TECHZONE™

New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP https://thehackernews.com/2025/08/new-win-ddos-flaws-let-attackers-turn.html A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious botnet and use it to conduct power distributed denial-of-service (DDoS) attacks. The approach has been codenamed Win-DDoS by SafeBreach researchers Or Yair and Shahak Morag, who presented their findings at the DEF CON 33 security conference today. "As we

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation https://thehackernews.com/2025/08/researchers-detail-windows-epm.html Cybersecurity researchers have presented new findings related to a now-patched security issue in Microsoft's Windows Remote Procedure Call (RPC) communication protocol that could be abused by an attacker to conduct spoofing attacks and impersonate a known server. The vulnerability, tracked as CVE-2025-49760 (CVSS score: 3.5), has been described by the tech giant as a Windows Storage spoofing bug

Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks https://thehackernews.com/2025/08/linux-based-lenovo-webcams-flaw-can-be.html Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices. "This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system," Eclypsium researchers Paul Asadoorian, Mickey Shkatov, and Jesse Michael said in a report shared with The Hacker News. The

Black Hat USA 2025: Is a high cyber insurance premium about your risk, or your insurer’s? https://www.welivesecurity.com/en/business-security/black-hat-usa-2025-cyber-insurance-premium/ A sky-high premium may not always reflect your company’s security posture

Android adware: What is it, and how do I get it off my device? https://www.welivesecurity.com/en/mobile-security/android-adware-what-is-it-how-get-it-off-my-device/ Is your phone suddenly flooded with aggressive ads, slowing down performance or leading to unusual app behavior? Here’s what to do.

Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems https://thehackernews.com/2025/08/researchers-uncover-gpt-5-jailbreak-and.html Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and produce illicit instructions. Generative artificial intelligence (AI) security platform NeuralTrust said it combined a known technique called Echo Chamber with narrative-driven steering to trick the model into producing undesirable

CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials https://thehackernews.com/2025/08/cyberark-and-hashicorp-flaws-enable.html Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully exploited, can allow remote attackers to crack open corporate identity systems and extract enterprise secrets and tokens from them.  The 14 vulnerabilities, collectively named Vault Fault, affect CyberArk Secrets Manager, Self-Hosted, and

Black Hat USA 2025: Policy compliance and the myth of the silver bullet https://www.welivesecurity.com/en/cybersecurity/black-hat-usa-2025-policy-compliance-cybersecurity-silver-bullet/ Who’s to blame when the AI tool managing a company’s compliance status gets it wrong?

Black Hat USA 2025: Does successful cybersecurity today increase cyber-risk tomorrow? https://www.welivesecurity.com/en/cybersecurity/black-hat-usa-2025-successful-cybersecurity-cyber-risk/ Success in cybersecurity is when nothing happens, plus other standout themes from two of the event’s keynotes

AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims https://thehackernews.com/2025/08/ai-tools-fuel-brazilian-phishing-scam.html Cybersecurity researchers are drawing attention to a new campaign that's using legitimate generative artificial intelligence (AI)-powered website building tools like DeepSite AI and BlackBox AI to create replica phishing pages mimicking Brazilian government agencies as part of a financially motivated campaign. The activity involves the creation of lookalike sites imitating Brazil's State

Leaked Credentials Up 160%: What Attackers Are Doing With Them https://thehackernews.com/2025/08/leaked-credentials-up-160-what.html When an organization’s credentials are leaked, the immediate consequences are rarely visible—but the long-term impact is far-reaching. Far from the cloak-and-dagger tactics seen in fiction, many real-world cyber breaches begin with something deceptively simple: a username and password. According to Verizon’s 2025 Data Breach Investigations Report, leaked credentials accounted for 22% of breaches

RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes https://thehackernews.com/2025/08/rubygems-pypi-hit-by-malicious-packages.html A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users. The activity is assessed to be active since at least March 2023, according to the software supply chain security company Socket. Cumulatively, the gems have been

GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions https://thehackernews.com/2025/08/greedybear-steals-1m-in-crypto-using.html A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate popular cryptocurrency wallets and steal more than $1 million in digital assets. The published browser add-ons masquerade as MetaMask, TronLink, Exodus, and Rabby Wallet, among others, Koi Security researcher Tuval Admoni said. What makes the

SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others https://thehackernews.com/2025/08/socgholish-malware-spread-via-ad-tools.html The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content. "The core of their operation is a sophisticated Malware-as-a-Service (MaaS) model, where infected systems are sold as initial access points to other cybercriminal organizations," Silent Push

Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes https://thehackernews.com/2025/08/malicious-go-npm-packages-deliver-cross.html Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems. "At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable set of .icu and .tech command-and-control (C2) endpoints, and executes it in memory," Socket security

The AI-Powered Security Shift: What 2025 Is Teaching Us About Cloud Defense https://thehackernews.com/2025/08/the-ai-powered-security-shift-what-2025.html Now that we are well into 2025, cloud attacks are evolving faster than ever and artificial intelligence (AI) is both a weapon and a shield. As AI rapidly changes how enterprises innovate, security teams are now tasked with a triple burden: Secure AI embedded in every part of the business. Use AI to defend faster and smarter. Fight AI-powered threats that execute in minutes—or seconds. Security

Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups https://thehackernews.com/2025/08/microsoft-discloses-exchange-server.html Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions. The vulnerability, tracked as CVE-2025-53786, carries a CVSS score of 8.0. Dirk-jan Mollema with Outsider Security has been acknowledged for reporting the bug. "In an Exchange hybrid deployment, an

6,500 Axis Servers Expose Remoting Protocol, 4,000 in U.S. Vulnerable to Exploits https://thehackernews.com/2025/08/6500-axis-servers-expose-remoting.html Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks. "The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis Camera Station, client software used to view

SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day https://thehackernews.com/2025/08/sonicwall-confirms-patched.html SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and password reuse. "We now have high confidence that the recent SSL VPN activity is not connected to a zero-day vulnerability," the company said. "Instead, there is a significant correlation with threat activity related to CVE-2024-40766."

Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need https://thehackernews.com/2025/08/webinar-how-to-stop-python-supply-chain.html Python is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn’t write. But in 2025, that trust comes with a serious risk. Every few weeks, we’re seeing fresh headlines about malicious packages uploaded to the Python Package Index (PyPI)—many going undetected until after they’ve caused