Cyber News & Articles

Cyber News & Articles

GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module 

Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam.
The attacks, per Slovak cybersecurity company ESET, led to the deployment of a passive C++ backdoor called Rungan and a native Internet Information Services (IIS) module

read more
Cyber News & Articles

Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions 

Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X’s malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok.
The findings were highlighted by Nati Tal, head of Guardio Labs, in a series of posts on X. The technique has been codenamed Grokking.
The approach is designed to

read more
Cyber News & Articles

Google Fined $379 Million by French Regulator for Cookie Consent Violations 

The French data protection authority has fined Google and Chinese e-commerce giant Shein $379 million (€325 million) and $175 million (€150 million), respectively, for violating cookie rules.
Both companies set advertising cookies on users’ browsers without securing their consent, the National Commission on Informatics and Liberty (CNIL) said. Shein has since updated its systems to comply with

read more
Cyber News & Articles

CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting that there is evidence of them being exploited in the wild.
The vulnerabilities in question are listed below –

CVE-2023-50224 (CVSS score: 6.5) – An authentication bypass by spoofing vulnerability

read more
Cyber News & Articles

Smashing Security podcast #433: How hackers turned AI into their new henchman 

Your AI reads the small print, and that’s a problem. This week in episode 433 of “Smashing Security” we dig into LegalPwn – malicious instructions tucked into code comments and disclaimers that sweet-talks AI into rubber-stamping dangerous payloads (or even pretending they’re a harmless calculator).

Meanwhile, new research from Anthropic reveals that hackers have already used AI gents to break into networks, steal passwords, sift through stolen data, and even write custom ransom notes. In other words, one hacker with an AI helper can work like an entire team of cybercriminals.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veteran Graham Cluley, joined this week by Mark Stockley.

read more
Cyber News & Articles

Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers 

Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute malware and fly under the radar.
“The two npm packages abused smart contracts to conceal malicious

read more
Cyber News & Articles

Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure 

Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security flaws.
HexStrike AI, according to its website, is pitched as an AI‑driven security platform to automate reconnaissance and vulnerability discovery with an aim to accelerate authorized red teaming operations, bug bounty hunting,

read more
Cyber News & Articles

Detecting Data Leaks Before Disaster 

In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk.
According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek. This allowed “full control over database operations, including the ability to access

read more
Cyber News & Articles

Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack 

Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks.
The vulnerabilities are listed below –

CVE-2025-38352 (CVSS score: 7.4) – A privilege escalation flaw in the Linux Kernel component 
CVE-2025-48543 (CVSS score: N/A) – A

read more

NEW CUSTOMERS CALL TODAY: 720.221.6804  |  EXISTING CUSTOMERS REQUIRING SUPPORT: 303.617.6442

X