Cyber Security News

Google’s Project Zero and Mandiant cybersecurity teams have jointly published a proof-of-concept (PoC) exploit for a high-severity command injection vulnerability in Palo Alto Networks’ PAN-OS OpenConfig plugin. Tracked as CVE-2025-0110, the flaw allows authenticated administrators to execute arbitrary commands on firewalls via manipulated gNMI requests, escalating privileges to root access. The disclosure follows Palo Alto […]

The post Google Released PoC Exploit For Palo Alto Firewall Command Injection Vulnerability appeared first on Cyber Security News.

RedTeamPentesting has unveiled a new tool, keycred, which offers a robust solution for managing KeyCredentialLinks in Active Directory (AD) environments. This command-line interface (CLI) tool and library implements the KeyCredentialLink structures as defined in section 2.2.20 of the Microsoft Active Directory Technical Specification (MS-ADTS). It also allows for practical deviations from the specification, making it […]

The post New Active Directory Pentesting Tool For KeyCredentialLink Management appeared first on Cyber Security News.

A GitHub repository titled Windows-WiFi-Password-Stealer has surfaced, raising concerns among cybersecurity professionals.  This repository, hosted by the user, provides a Python-based script capable of extracting saved WiFi credentials from Windows systems and saving them to a text file.  While the repository claims to be for educational purposes, its potential misuse as a malicious tool cannot […]

The post Windows Wi-Fi Password Stealer Malware Found Hosted on GitHub appeared first on Cyber Security News.

A cluster of four critical vulnerabilities in Ivanti Endpoint Manager (EPM) has entered a dangerous new phase with the public release of proof-of-concept (PoC) exploit code, escalating risks for organizations using the enterprise device management platform. Discovered by researchers in October 2024 and patched by Ivanti in January 2025, these vulnerabilities (CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159) […]

The post Ivanti Endpoint Manager Vulnerabilities Proof-of-Concept (PoC) Exploit Released appeared first on Cyber Security News.

European healthcare organizations are facing a sophisticated cyber threat from a newly identified ransomware strain called NailaoLocker, deployed as part of a campaign tracked as Green Nailao by Orange Cyberdefense CERT. The attacks, first detected between June and October 2024, exploit vulnerabilities in Check Point VPN appliances and leverage advanced backdoors like ShadowPad and PlugX […]

The post New NailaoLocker Ransomware Attacking European Healthcare appeared first on Cyber Security News.

A new malware campaign attributed to North Korean threat actors has been identified, targeting individuals through fake job interview processes. Dubbed “Contagious Interview,” this operation delivers malicious Swift applications disguised as legitimate software updates, including a recently discovered “DriverEasy.app” masquerading as a Google Chrome security component. The malware leverages social engineering to steal user credentials, […]

The post Beware of North Korean Job Interview Process Delivers Malware Via Fake Chrome Update appeared first on Cyber Security News.

A sophisticated cyber espionage campaign linked to Chinese state-aligned threat actors has targeted organizations across 15 countries using an updated variant of the Shadowpad malware to deploy previously undocumented ransomware. The attacks, analyzed by Trend Micro’s incident response team, exploit weak passwords and multi-factor authentication (MFA) bypass techniques to infiltrate Check Point firewall VPNs. Over […]

The post Chinese Hackers Exploiting Check Point Firewall Vulnerability To Deploy Ransomware appeared first on Cyber Security News.

If you work in a Security Operations Center (SOC), you know the struggle all too well: hundreds of alerts flood in daily, each demanding attention. Some are false positives, others are routine, but buried among them are real threats that need to be caught before they escalate into full-blown security incidents. Analysts often have to […]

The post Free SOC Webinar – Better SOC with Interactive Malware Sandbox, Practical Use Cases 2025 appeared first on Cyber Security News.

Researchers uncovered an ongoing campaign distributing the Rhadamanthys Infostealer through malicious Microsoft Management Console (MMC) files (.MSC), leveraging both a patched DLL vulnerability and legitimate MMC functionalities to execute scripts and deploy malware.  This advanced attack vector highlights evolving techniques in credential theft campaigns targeting Windows environments. Security researchers at AhnLab SEcurity intelligence Center (ASEC) […]

The post Rhadamanthys Infostealer Exploiting Microsoft Management Console to Execute Malicious Script appeared first on Cyber Security News.

IBM has addressed multiple high-severity vulnerabilities in its OpenPages Governance, Risk, and Compliance (GRC) platform that could enable attackers to hijack user sessions, steal authentication credentials, and manipulate critical enterprise data.  The flaws affect versions 8.3 and 9.0 of the software, with fixes released in February 2025 through Fix Pack 5 for v9.0 and interim […]

The post IBM OpenPages Vulnerability Let Attackers Steal Authentication Credentials appeared first on Cyber Security News.

As the 2025 U.S. tax season reaches its peak, cybersecurity analysts report a dramatic escalation in phishing campaigns exploiting IRS and federal tax themes. Between January 1 and February 18, threat actors registered 158 unique domains mimicking official IRS subdomains like “irs.gov.*”, deploying advanced social engineering tactics through SMS phishing (smishing) and social media platforms. […]

The post New IRS and Tax-Themed Cyber Attacks Fueled With New Domain Registrations appeared first on Cyber Security News.

Mozilla has released Firefox 135.0.1, a stability and security update addressing a high-severity memory safety vulnerability (CVE-2025-1414) that exposed users to potential remote code execution (RCE) attacks.  The patch resolves critical flaws in Firefox 135.0, which could have allowed attackers to exploit memory corruption and compromise systems.  This release underscores Mozilla’s ongoing efforts to mitigate […]

The post Firefox 135.0.1 Released with Fix for High-Severity Memory Safety Vulnerabilities appeared first on Cyber Security News.

A severe security flaw in the Jupiter X Core plugin for WordPress exposed over 90,000 websites to Local File Inclusion (LFI) and Remote Code Execution (RCE) attacks.  The vulnerability tracked as CVE-2025-0366 with a CVSS score of 8.8 (High), enables authenticated attackers with contributor-level access to upload malicious SVG files and execute arbitrary code on vulnerable servers. […]

The post 90,000 WordPress Sites Vulnerable to Local File Inclusion Attacks appeared first on Cyber Security News.

Passwords are the first line of defense for protecting sensitive data, yet millions of users worldwide continue to rely on weak and predictable combinations.  A recent study by KnownHost reveals alarming trends in password security. It shows that many commonly used passwords can be cracked in less than a second.  With the average cost of […]

The post Most Popular Passwords Cracked Within a Second appeared first on Cyber Security News.

A new wave of “Scam-Yourself” attacks leveraging AI-generated deepfake videos and malicious scripts is targeting cryptocurrency enthusiasts and financial traders, marking a dangerous evolution in social engineering tactics. Discovered by cybersecurity researchers at Gen Digital, this campaign exploits verified YouTube channels, synthetic personas, and AI-crafted payloads to manipulate victims into compromising their own systems. The […]

The post New Wave of ‘Scam-Yourself’ Attacks Utilizing AI-Generated Videos With DeepFake appeared first on Cyber Security News.

A hacker operating under the alias “exelo” has allegedly advertised a database containing 602,800 Yahoo email accounts on an underground forum.  The post claims the dataset is “private and non-Russian. ” The full list costs $100. A free sample of 50,000 accounts is reportedly offered to interested buyers as a test. The advertisement appears on […]

The post Yahoo Data Leak – Hackers Allegedly Advertised 602,000 Email Accounts appeared first on Cyber Security News.

A critical vulnerability in Apache Ignite tracked as CVE-2024-52577, exposes systems to remote code execution (RCE) attacks due to improper enforcement of class serialization filters.  Rated CVSS 9.8, this flaw affects Ignite versions 2.6.0 through 2.16.x, enabling attackers to execute arbitrary code by exploiting deserialization weaknesses in server endpoints. Apache Ignite, a distributed in-memory database […]

The post Critical Apache Ignite Vulnerability Let Attackers Execute Remote Code  appeared first on Cyber Security News.

The Russian government announced a comprehensive legislative package on February 10, 2025, introducing severe penalties for cybercrimes.  The reforms, which amend over 30 existing laws, aim to modernize Russia’s cybersecurity framework by escalating prison terms, expanding asset confiscation protocols, and mandating public trials for high-profile cybercriminals.  The initiative follows a surge in state-linked hacking campaigns […]

The post Russian Government Proposed New Penalties to Combat Cybercrime appeared first on Cyber Security News.

Microsoft has unveiled GPT-4o Copilot, a cutting-edge code completion model now available for Visual Studio Code (VS Code) users.  Built on the GPT-4o mini architecture and trained on over 275,000 high-quality public repositories spanning more than 30 popular programming languages, this update promises significant improvements in suggestion accuracy and runtime performance.  The release marks a […]

The post GPT-4o Copilot Trained in Over 30 Popular Programming Languages appeared first on Cyber Security News.

A sophisticated cyberattack campaign targeting Chinese-speaking users, malicious actors have weaponized fake versions of popular applications such as Signal, Line, and Gmail. These fake and weaponized apps are distributed via deceptive download pages that deliver malware capable of altering system defenses, evading detection, and exfiltrating sensitive data. The attackers exploit search engine manipulation to push […]

The post Weaponized Signal, Line, and Gmail Apps Delivers Malware That Changes System Defenses appeared first on Cyber Security News.