Daily Cyber News

China-Linked Hackers Exploit Windows Shortcut Vulnerability to Target European Diplomats

A China-affiliated cyber espionage group, tracked as UNC6384, has been discovered conducting a sophisticated campaign targeting European diplomatic and government entities. The attacks, occurring between September and October 2025, exploit an unpatched Windows shortcut vulnerability to deploy the notorious PlugX remote access trojan on victim systems. Strategic Targeting of European Diplomacy According to a technical […]

China-Linked Hackers Exploit Windows Shortcut Vulnerability to Target European Diplomats Read More »

China-Linked Tick APT Exploits Lanscope Zero-Day to Compromise Corporate Networks

A sophisticated cyber espionage group known as Tick has been identified as the actor behind the exploitation of a critical, recently disclosed zero-day vulnerability in Motex Lanscope Endpoint Manager. This campaign, targeting specific sectors for intelligence gathering, demonstrates the continued threat posed by advanced persistent threats (APTs) to corporate network security. The Zero-Day Vulnerability: CVE-2025-61932

China-Linked Tick APT Exploits Lanscope Zero-Day to Compromise Corporate Networks Read More »

CISA and NSA Release Critical Security Guidance for WSUS and Microsoft Exchange Servers

In a joint cybersecurity advisory, U.S. and international agencies have released critical guidance to help organizations fortify their on-premise Microsoft Exchange Server environments against persistent threats. The guidance emphasizes that unprotected and misconfigured instances remain prime targets for malicious actors and outlines a comprehensive strategy to secure these vital communication hubs. A Unified Call to

CISA and NSA Release Critical Security Guidance for WSUS and Microsoft Exchange Servers Read More »

Eclipse Foundation Revokes Leaked Open VSX Tokens After Wiz Security Discovery

The Eclipse Foundation has taken decisive action to secure the Open VSX registry after a security report revealed that access tokens had been accidentally leaked within several Visual Studio Code extensions. This prompt response neutralizes a potential software supply chain attack that could have allowed threat actors to hijack extensions and distribute malware to unsuspecting

Eclipse Foundation Revokes Leaked Open VSX Tokens After Wiz Security Discovery Read More »

Google’s Built-In AI Defenses on Android Now Block 10 Billion Scam Messages Monthly

In a significant demonstration of its proactive security measures, Google has announced that its built-in scam defenses on the Android platform are now protecting users from over 10 billion suspected malicious calls and messages every single month. This massive filtering effort is powered by on-device artificial intelligence, creating a formidable barrier against modern digital fraud.

Google’s Built-In AI Defenses on Android Now Block 10 Billion Scam Messages Monthly Read More »

PhantomRaven Malware Hidden in 126 npm Packages Stealing GitHub Tokens from Developers

A sophisticated software supply chain attack, dubbed “PhantomRaven,” has infiltrated the npm registry with 126 malicious packages designed to secretly steal sensitive developer credentials. This campaign specifically targets authentication tokens, CI/CD secrets, and GitHub credentials directly from developers’ machines, posing a severe threat to software development integrity. The Scale and Stealth of the PhantomRaven Campaign

PhantomRaven Malware Hidden in 126 npm Packages Stealing GitHub Tokens from Developers Read More »

AI-Targeted Cloaking Attack Tricks Crawlers Into Citing False Information as Verified Facts

A novel cybersecurity threat is targeting the very foundation of agentic AI browsers, a development that could allow malicious actors to poison the information these systems retrieve and present as undeniable truth. This sophisticated “cloaking” technique exploits the trust AI models place in their web crawlers, creating a ripe opportunity for widespread misinformation and manipulation.

AI-Targeted Cloaking Attack Tricks Crawlers Into Citing False Information as Verified Facts Read More »

CISA Confirms Active Exploitation of Critical Vulnerabilities in Dassault and XWiki

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially confirmed that threat actors are actively exploiting critical security vulnerabilities in two widely used enterprise platforms: Dassault Systèmes’ DELMIA Apriso and the open-source XWiki. These flaws grant attackers the ability to execute arbitrary code and seize control of affected systems, prompting urgent calls for patching.

CISA Confirms Active Exploitation of Critical Vulnerabilities in Dassault and XWiki Read More »

10 Malicious npm Packages Steal Developer Credentials Across Windows, macOS, and Linux

In a stark reminder of the vulnerabilities within open-source ecosystems, cybersecurity analysts have unearthed ten deceptive npm packages engineered to pilfer sensitive developer credentials. These packages, capable of operating on Windows, macOS, and Linux, employ sophisticated stealth techniques to avoid detection while harvesting a treasure trove of personal and corporate data. The Deceptive Packages and

10 Malicious npm Packages Steal Developer Credentials Across Windows, macOS, and Linux Read More »

Russian Hackers Target Ukrainian Organizations Using Stealthy, Living Off the Land Tactics

Russian threat actors have reportedly conducted a series of stealthy cyberattacks on organizations in Ukraine, aiming to steal confidential data and maintain persistent access to compromised networks.According to a recent joint report by Symantec and Carbon Black Threat Hunter Team, the attacks targeted a large business services company for two months and a local government

Russian Hackers Target Ukrainian Organizations Using Stealthy, Living Off the Land Tactics Read More »