Cyber Security News

CISA has added a critical Microsoft Windows vulnerability to its Known Exploited Vulnerabilities catalog, warning organizations that threat actors are actively exploiting it in real-world attacks. Identified as CVE-2025-59230, the flaw stems from improper access control in the Windows Remote Access Connection Manager service. This local privilege escalation vulnerability allows an authorized user, such as […]

The post CISA Warns Of Windows Improper Access Control Vulnerability Exploited In Attacks appeared first on Cyber Security News.

An aggressive SEO poisoning campaign has surfaced in early October 2025, preying on users searching for the legitimate Ivanti Pulse Secure VPN client. Attackers have registered lookalike domains such as ivanti-pulsesecure.com and ivanti-secure-access.org to host trojanized installers that appear official. Unsuspecting victims clicking on top search results are redirected to these malicious sites, where a […]

The post Beware of Malicious Ivanti VPN Client Sites in Google Search That Delivers Malware appeared first on Cyber Security News.

The UK’s Information Commissioner’s Office (ICO) has imposed a £14 million fine on outsourcing giant Capita following a major cyber attack in 2023 that exposed the personal data of 6.6 million individuals. This penalty, split as £8 million to Capita plc and £6 million to Capita Pension Solutions Limited, marks one of the largest data […]

The post Capita To pay £14 Million For Data Breach Exposes 6.6 Million Users Personal Data appeared first on Cyber Security News.

Samba has disclosed a severe remote code execution (RCE) flaw that could allow attackers to hijack Active Directory domain controllers. Tracked as CVE-2025-10230, the vulnerability stems from improper validation in the Windows Internet Name Service (WINS) hook mechanism, earning a perfect CVSS 3.1 score of 10.0 for its ease of exploitation and devastating potential impact. […]

The post Critical Samba RCE Vulnerability Enables Arbitrary Code Execution appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a severe code execution vulnerability in Adobe Experience Manager Forms, urging organizations to patch immediately. Tracked as CVE-2025-54253, this flaw affects the Java Enterprise Edition (JEE) version of the software and enables attackers to execute arbitrary code on vulnerable systems. First disclosed […]

The post CISA Warns Of Adobe Experience Manager Forms 0-Day Vulnerability Exploited In Attacks appeared first on Cyber Security News.

Microsoft has disclosed two critical vulnerabilities in its Windows BitLocker encryption feature, allowing attackers with physical access to bypass security protections and access encrypted data. Released on October 14, 2025, as part of the latest Patch Tuesday updates, these flaws, tracked as CVE-2025-55338 and CVE-2025-55333, pose a significant risk to users relying on BitLocker for […]

The post Windows BitLocker Vulnerabilities Let Attackers Bypass Security Feature appeared first on Cyber Security News.

A sophisticated banking Trojan named Maverick has emerged in Brazil, leveraging WhatsApp as its primary distribution channel to compromise thousands of users. The malware campaign was detected in mid-October 2025, with cybersecurity solutions blocking over 62,000 infection attempts in just the first ten days of the month. The threat specifically targets Brazilian users through Portuguese-language […]

The post New Banking Malware Abusing WhatsApp to Gain Complete Remote Access to Your Computer appeared first on Cyber Security News.

Microsoft announced that it had revoked more than 200 digital certificates exploited by the notorious Vanilla Tempest hacking group. This action effectively disrupted an ongoing campaign where attackers impersonated Microsoft Teams installations to infiltrate corporate networks and deploy ransomware. The operation, uncovered in late September, highlights the evolving tactics of ransomware operators who leverage legitimate-looking […]

The post Microsoft Disrupted Vanilla Tempest Attack by Revoking Certificates Used to Sign Fake Teams File appeared first on Cyber Security News.

YouTube experienced a widespread outage on Wednesday, October 15, 2025, disrupting video streaming for millions of users across the United States, Europe, Asia, and beyond. The platform, which serves over 2.7 billion monthly users, saw reports of playback errors and blank screens starting around 7 p.m. ET, affecting its core service as well as YouTube […]

The post YouTube Down for Users Globally – Google Confirms Outage – Updated appeared first on Cyber Security News.

MCPTotal, a comprehensive secure Model Context Protocol (MCP) platform, today announced its flagship platform to help businesses adopt and secure MCP servers.  MCP has become the standard interface for connecting AI models with enterprise systems, external data sources, and third-party applications. But, uncontrolled adoption has introduced major risks, including supply chain exposures, prompt injection vulnerabilities, […]

The post MCPTotal Launches to Power Secure Enterprise MCP Workflows appeared first on Cyber Security News.

BreachLock, the global leader in Penetration Testing as a Service (PTaaS), has been recognized as a Representative Provider in the 2025 Innovation Insight: Penetration Testing as a Service report by Gartner.  The report highlights how PTaaS helps organizations increase testing frequency by automating routine tasks, supports compliance objectives with high-level standardization and customizable reporting, and […]

The post BreachLock Named Representative Provider for Penetration Testing as a Service (PTaaS) in New Gartner® Report appeared first on Cyber Security News.

When your alert queue seems endless, it might feel like threat intelligence is more of a curse than a blessing. But taking the right approach to it will help increase detection rates without stretching resources thin. Top-performing SOC analysts don’t necessarily go through more alerts than others; they simply know where to look for reliable […]

The post How SOCs Detect More Threats without Alert Overload appeared first on Cyber Security News.

In early 2025, a novel campaign attributed to the Chinese APT group known as Jewelbug began targeting an IT service provider in Russia. The attackers infiltrated build systems and code repositories, laying the groundwork for a potential software supply chain compromise. Initial access was achieved via a renamed Microsoft Console Debugger binary, “7zup.exe,” which executed […]

The post Chinese APT Group IT Service Provider Leveraging Microsoft Console Debugger to Exfiltrate Data appeared first on Cyber Security News.

Microsoft’s latest security updates have triggered synchronization failures in Active Directory environments running on Windows Server 2025. The issue, confirmed on October 14, 2025, affects directory synchronization for large security groups, potentially halting critical identity management processes across enterprise networks. The problem stems from the September 2025 Windows security update, KB5065426, which targets OS Build […]

The post Microsoft October 2025 Security Update Causes Active Directory Sync Issues on Windows Server 2025 appeared first on Cyber Security News.

SAP released its October 2025 Security Patch Day fixes, addressing 13 new vulnerabilities and updating four prior notes, with several critical flaws in NetWeaver enabling attackers to sidestep authorization and run arbitrary operating system commands on affected systems. Among the most alarming is CVE-2025-42944, an insecure deserialization issue in SAP NetWeaver AS Java’s RMI-P4 module, […]

The post New SAP NetWeaver Vulnerabilities Allow Attackers to Bypass Authorization and Execute OS Commands appeared first on Cyber Security News.

There’s a moment, right after a new alert hits, when the room holds its breath. Everyone waits for context; is it real, is it noise, is it already too late?  In those seconds, the difference between an average SOC and a great one is obvious. Some scramble for answers; others move in sync, sharing context […]

The post 5 Must-Follow Rules of Every Elite SOC: CISO’s Checklist appeared first on Cyber Security News.

In mid-2025, Lab539 researchers observed an unexpected surge in a novel browser-based malware campaign dubbed “ClickFix.” Emerging quietly in July, the threat quickly expanded its reach by registering over 13,000 unique domains designed to lure users into executing malicious commands on their own devices. The attack leverages compromised or low-cost hosting infrastructure, including a significant […]

The post Hackers Registered 13,000+ Unique Domains and Leverages Cloudflare to Launch Clickfix Attacks appeared first on Cyber Security News.

F5, a leading provider of application security and delivery solutions, disclosed a major security incident. The company revealed that a sophisticated nation-state threat actor had gained long-term access to internal systems, exfiltrating sensitive files including BIG-IP source code and details on undisclosed vulnerabilities. While F5 emphasized that no critical exploits or active attacks on customers […]

The post F5 Breached – Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities Data appeared first on Cyber Security News.

The GhostBat RAT campaign has emerged as a sophisticated threat targeting Indian Android users through counterfeit Regional Transport Office (RTO) applications. First observed in mid-2025, these malicious APKs masquerade as the official “mParivahan” app, exploiting user trust in government services. Distribution occurs primarily via smishing—WhatsApp messages and SMS containing shortened URLs redirecting victims to GitHub-hosted […]

The post GhostBat RAT Android Malware With Fake RTO Apps Steals Targeting Indian Users to Steal Banking Data appeared first on Cyber Security News.

A sophisticated attack campaign dubbed “Operation Zero Disco,” where threat actors are actively exploiting a critical Cisco Simple Network Management Protocol (SNMP) vulnerability to install Linux rootkits on vulnerable network devices. Trend Micro observed an operation exploiting CVE-2025-20352, which allows remote code execution (RCE) and grants persistent unauthorized access, primarily targeting older Cisco switches that […]

The post Cisco SNMP 0-Day Vulnerability Actively Exploited To Deploy Linux Rootkits appeared first on Cyber Security News.