Cyber Security News

A critical security vulnerability, CVE-2025-0282, has been identified and exploited in the wild, affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This stack-based buffer overflow vulnerability, rated with a CVSS score of 9.0, allows unauthenticated attackers to execute arbitrary code remotely. The flaw impacts versions of Ivanti Connect Secure prior to 22.7R2.5, […]

The post 33,542 Ivanti Connect Secure Instances Exposed as Exploitation of CVE-2025-0282 Unfolds appeared first on Cyber Security News.

Researchers analyzed new versions of the Banshee macOS Stealer sample that initially evaded detection by most antivirus engines, as analysis revealed that the malware employed a unique string encryption technique.  The encryption method was identical to that used by Apple’s XProtect antivirus engine for encrypting YARA rules within its binaries. By leveraging this shared encryption […]

The post 100 Million macOS Users At Risk – New Banshee Malware Attacks Bypassing Apple’s XProtect appeared first on Cyber Security News.

Welcome to this week’s Cyber Security Newsletter, where we explore the latest advancements and important updates in the field of cybersecurity. Your engagement in this rapidly changing digital landscape is crucial, and we strive to provide you with the most relevant insights and information. This edition focuses on emerging threats and the current status of […]

The post Weekly Cybersecurity Newsletter: Cyber Attack News, Vulnerabilities & Data Breaches appeared first on Cyber Security News.

IBM disclosed a significant vulnerability in its watsonx.ai platform, potentially exposing users to cross-site scripting (XSS) attacks. The vulnerability, identified as CVE-2024-49785, affects both IBM watsonx.ai on Cloud Pak for Data and standalone IBM watsonx.ai installations. The security flaw allows authenticated users to embed arbitrary JavaScript code in the Web UI when using unauthorized, third-party […]

The post IBM watsonx.ai Vulnerability Let Attackers Embed Arbitrary JavaScript Code in Web UI appeared first on Cyber Security News.

Security researchers have successfully hacked Apple’s proprietary ACE3 USB-C controller. This chip, introduced with the iPhone 15 and iPhone 15 Pro, represents a significant leap in USB-C technology, handling power delivery and acting as a sophisticated microcontroller with access to critical internal systems. Despite Apple’s enhanced security measures, researchers employed advanced techniques to bypass its […]

The post Researchers Hacked into Apple’s New USB-C Controller appeared first on Cyber Security News.

A critical security vulnerability in Ivanti Connect Secure VPN appliances has left 2,048 instances worldwide exposed to potential exploitation, with the United States hosting the highest number of vulnerable systems. The vulnerability tracked as CVE-2025-0282, has been actively exploited since mid-December 2024. The vulnerability is a critical stack-based buffer overflow with a CVSS score of […]

The post 2,048 Ivanti VPN Instances Vulnerable to Exploited Zero-Day Attacks appeared first on Cyber Security News.

On September 21, 2024, a critical security vulnerability was identified by Google researchers in the Monkey’s Audio (APE) decoder used in Samsung’s flagship Galaxy S23 and S24 devices. Now it got fixed after 3 months since the Google Project Zero team disclosed the vulnerability with a 90-day deadline. The latest update addresses critical vulnerabilities within […]

The post Critical Samsung 0-Click Vulnerability Found in S24 and S23 Devices Got Fixed appeared first on Cyber Security News.

A sophisticated credit card skimmer malware had been found hitting WordPress checkout pages, silently injecting malicious JavaScript into database records to obtain sensitive payment details.  Attackers may utilize existing payment fields or inject a fake credit card form to steal payment information covertly and undetected. Targets WordPress Checkout Pages via Database Injection Sucuri claims that […]

The post New Skimmer Malware Hijacking WordPress Websites to Steal Credit Cards appeared first on Cyber Security News.

Samsung Mobile has announced the release of a comprehensive maintenance update as part of its monthly Security Maintenance Release (SMR) process. This latest update addresses critical vulnerabilities within the Android operating system and includes essential patches from both Google and Samsung, aimed at bolstering user security and device integrity. The January 2025 Security Maintenance Release […]

The post Samsung Patches Multiple Vulnerabilities That Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

Microsoft has resolved a persistent issue that caused classic Outlook to freeze or hang when users attempted to copy text using the Ctrl+C shortcut. The problem, which primarily affected Microsoft 365 customers using Current Channel Version 2409 (Build 18025.20096) or higher, was particularly troublesome for users of languages requiring an Input Method Editor (IME). The […]

The post Microsoft Fixes Outlook Client Freeze Issue When Copying Text Using Ctrl+C appeared first on Cyber Security News.

A cloud VPN (Virtual Private Network) provider is a company that offers VPN services through cloud technology. This can save time and resources and reduce the risk of security breaches.  These services allow users to connect to the internet securely and access resources as if on a private network, even when using public or untrusted […]

The post 10 Best Cloud VPN Providers – 2024 appeared first on Cyber Security News.

A novel type of phishing attack has been discovered, targeting both Android and iOS users. This attack combines traditional social engineering techniques with the use of Progressive Web Applications (PWAs) and WebAPKs, making it a significant threat to mobile users. The attack was first identified in November 2023, and since then, multiple cases have been […]

The post Android & iOS Users Targeted with New Phishing Attack Using PWAs & WebAPKs appeared first on Cyber Security News.

In modern business, cybersecurity is not merely a technical concern but a crucial financial safeguard. With cyber threats growing in sophistication and frequency, the financial implications of neglecting cybersecurity training are severe and multifaceted. INE Security, a global leader in cybersecurity training and certifications, is exploring how overlooking this critical aspect of organizational strategy can […]

The post INE Security Alert: The Steep Cost of Neglecting Cybersecurity Training appeared first on Cyber Security News.

A critical vulnerability has been identified in Apache DolphinScheduler, a popular open-source workflow orchestration platform. This security flaw, designated as CVE-2024-43202, allows hackers to execute remote code, posing a significant threat to affected systems. CVE-2024-43202: Remote Code Execution Vulnerability The vulnerability affects Apache DolphinScheduler versions 3.0.0 up to, but not including, 3.2.2. This security issue […]

The post Apache DolphinScheduler Vulnerability Let Hackers Execute Remote Code appeared first on Cyber Security News.

Two vulnerabilities have been discovered in BIG-IP, which are associated with Insufficient Session Fixation and Expired Pointer Dereference. These vulnerabilities have been assigned to CVE-2024-39809 and CVE-2024-39792, and the severity was given as 7.5 (High). Moreover, these vulnerabilities were affecting BIG-IP Next Central Manager and NGINX MQTT (Message Queuing Telemetry Transport). F5 has addressed these […]

The post Multiple F5 Flaws Let Attackers Login With User Session & Cause DoS Attack appeared first on Cyber Security News.

BlindEagle (APT-C-36) is a Latin American Advanced Persistent Threat group that has been active since 2018. It targets the governmental, financial, and energy sectors in Colombia, Ecuador, Chile, Panama, and other regional countries.  BlindEagle is known for employing straightforward yet impactful techniques; the group demonstrates versatility in switching between financially motivated attacks and espionage operations. […]

The post New APT Group BlindEagle Attacking Multiple Organizations Via Weaponized Emails appeared first on Cyber Security News.

A severe security flaw has been discovered in GiveWP, a popular WordPress donation plugin with over 100,000 active installations. The vulnerability, classified as an unauthenticated PHP Object Injection leading to Remote Code Execution (RCE), was responsibly reported through the Wordfence Bug Bounty Program on May 26th, 2024. The critical vulnerability, assigned CVE-2024-5932 with a CVSS […]

The post Critical WordPress Plugin RCE Vulnerability Impacts 100k+ Sites appeared first on Cyber Security News.

The Raspberry Pi Foundation has unveiled a new addition to its popular single-board computer lineup – the Raspberry Pi 5 2GB model, priced at an affordable $50. This latest offering continues the foundation’s mission to make high-performance computing accessible to a wider audience. The new 2GB variant is built on a cost-optimized D0 stepping of […]

The post Raspberry Pi Foundation Launches 2GB Variant for Just $50 appeared first on Cyber Security News.

The Federal Bureau of Investigation (FBI), in collaboration with the Office of the Director of National Intelligence (ODNI) and the Cybersecurity and Infrastructure Security Agency (CISA), has confirmed that Iranian hackers were responsible for a recent cyberattack targeting former President Donald Trump’s campaign. This revelation underscores the ongoing threat of foreign interference in U.S. elections, […]

The post FBI Investigation Confirms that Iran Hackers Behind Trump Campaign Hack appeared first on Cyber Security News.

A proof-of-concept (PoC) exploit has been publicly released for a pair of critical zero-day vulnerabilities in Microsoft Windows that enable a novel “downgrade attack.” The flaws tracked as CVE-2024-38202 and CVE-2024-21302 were originally disclosed by SafeBreach researcher Alon Leviev at Black Hat USA 2024 and DEF CON 32 earlier this month. The vulnerabilities allow an […]

The post PoC Exploit Released for Windows 0-Day Downgrade Attack appeared first on Cyber Security News.