflow we are highlighting streamlines security alert handling by automatically identifying and executing the appropriate Standard
19 September 2025
Netskope has debuted on Nasdaq and its shares soared more than 18%, bringing the company’s value to $8.6 billion.
The post Netskope Raises Over $908 Million in IPO appeared first on SecurityWeek.
19 September 2025
Thalha Jubair and Owen Flowers were charged in the UK and the US with hacking critical infrastructure organizations.
The post Two Scattered Spider Suspects Arrested in UK; One Charged in US appeared first on SecurityWeek.
19 September 2025
Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities.
Slovak cybersecurity company ESET said it observed the Gamaredon tools PteroGraphin and PteroOdd being used to execute Turla group's Kazuar backdoor on an endpoint in Ukraine in February 2025, indicating that Turla is very likely
19 September 2025
Novakon HMIs are affected by remote code execution and information exposure vulnerabilities.
The post Unpatched Vulnerabilities Expose Novakon HMIs to Remote Hacking appeared first on SecurityWeek.
19 September 2025
Law enforcement authorities in the U.K. have arrested two teen members of the Scattered Spider hacking group in connection with their alleged participation in an August 2024 cyber attack targeting Transport for London (TfL), the city's public transportation agency.
Thalha Jubair (aka EarthtoStar, Brad, Austin, and @autistic), 19, from East London and Owen Flowers, 18, from Walsall, West Midlands