Category: Cybersecurity

Latest Arabian cybersecurity news covering global cyber threats, ransomware attacks, data breaches, digital espionage, and technology security developments affecting governments, companies and individuals.

ADVERTISEMENT
ADVERTISEMENT

A newly examined Everest ransomware encryptor has exposed a sharper technical playbook built to weaken recovery, obstruct analysis and expand damage across dormant network systems before encryption begins.The Windows payload, identified as hlntqyun. exe, is a 114 KB C# assembly compiled for. NET Framework 4.0 and protected with ConfuserEx, a widely abused obfuscation tool used to frustrate static malware analysis. The sample carries the SHA-256 hash 1df92bf4c967297d8a39fc3f619a56702ee96d5cf9196b8e1d5b3654746c6514 and appears to have been tailored for a specific victim, rather than built

A newly demonstrated attack against Claude Desktop has highlighted how synced AI preferences and locally connected tools can be chained to turn a trusted chatbot into a covert route for command execution on a user’s workstation.The attack path centres on Claude Desktop’s Personal Preferences feature, which allows users to set account-wide instructions that are synchronised across sessions and devices. Security researchers showed that if an attacker gains access to a victim’s Claude account, malicious instructions can be planted in those

DuckDuckGo has added YouTube video ad blocking to its privacy-focused browser, widening its challenge to dominant browsers and giving users a built-in way to watch videos with fewer commercial interruptions.The feature blocks ads that appear before and during videos viewed inside the DuckDuckGo browser, including on YouTube. It relies on community-maintained uBlock Origin filter lists, a significant choice because those lists are open-source, regularly updated and shaped by a large volunteer ecosystem rather than a closed, proprietary detection system.DuckDuckGo says

A China-linked cyber-espionage group has expanded its use of hijacked devices to mask attacks on telecommunications infrastructure, deploying three newly documented malware implants across Windows, Linux and network edge systems.The activity, tracked as UAT-9244, has targeted critical telecoms infrastructure in South America since 2024. The campaign shows how state-aligned operators are moving beyond direct server compromise to build distributed relay networks that help them scan, brute-force and route traffic through infected machines before launching deeper intrusions.The latest findings centre on

A browser flaw in Opera GX allowed hostile websites to silently install customisation mods and use them to extract data from pages visited by a signed-in user, exposing a weakness in how browser styling features can be turned into cross-site surveillance tools.The vulnerability, now patched, affected the gaming-focused Opera GX browser and centred on its GX Mods feature, which lets users customise themes, wallpapers, sounds and website appearance. Security researchers zhero and inzo found that a malicious site could trigger

A browser flaw in Opera GX allowed hostile websites to silently install customisation mods and use them to extract data from pages visited by a signed-in user, exposing a weakness in how browser styling features can be turned into cross-site surveillance tools.The vulnerability, now patched, affected the gaming-focused Opera GX browser and centred on its GX Mods feature, which lets users customise themes, wallpapers, sounds and website appearance. Security researchers zhero and inzo found that a malicious site could trigger

Attackers are hiding machine-readable instructions inside websites to manipulate AI agents, turning ordinary web pages into a new security battleground as automated systems begin browsing, summarising and acting on behalf of users.Zscaler’s ThreatLabz has documented two live campaigns using indirect prompt injection, a technique in which malicious instructions are planted in third-party content that an AI system reads during a task. Unlike a direct prompt attack, where a user types hostile instructions into a chatbot, these attacks sit inside websites,

Cybercriminals are using fake cracked-software downloads to infect consumers and smaller businesses with a double payload that steals credentials and mines Monero, underscoring how commodity malware operators are combining immediate data theft with longer-running attempts to profit from compromised machines.The campaign delivers Vidar, a widely used information stealer, alongside XMRig, an open-source cryptocurrency miner often abused in cryptojacking attacks. Victims are lured through malvertising into downloading password-protected archives that appear to contain pirated versions of commercial software. Once opened and

US officials have reportedly cleared OpenAI to widen access to GPT-5.6, allowing the company to move its most advanced model series from a restricted partner trial towards a broader commercial release after cybersecurity and national security checks.The decision covers GPT-5.6 Sol, the flagship version, alongside lower-cost Terra and Luna models. OpenAI has said the models will be made available after an initial period in which access was limited to vetted customers. The shift follows weeks of scrutiny over whether frontier

Nissan Americas has disclosed a cyber breach involving employee records after attackers exploited a critical Oracle PeopleSoft flaw used in a wider data-theft campaign linked to the ShinyHunters extortion group.The carmaker said personnel information belonging to current and former staff in the United States, Canada, Mexico and Brazil may have been accessed through Oracle PeopleSoft, the enterprise platform it uses for payroll, tax administration and other employee records. The exposed data may include contact details, banking information, Social Security numbers,

A newly identified cyber-espionage group has targeted government agencies and electricity-sector organisations in Russia, Brazil and Kazakhstan, using phishing emails to deploy a Windows information stealer designed to extract credentials, documents and browser data.The group, named Armored Likho and provisionally linked to a cluster known as Eagle Werewolf, has emerged as a notable threat because its operations combine espionage against institutions with financially motivated attacks against individuals. Its latest malware, BusySnake Stealer, shows a shift from simpler remote-access tooling towards

Mexico-focused companies are facing a sharper wave of TimbreStealer attacks as operators behind the information-stealing malware combine tax-themed phishing with cloud-hosted delivery, DLL side-loading and layered evasion designed to defeat automated analysis.The campaign marks a technical step-up for a malware family first tracked in late 2023, when attackers used fiscal and invoice lures to push an obfuscated stealer at users in Mexico. The latest activity keeps the same localised bait but changes parts of the delivery chain, making the infection

Scammers are using fake Google Play Store pages and paid social media adverts to push gambling-linked Progressive Web Apps, exploiting consumer trust in well-known retail, banking and streaming brands.The campaign uses polished advertisements on platforms including Facebook, Instagram, Threads and TikTok, with some creatives carrying simple “Brand Slots” labels and others mimicking official product launches. The adverts borrow logos, colour schemes, app-style layouts and fabricated testimonials to suggest that household names have entered the online casino market. Several versions have

A Brazil-linked banking trojan has shifted its focus to Spain and Portugal, using fake PDF files, hidden code and location checks to reach banking customers while keeping analysts and automated security tools away from its payload.The malware, known as Ousaban or Javali, has long been associated with attacks on financial users in Brazil. Its latest campaign shows a more selective and evasive operation aimed at Windows users in the Iberian Peninsula, where the attackers use phishing documents that pretend to

A fileless malware framework is abusing Google’s Blogspot platform to deliver PureLog Stealer directly into computer memory, sharpening concerns that trusted web services are being turned into staging grounds for credential theft.The campaign, tracked as Veil#Drop, begins with a JavaScript file disguised as a document, such as “transcript. pdf. js”. Once opened on a Windows system, the file runs through Windows Script Host and launches PowerShell with execution-policy bypasses enabled. The command then retrieves further payloads from attacker-controlled Blogspot pages,

A major supply-chain attack has hit ClawHub, exposing deep security gaps in the fast-growing market for AI-agent skills after scans identified 1,184 malicious packages linked to 247,693 installations.The campaign, tracked as ClawHavoc, targeted ClawHub, the official skill marketplace for OpenClaw, an open-source AI agent platform that allows users to install add-ons for tasks such as browser automation, file handling, coding support, messaging, crypto tracking and productivity workflows. The scale of the compromise marks one of the most serious tests yet

A Telegram-controlled remote access trojan called Millenium RAT has compromised more than 62,000 Windows devices across over 160 countries, exposing how low-cost malware subscriptions are widening access to intrusive cyber tools once limited to more skilled operators.The campaign has accelerated sharply this year, with about 39,700 infections recorded during the first quarter of 2026 alone. The scale points to an expanding malware-as-a-service operation in which attackers can rent or buy a ready-made spying tool, use Telegram as command infrastructure and

A threat actor exploited a severe Cisco Catalyst SD-WAN vulnerability at least two months before public disclosure, intensifying concern over attacks targeting the network control systems that connect large organisations across branch offices, cloud services and data centres.The flaw, tracked as CVE-2026-20245, affects Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager and Catalyst SD-WAN Validator, formerly known as vSmart, vManage and vBond. It allows an authenticated local attacker to execute arbitrary commands with root privileges by uploading a specially crafted file

Security researchers have identified a cloud storage weakness that could allow attackers to divert live data flows from major platforms, including Amazon Web Services, Google Cloud and Microsoft Azure, into storage controlled by outsiders without triggering obvious warning signs.The technique, described as cloud bucket hijacking, exploits the way many cloud providers use globally unique storage names to route logs, telemetry and replicated objects. If a bucket is deleted but an automated service continues to send data to that destination name,

The UK’s Cyber Monitoring Centre has warned universities and colleges to reassess cyber resilience after a breach at Canvas exposed student and staff data across about 160 higher education institutions while causing less financial disruption than feared.The assessment found that the incident fell below the threshold for a formal Category 1 national cyber event, which requires losses of at least £10m or an impact on more than 0.01 per cent of UK organisations. Even so, the case has become an

A macOS backdoor linked to North Korea-aligned cyber operations has exposed a new weakness in security workflows by embedding instructions designed to confuse artificial intelligence systems used by malware analysts.The malware, tracked as macOS. Gaslight, is written in Rust and contains a 3.5 KB prompt-injection payload made up of 38 fabricated “system” messages. The messages are not aimed at Apple’s operating system or at a conventional sandbox. They appear built to manipulate large language model-based triage tools that analysts increasingly

State-backed hacking groups are increasingly borrowing ransomware tactics to conceal cyber-espionage campaigns, with Iran-linked MuddyWater emerging as a prominent example of a wider shift blurring the boundary between criminal extortion and intelligence operations.NCC Group has warned that threat actors tied to governments are using ransomware branding, extortion notes, victim leak sites and negotiation channels not only to increase pressure on targets but also to complicate attribution. Its latest threat intelligence assessment highlights a campaign associated with MuddyWater in which activity

Cybersecurity teams are tracking a deceptive malware campaign that uses fake browser windows, hidden web frames and anti-analysis checks to push victims into installing malicious executables by hand.The operation relies on a Browser-in-the-Browser, or BitB, technique that places a convincing imitation of a browser window over a legitimate-looking webpage. Instead of depending on an automatic exploit, the attackers create the impression that a document has failed to load or that essential software is out of date, then instruct the user

Bajaj Auto has disclosed a ransomware attack that affected its systems and those of its wholly owned technology subsidiary, Bajaj Auto Technology Limited, adding another listed manufacturer to the widening roster of companies forced to make cyber-risk disclosures to investors.The Pune-based two- and three-wheeler maker said the incident took place on 23 June at around 8am IST. Technical teams, senior management and external cybersecurity specialists responded after the breach was detected, triggering precautionary protocols to contain the attack and limit

ClawHub has moved to contain a supply-chain weakness in its plugin registry after researchers found 23 code-executing packages published under official-looking @openclaw/ and @clawhub/ scopes by accounts with no verified link to either project.The finding has sharpened concerns over trust signals in the fast-growing AI agent ecosystem, where plugins and skills can run commands, connect to external services, modify files and act on a user’s behalf. The issue, identified by Manifold Security during a catalogue review and reported to ClawHub

A new botnet campaign has compromised more than 4,300 ageing routers, turning mainly unsupported D-Link devices into a distributed network for scanning, proxying and preparing future cyber intrusions.The malware, named AryStinger by threat researchers, has been observed targeting routers built around RTL819X-series chipsets, a generation widely used in consumer and small-office networking equipment from roughly 2012 to 2015. The affected devices are led by D-Link DIR-850L and DIR-818LW models, both of which have passed their service life and no longer

Apple devices powered by A12 and A13 chips face a new hardware-level security risk after researchers disclosed an unpatchable BootROM exploit that can break the early boot chain on several older iPhone, iPad and Apple Watch models.The exploit, named usbliter8, targets SecureROM, the immutable code that runs before the operating system loads. Because that code is burned into the chip during manufacturing, the underlying weakness cannot be removed through an iOS, iPadOS or watchOS update. The disclosure has sharpened attention

AryStinger, a newly analysed botnet family, has compromised more than 4,000 outdated routers and begun turning ageing network devices into covert infrastructure for reconnaissance, intranet scanning and traffic tunnelling.The campaign highlights a shift in botnet use from crude denial-of-service activity towards stealthier pre-intrusion work, where hijacked routers and network-attached storage appliances act as relay points between attackers and intended targets. Security analysts say the malware helps operators conceal their true location, distribute scanning tasks across many infected nodes and extend

Apple has issued a firmware update for Beats Studio Buds after confirming a Bluetooth security flaw that could allow an attacker nearby to listen through the earbuds’ microphone while the device was unpaired and searching for pairing requests.The fix, released as Beats Firmware Update 1B211 on June 16, addresses CVE-2025-20701, a high-severity vulnerability tied to Bluetooth audio code used in the earbuds. The flaw affected Beats Studio Buds, a 2021 wireless earbud model sold under Apple’s Beats brand, and centred

Apple has issued a firmware update for Beats Studio Buds after confirming a Bluetooth security flaw that could allow an attacker nearby to listen through the earbuds’ microphone while the device was unpaired and searching for pairing requests.The fix, released as Beats Firmware Update 1B211 on June 16, addresses CVE-2025-20701, a high-severity vulnerability tied to Bluetooth audio code used in the earbuds. The flaw affected Beats Studio Buds, a 2021 wireless earbud model sold under Apple’s Beats brand, and centred

Security teams have been urged to update the UEFI Forbidden Signature Database after a newly disclosed weakness showed that trusted vendor-signed boot applications can be misused to bypass Secure Boot and run unauthorised code before an operating system starts.The issue, tracked as VU#457458 and made public on June 18, 2026, affects multiple UEFI applications signed by hardware and firmware vendors. The weakness does not rely on breaking encryption or stealing signing keys. Instead, it turns legitimate signed tools into attack

A long-running phishing operation has turned GitHub Pages into a low-cost staging ground for fake banking portals aimed at customers of financial institutions operating in Mexico, harvesting logins, payment card details and customer identifiers through a modular kit built for fast redeployment.The campaign, tracked as GitBait, has been active for nearly three years and has impersonated at least a dozen banks and financial services providers. Its operators have used more than 100 GitHub Pages-hosted domains and repository structures to publish

A malware campaign on the JetBrains Marketplace has put developer credentials at risk after at least 15 AI-themed plugins were found quietly forwarding users’ large-language-model API keys to an attacker-controlled server while continuing to perform the coding tasks they advertised.The plugins, listed under seven vendor accounts, were presented as coding assistants, code reviewers, bug finders, unit-test generators and Git commit-message tools. They invoked services familiar to developers using artificial intelligence inside IDEs, including OpenAI, DeepSeek and SiliconFlow. Combined marketplace download

NVIDIA has patched three high-severity vulnerabilities in its NeMo Framework, including a Linux command-injection flaw that could let low-privileged attackers run code, escalate access, alter data or expose information on affected AI development systems.The June security update covers NeMo Framework versions from 0.0 through 2.7.2, with users advised to move to version 2.7.3 or later. The flaws are tracked as CVE-2026-24155, CVE-2026-24252 and CVE-2026-24228, each carrying a CVSS v3.1 base score of 7.8, placing them in the high-severity category. The

Social Media Auto Publish Powered By : XYZScripts.com