Daily Cyber News

Three China-Linked Threat Clusters Launch Coordinated Cyber Campaign Against Southeast Asian Government in 2025

A coordinated cyber espionage campaign involving three China-aligned threat clusters has targeted a Southeast Asian government organization throughout 2025, deploying sophisticated malware and backdoor tools. Multiple Threat Clusters Identified The activity has been traced to the following clusters: Palo Alto Networks Unit 42 researchers Palo Alto Networks Unit 42 noted, “The overlapping tactics, techniques, and procedures suggest […]

Three China-Linked Threat Clusters Launch Coordinated Cyber Campaign Against Southeast Asian Government in 2025 Read More »

Iran-Linked Hackers Compromise FBI Director’s Personal Email, Launch Wiper Attack on Stryker

A cyber espionage campaign linked to Iran has compromised the personal email account of Kash Patel, while also targeting major U.S. healthcare firm Stryker in a destructive cyberattack. FBI Director’s Personal Emails Leaked Online The breach was claimed by the hacktivist group Handala Hack, which published a collection of emails, photos, and documents allegedly belonging to the FBI

Iran-Linked Hackers Compromise FBI Director’s Personal Email, Launch Wiper Attack on Stryker Read More »

Citrix NetScaler Faces Active Reconnaissance for CVE-2026-3055 High-Severity Memory Overread Vulnerability

A newly disclosed high-risk vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway is already drawing attention from threat actors, with security firms reporting active reconnaissance activity targeting exposed systems. Critical Memory Overread Vulnerability Identified The flaw, tracked as CVE-2026-3055, has been assigned a CVSS score of 9.3, highlighting its severity. This issue stems from improper input

Citrix NetScaler Faces Active Reconnaissance for CVE-2026-3055 High-Severity Memory Overread Vulnerability Read More »

CISA Adds CVE-2025-53521 to KEV List Following Active Exploitation of F5 BIG-IP APM

The U.S. cybersecurity authority, Cybersecurity and Infrastructure Security Agency (CISA), has officially added a high-severity vulnerability affecting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog after confirming real-world attacks. Critical Vulnerability Escalates to Remote Code Execution The flaw, tracked as CVE-2025-53521, carries a CVSS v4 score of 9.3 and allows attackers to

CISA Adds CVE-2025-53521 to KEV List Following Active Exploitation of F5 BIG-IP APM Read More »

TeamPCP Distributes Malicious Telnyx Packages on PyPI, Conceals Data Stealer Inside WAV Files

A new software supply chain attack has been uncovered involving TeamPCP, the same threat group previously linked to compromises of Trivy, KICS, and litellm. This time, the attackers targeted the widely used Telnyx Python package by uploading malicious versions to the Python Package Index (PyPI). Malicious Versions Disguised as Legitimate Updates Security researchers revealed that

TeamPCP Distributes Malicious Telnyx Packages on PyPI, Conceals Data Stealer Inside WAV Files Read More »

AitM Phishing Attack Targets TikTok Business Accounts by Bypassing Cloudflare Turnstile Security

Cybersecurity researchers have uncovered a sophisticated phishing campaign designed to compromise TikTok for Business accounts using advanced adversary-in-the-middle (AitM) techniques. The operation, identified by Push Security, highlights how attackers are evolving their tactics to bypass modern security defenses. Business Accounts Become High-Value Targets Accounts linked to social media platforms are increasingly attractive to cybercriminals. Once compromised,

AitM Phishing Attack Targets TikTok Business Accounts by Bypassing Cloudflare Turnstile Security Read More »

Bearlyfy Targets Russian Firms with Custom GenieLocker Ransomware

A pro-Ukraine hacking group has intensified its cyber operations against Russian businesses, deploying a newly developed ransomware strain to maximize disruption and financial gain. The group, known as Bearlyfy, has rapidly evolved into a serious threat actor since emerging in early 2025. Rapid Rise of a Dual-Purpose Threat Actor Since its appearance, Bearlyfy has been linked

Bearlyfy Targets Russian Firms with Custom GenieLocker Ransomware Read More »

Critical Flaws in LangChain and LangGraph Expose Files, Secrets, and Databases

Security researchers have uncovered serious vulnerabilities in widely used artificial intelligence frameworks, exposing enterprise systems to potential data breaches. The affected platforms, LangChain and LangGraph, are commonly used to build applications powered by large language models, making the impact both widespread and significant. Massive Adoption Increases Risk Exposure Both frameworks are deeply embedded in modern AI development environments.

Critical Flaws in LangChain and LangGraph Expose Files, Secrets, and Databases Read More »

China Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy Through Telecom Networks

A highly sophisticated cyber espionage campaign linked to a China-associated threat group has been uncovered, targeting telecommunications infrastructure to infiltrate sensitive government networks. The operation reflects a long-term strategy focused on stealth, persistence, and deep network access, raising serious concerns for global cybersecurity. Silent Infiltration of Telecom Networks The threat group known as Red Menshen,

China Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy Through Telecom Networks Read More »

Claude Extension Vulnerability Allowed Zero Click XSS and Prompt Injection via Any Website

Cybersecurity researchers have uncovered a serious security flaw in Claude’s Google Chrome extension that allowed attackers to inject malicious prompts without any user interaction. The vulnerability made it possible for a simple website visit to silently manipulate the AI assistant’s behavior. How the Zero-Click Attack Worked According to researchers at Koi Security, the flaw allowed any website

Claude Extension Vulnerability Allowed Zero Click XSS and Prompt Injection via Any Website Read More »