Collecting Cyber-News from over 60 sources

Tag: update

For the first time, a RomCom payload has been observed being distributed via SocGholish

Nov 26, 2025 9:49 PM

Tags: exploit, malware, threat, update

RomCom malware used the SocGholish fake update loader to deliver Mythic Agent to a U.S. civil engineering firm. In September 2025, Arctic Wolf Labs observed RomCom threat actors delivering the Mythic Agent via SocGholish to a U.S. company. The researchers noticed that the payload executed about 10 minutes after initial exploitation, marking the first time…
Neue Variante des Shai-Hulud Worm – Supply-Chain-Angriff trifft über 1.000 npm-Pakete

Nov 26, 2025 7:50 PM

Tags: cyberattack, supply-chain, update, worm

First seen on security-insider.de Jump to article: www.security-insider.de/npm-pakete-supply-chain-angriff-malware-infektion-a-7058d3a07ba5184bbd66002da6001877/
Security keys may prompt for PIN after recent updates

Nov 26, 2025 4:49 PM

Tags: microsoft, update, windows

Microsoft warned users on Tuesday that FIDO2 security keys may prompt them to enter a PIN when signing in after installing Windows updates released since the September 2025 preview update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fido2-security-keys-may-prompt-for-pin-after-recent-windows-updates/
Neue ClickFix-Kampagne nutzt Fake-Windows-Updates

Nov 26, 2025 3:50 PM

Tags: captcha, cyberattack, endpoint, group, malware, monitoring, phishing, powershell, social-engineering, update, windows

Cyberkriminelle nutzen eine gefälschte Windows-Update-Seite, um Mitarbeiter anzugreifen.Forscher des Security-Anbieters Huntress sind kürzlich auf eine neue ClickFix-Kampagne gestoßen, die auf Mitarbeiter in Unternehmen zielt. Laut Forschungsbericht haben die Angreifer ihre Malware dabei in den Pixeln eines Bildes versteckt, das eine Windows-Update-Seite vortäuscht. Dort werden die Benutzer aufgefordert, auf Ausführen zu klicken, um einen bösartigen Befehl…
Threat Actors Use Fake Update Lures to Deploy SocGholish Malware

Nov 26, 2025 2:49 PM

Tags: cyber, group, infrastructure, malware, russia, threat, update

In a significant escalation of cyber threats, Arctic Wolf Labs has identified a coordinated campaign in which the Russian-aligned RomCom threat group leverages the SocGholish malware to target a U.S.-based engineering firm with suspected ties to Ukraine. This marks the first documented instance of RomCom payloads being distributed through SocGholish’s infrastructure, signaling a dangerous convergence…
Threat Actors Use Fake Update Lures to Deploy SocGholish Malware

Nov 26, 2025 2:49 PM

Tags: cyber, group, infrastructure, malware, russia, threat, update

In a significant escalation of cyber threats, Arctic Wolf Labs has identified a coordinated campaign in which the Russian-aligned RomCom threat group leverages the SocGholish malware to target a U.S.-based engineering firm with suspected ties to Ukraine. This marks the first documented instance of RomCom payloads being distributed through SocGholish’s infrastructure, signaling a dangerous convergence…
ASUS warns of new critical auth bypass flaw in AiCloud routers

Nov 26, 2025 1:49 PM

Tags: authentication, firmware, flaw, router, update, vulnerability

ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/asus-warns-of-new-critical-auth-bypass-flaw-in-aicloud-routers/
ASUS warns of new critical auth bypass flaw in AiCloud routers

Nov 26, 2025 1:49 PM

Tags: authentication, firmware, flaw, router, update, vulnerability

ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/asus-warns-of-new-critical-auth-bypass-flaw-in-aicloud-routers/
Microsoft Teams Rolls Out New Feature For Faster Startup and Better Performance

Nov 26, 2025 12:49 PM

Tags: cyber, microsoft, startup, update, windows

Microsoft Teams is set to launch a key update for its Windows desktop client, introducing a new child process, ms-teams_modulehost.exe, to boost the performance of calling features and reduce startup times. This change separates the calling stack from the primary ms-teams.exe process, allowing better resource management and smoother meetings without altering user interfaces or workflows.…
Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools

Nov 26, 2025 12:49 PM

Tags: jobs, risk, tool, update

If you’re using community tools like Chocolatey or Winget to keep systems updated, you’re not alone. These platforms are fast, flexible, and easy to work with”, making them favorites for IT teams. But there’s a catch…The very tools that make your job easier might also be the reason your systems are at risk.These tools are…
Microsoft Teams Rolls Out New Feature For Faster Startup and Better Performance

Nov 26, 2025 12:49 PM

Tags: cyber, microsoft, startup, update, windows

Microsoft Teams is set to launch a key update for its Windows desktop client, introducing a new child process, ms-teams_modulehost.exe, to boost the performance of calling features and reduce startup times. This change separates the calling stack from the primary ms-teams.exe process, allowing better resource management and smoother meetings without altering user interfaces or workflows.…
RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

Nov 26, 2025 10:49 AM

Tags: attack, malware, threat, update

The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent.”This is the first time that a RomCom payload has been observed being distributed by SocGholish,” Arctic Wolf Labs researcher Jacob Faires said in a Tuesday report.The activity has…
New ClickFix attacks use fake Windows Update screens to fool employees

Nov 26, 2025 5:49 AM

Tags: access, attack, awareness, captcha, computer, control, data, defense, detection, edr, email, endpoint, exploit, group, infection, intelligence, malicious, malware, monitoring, network, okta, phishing, powershell, russia, tactics, threat, tool, training, update, windows

Run dialog box, Windows Terminal, or Windows PowerShell. This leads to the downloading of scripts that launch malware.Two new tactics are used in the latest ClickFix campaign, says Huntress:the use since early October of a fake blue Windows Update splash page in full-screen, displaying realistic “Working on updates” animations that eventually conclude by prompting the user to…
Cobalt Strike 4.12 Adds New Injection, UAC Bypasses C2 Features

Nov 25, 2025 7:49 PM

Tags: api, control, cyber, injection, RedTeam, update

Fortra has officially released Cobalt Strike 4.12, introducing a comprehensive suite of new features designed to enhance red team operations and offensive security research. The update delivers a modernized GUI, a groundbreaking REST API, User Defined Command and Control (UDC2), advanced process injection techniques, new UAC bypasses, and enhanced evasion capabilities via drip-loading Malleable C2 options.…
Cobalt Strike 4.12 Adds New Injection, UAC Bypasses C2 Features

Nov 25, 2025 7:49 PM

Tags: api, control, cyber, injection, RedTeam, update

Fortra has officially released Cobalt Strike 4.12, introducing a comprehensive suite of new features designed to enhance red team operations and offensive security research. The update delivers a modernized GUI, a groundbreaking REST API, User Defined Command and Control (UDC2), advanced process injection techniques, new UAC bypasses, and enhanced evasion capabilities via drip-loading Malleable C2 options.…
Cobalt Strike 4.12 Adds New Injection, UAC Bypasses C2 Features

Nov 25, 2025 7:49 PM

Tags: api, control, cyber, injection, RedTeam, update

Fortra has officially released Cobalt Strike 4.12, introducing a comprehensive suite of new features designed to enhance red team operations and offensive security research. The update delivers a modernized GUI, a groundbreaking REST API, User Defined Command and Control (UDC2), advanced process injection techniques, new UAC bypasses, and enhanced evasion capabilities via drip-loading Malleable C2 options.…
Cobalt Strike 4.12 Adds New Injection, UAC Bypasses C2 Features

Nov 25, 2025 7:49 PM

Tags: api, control, cyber, injection, RedTeam, update

Fortra has officially released Cobalt Strike 4.12, introducing a comprehensive suite of new features designed to enhance red team operations and offensive security research. The update delivers a modernized GUI, a groundbreaking REST API, User Defined Command and Control (UDC2), advanced process injection techniques, new UAC bypasses, and enhanced evasion capabilities via drip-loading Malleable C2 options.…
Cobalt Strike 4.12 Adds New Injection, UAC Bypasses C2 Features

Nov 25, 2025 7:49 PM

Tags: api, control, cyber, injection, RedTeam, update

Fortra has officially released Cobalt Strike 4.12, introducing a comprehensive suite of new features designed to enhance red team operations and offensive security research. The update delivers a modernized GUI, a groundbreaking REST API, User Defined Command and Control (UDC2), advanced process injection techniques, new UAC bypasses, and enhanced evasion capabilities via drip-loading Malleable C2 options.…
Find the Invisible: Salt MCP Finder Technology for Proactive MCP Discovery

Nov 25, 2025 6:49 PM

Tags: access, ai, api, attack, ciso, cloud, control, data, data-breach, finance, gartner, infrastructure, injection, Internet, LLM, risk, service, technology, tool, update

The conversation about AI security has shifted. For the past year, the focus has been on the model itself: poisoning data, prompt injection, and protecting intellectual property. These are critical concerns, but they miss the bigger picture of how AI is actually being operationalized in the enterprise. We are entering the era of Agentic AI.…
Telecom security reboot: Why zero trust is the only way forward

Nov 25, 2025 4:49 PM

Tags: access, attack, authentication, breach, china, compliance, control, credentials, cybersecurity, data, defense, detection, endpoint, framework, governance, group, hacker, Hardware, infrastructure, ISO-27001, network, nis-2, nist, ransomware, regulation, risk, service, threat, tool, update, zero-trust

IT and OT: Impact is linked: Most OT attacks start in IT environments these days. Once attackers get hold of admin credentials or find a weak interface, they can jump straight into the network gear or base-station controllers.Bridging this isn’t about shuffling org charts. It’s about seeing everything at once and building a single rulebook.…
Telecom security reboot: Why zero trust is the only way forward

Nov 25, 2025 4:49 PM

Tags: access, attack, authentication, breach, china, compliance, control, credentials, cybersecurity, data, defense, detection, endpoint, framework, governance, group, hacker, Hardware, infrastructure, ISO-27001, network, nis-2, nist, ransomware, regulation, risk, service, threat, tool, update, zero-trust

IT and OT: Impact is linked: Most OT attacks start in IT environments these days. Once attackers get hold of admin credentials or find a weak interface, they can jump straight into the network gear or base-station controllers.Bridging this isn’t about shuffling org charts. It’s about seeing everything at once and building a single rulebook.…
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Nov 25, 2025 3:49 PM

Tags: cybersecurity, malicious, malware, phishing, update, windows

Cybersecurity researchers are calling attention to a new campaign that’s leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a “critical” Windows security update.”Campaign leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism, likely distributed via malvertising,” Acronis said in a…
Update Firefox to Patch CVE-2025-13016 Vulnerability Affecting 180 Million Users

Nov 25, 2025 2:49 PM

Tags: ai, browser, cve, flaw, update, vulnerability

AI security firm AISLE revealed CVE-2025-13016, a critical Firefox Wasm bug that risked 180M users for six months. Learn how the memory flaw allowed code execution. First seen on hackread.com Jump to article: hackread.com/update-firefox-patch-cve-2025-13016-vulnerability/
ClickFix Attack Uses Steganography to Hide Malware in Fake Windows Security Update

Nov 25, 2025 1:51 PM

Tags: attack, cyber, cybersecurity, malicious, malware, social-engineering, update, windows

Cybersecurity researchers at Huntress have uncovered a sophisticated ClickFix campaign that leverages steganography to conceal malicious code within PNG images disguised as Windows Update screens. The attack chain delivers multiple variants of information-stealing malware, including LummaC2 and Rhadamanthys, through a deceptive social engineering technique that tricks users into executing commands via the Windows Run prompt.…
FAQ About Sha1-Hulud 2.0: The >>Second Coming<< of the npm Supply-Chain Campaign

Nov 25, 2025 9:49 AM

Tags: attack, cloud, corporate, data, defense, github, intelligence, malicious, malware, radius, risk, risk-analysis, supply-chain, tactics, threat, tool, update

Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages. A massive resurgence of the Sha1-Hulud malware family, self-titled by the attackers as “The Second Coming,” was observed around Nov. 24 targeting…
FAQ About Sha1-Hulud 2.0: The >>Second Coming<< of the npm Supply-Chain Campaign

Nov 25, 2025 9:49 AM

Tags: attack, cloud, corporate, data, defense, github, intelligence, malicious, malware, radius, risk, risk-analysis, supply-chain, tactics, threat, tool, update

Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages. A massive resurgence of the Sha1-Hulud malware family, self-titled by the attackers as “The Second Coming,” was observed around Nov. 24 targeting…
Attackers are Using Fake Windows Updates in ClickFix Scams

Nov 25, 2025 5:49 AM

Tags: malicious, malware, scam, threat, update, windows

Huntress threat researchers are tracking a ClickFix campaign that includes a variant of the scheme in which the malicious code is hidden in the fake image of a Windows Update and, if inadvertently downloaded by victims, will deploy the info-stealing malware LummaC2 and Rhadamanthys. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/attackers-are-using-fake-windows-updates-in-clickfix-scams/
Attackers are Using Fake Windows Updates in ClickFix Scams

Nov 25, 2025 5:49 AM

Tags: malicious, malware, scam, threat, update, windows

Huntress threat researchers are tracking a ClickFix campaign that includes a variant of the scheme in which the malicious code is hidden in the fake image of a Windows Update and, if inadvertently downloaded by victims, will deploy the info-stealing malware LummaC2 and Rhadamanthys. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/attackers-are-using-fake-windows-updates-in-clickfix-scams/
NVIDIA Isaac-GROOT Flaws Let Attackers Inject Malicious Code

Nov 25, 2025 1:49 AM

Tags: access, cve, cyber, data, flaw, injection, malicious, nvidia, software, update, vulnerability

NVIDIA has released security updates addressing two critical code injection vulnerabilities in its Isaac-GR00T robotics software platform. The flaws could allow attackers with local system access to execute arbitrary code, escalate privileges, and tamper with sensitive data, potentially compromising robotic systems and their underlying infrastructure. The vulnerabilities, tracked as CVE-2025-33183 and CVE-2025-33184, affect all versions…
Fresh ClickFix attacks use Windows Update trick-pics to steal credentials

Nov 25, 2025 12:49 AM

Tags: attack, credentials, malicious, update, windows

Poisoned PNGs contain malicious code First seen on theregister.com Jump to article: www.theregister.com/2025/11/24/clickfix_attack_infostealers_images/