Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam.
The attacks, per Slovak cybersecurity company ESET, led to the deployment of a passive C++ backdoor called Rungan and a native Internet Information Services (IIS) module codenamed Gamshen. The threat actor is believed to be active since at least August 2024.
“While Rungan has the capability of executing commands on a compromised server, the purpose of Gamshen is to provide SEO fraud as-a-service, i.e., to manipulate search engine results, boosting the page ranking of a configured target website,” ESET researcher Fernando Tavella said in a report shared with The Hacker News.
Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X’s malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok.
The findings were highlighted by Nati Tal, head of Guardio Labs, in a series of posts on X. The technique has been codenamed Grokking.
The approach is designed to get around restrictions imposed by X in Promoted Ads that allow users to only include text, images, or videos, and subsequently amplify them to a broader audience, attracting hundreds of thousands of impressions through paid promotion.
Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware.
The flaw, tracked under CVE-2025–53690, is a ViewState deserialization vulnerability caused by the inclusion of a sample ASP.NET machine key in pre-2017 Sitecore guides.
Some customers reused this key in production, allowing attackers with knowledge of the key to craft valid, but malicious ‘_VIEWSTATE’ payloads that tricked the server into deserializing and executing them, leading to remote code execution (RCE).
The French data protection authority has fined Google €325 million ($378 million) for violating cookie regulations and displaying ads between Gmail users’ emails without their consent.
During several investigations between 2022 and 2023, the National Commission on Informatics and Liberty (CNIL) found that Google’s Gmail email service displayed advertisements in the “Promotions” and “Social” tabs without the consent of Gmail users, thereby breaching Article L. 34–5 of the French Postal and Electronic Communications Code (CPCE).
As explained in a press release issued on Wednesday, this fine was imposed because Google breached the French Data Protection Act (Article 82) by failing to inform users who created new accounts that they were required to allow the search giant to place cookies for advertising purposes to access its services.
Google has released the September 2025 security update for Android devices, addressing a total of 84 vulnerabilities, including two actively exploited flaws.
The two flaws that were detected as exploited in zero-day attacks are CVE-2025–38352, an elevation of privilege in the Android kernel, and CVE-2025–48543, also an elevation of privilege problem in the Android Runtime component.
Google noted in its bulletin that there are indications that those two flaws may be under limited, targeted exploitation, without sharing any more details.