Cyber Security News

Splunk has released patches to address a high-severity Remote Code Execution (RCE) vulnerability affecting Splunk Enterprise and Splunk Cloud Platform. The vulnerability, identified as CVE-2025-20229, could allow a low-privileged user to execute arbitrary code by uploading malicious files. The vulnerability exists in Splunk Enterprise versions before 9.3.3, 9.2.5, and 9.1.8, as well as Splunk Cloud […]

The post Splunk RCE Vulnerability Let Attackers Execute Arbitrary Code Via File Upload appeared first on Cyber Security News.

Critical security vulnerabilities have been identified in industrial camera systems widely deployed across Japanese manufacturing facilities, allowing malicious actors to remotely access live footage and disrupt essential production monitoring. These flaws, present in the Inaba Denki Sangyo Co., Ltd. IB-MCT001 camera system known as “CHOCO TEI WATCHER mini,” enable attackers to bypass authentication mechanisms and […]

The post Production Line Cameras Vulnerabilities Let Attackers Stop The Recordings appeared first on Cyber Security News.

A sophisticated new malware strain dubbed SectopRAT has emerged, leveraging Cloudflare’s Turnstile challenge system as part of its attack methodology. This Remote Access Trojan specifically targets Windows users through a multi-staged infection process that begins with seemingly legitimate CAPTCHA verification prompts. The malware exploits the trust users place in Cloudflare’s security mechanisms to deliver its […]

The post SectopRAT as Weaponized Cloudflare Turnstile Challenge Attacks Windows Users appeared first on Cyber Security News.

March 2025 saw a sharp uptick in cyber threats that put both individual users and organizations at risk. From banking apps weaponized to steal personal data, to trusted domains abused for redirecting users to phishing traps, cybercriminals didn’t hold back. Their tactics are growing more creative and more dangerous.  Here’s a breakdown of the three […]

The post Top 3 Cyber Attacks In March 2025 appeared first on Cyber Security News.

A sophisticated phishing campaign dubbed the “Clickflix Technique” has emerged targeting YouTube content creators through seemingly legitimate brand collaboration requests. This new attack vector exploits creators’ eagerness to secure sponsorship deals by disguising malware payloads as partnership documentation. Cybercriminals initiate contact via email or social media, posing as marketing representatives from established brands offering lucrative […]

The post YouTube Creators Under Attack via Brand Collaborators Requests Using Clickflix Technique appeared first on Cyber Security News.

The NPM package repository remains active, and despite a decline in malware numbers between 2023 and 2024, this year’s numbers don’t seem to continue that downward trend. Recently, security researchers discovered two intriguing packages ethers-provider2 and ethers-providerz, which employed sophisticated techniques to conceal their malicious intentions. These packages act as downloaders, injecting malicious code into […]

The post New NPM Attack Infecting Local Packages With Cleverly Hidden Malicious Payload appeared first on Cyber Security News.

In a startling revelation, a new report indicates that three out of four enterprise users are uploading data to generative AI (genAI) applications, including sensitive information such as passwords and keys. This alarming trend highlights the growing risks associated with the widespread adoption of AI technologies in the workplace. The 2025 Generative AI Cloud and […]

The post 3 in 4 Enterprise Users Upload Data to GenAI Including Passwords and Keys appeared first on Cyber Security News.

Two critical vulnerabilities have been identified in widely used software: CrushFTP and Next.js. CrushFTP, a file transfer solution, contains a vulnerability allowing unauthorized access through standard web ports, bypassing security measures.  Additionally, Next.js, a popular React framework, suffers from CVE-2025-29927, which enables attackers to circumvent authorization checks in middleware.  Both vulnerabilities pose significant risks, potentially […]

The post CrushFTP HTTPS Port Vulnerability Leads to Unauthorized Access appeared first on Cyber Security News.

In mid-March 2025, cybersecurity researchers uncovered “Operation ForumTroll,” targeting Russian media outlets and educational institutions. Victims are infected by clicking phishing links disguised as invitations to the “Primakov Readings” forum, requiring no further interaction for the sophisticated malware to deploy on vulnerable systems. The campaign exploits a critical zero-day vulnerability (CVE-2025-2783) in Chrome that bypasses […]

The post Operation ForumTroll – APT Hackers Exploit Google Chrome Zero-Day To Bypass Sandbox Protections appeared first on Cyber Security News.

CYFOX has uncovered significant vulnerabilities in smart TVs that could potentially disrupt entire enterprise networks. This discovery was made possible by their groundbreaking OmniSec vCISO platform, the first GenAI-powered autonomous security and compliance agent. During the implementation of OmniSec, CYFOX identified critical security flaws within smart TVs. Joseph Tal, CEO of CYFOX, emphasized the significance […]

The post Your Smart TV May Bring Down the Entire Network appeared first on Cyber Security News.

Cary, NC, March 24th, 2025, CyberNewsWire INE Security, a global provider of cybersecurity training and certification, today announced its initiative to spotlight the increasing cyber threats targeting healthcare institutions. In recognition of National Physicians Week 2025, the company is drawing attention to new industry data showing a sharp rise in cyberattacks on hospitals and clinics—incidents that […]

The post Cyber Guardians: INE Security Champions Cybersecurity Training During National Physicians Week 2025 appeared first on Cyber Security News.

A sophisticated phishing campaign targeting Google account credentials through fake Semrush advertisements has emerged, posing a significant threat to digital marketers and SEO professionals. Cybercriminals have deployed numerous malicious advertisements that appear legitimate in Google search results, leveraging Semrush’s growing popularity in the SEO industry to lure unsuspecting victims. These fraudulent ads redirect users to […]

The post Hackers Using Fake Semrush Ads to Steal Google Accounts Login Credentials appeared first on Cyber Security News.

A highly targeted phishing campaign is currently exploiting Pocket Card users through elaborately crafted emails that appear to originate from the legitimate financial service provider. The campaign, active since early March 2025, has already compromised an estimated 3,000 accounts, resulting in unauthorized transactions and credential theft. The malicious actors behind this attack employ convincing Pocket […]

The post Pocket Card Users Under Attack Via Sophisticated Phishing Campaign appeared first on Cyber Security News.

INTERPOL led a multi-national law enforcement operation dubbed “Operation Red Card,” which has resulted in the arrest of over 300 suspected cyber criminals.  Operation Red Card, conducted from November 2024 to February 2025, targeted cross-border criminal syndicates responsible for mobile banking fraud, investment scams, and messaging app exploitation. The operation involved law enforcement agencies from […]

The post Operation Red Card – 300+ Cyber Criminals Arrested Linking to Multiple Hacking Activities appeared first on Cyber Security News.

A novel attack vector combining browser cache exploitation and DLL proxying has emerged as a significant threat to organizations using Microsoft Teams and OneDrive. Dubbed Browser Cache Smuggling, this technique allows attackers to bypass traditional security defenses by leveraging browsers’ caching mechanisms to deliver malware disguised as benign files. Modern browsers cache static files (e.g., images, […]

The post Hackers Could Drop Teams Malware via Browser’s Cache Smuggling appeared first on Cyber Security News.

A groundbreaking security tool has emerged in the ongoing battle against sophisticated Linux malware. A new Rust-based kernel module designed specifically for detecting rootkits has been released, offering enhanced capabilities to identify these particularly elusive threats. The module represents a significant advancement in Linux security tooling, addressing the critical need for modern detection mechanisms against […]

The post New Linux Kernel Rust Module Unveiled to Detect Rootkits appeared first on Cyber Security News.

Clio has emerged as a revolutionary real-time logging solution developed by cybersecurity engineers at CyberLock Technologies in the evolving landscape of cybersecurity tools. Launched in January 2025, this sophisticated tool addresses critical gaps in traditional logging frameworks by providing comprehensive visibility into system events while maintaining strong security protocols. Clio’s architecture is specifically designed to […]

The post Clio – Real-Time Logging Tool With Locking, User Authentication, and Audit Trails appeared first on Cyber Security News.

The Federal Communications Commission (FCC) has launched a sweeping investigation into nine Chinese technology and telecommunications companies that were previously placed on its Covered List, aiming to determine if these firms are evading U.S. restrictions.  FCC Chairman Brendan Carr announced on March 21, 2025, that the agency has sent Letters of Inquiry and at least […]

The post FCC Conducting Investigation into Chinese Entities Placed on the Government’s Prohibited List appeared first on Cyber Security News.

A critical vulnerability in GamiPress, a popular WordPress plugin used for gamification and rewards systems on websites.  The high-impact flaw, categorized as CVE-2024-13496 with a CVSS 3.1 score of 7.5, allowed unauthenticated attackers to inject malicious SQL queries that could potentially compromise entire WordPress installations.  The vulnerability, which affected all GamiPress versions up to 7.3.1, […]

The post WordPress Plug-in Vulnerability Let Hackers Inject Malicious SQL Queries appeared first on Cyber Security News.

A critical vulnerability in WP Ghost, a popular WordPress security plugin with over 200,000 active installations.  The high-severity flaw, tracked as CVE-2025-26909 with a CVSS score of 9.6, allows unauthenticated attackers to exploit a Local File Inclusion (LFI) vulnerability that can lead to Remote Code Execution (RCE).  Website administrators are strongly advised to update immediately […]

The post WordPress Plugin Vulnerability Exposes 200k+ Sites to Code Execution Attacks appeared first on Cyber Security News.