Cyber Security News
Kanalga Telegramāda oātish
Be Cyber Aware. Our chat: t.me/cybersecuritynewschat Our vacancies channel: @CyberSecurityJobs LinkedIn: https://www.linkedin.com/company/securitynews/ Improve Your Cyber Skills: https://linktr.ee/cybersecuritynews š© Cooperation: @cybersecadmin
Ko'proq ko'rsatish54 612
Obunachilar
+1324 soatlar
+857 kunlar
+44030 kunlar
Ma'lumot yuklanmoqda...
O'xshash kanallar
Taglar buluti
Kirish va chiqish esdaliklari
---
---
---
---
---
---
Obunachilarni jalb qilish
Dekabr '25
Dekabr '25
+208
0 kanalda
Noyabr '25
+577
0 kanalda
Get PRO
Oktabr '25
+123
0 kanalda
Get PRO
Sentabr '250
0 kanalda
Get PRO
Avgust '250
0 kanalda
Get PRO
Iyul '250
0 kanalda
Get PRO
Iyun '250
0 kanalda
Get PRO
May '250
0 kanalda
Get PRO
Aprel '250
0 kanalda
Get PRO
Mart '250
0 kanalda
Get PRO
Fevral '250
0 kanalda
Get PRO
Yanvar '25
+14
0 kanalda
Get PRO
Dekabr '24
+60
0 kanalda
Get PRO
Noyabr '24
+174
0 kanalda
Get PRO
Oktabr '24
+171
0 kanalda
Get PRO
Sentabr '24
+6 434
0 kanalda
Get PRO
Avgust '24
+4 165
0 kanalda
Get PRO
Iyul '24
+1 285
0 kanalda
Get PRO
Iyun '24
+979
0 kanalda
Get PRO
May '24
+1 152
0 kanalda
Get PRO
Aprel '24
+1 347
0 kanalda
Get PRO
Mart '24
+1 276
0 kanalda
Get PRO
Fevral '24
+1 239
0 kanalda
Get PRO
Yanvar '24
+1 374
0 kanalda
Get PRO
Dekabr '23
+1 168
0 kanalda
Get PRO
Noyabr '23
+733
0 kanalda
Get PRO
Oktabr '23
+634
0 kanalda
Get PRO
Sentabr '23
+881
0 kanalda
Get PRO
Avgust '23
+2 789
0 kanalda
Get PRO
Iyul '230
0 kanalda
Get PRO
Iyun '23
+24
0 kanalda
Get PRO
May '23
+1 119
0 kanalda
Get PRO
Aprel '23
+3 041
0 kanalda
Get PRO
Mart '23
+96
0 kanalda
Get PRO
Fevral '23
+6 714
0 kanalda
Get PRO
Yanvar '230
0 kanalda
Get PRO
Dekabr '220
0 kanalda
Get PRO
Noyabr '220
0 kanalda
Get PRO
Oktabr '22
+165
0 kanalda
Get PRO
Sentabr '22
+863
0 kanalda
Get PRO
Avgust '22
+793
0 kanalda
Get PRO
Iyul '22
+893
0 kanalda
Get PRO
Iyun '22
+858
0 kanalda
Get PRO
May '22
+837
0 kanalda
Get PRO
Aprel '22
+812
0 kanalda
Get PRO
Mart '22
+1 316
0 kanalda
Get PRO
Fevral '22
+931
0 kanalda
Get PRO
Yanvar '22
+24 496
0 kanalda
| Sana | Obunachilarni jalb qilish | Esdaliklar | Kanallar | |
| 17 Dekabr | 0 | |||
| 16 Dekabr | +13 | |||
| 15 Dekabr | +7 | |||
| 14 Dekabr | +28 | |||
| 13 Dekabr | +12 | |||
| 12 Dekabr | +18 | |||
| 11 Dekabr | +13 | |||
| 10 Dekabr | +5 | |||
| 09 Dekabr | +10 | |||
| 08 Dekabr | +8 | |||
| 07 Dekabr | 0 | |||
| 06 Dekabr | +7 | |||
| 05 Dekabr | +19 | |||
| 04 Dekabr | +5 | |||
| 03 Dekabr | +19 | |||
| 02 Dekabr | +17 | |||
| 01 Dekabr | +27 |
Kanal postlari
šØ New Threat Alert: Salty2FA & Tycoon2FA are Now Targeting Enterprises in a Joint Phishing Operation.
A new PhaaS āchimeraā now appears inside the same campaigns and even the same payloads, making attribution harder.
See the hybrid payload executed in the @anyrun_app sandbox ā click here.
šØāš» Get all the details and actionable IOCs to adapt detection and threat hunting ā click here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
1 44720
| 2 | Highly Popular NPM Packages Poisoned in New Supply Chain Attack
A DuckDB maintainer was also phished, but the DuckDBLabs team was able to block the attackerās access shortly after.
However, the DuckDB distribution for Node.js on the NPM registry was injected with malware, the team announced.
Cyber_Security_Channel | 2 518 |
| 3 | React2Shell Attacks Linked to North Korean Hackers
In the EtherRAT attack, React2Shell is exploited to execute a shell command for downloading and executing a shell script designed to deploy a JavaScript implant.
This implant is a dropper that decrypts the main payload, EtherRAT.
Cyber_Security_Channel | 3 495 |
| 4 |  š“ LIVE from inside #Lazarus APT's IT workers scheme.
Ā
For weeks, researchers from NorthScan & BCA LTD kept #hackers believing they controlled a US dev's laptop.
In reality, it was #ANYRUN sandbox recording everything.
Ā
ā”ļø See full story and videos ā click here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel | 3 973 |
| 5 | Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors
All gained āFeaturedā and āVerifiedā statuses from Google, before the threat actor weaponized them with a malicious update in mid-2024.
One of them, Clean Master, had more than 300,000 installs.
The update essentially transformed the extensions into a remote code execution framework, Koi says.
Every hour, the extensions would check an external server for instructions and execute arbitrary JavaScript code, with full browser API access.
Cyber_Security_Channel | 4 944 |
| 6 |  š£ Webinar: Cybersecurity Law, Regulations and Compliance
Enhance your ImmuniWebĀ® AI Platform skills, earn CPE credits & qualify to become ImmuniWebĀ® Certified Professional.
Key insights:
ā¢ Recent developments in data protection, privacy law
ā¢ Cybersecurity requirements, penalties personal liability for non-compliance
ā¢ Strategies to reduce legal risks
ā¢ Insurance pitfalls & ways to avoid them
ā¢ Best data breach investigation practices & disclosure in 2026
ā¢ HowĀ cybersecurity compliance servicesĀ by ImmuniWeb can help
ā When: December 11 at 10am, 5pm and 9pm CET.
ā Host: Dr. Ilia Kolochenko, CEO & Chief Architect at ImmuniWeb, Attorney-at-Law.
Registration is open:
Session 1 ā December 11, 2025
GenevaĀ 10am |Ā DubaiĀ 1pm | SingaporeĀ 5pm
š Click here.
Session 2 ā December 11, 2025
GenevaĀ 5pm |Ā New YorkĀ 11am |Ā CaliforniaĀ 8am
š Click here.
Session 3 ā December 11, 2025
GenevaĀ 9pm |Ā New YorkĀ 3pm |Ā CaliforniaĀ 12pm
š Click here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel | 4 906 |
| 7 | ā”ļøUniversity of Pennsylvania Confirms New Data Breach After Oracle Hack
University of Pennsylvania disclosed another breach in late October 2025, after a hacker compromised internal systems and stole data on Penn's development and alumni activities.
The attacker claimed they exfiltrated personal information belonging to roughly 1.2 million students, alumni, and donors.
Institution noted that the attackers exploited a previously unknown security vulnerability.
@Cyber_Security_Channel | 4 625 |
| 8 | Beyond the Prompt: Building Trustworthy Agent Systems
Output validation & guardrails: never trust raw agent output.
Implement strict validation checks before any action is taken or result is presented. Define clear boundaries for what actions are permissible (e.g., ācan read this database but never modify itā).
Cyber_Security_Channel | 429 |
| 9 | Securing The Human Layer: Modernising Workforce Authentication
Attackers are using increasingly sophisticated techniques, including credential spraying, brute-force attacks and malware that intercepts passwords and one-time passwords (OTPs).
Additionally, push-bombing or MFA fatigue attacks overwhelm users with mobile push authentication prompts, increasing the likelihood of accidental approval.
These vulnerabilities highlight the urgent need to move away from legacy authentication methods, which consistently fail to prevent breaches and expose organizations to financial, reputational and operational harm.
Cyber_Security_Channel | 5 214 |
| 10 | Chrome Sandbox Escape Earns Researcher $250,000
$250,000 is the maximum reward that Google is prepared to pay out for a Chrome sandbox escape vulnerability, but the amount can only be earned for a submission that includes a high-quality report with demonstration of remote code execution.
Cyber_Security_Channel | 5 543 |
| 11 | Back in August: 6.4 million Bouygues Telecom customers just had their data exposed in a huge data breach ā and it's the second to hit French telecoms operators in a month
Never share your usernames and passwords.
Be particularly wary of calls from fake bank advisors who may try to gain your trust by giving your name or account number.
If in doubt, end the call and call your bank or bank advisor back at their usual number.
Cyber_Security_Channel | 6 016 |
| 12 | Chinese Cyberspies Deploy āBadAudioā Malware via Supply Chain Attacks
BadAudio is deployed as a DLL and uses search order hijacking for execution.
Recent versions have been dropped in archives also containing VBS, BAT, and LNK files, designed to automate the malwareās placement, to achieve persistence, and trigger the DLLās sideloading.
Cyber_Security_Channel | 6 168 |
| 13 |  Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data
As soon as the card details, along with the expiration data and CVV number, are entered, the page attempts to process a transaction in the background...
While a "support chat" window appears on the screen with steps to complete a supposed "3D Secure verification for your credit card" to secure against fake bookings.
š· Photo Credit: Dreamstime
Cyber_Security_Channel | 6 310 |
| 14 | Newly Identified Android Spyware Appears to be From a Commercial Vendor
The Android spyware, dubbed LANDFALL, exploited a zero-day, or previously undocumented, vulnerability in Galaxy phonesā image processing libraries.
The spyware was likely sent via the WhatsApp messaging platform to exfiltrate data and snoop on targets.
The vulnerability was privately reported to Samsung in September 2024 but the company did not release a firmware update to fix it until April 2025.
Cyber_Security_Channel | 6 476 |
| 15 |  šØāš» SOC Leaderās Playbook: 3 Steps to Faster MTTR
Get actionable tips in a Live Webinar on November 25.Ā
In this session, ANY.RUN experts will demonstrate how to:
ā¢ Eliminate the alert fatigueĀ
ā¢ Achieve a 3x performance boostĀ Ā
ā¢ Ensure early detection of new attacks
ā¢ Reduce MTTR by 21 minutes per incidentĀ Ā
āļø Who should attend?
SOC leaders, security managers, CISOs, and analysts of all tiers lookingĀ to improve their security posture.
Join a FREE webinar ā click here to register.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel | 6 637 |
| 16 | Google Finds Malware Connecting to AI Large Language Models to Hone Attacks
One of the attacks, dubbed Quietvault, has been designed to steal login credentials from a Windows PC while leveraging "an AI prompt and on-host installed AI CLI [command line interface] tools to search for other potential secrets on the infected system.
Another malware strain, called Promptflux, appears to be experimental work by hackers. It stands out by tapping Googleās Gemini chatbot to modify its computer code to avoid detection.
āThe most novel component of PROMPTFLUX is its āThinking Robotā module, designed to periodically query Gemini to obtain new code for evading antivirus software,
Cyber_Security_Channel | 5 828 |
| 17 | August Spotlight: Australiaās TPG Telecom Investigating iiNet Hack
The investigation is ongoing, but the company has determined that the hackers have exfiltrated email addresses, phone numbers and other types of data from the compromised system.
Cyber_Security_Channel | 5 653 |
| 18 |  š£ Webinar: GenAI in Cybersecurity and Cybercrime
Join ImmuniWeb webinar to enhance your ImmuniWebĀ® AI Platform skills, earn CPE credits, and qualify to become ImmuniWebĀ® Certified Professional.
Key insights that will be covered:
ā¢ Emerging AI laws and regulations to consider
ā¢ Overall state of GenAI trends and developments
ā¢ GenAI in cybercrime: myths, realities and threats
ā¢ GenAI in cybersecurity: myths, risks and benefits
ā¢ Hacking AI-powered apps: OWASP Top 10 for LLMs
ā Date & Time: November 20 at 10am, 5pm and 9pm CET.
ā Host: Dr. Ilia Kolochenko, CEO & Chief Architect at ImmuniWeb, Attorney-at-Law.
Registration is open:
Session 1 ā November 20, 2025
GenevaĀ 10am |Ā DubaiĀ 1pm |Ā SingaporeĀ 5pm
š Click here.
Session 2 ā November 20, 2025
GenevaĀ 5pm |Ā New YorkĀ 11am |Ā CaliforniaĀ 8am
š Click here.
Session 3 ā November 20, 2025
GenevaĀ 9pm |Ā New YorkĀ 3pm |Ā CaliforniaĀ 12pm
š Click here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel | 5 941 |
| 19 | Fresh, Just In: Many Forbes AI 50 Companies Leak Secrets on GitHub
Wizās scans also covered members and contributors of the core organization that could inadvertently expose company secrets in their own public repositories.
In addition, the scans targeted less common AI-related secrets that may be missed by traditional scanners.
Cyber_Security_Channel | 5 394 |
| 20 |  š“ Live Stream Announcement!
Join Mauro Eldritch to dissect FunkLocker; AI-powered #FunkSec ransomware behind 120+ attacks across North America and Asia.
Get actionable insights and learn to detect a full attack chain in minutes.
š When: Nov 12, 3:00 PM, UTC
š Set a reminder and tune in: https://www.youtube.com/live/PiWOtiYs25s?si=8CT55R0mxTFkQafx
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel | 5 602 |
