AsyncRAT seeds family of more than 30 remote access trojans
https://cyberscoop.com/asyncrat-malware-variants-eset/
https://cyberscoop.com/asyncrat-malware-variants-eset/
CyberScoop
AsyncRAT seeds family of more than 30 remote access trojans
ESET researchers observed tens of thousands of machines infected with AsyncRAT and its variants over the past year. The open-source malware is a popular tool among cybercriminals.
Waltz brushes off SignalGate questions, points finger at CISA
https://cyberscoop.com/waltz-signal-gate-cisa-guidance-senate-foreign-relations/
https://cyberscoop.com/waltz-signal-gate-cisa-guidance-senate-foreign-relations/
CyberScoop
Waltz brushes off SignalGate questions, points finger at CISA
In congressional testimony, President Trump’s former national security adviser said his use of Signal to coordinate military operations was “driven by” cybersecurity guidance from CISA.
Abacus dark web drug market goes offline in suspected exit scam
https://www.bleepingcomputer.com/news/security/abacus-dark-web-drug-market-goes-offline-in-suspected-exit-scam/
https://www.bleepingcomputer.com/news/security/abacus-dark-web-drug-market-goes-offline-in-suspected-exit-scam/
OpenAI's image model gets built-in style feature on ChatGPT
https://www.bleepingcomputer.com/news/artificial-intelligence/openais-image-model-gets-built-in-style-feature-on-chatgpt/
https://www.bleepingcomputer.com/news/artificial-intelligence/openais-image-model-gets-built-in-style-feature-on-chatgpt/
BleepingComputer
OpenAI's image model gets built-in style feature on ChatGPT
OpenAI's image gen model, which is available via ChatGPT for free, now lets you easily create AI images even if you're not familiar with trends or prompt engineering.
Urgent Chrome Update: Google Patches Critical Zero-Day (CVE-2025-6558) Under Active Attack
https://securityonline.info/urgent-chrome-update-google-patches-critical-zero-day-cve-2025-6558-under-active-attack/
https://securityonline.info/urgent-chrome-update-google-patches-critical-zero-day-cve-2025-6558-under-active-attack/
Daily CyberSecurity
Urgent Chrome Update: Google Patches Critical Zero-Day (CVE-2025-6558) Under Active Attack
Google released a critical Chrome update (138.0.7204.157/.158) patching six vulnerabilities, including CVE-2025-6558, a high-severity zero-day actively exploited in the wild. Update immediately!
Broadcom Addresses Critical Vulnerabilities in VMware ESXi, Workstation, and Fusion
https://securityonline.info/broadcom-addresses-critical-vulnerabilities-in-vmware-esxi-workstation-and-fusion/
https://securityonline.info/broadcom-addresses-critical-vulnerabilities-in-vmware-esxi-workstation-and-fusion/
Daily CyberSecurity
Broadcom Addresses Critical Vulnerabilities in VMware ESXi, Workstation, and Fusion
Broadcom has released urgent patches for four critical (CVSS up to 9.3) VMware vulnerabilities affecting ESXi, Workstation, and Fusion, allowing host code execution.
Apache CXF Vulnerability: DoS and Data Leak Risks Exposed (CVE-2025-48795)
https://securityonline.info/apache-cxf-vulnerability-dos-and-data-leak-risks-exposed-cve-2025-48795/
https://securityonline.info/apache-cxf-vulnerability-dos-and-data-leak-risks-exposed-cve-2025-48795/
Daily CyberSecurity
Apache CXF Vulnerability: DoS and Data Leak Risks Exposed (CVE-2025-48795)
Apache CXF versions are vulnerable to DoS attacks and sensitive data leaks (CVE-2025-48795) due to improper handling of large messages. Update immediately!
Former Army soldier pleads guilty to widespread attack spree linked to AT&T, Snowflake and others
https://cyberscoop.com/cameron-wagenius-att-snowflake-guilty-plea/
https://cyberscoop.com/cameron-wagenius-att-snowflake-guilty-plea/
CyberScoop
Former Army soldier pleads guilty to widespread attack spree linked to AT&T, Snowflake and others
Cameron Wagenius faces a maximum of 27 years in prison. A researcher that helped with the investigation called this ‘one of the most significant wins in the fight against cybercrime.'
US Army Soldier “kiberphant0m” Pleads Guilty to Telecom Hacking & $1M Extortion Scheme
https://securityonline.info/us-army-soldier-kiberphant0m-pleads-guilty-to-telecom-hacking-1m-extortion-scheme/
https://securityonline.info/us-army-soldier-kiberphant0m-pleads-guilty-to-telecom-hacking-1m-extortion-scheme/
Daily CyberSecurity
US Army Soldier "kiberphant0m" Pleads Guilty to Telecom Hacking & $1M Extortion Scheme
A former US Army soldier, Cameron John Wagenius (kiberphant0m), pleaded guilty to hacking telecom companies, stealing data, and attempting to extort $1 million.
Google’s $3B Hydropower Bet: Fueling AI While Facing Data Center Water Crisis
https://securityonline.info/googles-3b-hydropower-bet-fueling-ai-while-facing-data-center-water-crisis/
https://securityonline.info/googles-3b-hydropower-bet-fueling-ai-while-facing-data-center-water-crisis/
Daily CyberSecurity
Google's $3B Hydropower Bet: Fueling AI While Facing Data Center Water Crisis
Google secures 3GW of hydropower in a $3B deal to power its AI data centers, while the tech industry faces mounting criticism over its massive water consumption.
New PhantomRemote Backdoor Targets Russian Healthcare & IT, Linked to Rainbow Hyena Attacks
https://securityonline.info/new-phantomremote-backdoor-targets-russian-healthcare-it-linked-to-rainbow-hyena-attacks/
https://securityonline.info/new-phantomremote-backdoor-targets-russian-healthcare-it-linked-to-rainbow-hyena-attacks/
Daily CyberSecurity
New PhantomRemote Backdoor Targets Russian Healthcare & IT, Linked to Rainbow Hyena Attacks
The Rainbow Hyena threat cluster is unleashing PhantomRemote, a new backdoor, in phishing attacks against Russia's healthcare and IT sectors, leveraging compromised emails.
GLOBAL GROUP: New Ransomware Giant Emerges with AI Negotiators, Affiliate Incentives, and Industrial-Scale Attacks
https://securityonline.info/global-group-new-ransomware-giant-emerges-with-ai-negotiators-affiliate-incentives-and-industrial-scale-attacks/
https://securityonline.info/global-group-new-ransomware-giant-emerges-with-ai-negotiators-affiliate-incentives-and-industrial-scale-attacks/
Daily CyberSecurity
GLOBAL GROUP: New Ransomware Giant Emerges with AI Negotiators, Affiliate Incentives, and Industrial-Scale Attacks
GLOBAL GROUP, a rebranded RaaS operation, is aggressively targeting critical infrastructure worldwide, leveraging AI chatbots for automated, high-pressure ransom negotiations.
Warning: “Educational” Octalyn Forensic Toolkit is a Dangerous Telegram-Controlled Credential Stealer
https://securityonline.info/warning-educational-octalyn-forensic-toolkit-is-a-dangerous-telegram-controlled-credential-stealer/
https://securityonline.info/warning-educational-octalyn-forensic-toolkit-is-a-dangerous-telegram-controlled-credential-stealer/
Daily CyberSecurity
Warning: "Educational" Octalyn Forensic Toolkit is a Dangerous Telegram-Controlled Credential Stealer
Cyfirma uncovers "Octalyn Forensic Toolkit," a GitHub-hosted "educational" tool that's actually a modular credential stealer exfiltrating data via Telegram.
Warning: Fake Remittance Apps Target Bangladeshi Expats, Stealing IDs & Financial Data
https://securityonline.info/warning-fake-remittance-apps-target-bangladeshi-expats-stealing-ids-financial-data/
https://securityonline.info/warning-fake-remittance-apps-target-bangladeshi-expats-stealing-ids-financial-data/
Daily CyberSecurity
Warning: Fake Remittance Apps Target Bangladeshi Expats, Stealing IDs & Financial Data
McAfee warns of a new Android malware campaign targeting Bangladeshi expats with fake remittance apps like TapTap Send, stealing personal and financial data, including photo IDs.
High-Severity Node.js Flaws Expose Windows Apps to Path Traversal (CVE-2025-27210) & HashDoS (CVE-2025-27209) Attacks
https://securityonline.info/high-severity-node-js-flaws-expose-windows-apps-to-path-traversal-cve-2025-27210-hashdos-cve-2025-27209-attacks/
https://securityonline.info/high-severity-node-js-flaws-expose-windows-apps-to-path-traversal-cve-2025-27210-hashdos-cve-2025-27209-attacks/
Daily CyberSecurity
High-Severity Node.js Flaws Expose Windows Apps to Path Traversal (CVE-2025-27210) & HashDoS (CVE-2025-27209) Attacks
OpenJS Foundation released critical Node.js updates patching two high-severity flaws (CVE-2025-27210, CVE-2025-27209) affecting Windows apps, including path traversal bypass and HashDoS.
Critical Pre-Auth Root RCE Found in Samsung WLAN APs, PoC Published – Patch Now!
https://securityonline.info/critical-pre-auth-root-rce-found-in-samsung-wlan-aps-poc-published-patch-now/
https://securityonline.info/critical-pre-auth-root-rce-found-in-samsung-wlan-aps-poc-published-patch-now/
Daily CyberSecurity
Critical Pre-Auth Root RCE Found in Samsung WLAN APs, PoC Published – Patch Now!
A critical pre-authentication root RCE (CVE-2025-34068) in Samsung WLAN AP WEA453e allows full device takeover. Update firmware immediately to version 5.2.4.T1.
Microsoft’s AI Assistant Now Reviews 90% of All Internal Pull Requests, Powering GitHub Copilot
https://securityonline.info/microsofts-ai-assistant-now-reviews-90-of-all-internal-pull-requests-powering-github-copilot/
https://securityonline.info/microsofts-ai-assistant-now-reviews-90-of-all-internal-pull-requests-powering-github-copilot/
Daily CyberSecurity
Microsoft's AI Assistant Now Reviews 90% of All Internal Pull Requests, Powering GitHub Copilot
Microsoft's internal AI assistant automates 90% of all pull request reviews (600K/month), enhancing code quality and accelerating development, with advancements feeding into GitHub Copilot.
Windows 10 LTSB 2015 Reaches End-of-Life: Act Now to Avoid Security Risks
https://securityonline.info/windows-10-ltsb-2015-reaches-end-of-life-act-now-to-avoid-security-risks/
https://securityonline.info/windows-10-ltsb-2015-reaches-end-of-life-act-now-to-avoid-security-risks/
Daily CyberSecurity
Windows 10 LTSB 2015 Reaches End-of-Life: Act Now to Avoid Security Risks
Windows 10 LTSB 2015 reaches its end-of-life on October 14, 2025. Enterprises must upgrade now to avoid losing critical security updates and facing compliance risks.
AI Spam Threatens cURL’s Bug Bounty Program: Developer Considers Shutting It Down
https://securityonline.info/ai-spam-threatens-curls-bug-bounty-program-developer-considers-shutting-it-down/
https://securityonline.info/ai-spam-threatens-curls-bug-bounty-program-developer-considers-shutting-it-down/
Daily CyberSecurity
AI Spam Threatens cURL's Bug Bounty Program: Developer Considers Shutting It Down
The cURL project's bug bounty program is overwhelmed by AI-generated, fraudulent vulnerability submissions, leading the lead developer to consider its discontinuation.
Apple Invests $500M with MP Materials to Secure U.S. Rare Earth Supply & Recycling
https://securityonline.info/apple-invests-500m-with-mp-materials-to-secure-u-s-rare-earth-supply-recycling/
https://securityonline.info/apple-invests-500m-with-mp-materials-to-secure-u-s-rare-earth-supply-recycling/
Daily CyberSecurity
Apple Invests $500M with MP Materials to Secure U.S. Rare Earth Supply & Recycling
Apple commits $500M to MP Materials to boost U.S. rare earth magnet production and recycling. This partnership strengthens Apple's supply chain and U.S. resource autonomy.
DShield Honeypot Scanning Reaches Record-High – 1,000,000+ Logs in a Day
https://cybersecuritynews.com/dshield-honeypot-scanning/
https://cybersecuritynews.com/dshield-honeypot-scanning/
Cyber Security News
DShield Honeypot Scanning Reaches Record-High – 1,000,000+ Logs in a Day
DShield honeypots hit 1M+ logs in a day, marking a major rise in sustained, large-scale malicious scanning across web services.