- CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaignby info@thehackernews.com (The Hacker News) on 02/08/2025 at 16:30
Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks. Palo Alto Networks Unit 42 said it observed multiple incidents in the region, including one aimed at critical telecommunications infrastructure between February and November 2024. The attacks are characterized by the
- New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theftby info@thehackernews.com (The Hacker News) on 02/08/2025 at 13:33
Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year. "The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access," Nextron Systems researcher Pierre-Henri Pezier said. Pluggable Authentication Modules
- Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devicesby info@thehackernews.com (The Hacker News) on 02/08/2025 at 06:56
SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025. "In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs," Arctic Wolf Labs researcher Julian Tuin said in a report. The cybersecurity company
- Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injectionby info@thehackernews.com (The Hacker News) on 01/08/2025 at 15:31
Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, that could result in remote code execution (RCE). The vulnerability, tracked as CVE-2025-54135 (CVSS score: 8.6), has been addressed in version 1.3 released on July 29, 2025. It has been codenamed CurXecute by Aim Labs, which previously disclosed
- Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accountsby info@thehackernews.com (The Hacker News) on 01/08/2025 at 13:02
Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part of account takeover attacks. "The fake Microsoft 365 applications impersonate various companies, including RingCentral, SharePoint, Adobe, and Docusign," Proofpoint said in a Thursday report. The