TECHZONE™

ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service https://thehackernews.com/2025/09/shadowv2-botnet-exploits-misconfigured.html Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest. The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web Services (AWS) cloud servers to deploy a Go-based malware that turns infected systems into attack nodes

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security https://thehackernews.com/2025/09/github-mandates-2fa-and-short-lived.html GitHub on Monday announced that it will be changing its authentication and publishing options "in the near future" in response to a recent wave of supply chain attacks targeting the npm ecosystem, including the Shai-Hulud attack. This includes steps to address threats posed by token abuse and self-replicating malware by allowing local publishing with required two-factor authentication (2FA),

BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells https://thehackernews.com/2025/09/badiis-malware-spreads-via-seo.html Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in attacks targeting East and Southeast Asia, particularly with a focus on Vietnam. The activity, dubbed Operation Rewrite, is being tracked by Palo Alto Networks Unit 42 under the moniker CL-UNK-1037, where "

ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks https://thehackernews.com/2025/09/comicform-and-sectorj149-hackers-deploy.html Organizations in Belarus, Kazakhstan, and Russia have emerged as the target of a phishing campaign undertaken by a previously undocumented hacking group called ComicForm since at least April 2025. The activity primarily targeted industrial, financial, tourism, biotechnology, research, and trade sectors, cybersecurity company F6 said in an analysis published last week. The attack chain involves

⚡ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More https://thehackernews.com/2025/09/weekly-recap-chrome-0-day-ai-hacking.html The security landscape now moves at a pace no patch cycle can match. Attackers aren’t waiting for quarterly updates or monthly fixes—they adapt within hours, blending fresh techniques with old, forgotten flaws to create new openings. A vulnerability closed yesterday can become the blueprint for tomorrow’s breach. This week’s recap explores the trends driving that constant churn: how threat

How to Gain Control of AI Agents and Non-Human Identities https://thehackernews.com/2025/09/how-to-gain-control-of-ai-agents-and.html We hear this a lot: “We’ve got hundreds of service accounts and AI agents running in the background. We didn’t create most of them. We don’t know who owns them. How are we supposed to secure them?” Every enterprise today runs on more than users. Behind the scenes, thousands of non-human identities, from service accounts to API tokens to AI agents, access systems, move data, and execute tasks

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants https://thehackernews.com/2025/09/microsoft-patches-critical-entra-id.html A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. The vulnerability, tracked as CVE-2025-55241, has been assigned the maximum CVSS score of 10.0. It has been described by Microsoft as a privilege escalation flaw in Azure Entra. There is no

DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams https://thehackernews.com/2025/09/dprk-hackers-use-clickfix-to-deliver.html Threat actors with ties to the Democratic People's Republic of Korea (aka DPRK or North Korea) have been observed leveraging ClickFix-style lures to deliver a known malware called BeaverTail and InvisibleFerret. "The threat actor used ClickFix lures to target marketing and trader roles in cryptocurrency and retail sector organizations rather than targeting software development roles," GitLab

LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer https://thehackernews.com/2025/09/lastpass-warns-of-fake-repositories.html LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malware-laced programs masquerading as legitimate tools. "In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware," researchers Alex Cox, Mike Kosak, and

Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell https://thehackernews.com/2025/09/researchers-uncover-gpt-4-powered.html Cybersecurity researchers have discovered what they say is the earliest example known to date of a malware with that bakes in Large Language Model (LLM) capabilities. The malware has been codenamed MalTerminal by SentinelOne SentinelLABS research team. The findings were presented at the LABScon 2025 security conference. In a report examining the malicious use of LLMs, the cybersecurity company

ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent https://thehackernews.com/2025/09/shadowleak-zero-click-flaw-leaks-gmail.html Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT's Deep Research agent that could allow an attacker to leak sensitive Gmail inbox data with a single crafted email without any user action. The new class of attack has been codenamed ShadowLeak by Radware. Following responsible disclosure on June 18, 2025, the issue was addressed by OpenAI in early August. "The attack

Gamaredon X Turla collab https://www.welivesecurity.com/en/eset-research/gamaredon-x-turla-collab/ Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine

UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware https://thehackernews.com/2025/09/unc1549-hacks-34-devices-in-11-telecom.html An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn. Swiss cybersecurity company PRODAFT is tracking the cluster under the name Subtle Snail. It's assessed to be affiliated with Iran's Islamic

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers https://thehackernews.com/2025/09/systembc-powers-rem-proxy-with-1500.html A proxy network known as REM Proxy is powered by malware known as SystemBC, offering about 80% of the botnet to its users, according to new findings from the Black Lotus Labs team at Lumen Technologies. "REM Proxy is a sizeable network, which also markets a pool of 20,000 Mikrotik routers and a variety of open proxies it finds freely available online," the company said in a report shared with

Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability https://thehackernews.com/2025/09/fortra-releases-critical-patch-for-cvss.html Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands. The vulnerability, tracked as CVE-2025-10035, carries a CVSS score of 10.0, indicating maximum severity. "A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged

17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge https://thehackernews.com/2025/09/17500-phishing-domains-target-316.html The phishing-as-a-service (PhaaS) offering known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries. "Phishing-as-a-Service (PhaaS) deployments have risen significantly recently," Netcraft said in a new report. "The PhaaS operators charge a monthly fee for phishing software with pre-installed templates impersonating, in some cases,

How To Automate Alert Triage With AI Agents and Confluence SOPs Using Tines https://thehackernews.com/2025/09/how-to-automate-alert-triage-with-ai.html Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. The workflow we are highlighting streamlines security alert handling by automatically identifying and executing the appropriate Standard

Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine https://thehackernews.com/2025/09/russian-hackers-gamaredon-and-turla.html Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities. Slovak cybersecurity company ESET said it observed the Gamaredon tools PteroGraphin and PteroOdd being used to execute Turla group's Kazuar backdoor on an endpoint in Ukraine in February 2025, indicating that Turla is very likely

Small businesses, big targets: Protecting your business against ransomware https://www.welivesecurity.com/en/business-security/small-businesses-big-targets-protecting-business-ransomware/ Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises

U.K. Arrests Two Teen Scattered Spider Hackers Linked to August 2024 TfL Cyber Attack https://thehackernews.com/2025/09/uk-arrest-two-teen-scattered-spider.html Law enforcement authorities in the U.K. have arrested two teen members of the Scattered Spider hacking group in connection with their alleged participation in an August 2024 cyber attack targeting Transport for London (TfL), the city's public transportation agency. Thalha Jubair (aka EarthtoStar, Brad, Austin, and @autistic), 19, from East London and Owen Flowers, 18, from Walsall, West Midlands