July 16, 2025 – CyberGate

Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms

Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection. Matanbuchus is the name given to a malware-as-a-service (MaaS) offering that can act as

Citește mai departe

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP. The malicious activity, dating back to at least October 2024,

Citește mai departe

Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access

Cybersecurity researchers have disclosed what they say is a “critical design flaw” in delegated Managed Service Accounts (dMSAs) introduced in Windows Server 2025. “The flaw can result in high-impact attacks, enabling cross-domain lateral movement and persistent access to all managed

Citește mai departe

AI Agents Act Like Employees With Root Access—Here’s How to Regain Control

The AI gold rush is on. But without identity-first security, every deployment becomes an open door. Most organizations secure native AI like a web app, but it behaves more like a junior employee with root access and no manager. From

Citește mai departe

Deepfakes. Fake Recruiters. Cloned CFOs — Learn How to Stop AI-Driven Attacks in Real Time

Social engineering attacks have entered a new era—and they’re coming fast, smart, and deeply personalized. It’s no longer just suspicious emails in your spam folder. Today’s attackers use generative AI, stolen branding assets, and deepfake tools to mimic your executives,

Citește mai departe

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described

Citește mai departe

New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code

Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud. The sneaky approach essentially involves a scenario wherein two variants of an application

Citește mai departe

Google AI “Big Sleep” Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act

Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework discovered a security flaw in the SQLite open-source database engine before it could have been exploited in the wild. The vulnerability, tracked as CVE-2025-6965 (CVSS score: 7.2),

Citește mai departe

Day: July 16, 2025

Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access

AI Agents Act Like Employees With Root Access—Here’s How to Regain Control

Deepfakes. Fake Recruiters. Cloned CFOs — Learn How to Stop AI-Driven Attacks in Real Time

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code

Google AI “Big Sleep” Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act

Recent News

Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger

Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025

Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts

🕵️ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do