Cyber Security News

Hackers are exploiting VMware ESXi instances in the wild with a zero-day exploit toolkit that chains multiple vulnerabilities for VM escapes. Cybersecurity firm Huntress disrupted one such attack, attributing initial access to a compromised SonicWall VPN.​ Threat actors gained a foothold via SonicWall VPN, then used a compromised Domain Admin account for lateral movement to […]

The post Hackers Exploiting VMware ESXi Instances in the Wild Using zero-day Exploit Toolkit appeared first on Cyber Security News.

A recent phishing campaign is abusing QR codes in a new way, turning simple HTML tables into working codes that redirect users to malicious sites. Instead of embedding a QR image in the email body, the attackers build the code from hundreds of tiny table cells, each styled as black or white. The result still […]

The post Hackers Using Malicious Imageless QR Codes to Render Phishing Attack Via HTML Table appeared first on Cyber Security News.

A sophisticated Windows packer known as pkr_mtsi has emerged as a powerful tool for delivering multiple malware families through widespread malvertising campaigns. First detected on April 24, 2025, this malicious packer continues to operate actively, distributing trojanized installers disguised as legitimate software applications. The packer targets popular tools including PuTTY, Rufus, and Microsoft Teams, using […]

The post Windows Packer pkr_mtsi Powers Widespread Malvertising Campaigns Delivering Multiple Malware Families appeared first on Cyber Security News.

ownCloud has urgently urged users of its Community Edition to enable multi-factor authentication (MFA). A threat intelligence report from Hudson Rock highlighted incidents in which attackers compromised self-hosted file-sharing platforms, including some ownCloud deployments, but ownCloud stresses that its platform itself remains unbreached. Hudson Rock’s analysis revealed no zero-day exploits or vulnerabilities in ownCloud’s architecture. […]

The post ownCloud Urges Users to Enable Multi-Factor Authentication Following Credential Theft appeared first on Cyber Security News.

CrazyHunter ransomware has emerged as a critical and evolving threat that specifically targets healthcare organizations and sensitive medical infrastructure. This Go-developed malware represents a significant escalation in ransomware sophistication, employing advanced encryption methods and delivery mechanisms designed to bypass modern security defenses. Healthcare institutions in Taiwan have experienced repeated attacks, with at least six known […]

The post CrazyHunter Ransomware Attacking Healthcare Sector with Advanced Evasion Techniques appeared first on Cyber Security News.

A sophisticated Go-based botnet dubbed GoBruteforcer is aggressively targeting Linux servers worldwide, brute-forcing weak passwords on internet-exposed services including FTP, MySQL, PostgreSQL, and phpMyAdmin. Check Point Research recently documented a new 2025 variant of the malware that demonstrates significant technical improvements over previous versions and has successfully compromised tens of thousands of servers.​ The botnet […]

The post GoBruteforcer Botnet Attacking Linux Servers Worldwide – 50,000 Internet-facing Servers at Risk appeared first on Cyber Security News.

ANY.RUN, the interactive malware analysis platform, has wrapped up 2025 with impressive growth figures and significant contributions to the cybersecurity community. The company’s annual report reveals how its global user base collectively spent over 400,000 hours analyzing threats—equivalent to more than 45 years of continuous research. The platform processed 5.7 million analyses across 195 countries […]

The post From Tycoon2FA to Lazarus Group – Inside ANY.RUN’s Biggest Discoveries of 2025 appeared first on Cyber Security News.

A proof-of-concept (PoC) exploit for CVE-2025-38352, a critical race condition vulnerability in the Linux kernel, has been publicly released on GitHub. The vulnerability, discovered earlier this year, targets the POSIX CPU timers implementation and was previously exploited in limited, targeted attacks against 32-bit Android devices. CVE-2025-38352 is a use-after-free (UAF) vulnerability in the Linux kernel’s handle_posix_cpu_timers() function. […]

The post PoC Exploit Released for Android/Linux Kernel Vulnerability CVE-2025-38352 appeared first on Cyber Security News.

Researchers from the Chinese Academy of Sciences and Nanyang Technological University have introduced AURA, a novel framework to safeguard proprietary knowledge graphs in GraphRAG systems against theft and private exploitation. Published on arXiv just a week ago, the paper highlights how adulterating KGs with fake but plausible data renders stolen copies useless to attackers while […]

The post Researchers Manipulate Stolen Data to Corrupt AI Models and Generate Inaccurate Outputs appeared first on Cyber Security News.

Chinese threat actors have launched a sophisticated campaign using NFC-enabled Android malware called Ghost Tap to intercept and steal financial information from victims worldwide. The malware operates through a deceptive distribution model, where attackers trick users into downloading seemingly legitimate applications via Telegram and other messaging platforms. Once installed, Ghost Tap leverages Near Field Communication […]

The post Chinese Hackers Deploy NFC-enabled Android Malware to Steal Payment Data appeared first on Cyber Security News.

A sophisticated new phishing campaign has emerged, leveraging the trusted infrastructure of Google Cloud services to bypass security filters and steal sensitive Microsoft 365 login credentials. By abusing legitimate workflow automation tools, threat actors are crafting convincing attacks that blend seamlessly with authentic communications, making detection increasingly difficult for both automated systems and end-users. This […]

The post Threat Actors Leversges Google Cloud Services to Steal Microsoft 365 Logins appeared first on Cyber Security News.

Microsoft has announced the indefinite cancellation of its Mailbox External Recipient Rate Limit in Exchange Online, reversing a previously planned restriction on bulk email sending. The decision comes after significant customer feedback highlighting operational disruptions caused by the proposed limitation. The tech giant’s Exchange Online Transport Team confirmed on January 6, 2026, that the external […]

The post Microsoft to Cancel Plans Imposing Daily Limit For Exchange Online Bulk E-mails appeared first on Cyber Security News.

ToddyCat, a sophisticated cyber espionage group, has emerged as a persistent threat targeting high-profile organizations across multiple continents. The group began operations in December 2020 by compromising Microsoft Exchange servers in Taiwan and Vietnam using an unidentified vulnerability. However, their capabilities expanded significantly in February 2021 when they began exploiting the ProxyLogon vulnerability to target […]

The post ToddyCat Malware Compromises Microsoft Exchange Servers using ProxyLogon Vulnerability appeared first on Cyber Security News.

A severe vulnerability in the TOTOLINK EX200 Wi-Fi extender could allow attackers to gain full system access via an unauthenticated telnet root service, researchers warned. The flaw, tracked as CVE-2025-65606 and assigned CERT Vulnerability Note VU#295169, affects the firmware upload error-handling logic in the End-of-Life TOTOLINK EX200 extender. When processing malformed firmware files, the device inadvertently enables […]

The post TOTOLINK EX200 Extender Vulnerability Allow Attacker to Gain Full System Access appeared first on Cyber Security News.

LockBit 5.0 has surfaced as the latest iteration of one of the world’s most active ransomware-as-a-service operations, continuing a legacy of sophisticated attacks since the group’s emergence in September 2019. This new version represents a significant evolution in the threat landscape, introducing enhanced encryption mechanisms and advanced anti-analysis capabilities that make detection and recovery exponentially […]

The post LockBit 5.0 Emerges with New Sophisticated Encryption and Anti-Analysis Tactics appeared first on Cyber Security News.

China’s cyber army has intensified attacks against Taiwan’s critical infrastructure in 2025, marking a significant escalation in digital warfare tactics. Taiwan’s national intelligence community documented a troubling trend: approximately 2.63 million intrusion attempts per day targeted critical systems across nine key sectors, including energy, healthcare, communications, and transportation. This represents a 6 percent increase from […]

The post Chinese Hackers Actively Attacking Taiwan Critical Infrastructure appeared first on Cyber Security News.

A severe security vulnerability has been discovered in n8n, the popular workflow automation platform, which allows authenticated users to execute arbitrary code remotely on affected instances. The flaw poses significant risks to both self-hosted deployments and n8n Cloud instances, potentially leading to complete system compromise. The authenticated Remote Code Execution (RCE) vulnerability affects n8n’s core […]

The post Critical n8n Vulnerability Enables Authenticated Remote Code Execution appeared first on Cyber Security News.

The notorious Black Cat cybercriminal group has aggressively resurfaced with a sophisticated malware campaign utilizing advanced search engine optimization techniques to distribute counterfeit versions of popular open-source software. By manipulating search engine algorithms, the gang successfully positions meticulously crafted phishing websites for tools like Notepad++ at the very top of keyword search results. This strategic […]

The post Black Cat Hacker Group with Fake Notepad++ Sites to Install Malware and Steal Data appeared first on Cyber Security News.

D-Link has confirmed unauthenticated command injection vulnerabilities affecting multiple router models deployed internationally. Active exploitation campaigns using DNS hijacking have been documented since late 2016, with threat actors continuing malicious activities through 2019 and beyond. Multiple D-Link router models remain vulnerable to remote DNS modification attacks through unauthenticated web interfaces. The vulnerabilities allow attackers to […]

The post D-Link Router Command Injection Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.

Phishing actors are exploiting complex routing scenarios and misconfigured security protections to send fake emails that appear to come from within organizations. These emails look like they were sent internally, making them harder to detect. Threat actors have used this method to deliver various phishing messages through platforms like Tycoon2FA. The emails use common tricks, […]

The post Hackers Exploited Routing Scenarios and Misconfigurtions to Effectively Spoof Organizations appeared first on Cyber Security News.