Cyber Security News

India’s Department of Telecommunications (DoT) has ordered smartphone manufacturers to preload a government-backed cybersecurity app, “Sanchar Saathi,” on all new devices sold in the country. The order, issued privately on November 28, 2025, gives major players like Apple, Samsung, Xiaomi, Vivo, and Oppo 90 days to comply, requiring the “Sanchar Saathi” app to be installed […]

The post India Mandates ‘Undeletable’ Government Cybersecurity App for All Smartphones appeared first on Cyber Security News.

A malicious Visual Studio Code extension posing as the popular “Material Icon Theme” has been used to attack Windows and macOS users, turning the add-on into a hidden backdoor. The fake extension shipped through the marketplace with backdoored files, giving the attackers a direct path into developer workstations once it was installed. After installation, the […]

The post Malicious VS Code Extension as Icon Theme Attacking Windows and macOS Users appeared first on Cyber Security News.

Advanced steganography techniques are becoming increasingly central to state-sponsored cyber operations. Recent analysis has exposed two Chinese technology companies, BIETA and CIII, that allegedly provide sophisticated steganography solutions to support advanced persistent threat campaigns. These organizations operate as front companies linked to China’s Ministry of State Security, playing a critical role in modernizing the country’s […]

The post Chinese Front Companies Providing Advanced Steganography Solutions for APT Operations appeared first on Cyber Security News.

A new remote access trojan dubbed KimJongRAT has surfaced, posing a severe threat to Windows users. This sophisticated malware is believed to be orchestrated by the Kimsuky group, a threat actor with alleged state backing. The campaign typically begins with a phishing email containing a deceptive archive named National Tax Notice, which lures unsuspecting victims […]

The post KimJongRAT Attacking Windows Users via Weaponized .hta Files to Steal Logins appeared first on Cyber Security News.

A sophisticated cyberespionage campaign dubbed “Operation Hanoi Thief” has surfaced, specifically targeting IT professionals and recruitment teams in Vietnam. Discovered on November 3, 2025, this threat activity employs a complex multi-stage infection chain designed to harvest sensitive browser credentials and history. The attackers leverage a malicious spear-phishing strategy, distributing a ZIP archive named Le-Xuan-Son_CV.zip, which […]

The post Operation Hanoi Thief Attacking IT Professionals with Pseudo-Polyglot Payload to Hide Malware appeared first on Cyber Security News.

With the holiday shopping season kicking into high gear, a massive cybersecurity threat has emerged, putting online shoppers at significant risk. A coordinated campaign has been discovered, involving the registration of over 2,000 fake holiday-themed online stores. These malicious sites are designed to lure unsuspecting consumers with the promise of steep discounts, only to steal […]

The post Hackers Registered 2,000+ Fake Holiday-Themed Online Stores to Steal User Payments appeared first on Cyber Security News.

New York, New York, December 1st, 2025, CyberNewswire BreachLock, the global leader in Penetration Testing as a Service (PTaaS), has been named a Leader and Fast Mover in the 2025 GigaOm Radar Report for PTaaS for the third year in a row. The GigaOm Radar Report for PTaaS is published annually to help security leaders and practitioners […]

The post BreachLock Named a Leader in 2025 GigaOm Radar Report for Penetration Testing as a Service (PTaaS) for Third Consecutive Year appeared first on Cyber Security News.

A newly discovered Windows malware packer named TangleCrypt has emerged as a serious threat in ransomware attacks, specifically designed to evade endpoint detection and response (EDR) solutions. The packer was first observed during a September 2025 ransomware incident involving Qilin ransomware, where threat actors deployed it alongside the ABYSSWORKER driver to disable security tools before […]

The post TangleCrypt Windows Packer with Ransomware Payloads Evades EDR Using ABYSSWORKER Driver appeared first on Cyber Security News.

Microsoft has acknowledged a frustrating new issue affecting users of the “new Outlook” for Windows, where Excel attachments fail to open if their filenames contain non-ASCII characters. The technical glitch, tracked under the reference ID EX1189359, triggers a vague error message advising users to “Try opening the file again later,” leaving many confused about the […]

The post Microsoft Confirms New Outlook Bug Blocking Excel Attachments appeared first on Cyber Security News.

A sophisticated Advanced Persistent Threat group known as Bloody Wolf has intensified its cyber espionage operations across Central Asia, targeting government and private sectors. Since late June 2025, the group has orchestrated spear-phishing campaigns primarily focusing on organizations within Kyrgyzstan and Uzbekistan. By meticulously impersonating state entities such as the Ministry of Justice, the attackers […]

The post Bloody Wolf Hackers Mimic as Government Agencies to Deploy NetSupport RAT via Weaponized PDF’s appeared first on Cyber Security News.

OpenAI has patched a command injection flaw in its Codex CLI tool that allowed attackers to execute arbitrary commands on developers’ machines simply by getting a malicious configuration file into a project repository. The issue, now fixed in Codex CLI version 0.23.0, effectively turned routine use of the codex command into a silent remote‑code‑execution trigger.​ […]

The post OpenAI Codex CLI Command Injection Vulnerability Let Attackers Execute Arbitrary Commands appeared first on Cyber Security News.

A critical security vulnerability in Microsoft Azure API Management (APIM) Developer Portal enables attackers to register accounts across different tenant instances, even when administrators have explicitly disabled user signup through the portal interface. The flaw, which Microsoft has classified as “by design,” remains unpatched as of December 1, 2025, leaving organizations potentially exposed to unauthorized […]

The post Microsoft Azure API Management Flaw Enables Cross-Tenant Account Creation, Bypassing Admin Restrictions appeared first on Cyber Security News.

The Tomiris hacker group has resurfaced with a sophisticated campaign targeting foreign ministries and government entities worldwide. Beginning in early 2025, this advanced persistent threat (APT) actor shifted its operational strategy to focus on high-value diplomatic infrastructure. By leveraging a diverse array of programming languages—including Go, Rust, C/C++, and Python—the group has enhanced its ability […]

The post Tomiris Hacker Group Added New Tools and Techniques to Attack Organizations Globally appeared first on Cyber Security News.

A new threat has emerged in the cybersecurity landscape as security experts discover a private Out-of-Band Application Security Testing (OAST) service operating on Google Cloud infrastructure. This mystery operation stands out from typical exploit scanning activities because it uses custom infrastructure rather than relying on public services. The attackers have been running a focused campaign […]

The post Mystery OAST With Exploit for 200 CVEs Leveraging Google Cloud to Launch Attacks appeared first on Cyber Security News.

Pakistan-based threat actor APT36, also known as Transparent Tribe, has launched a sophisticated cyber-espionage campaign against Indian government institutions using a newly developed Python-based ELF malware. The attack marks a significant escalation in the group’s capabilities, demonstrating their growing technical maturity and adaptability to Linux-based operating systems. The campaign centers on spear-phishing emails containing weaponized […]

The post APT36 Hackers Used Python-Based ELF Malware to Target Indian Government Entities appeared first on Cyber Security News.

Claymont, Delaware, December 1st, 2025, CyberNewsWire Lancaster’s arrival brings significant North American channel experience and expertise, supporting usecure’s ambition to cement its position as the market-leading human risk management solution for MSPs. usecure today announced the appointment of Kevin Lancaster as a Non-Executive Director. Kevin joins usecure with a wealth of experience in the North […]

The post Kevin Lancaster Joins the usecure Board to Accelerate North American Channel Growth appeared first on Cyber Security News.

A critical security vulnerability has been discovered in the Apache bRPC framework that could allow remote attackers to crash servers by sending specially crafted JSON data. The flaw, tracked as CVE-2025-59789, affects all versions of Apache bRPC before 1.15.0 across all platforms. The vulnerability exists in the json2pb component of Apache bRPC, which converts JSON data to Protocol […]

The post Critical Apache bRPC Framework Vulnerability Let Attackers Crash the Server appeared first on Cyber Security News.

Linus Torvalds has officially announced the release of Linux kernel 6.18 on November 30, 2025, marking another significant milestone in the open-source operating system’s development. The new kernel version brings numerous improvements across hardware support, driver updates, and file system enhancements. The Linux 6.18 release includes extensive bug fixes and driver improvements that were finalized […]

The post Linux 6.18 Released With Enhanced Hardware Support, Updated Drivers and File Systems appeared first on Cyber Security News.

Microsoft has confirmed a bizarre user interface bug affecting Windows 11 version 24H2 devices that renders the password sign-in icon invisible on the lock screen. The issue, stemming from the August 2025 non-security preview update (KB5064081) and persisting in subsequent cumulative updates, has left many users confused when switching between authentication methods.​ The glitch impacts […]

The post Windows 11 24H2 Update Hides the Password Icon in the Sign-in Options on the Lock Screen appeared first on Cyber Security News.

A Proof-of-Concept (PoC) exploit code has been released for a critical remote code execution (RCE) vulnerability in Microsoft Outlook, identified as CVE-2024-21413. Dubbed “MonikerLink,” this flaw allows attackers to bypass Outlook’s security mechanisms, specifically the “Protected View,” to execute malicious code or steal credentials. The release of this PoC highlights the continued risk posed by […]

The post PoC Exploit Released for Critical Outlook 0-Click Remote Code Execution Vulnerability appeared first on Cyber Security News.