Cyber Security News

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding an actively exploited vulnerability in Microsoft Windows Management Console (MMC), tracked as CVE-2025-26633.  This improper neutralization flaw (CWE-707) enables remote attackers to execute arbitrary code over a network, posing significant risks to unpatched systems.  While its association with ransomware campaigns remains unconfirmed, […]

The post CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild appeared first on Cyber Security News.

A sophisticated backdoor malware called “Squidoor” being deployed by suspected Chinese threat actors against organizations across South America and Southeast Asia. The malware, designed for exceptional stealth, offers attackers multiple methods to maintain persistent access to compromised networks while evading detection from advanced security systems. Initial access is gained primarily through exploiting vulnerabilities in Internet […]

The post Chinese Hackers New Malware Dubbed ‘Squidoor’ Attacking Global Organizations appeared first on Cyber Security News.

Apple has released emergency security updates addressing a critical zero-day vulnerability in its WebKit browser engine, identified as CVE-2025-24201, which has been actively exploited in targeted attacks. The flaw, described as an out-of-bounds write issue, could enable attackers to craft malicious web content capable of breaking out of the Web Content sandbox, potentially leading to […]

The post Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks appeared first on Cyber Security News.

A threat actor operating under the alias “Rey” has allegedly compromised the internal systems of Jaguar Land Rover (JLR), one of the United Kingdom’s most prominent automotive manufacturers, and leaked approximately 700 internal documents containing sensitive technical and operational data.  The breach, first announced on a dark web forum frequented by cybersecurity researchers and malicious […]

The post Jaguar Land Rover Allegedly Hacked – Threat Actor Leaked 700 Internal Documents appeared first on Cyber Security News.

Microsoft Threat Intelligence has discovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects and executes when developers build these projects. This is the first known XCSSET variant since 2022, featuring enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies designed to steal sensitive information from macOS users. The […]

The post New XCSSET Malware Attacking macOS Users With Enhanced Obfuscation appeared first on Cyber Security News.

A sophisticated malware campaign leveraging artificial intelligence to create deceptive GitHub repositories has been observed distributing SmartLoader payloads that ultimately deploy Lumma Stealer, a dangerous information-stealing malware.  This operation exploits GitHub’s trusted reputation to bypass security defenses, targeting users seeking gaming mods, cracked software, and cryptocurrency tools through AI-generated documentation and strategically obfuscated scripts. GitHub […]

The post Beware! AI-Assisted Fake GitHub Repositories Steal Sensitive Data Including Login Credentials appeared first on Cyber Security News.

Google has issued an urgent advisory to owners of Chromecast 2nd Generation (2015) and Chromecast Audio devices, warning against factory resets as a global outage linked to an expired security certificate renders these devices inoperable.  The company confirmed that it is developing a fix for the authentication failure caused by the March 9, 2025, expiration […]

The post Google Warned Chromecast Owners Not to Hit Factory Reset appeared first on Cyber Security News.

Google has rolled out a critical security update for its Chrome browser, addressing multiple high-severity vulnerabilities that could enable arbitrary code execution and sandbox escapes.  The Stable Channel Update 134.0.6998.88/.89 for Windows and Mac, and 134.0.6998.88 for Linux, released on March 10, 2025, includes patches for five security flaws, three of which are rated as […]

The post Chrome Security Update – Patch for Multiple High-Severity Vulnerabilities appeared first on Cyber Security News.

A sophisticated cybercriminal group known as EncryptHub has successfully compromised approximately 600 organizations through a multi-stage malware campaign. The threat actor exploited operational security mistakes, inadvertently exposing critical elements of their infrastructure, which allowed researchers to map their tactics with unprecedented depth. EncryptHub’s campaign employs several layers of PowerShell scripts to gather system data, exfiltrate […]

The post EncryptHub A Multi-Stage Malware Compromised 600 Organizations appeared first on Cyber Security News.

A sophisticated malware toolkit known as Ragnar Loader has been identified as a critical component in targeted ransomware attacks. The loader, also known as Sardonic Backdoor, serves as the primary infiltration mechanism for the Monstrous Mantis ransomware group, formerly known as Ragnar Locker, which has been attacking organizations since its emergence in 2020. Security researchers […]

The post Ragnar Loader Employed By Multiple Ransomware Groups To Evade Detection appeared first on Cyber Security News.

Passwordless authentication tools are revolutionizing digital security by eliminating the reliance on traditional passwords. Instead, they use advanced technologies such as biometrics (fingerprints, facial recognition), hardware tokens, or one-time passcodes to verify user identities. This approach significantly enhances security by mitigating risks like phishing, credential theft, and brute-force attacks, which are common vulnerabilities of password-based […]

The post Top 11 Passwordless Authentication Tools – 2025 appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) updated its KEV catalog on March 10, 2025, to include three newly identified vulnerabilities in Ivanti Endpoint Manager (EPM), a widely used enterprise software for managing endpoints. The KEV catalog tracks vulnerabilities actively exploited in the wild, urging organizations to prioritize remediation to safeguard critical systems. All three […]

The post CISA Adds 3 Ivanti Endpoint Manager Bugs to Known Exploited Vulnerabilities Catalog appeared first on Cyber Security News.

CISA has likely added two VeraCore vulnerabilities, CVE-2024-57968 and CVE-2025-25181, to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation by the XE Group. These vulnerabilities impact VeraCore, a warehouse management software by Advantive, critical for supply chains in manufacturing and distribution. CVE-2024-57968 is patched in version 2024.4.2.1, while CVE-2025-25181 remains unpatched as of […]

The post CISA Adds 2 VeraCore Vulnerabilities to Known Actively Exploit Vulnerability Catalog appeared first on Cyber Security News.

Security researchers have identified a sophisticated attack campaign attributed to APT37, a North Korean state-sponsored hacking group also known as ScarCruft, Reaper, and Red Eyes. The group, active since 2012, has expanded its targets from South Korea to include Japan, Vietnam, the Middle East, and industries like healthcare and manufacturing. Their latest attack leverages ZIP […]

The post North Korean Hackers Weaponizing ZIP Files To Execute Malicious PowerShell Scripts appeared first on Cyber Security News.

Apple has taken another step toward the official release of iOS 18.4 by seeding the third developer beta of the update to testers late on March 10, 2025. This latest beta, identified by build number 22E5222f, arrives just one week after the release of iOS 18.4 Beta 2 and continues to refine the features introduced […]

The post Apple iOS 18.4 Beta 3 Released – New Features, Enhancements, and What to Expect appeared first on Cyber Security News.

A security researcher known as newp1ayer48 has successfully demonstrated a method to extract firmware from IoT and embedded devices using direct Flash Memory dumps, providing valuable insights for security professionals and bug bounty hunters. The technique, while potentially risky for the hardware, offers a reliable way to obtain firmware when other methods aren’t viable. This […]

The post Researcher Hacked Embedded Devices To Extract The Firmware appeared first on Cyber Security News.

IT systems management tools are essential for organizations to monitor, manage, and optimize their IT infrastructure effectively. These tools provide comprehensive solutions for handling networks, servers, applications, and devices, ensuring seamless operations and improved productivity. SolarWinds stands out with its robust monitoring capabilities and user-friendly interface, enabling proactive issue resolution. ManageEngine Applications Manager offers an […]

The post 10 Best IT Systems Management Tools – 2025 appeared first on Cyber Security News.

A critical security vulnerability (CVE-2024-13918) in the Laravel framework allows attackers to execute arbitrary JavaScript code on websites running affected versions of the popular PHP framework.  The flaw, discovered in Laravel’s debug-mode error page rendering, exposes applications to reflected cross-site scripting (XSS) attacks when running in development configurations.  With a CVSS v3.1 score of 8.0 […]

The post Laravel Framework Vulnerability Let Attackers Execute Malicious Java Script appeared first on Cyber Security News.

A critical security flaw in Moxa’s PT series industrial Ethernet switches enables attackers to bypass authentication mechanisms and compromise device integrity.  Tracked as CVE-2024-12297, this vulnerability (CVSS 4.0: 9.2) affects nine PT switch models and stems from weaknesses in the authorization logic implementation despite layered client-side and server-side verification protocols.  Researchers warn that exploitation could […]

The post Moxa Industrial Ethernet Switches Vulnerability Let Attackers Gain Admin Access  appeared first on Cyber Security News.

X (formerly Twitter) experienced a global outage today, March 10, 2025, leaving many users unable to access the platform. The disruption, which affected both the app and website, sparked frustration and confusion among users worldwide. Reports of the outage began to surface around 3:20 PM IST, with users encountering error messages such as “Something went […]

The post X (Twitter) Down? Massive Outage Leads to Page Load Issues appeared first on Cyber Security News.