Cyber Security News

The largest US internet provider, WideOpenWest (WOW!), is allegedly compromised by Arkana Security, a recently discovered ransomware group. The attack, which security researchers trace to an infostealer infection from September 2024, has reportedly compromised over 403,000 customer accounts and granted attackers control over critical backend systems. This appears to be Arkana’s first major victim claim, […]

The post Arkana Ransomware Group Claims Compromise of US Telecom Companies appeared first on Cyber Security News.

INE, a global leader in networking and cybersecurity training and certifications, is proud to announce it is the recipient of twelve badges in G2’s Spring 2025 Report, including Grid Leader for Cybersecurity Professional Development, Online Course Providers, and Technical Skills Development, which highlight INE’s superior performance relative to competitors.  “INE solves the problem of accessible, […]

The post G2 Names INE 2025 Cybersecurity Training Leader appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated new malware strain targeting macOS systems, dubbed “CoffeeLoader,” which employs advanced techniques to bypass endpoint security solutions and deliver Rhadamanthys shellcode payloads. The malware represents a significant evolution in threats targeting Apple’s ecosystem, demonstrating increasing complexity in evasion tactics. Initial analysis indicates that CoffeeLoader exploits legitimate system processes to […]

The post New Sophisticated Malware CoffeeLoader Bypasses Endpoint Security to Deploy Rhadamanthys Shellcode appeared first on Cyber Security News.

A sophisticated macOS malware loader platform known as “ReaderUpdate” has significantly evolved its capabilities, with researchers identifying new variants written in Nim and Rust programming languages. Despite being active since at least 2020, this threat has remained largely undetected by many security vendors. Initially distributed as a compiled Python binary, ReaderUpdate has expanded its arsenal […]

The post New macOS Malware ‘ReaderUpdate’ Upgraded Arsenal With Nim and Rust Variants appeared first on Cyber Security News.

Online marketplaces have become increasingly popular in developing countries since 2015, providing platforms for trading various goods from used electronics to brand-new items. This digitalization trend, however, has created fertile ground for sophisticated scam operations. Among these, Classiscam has emerged as a particularly concerning threat, leveraging automation to create convincing fake websites that harvest financial […]

The post Classiscam Actors Automate Malicious Websites To Steal Financial Data appeared first on Cyber Security News.

Credential stuffing has emerged as one of the most pervasive and effective attack vectors in today’s cybersecurity landscape. This technique, which leverages stolen username and password combinations across multiple platforms, has been significantly enhanced through a sophisticated automation tool called Atlantis AIO (All-In-One), enabling threat actors to execute attacks at unprecedented scale and efficiency. The […]

The post Threat Actors Using Powerful Cybercriminal Weapon ‘Atlantis AIO’ to Automate Credential Stuffing Attacks appeared first on Cyber Security News.

Irish and Spanish law enforcement authorities have successfully apprehended 12 members of a high-risk criminal network in a coordinated operation spanning both countries.  The arrests, announced on March 26, 2025, included six suspects in Ireland and six in Spain, all allegedly involved in large-scale drug trafficking operations.  The criminals were identified through digital evidence obtained […]

The post 12 Cybercriminals Arrested Following Takedown of Ghost Communication Platform appeared first on Cyber Security News.

Splunk has released patches to address a high-severity Remote Code Execution (RCE) vulnerability affecting Splunk Enterprise and Splunk Cloud Platform. The vulnerability, identified as CVE-2025-20229, could allow a low-privileged user to execute arbitrary code by uploading malicious files. The vulnerability exists in Splunk Enterprise versions before 9.3.3, 9.2.5, and 9.1.8, as well as Splunk Cloud […]

The post Splunk RCE Vulnerability Let Attackers Execute Arbitrary Code Via File Upload appeared first on Cyber Security News.

Critical security vulnerabilities have been identified in industrial camera systems widely deployed across Japanese manufacturing facilities, allowing malicious actors to remotely access live footage and disrupt essential production monitoring. These flaws, present in the Inaba Denki Sangyo Co., Ltd. IB-MCT001 camera system known as “CHOCO TEI WATCHER mini,” enable attackers to bypass authentication mechanisms and […]

The post Production Line Cameras Vulnerabilities Let Attackers Stop The Recordings appeared first on Cyber Security News.

A sophisticated new malware strain dubbed SectopRAT has emerged, leveraging Cloudflare’s Turnstile challenge system as part of its attack methodology. This Remote Access Trojan specifically targets Windows users through a multi-staged infection process that begins with seemingly legitimate CAPTCHA verification prompts. The malware exploits the trust users place in Cloudflare’s security mechanisms to deliver its […]

The post SectopRAT as Weaponized Cloudflare Turnstile Challenge Attacks Windows Users appeared first on Cyber Security News.

March 2025 saw a sharp uptick in cyber threats that put both individual users and organizations at risk. From banking apps weaponized to steal personal data, to trusted domains abused for redirecting users to phishing traps, cybercriminals didn’t hold back. Their tactics are growing more creative and more dangerous.  Here’s a breakdown of the three […]

The post Top 3 Cyber Attacks In March 2025 appeared first on Cyber Security News.

A sophisticated phishing campaign dubbed the “Clickflix Technique” has emerged targeting YouTube content creators through seemingly legitimate brand collaboration requests. This new attack vector exploits creators’ eagerness to secure sponsorship deals by disguising malware payloads as partnership documentation. Cybercriminals initiate contact via email or social media, posing as marketing representatives from established brands offering lucrative […]

The post YouTube Creators Under Attack via Brand Collaborators Requests Using Clickflix Technique appeared first on Cyber Security News.

The NPM package repository remains active, and despite a decline in malware numbers between 2023 and 2024, this year’s numbers don’t seem to continue that downward trend. Recently, security researchers discovered two intriguing packages ethers-provider2 and ethers-providerz, which employed sophisticated techniques to conceal their malicious intentions. These packages act as downloaders, injecting malicious code into […]

The post New NPM Attack Infecting Local Packages With Cleverly Hidden Malicious Payload appeared first on Cyber Security News.

In a startling revelation, a new report indicates that three out of four enterprise users are uploading data to generative AI (genAI) applications, including sensitive information such as passwords and keys. This alarming trend highlights the growing risks associated with the widespread adoption of AI technologies in the workplace. The 2025 Generative AI Cloud and […]

The post 3 in 4 Enterprise Users Upload Data to GenAI Including Passwords and Keys appeared first on Cyber Security News.

Two critical vulnerabilities have been identified in widely used software: CrushFTP and Next.js. CrushFTP, a file transfer solution, contains a vulnerability allowing unauthorized access through standard web ports, bypassing security measures.  Additionally, Next.js, a popular React framework, suffers from CVE-2025-29927, which enables attackers to circumvent authorization checks in middleware.  Both vulnerabilities pose significant risks, potentially […]

The post CrushFTP HTTPS Port Vulnerability Leads to Unauthorized Access appeared first on Cyber Security News.

In mid-March 2025, cybersecurity researchers uncovered “Operation ForumTroll,” targeting Russian media outlets and educational institutions. Victims are infected by clicking phishing links disguised as invitations to the “Primakov Readings” forum, requiring no further interaction for the sophisticated malware to deploy on vulnerable systems. The campaign exploits a critical zero-day vulnerability (CVE-2025-2783) in Chrome that bypasses […]

The post Operation ForumTroll – APT Hackers Exploit Google Chrome Zero-Day To Bypass Sandbox Protections appeared first on Cyber Security News.

CYFOX has uncovered significant vulnerabilities in smart TVs that could potentially disrupt entire enterprise networks. This discovery was made possible by their groundbreaking OmniSec vCISO platform, the first GenAI-powered autonomous security and compliance agent. During the implementation of OmniSec, CYFOX identified critical security flaws within smart TVs. Joseph Tal, CEO of CYFOX, emphasized the significance […]

The post Your Smart TV May Bring Down the Entire Network appeared first on Cyber Security News.

Cary, NC, March 24th, 2025, CyberNewsWire INE Security, a global provider of cybersecurity training and certification, today announced its initiative to spotlight the increasing cyber threats targeting healthcare institutions. In recognition of National Physicians Week 2025, the company is drawing attention to new industry data showing a sharp rise in cyberattacks on hospitals and clinics—incidents that […]

The post Cyber Guardians: INE Security Champions Cybersecurity Training During National Physicians Week 2025 appeared first on Cyber Security News.

A sophisticated phishing campaign targeting Google account credentials through fake Semrush advertisements has emerged, posing a significant threat to digital marketers and SEO professionals. Cybercriminals have deployed numerous malicious advertisements that appear legitimate in Google search results, leveraging Semrush’s growing popularity in the SEO industry to lure unsuspecting victims. These fraudulent ads redirect users to […]

The post Hackers Using Fake Semrush Ads to Steal Google Accounts Login Credentials appeared first on Cyber Security News.

A highly targeted phishing campaign is currently exploiting Pocket Card users through elaborately crafted emails that appear to originate from the legitimate financial service provider. The campaign, active since early March 2025, has already compromised an estimated 3,000 accounts, resulting in unauthorized transactions and credential theft. The malicious actors behind this attack employ convincing Pocket […]

The post Pocket Card Users Under Attack Via Sophisticated Phishing Campaign appeared first on Cyber Security News.