Students Pose Inside Threat to Education Sector

Since at least January, the threat actor has been employing multiple malware tools to steal information for potential future attacks against Taiwanese businesses and government agencies.

Mandiant researchers found the routers of several unnamed organizations (likely telcos and ISPs) were hacked by UNC3886, and contained a custom backdoor called “TinyShell.”

A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign –…

Agentic-native startups threaten to reduce the zero-day problem to just a zero-hour issue. Of course, AI agents will accelerate offensive attacks as well.

Cyberattackers believed to be affiliated with the state-sponsored threat group pulled off the largest crypto heist reported to date, stealing $1.5 billion from exchange Bybit. It was carried out by interfering with a routine transfer between wallets.

The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with an administrator control panel (ACP) exposed to the public internet. FreePBX is an open-source private branch exchange (PBX) platform widely used by businesses, call centers, and service providers to manage voice communications. It’s built…