TECHZONE™

Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft https://thehackernews.com/2025/08/researchers-uncover-ecscape-flaw-in.html Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment. The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the

Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams https://thehackernews.com/2025/08/fake-vpn-and-spam-blocker-apps-tied-to.html The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google's official app storefronts under the guise of seemingly useful applications. These apps masquerade as VPNs, device "monitoring" apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in an exhaustive

AI Slashes Workloads for vCISOs by 68% as SMBs Demand More – New Report Reveals https://thehackernews.com/2025/08/ai-slashes-workloads-for-vcisos-by-68.html As the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical for businesses of all sizes. To address this shift, SMBs have been urgently turning to vCISO services to keep up with escalating threats and compliance demands. A recent report by Cynomi has found that a full 79% of MSPs and MSSPs see high demand for vCISO services among SMBs. How are

Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools https://thehackernews.com/2025/08/microsoft-launches-project-ire-to.html Microsoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort to advance malware detection efforts. The large language model (LLM)-powered autonomous malware classification system, currently a prototype, has been codenamed Project Ire by the tech giant. The system "automates what is considered the gold

Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems https://thehackernews.com/2025/08/trend-micro-confirms-active.html Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild. The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have been described as management console command injection and remote code execution flaws. "A vulnerability in Trend Micro

ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch https://www.welivesecurity.com/en/podcasts/eset-threat-report-h1-2025-clickfix-infostealer-disruptions-ransomware-deathmatch/ Threat actors are embracing ClickFix, ransomware gangs are turning on each other – toppling even the leaders – and law enforcement is disrupting one infostealer after another

CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures https://thehackernews.com/2025/08/cert-ua-warns-of-hta-delivered-c.html The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks carried out by a threat actor called UAC-0099 targeting government agencies, the defense forces, and enterprises of the defense-industrial complex in the country. The attacks, which leverage phishing emails as an initial compromise vector, are used to deliver malware families like MATCHBOIL, MATCHWOK, and

AI Is Transforming Cybersecurity Adversarial Testing - Pentera Founder’s Vision https://thehackernews.com/2025/08/ai-is-transforming-cybersecurity.html When Technology Resets the Playing Field In 2015 I founded a cybersecurity testing software company with the belief that automated penetration testing was not only possible, but necessary. At the time, the idea was often met with skepticism, but today, with 1200+ of enterprise customers and thousands of users, that vision has proven itself. But I also know that what we’ve built so far is only

CISA Adds 3 D-Link Router Flaws to KEV Catalog After Active Exploitation Reports https://thehackernews.com/2025/08/cisa-adds-3-d-link-router-flaws-to-kev.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The high-severity vulnerabilities, which are from 2020 and 2022, are listed below - CVE-2020-25078 (CVSS score: 7.5) - An unspecified vulnerability in D-Link

ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections https://thehackernews.com/2025/08/clickfix-malware-campaign-exploits.html A combination of propagation methods, narrative sophistication, and evasion techniques enabled the social engineering tactic known as ClickFix to take off the way it did over the past year, according to new findings from Guardio Labs. "Like a real-world virus variant, this new 'ClickFix' strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web

Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild https://thehackernews.com/2025/08/google-fixes-3-android-vulnerabilities.html Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild. The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6), by the chipmaker back in June 2025. CVE-2025-21479

Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval https://thehackernews.com/2025/08/cursor-ai-code-editor-vulnerability.html Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor Cursor that could result in remote code execution. The vulnerability, tracked as CVE-2025-54136 (CVSS score: 7.2), has been codenamed MCPoison by Check Point Research, owing to the fact that it exploits a quirk in the way the software handles modifications to Model

Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks https://thehackernews.com/2025/08/misconfigurations-are-not.html In SaaS security conversations, “misconfiguration” and “vulnerability” are often used interchangeably. But they’re not the same thing. And misunderstanding that distinction can quietly create real exposure. This confusion isn’t just semantics. It reflects a deeper misunderstanding of the shared responsibility model, particularly in SaaS environments where the line between vendor and customer

How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents https://thehackernews.com/2025/08/how-top-cisos-save-their-socs-from.html Why do SOC teams still drown in alerts even after spending big on security tools? False positives pile up, stealthy threats slip through, and critical incidents get buried in the noise. Top CISOs have realized the solution isn’t adding more and more tools to SOC workflows but giving analysts the speed and visibility they need to catch real attacks before they cause damage.  Here’s how

15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign https://thehackernews.com/2025/08/15000-fake-tiktok-shop-domains-deliver.html Cybersecurity researchers have lifted the veil on a widespread malicious campaign that's targeting TikTok Shop users globally with an aim to steal credentials and distribute trojanized apps. "Threat actors are exploiting the official in-app e-commerce platform through a dual attack strategy that combines phishing and malware to target users," CTM360 said. "The core tactic involves a deceptive

SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported https://thehackernews.com/2025/08/sonicwall-investigating-potential-ssl.html SonicWall said it's actively investigating reports to determine if there is a new zero-day vulnerability following reports of a spike in Akira ransomware actors in late July 2025. "Over the past 72 hours, there has been a notable increase in both internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSLVPN is enabled," the network security vendor said in a

NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers https://thehackernews.com/2025/08/nvidia-triton-bugs-let-unauthenticated.html A newly disclosed set of security flaws in NVIDIA's Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers. "When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote code execution

Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally https://thehackernews.com/2025/08/vietnamese-hackers-use-pxa-stealer-hit.html Cybersecurity researchers are calling attention to a new wave of campaigns distributing a Python-based information stealer called PXA Stealer. The malicious activity has been assessed to be the work of Vietnamese-speaking cybercriminals who monetize the stolen data through a subscription-based underground ecosystem that automates the resale and reuse via Telegram APIs, according to a joint

⚡ Weekly Recap: VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More https://thehackernews.com/2025/08/weekly-recap-vpn-0-day-encryption.html Malware isn’t just trying to hide anymore—it’s trying to belong. We’re seeing code that talks like us, logs like us, even documents itself like a helpful teammate. Some threats now look more like developer tools than exploits. Others borrow trust from open-source platforms, or quietly build themselves out of AI-written snippets. It’s not just about being malicious—it’s about being believable.

Man-in-the-Middle Attack Prevention Guide https://thehackernews.com/2025/08/man-in-middle-attack-prevention-guide.html Some of the most devastating cyberattacks don’t rely on brute force, but instead succeed through stealth. These quiet intrusions often go unnoticed until long after the attacker has disappeared. Among the most insidious are man-in-the-middle (MITM) attacks, where criminals exploit weaknesses in communication protocols to silently position themselves between two unsuspecting parties