TECHZONE™

Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware https://thehackernews.com/2025/10/google-mandiant-probes-new-oracle.html Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p. The malicious activity involves sending extortion emails to executives at various organizations and claiming to have stolen sensitive data from their Oracle E-Business Suite. "This activity began on or

How to Close Threat Detection Gaps: Your SOC's Action Plan https://thehackernews.com/2025/10/how-to-close-threat-detection-gaps-your.html Running a SOC often feels like drowning in alerts. Every morning, dashboards light up with thousands of signals; some urgent, many irrelevant. The job is to find the real threats fast enough to keep cases from piling up, prevent analyst burnout, and maintain client or leadership confidence. The toughest challenges, however, aren’t the alerts that can be dismissed quickly, but the ones that hide

Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro https://thehackernews.com/2025/10/warning-beware-of-android-spyware.html Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab Emirates (U.A.E.). Slovak cybersecurity company ESET said the malicious apps are distributed via fake websites and social engineering to trick unsuspecting users into downloading them. Once installed, both the spyware

2025 Cybersecurity Reality Check: Breaches Hidden, Attack Surfaces Growing, and AI Misperceptions Rising https://thehackernews.com/2025/10/2025-cybersecurity-reality-check.html Bitdefender’s 2025 Cybersecurity Assessment Report paints a sobering picture of today’s cyber defense landscape: mounting pressure to remain silent after breaches, a gap between leadership and frontline teams, and a growing urgency to shrink the enterprise attack surface. The annual research combines insights from over 1,200 IT and security professionals across six countries, along with an

New Android Banking Trojan “Klopatra” Uses Hidden VNC to Control Infected Smartphones https://thehackernews.com/2025/10/new-android-banking-trojan-klopatra.html A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy. Italian fraud prevention firm Cleafy, which discovered the sophisticated malware and remote access trojan (RAT) in late August 2025, said it leverages Hidden Virtual Network Computing (VNC) for remote control of infected devices and

Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs https://thehackernews.com/2025/10/ukraine-warns-of-cabinetrat-backdoor.html The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT. The activity, observed in September 2025, has been attributed to a threat cluster it tracks as UAC-0245. The agency said it spotted the attack following the discovery of software tools taking the form of XLL files, which refer to Microsoft Excel

$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections https://thehackernews.com/2025/10/50-battering-ram-attack-breaks-intel.html A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors. "We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks," researchers Jesse De Meulemeester, David Oswald, Ingrid

Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware https://thehackernews.com/2025/09/phantom-taurus-new-china-linked-hacker.html Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor dubbed Phantom Taurus over the past two-and-a-half years. "Phantom Taurus' main focus areas include ministries of foreign affairs, embassies, geopolitical events, and military operations," Palo Alto Networks Unit 42

Evolving Enterprise Defense to Secure the Modern AI Supply Chain https://thehackernews.com/2025/09/evolving-enterprise-defense-to-secure.html The world of enterprise technology is undergoing a dramatic shift. Gen-AI adoption is accelerating at an unprecedented pace, and SaaS vendors are embedding powerful LLMs directly into their platforms. Organizations are embracing AI-powered applications across every function, from marketing and development to finance and HR. This transformation unlocks innovation and efficiency, but it also

U.K. Police Just Seized £5.5 Billion in Bitcoin — The World’s Largest Crypto Bust https://thehackernews.com/2025/09/uk-police-just-seized-55-billion-in.html A Chinese national has been convicted for her role in a fraudulent cryptocurrency scheme after law enforcement authorities in the U.K. confiscated £5.5 billion (about $7.39 billion) during a raid of her home in London. The cryptocurrency seizure, amounting to 61,000 Bitcoin, is believed to be the single largest such effort in the world, the Metropolitan Police said. Zhimin Qian (aka Yadi Zhang),

CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems https://thehackernews.com/2025/09/cisa-sounds-alarm-on-critical-sudo-flaw.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations https://thehackernews.com/2025/09/evilai-malware-masquerades-as-ai-tools.html Threat actors have been observed using seemingly legitimate artificial intelligence (AI) tools and software to sneakily slip malware for future attacks on organizations worldwide. According to Trend Micro, the campaign is using productivity or AI-enhanced tools to deliver malware targeting various regions, including Europe, the Americas, and the Asia, Middle East, and Africa (AMEA) region.

⚡ Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More https://thehackernews.com/2025/09/weekly-recap-cisco-0-day-record-ddos.html Cybersecurity never stops—and neither do hackers. While you wrapped up last week, new attacks were already underway. From hidden software bugs to massive DDoS attacks and new ransomware tricks, this week’s roundup gives you the biggest security moves to know. Whether you’re protecting key systems or locking down cloud apps, these are the updates you need before making your next security

The State of AI in the SOC 2025 - Insights from Recent Study  https://thehackernews.com/2025/09/the-state-of-ai-in-soc-2025-insights.html Security leaders are embracing AI for triage, detection engineering, and threat hunting as alert volumes and burnout hit breaking points. A comprehensive survey of 282 security leaders at companies across industries reveals a stark reality facing modern Security Operations Centers: alert volumes have reached unsustainable levels, forcing teams to leave critical threats uninvestigated. You can

Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security https://thehackernews.com/2025/09/microsoft-flags-ai-driven-phishing-llm.html Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models (LLMs) to obfuscate payloads and evade security defenses. "Appearing to be aided by a large language model (LLM), the activity obfuscated its behavior within an SVG file, leveraging business terminology and a synthetic structure

First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package https://thehackernews.com/2025/09/first-malicious-mcp-server-found.html Cybersecurity researchers have discovered what has been described as the first-ever instance of a Model Context Protocol (MCP) server spotted in the wild, raising software supply chain risks. According to Koi Security, a legitimate-looking developer managed to slip in rogue code within an npm package called "postmark-mcp" that copied an official Postmark Labs library of the same name. The

China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks https://thehackernews.com/2025/09/china-linked-plugx-and-bookworm-malware.html Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign distributing a new variant of a known malware called PlugX (aka Korplug or SOGU). "The new variant's features overlap with both the RainyDay and Turian backdoors, including abuse of the same legitimate applications for DLL side-loading, the

Researchers Expose SVG and PureRAT Phishing Threats Targeting Ukraine and Vietnam https://thehackernews.com/2025/09/researchers-expose-svg-and-purerat.html A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner. "The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments," Fortinet FortiGuard Labs researcher Yurren Wan said in a report shared with The

New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks https://thehackernews.com/2025/09/new-coldriver-malware-campaign-joins-bo.html The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new "lightweight" malware families tracked as BAITSWITCH and SIMPLEFIX. Zscaler ThreatLabz, which detected the new multi-stage ClickFix campaign earlier this month, described BAITSWITCH as a downloader that ultimately drops SIMPLEFIX, a

Crash Tests for Security: Why BAS Is Proof of Defense, Not Assumptions https://thehackernews.com/2025/09/crash-tests-for-security-why-bas-is.html Car makers don’t trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions. Because design specs don’t prove survival. Crash tests do. They separate theory from reality. Cybersecurity is no different. Dashboards overflow with “critical” exposure alerts. Compliance reports tick every box.  But none of that proves what matters most to a CISO: The