TECHZONE™

New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks https://thehackernews.com/2025/08/new-ps1bot-malware-campaign-uses.html Cybersecurity researchers have discovered a new malvertising campaign that's designed to infect victims with a multi-stage malware framework called PS1Bot. "PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems, including information theft, keylogging, reconnaissance, and the establishment of persistent system

Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws https://thehackernews.com/2025/08/zoom-and-xerox-release-critical.html Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.  The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation. "Untrusted search path in

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code https://thehackernews.com/2025/08/fortinet-warns-about-fortisiem.html Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0. "An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to

AI SOC 101: Key Capabilities Security Leaders Need to Know https://thehackernews.com/2025/08/ai-soc-101-key-capabilities-security.html Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what turns out to be false positives, or switching between half a dozen tools to piece together context. The work is repetitive, time-consuming, and high-stakes, leaving SOCs under constant pressure to keep up, yet often struggling to stay ahead of emerging

Webinar: What the Next Wave of AI Cyberattacks Will Look Like — And How to Survive https://thehackernews.com/2025/08/webinar-what-next-wave-of-ai.html The AI revolution isn’t coming. It’s already here. From copilots that write our emails to autonomous agents that can take action without us lifting a finger, AI is transforming how we work. But here’s the uncomfortable truth: Attackers are evolving just as fast. Every leap forward in AI gives bad actors new tools — deepfake scams so real they trick your CFO, bots that can bypass human review,

Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws https://thehackernews.com/2025/08/microsoft-august-2025-patch-tuesday.html Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known at the time of the release. Of the 111 vulnerabilities, 16 are rated Critical, 92 are rated Important, two are rated Moderate, and one is rated Low in severity. Forty-four of the vulnerabilities relate to privilege

Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics https://thehackernews.com/2025/08/charon-ransomware-hits-middle-east.html Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East's public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those of advanced persistent threat (APT) groups, such as DLL side-loading, process injection, and the ability

Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks https://thehackernews.com/2025/08/researchers-spot-xz-utils-backdoor-in.html New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident. More troubling is the fact that other images have been built on top of these infected base images, effectively propagating the infection further in a transitive manner, Binarly REsearch said in a report shared with The Hacker News. The firmware

Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager https://thehackernews.com/2025/08/fortinet-ssl-vpns-hit-by-global-brute.html Cybersecurity researchers are warning of a "significant spike" in brute-force traffic aimed at Fortinet SSL VPN devices. The coordinated activity, per threat intelligence firm GreyNoise, was observed on August 3, 2025, with over 780 unique IP addresses participating in the effort. As many as 56 unique IP addresses have been detected over the past 24 hours. All the IP addresses have been

Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses https://thehackernews.com/2025/08/cybercrime-groups-shinyhunters.html An ongoing data extortion campaign targeting Salesforce customers may soon turn its attention to financial services and technology service providers, as ShinyHunters and Scattered Spider appear to be working hand in hand, new findings show. "This latest wave of ShinyHunters-attributed attacks reveals a dramatic shift in tactics, moving beyond the group's previous credential theft and database

New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks https://thehackernews.com/2025/08/new-curly-comrades-apt-using-ngen-com.html A previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage campaign designed to facilitate long-term access to target networks. "They repeatedly tried to extract the NTDS database from domain controllers -- the primary repository for user password hashes and authentication data in a Windows network,"

The Ultimate Battle: Enterprise Browsers vs. Secure Browser Extensions https://thehackernews.com/2025/08/the-ultimate-battle-enterprise-browsers.html Most security tools can’t see what happens inside the browser, but that’s where the majority of work, and risk, now lives. Security leaders deciding how to close that gap often face a choice: deploy a dedicated Enterprise Browser or add an enterprise-grade control layer to the browsers employees already use and trust. The Ultimate Battle: Enterprise Browsers vs. Enterprise Browser Extensions

WinRAR zero-day exploited in espionage attacks against high-value targets https://www.welivesecurity.com/en/videos/winrar-zero-day-exploited-espionage-attacks-high-value-targets/ The attacks used spearphishing campaigns to target financial, manufacturing, defense, and logistics companies in Europe and Canada, ESET research finds

Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/ ESET Research discovered a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents; the weaponized archives exploited a path traversal flaw to compromise their targets

Dutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE-2025-6543 in Critical Sectors https://thehackernews.com/2025/08/dutch-ncsc-confirms-active-exploitation.html The Dutch National Cyber Security Centre (NCSC-NL) has warned of cyber attacks exploiting a recently disclosed critical security flaw impacting Citrix NetScaler ADC products to breach organizations in the country. The NCSC-NL said it discovered the exploitation of CVE-2025-6543 targeting several critical organizations within the Netherlands, and that investigations are ongoing to determine the

New TETRA Radio Encryption Flaws Expose Law Enforcement Communications https://thehackernews.com/2025/08/new-tetra-radio-encryption-flaws-expose.html Cybersecurity researchers have discovered a fresh set of security issues in the Terrestrial Trunked Radio (TETRA) communications protocol, including in its proprietary end-to-end encryption (E2EE) mechanism that exposes the system to replay and brute-force attacks, and even decrypt encrypted traffic. Details of the vulnerabilities – dubbed 2TETRA:2BURST – were presented at the Black Hat USA

Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls https://thehackernews.com/2025/08/researchers-spot-surge-in-erlangotp-ssh.html Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology (OT) networks. The vulnerability in question is CVE-2025-32433 (CVSS score: 10.0), a missing authentication issue that could be abused by an

⚡ Weekly Recap: BadCam Attack, WinRAR 0-Day, EDR Killer, NVIDIA Flaws, Ransomware Attacks & More https://thehackernews.com/2025/08/weekly-recap-badcam-attack-winrar-0-day.html This week, cyber attackers are moving quickly, and businesses need to stay alert. They’re finding new weaknesses in popular software and coming up with clever ways to get around security. Even one unpatched flaw could let attackers in, leading to data theft or even taking control of your systems. The clock is ticking—if defenses aren’t updated regularly, it could lead to serious damage. The

6 Lessons Learned: Focusing Security Where Business Value Lives https://thehackernews.com/2025/08/6-lessons-learned-focusing-security.html The Evolution of Exposure Management Most security teams have a good sense of what’s critical in their environment. What’s harder to pin down is what’s business-critical. These are the assets that support the processes the business can’t function without. They’re not always the loudest or most exposed. They’re the ones tied to revenue, operations, and delivery. If one goes down, it’s more than a

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately https://thehackernews.com/2025/08/winrar-zero-day-under-active.html The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability. Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious archive files. "When extracting a file,