Cyber Security News

IBM disclosed a significant vulnerability in its watsonx.ai platform, potentially exposing users to cross-site scripting (XSS) attacks. The vulnerability, identified as CVE-2024-49785, affects both IBM watsonx.ai on Cloud Pak for Data and standalone IBM watsonx.ai installations. The security flaw allows authenticated users to embed arbitrary JavaScript code in the Web UI when using unauthorized, third-party […]

The post IBM watsonx.ai Vulnerability Let Attackers Embed Arbitrary JavaScript Code in Web UI appeared first on Cyber Security News.

Security researchers have successfully hacked Apple’s proprietary ACE3 USB-C controller. This chip, introduced with the iPhone 15 and iPhone 15 Pro, represents a significant leap in USB-C technology, handling power delivery and acting as a sophisticated microcontroller with access to critical internal systems. Despite Apple’s enhanced security measures, researchers employed advanced techniques to bypass its […]

The post Researchers Hacked into Apple’s New USB-C Controller appeared first on Cyber Security News.

A critical security vulnerability in Ivanti Connect Secure VPN appliances has left 2,048 instances worldwide exposed to potential exploitation, with the United States hosting the highest number of vulnerable systems. The vulnerability tracked as CVE-2025-0282, has been actively exploited since mid-December 2024. The vulnerability is a critical stack-based buffer overflow with a CVSS score of […]

The post 2,048 Ivanti VPN Instances Vulnerable to Exploited Zero-Day Attacks appeared first on Cyber Security News.

On September 21, 2024, a critical security vulnerability was identified by Google researchers in the Monkey’s Audio (APE) decoder used in Samsung’s flagship Galaxy S23 and S24 devices. Now it got fixed after 3 months since the Google Project Zero team disclosed the vulnerability with a 90-day deadline. The latest update addresses critical vulnerabilities within […]

The post Critical Samsung 0-Click Vulnerability Found in S24 and S23 Devices Got Fixed appeared first on Cyber Security News.

A sophisticated credit card skimmer malware had been found hitting WordPress checkout pages, silently injecting malicious JavaScript into database records to obtain sensitive payment details.  Attackers may utilize existing payment fields or inject a fake credit card form to steal payment information covertly and undetected. Targets WordPress Checkout Pages via Database Injection Sucuri claims that […]

The post New Skimmer Malware Hijacking WordPress Websites to Steal Credit Cards appeared first on Cyber Security News.

Samsung Mobile has announced the release of a comprehensive maintenance update as part of its monthly Security Maintenance Release (SMR) process. This latest update addresses critical vulnerabilities within the Android operating system and includes essential patches from both Google and Samsung, aimed at bolstering user security and device integrity. The January 2025 Security Maintenance Release […]

The post Samsung Patches Multiple Vulnerabilities That Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

Microsoft has resolved a persistent issue that caused classic Outlook to freeze or hang when users attempted to copy text using the Ctrl+C shortcut. The problem, which primarily affected Microsoft 365 customers using Current Channel Version 2409 (Build 18025.20096) or higher, was particularly troublesome for users of languages requiring an Input Method Editor (IME). The […]

The post Microsoft Fixes Outlook Client Freeze Issue When Copying Text Using Ctrl+C appeared first on Cyber Security News.

A novel type of phishing attack has been discovered, targeting both Android and iOS users. This attack combines traditional social engineering techniques with the use of Progressive Web Applications (PWAs) and WebAPKs, making it a significant threat to mobile users. The attack was first identified in November 2023, and since then, multiple cases have been […]

The post Android & iOS Users Targeted with New Phishing Attack Using PWAs & WebAPKs appeared first on Cyber Security News.

In modern business, cybersecurity is not merely a technical concern but a crucial financial safeguard. With cyber threats growing in sophistication and frequency, the financial implications of neglecting cybersecurity training are severe and multifaceted. INE Security, a global leader in cybersecurity training and certifications, is exploring how overlooking this critical aspect of organizational strategy can […]

The post INE Security Alert: The Steep Cost of Neglecting Cybersecurity Training appeared first on Cyber Security News.

A critical vulnerability has been identified in Apache DolphinScheduler, a popular open-source workflow orchestration platform. This security flaw, designated as CVE-2024-43202, allows hackers to execute remote code, posing a significant threat to affected systems. CVE-2024-43202: Remote Code Execution Vulnerability The vulnerability affects Apache DolphinScheduler versions 3.0.0 up to, but not including, 3.2.2. This security issue […]

The post Apache DolphinScheduler Vulnerability Let Hackers Execute Remote Code appeared first on Cyber Security News.

Two vulnerabilities have been discovered in BIG-IP, which are associated with Insufficient Session Fixation and Expired Pointer Dereference. These vulnerabilities have been assigned to CVE-2024-39809 and CVE-2024-39792, and the severity was given as 7.5 (High). Moreover, these vulnerabilities were affecting BIG-IP Next Central Manager and NGINX MQTT (Message Queuing Telemetry Transport). F5 has addressed these […]

The post Multiple F5 Flaws Let Attackers Login With User Session & Cause DoS Attack appeared first on Cyber Security News.

BlindEagle (APT-C-36) is a Latin American Advanced Persistent Threat group that has been active since 2018. It targets the governmental, financial, and energy sectors in Colombia, Ecuador, Chile, Panama, and other regional countries.  BlindEagle is known for employing straightforward yet impactful techniques; the group demonstrates versatility in switching between financially motivated attacks and espionage operations. […]

The post New APT Group BlindEagle Attacking Multiple Organizations Via Weaponized Emails appeared first on Cyber Security News.

A severe security flaw has been discovered in GiveWP, a popular WordPress donation plugin with over 100,000 active installations. The vulnerability, classified as an unauthenticated PHP Object Injection leading to Remote Code Execution (RCE), was responsibly reported through the Wordfence Bug Bounty Program on May 26th, 2024. The critical vulnerability, assigned CVE-2024-5932 with a CVSS […]

The post Critical WordPress Plugin RCE Vulnerability Impacts 100k+ Sites appeared first on Cyber Security News.

The Raspberry Pi Foundation has unveiled a new addition to its popular single-board computer lineup – the Raspberry Pi 5 2GB model, priced at an affordable $50. This latest offering continues the foundation’s mission to make high-performance computing accessible to a wider audience. The new 2GB variant is built on a cost-optimized D0 stepping of […]

The post Raspberry Pi Foundation Launches 2GB Variant for Just $50 appeared first on Cyber Security News.

The Federal Bureau of Investigation (FBI), in collaboration with the Office of the Director of National Intelligence (ODNI) and the Cybersecurity and Infrastructure Security Agency (CISA), has confirmed that Iranian hackers were responsible for a recent cyberattack targeting former President Donald Trump’s campaign. This revelation underscores the ongoing threat of foreign interference in U.S. elections, […]

The post FBI Investigation Confirms that Iran Hackers Behind Trump Campaign Hack appeared first on Cyber Security News.

A proof-of-concept (PoC) exploit has been publicly released for a pair of critical zero-day vulnerabilities in Microsoft Windows that enable a novel “downgrade attack.” The flaws tracked as CVE-2024-38202 and CVE-2024-21302 were originally disclosed by SafeBreach researcher Alon Leviev at Black Hat USA 2024 and DEF CON 32 earlier this month. The vulnerabilities allow an […]

The post PoC Exploit Released for Windows 0-Day Downgrade Attack appeared first on Cyber Security News.

Mandiant recently disclosed a critical vulnerability in Microsoft Azure Kubernetes Services (AKS) that could have allowed attackers to escalate privileges and access sensitive credentials within affected clusters. The vulnerability impacted AKS clusters using “Azure CNI” for network configuration and “Azure” for network policy. An attacker with command execution in a Pod running within a vulnerable […]

The post Azure Kubernetes Services Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

A critical vulnerability tracked as CVE-2024-7646, has been uncovered in the widely used ingress-nginx Kubernetes controller. The flaw allows attackers to bypass annotation validation, poses a significant risk to Kubernetes clusters, and demands immediate attention from security teams and cluster administrators. Security researcher André Storfjord Kristiansen (@dev-bio on GitHub) discovered the vulnerability in the way […]

The post New Kubernetes Vulnerability Allows Attackers to Access Clusters Remotely appeared first on Cyber Security News.

The popular flight-tracking website FlightAware discovered a configuration error that exposed the sensitive personal information of its users. The data leak included user IDs, passwords, and email addresses, and depending on the information provided by users may have also exposed full names, billing and shipping addresses, IP addresses, social media accounts, telephone numbers, birth years, […]

The post FlightAware Data Leak Exposes Users’ Personal Information appeared first on Cyber Security News.

Cisco Talos has identified eight security vulnerabilities in Microsoft applications running on the macOS operating system, raising concerns about potential exploitation by adversaries. These vulnerabilities, if exploited, could allow attackers to hijack the permissions and entitlements of Microsoft applications, leading to unauthorized access to sensitive resources such as microphones, cameras, and user data. The vulnerabilities […]

The post Microsoft macOS Apps Vulnerability Allows Hackers to Record Audio/Video appeared first on Cyber Security News.