Cyber Security News

CISA has added a new ASUS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling urgent risk for affected users and organizations. The flaw, tracked as CVE-2025-59374, affects ASUS Live Update, a utility commonly used to deliver firmware and software updates to ASUS devices. According to the advisory, specific ASUS Live Update clients were distributed with embedded malicious […]

The post CISA Adds ASUS Embedded Malicious Code Vulnerability to KEV List Following Active Exploitation appeared first on Cyber Security News.

A critical security alert warns customers about a severe vulnerability in HPE OneView Software that could allow remote attackers to execute arbitrary code without authentication. The flaw, tracked as CVE-2025-37164, carries a CVSS severity score of 10.0, indicating maximum critical risk. Attribute Details CVE ID CVE-2025-37164 Product HPE OneView Software Vulnerability Type Remote Code Execution […]

The post HPE OneView Software Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

A critical security advisory addressing multiple severe vulnerabilities in Cisco Unified Contact Center Express (Unified CCX). That could allow unauthenticated remote attackers to execute arbitrary commands and compromise affected systems. The vulnerabilities were disclosed on November 5, 2025, with the advisory updated on November 13, 2025. Two distinct vulnerabilities have been identified in the Java […]

The post Cisco Unified Contact Center Express Vulnerabilities Enables Remote Code Execution Attacks appeared first on Cyber Security News.

Microsoft has officially acknowledged a disruptive bug in its latest Windows updates, confirming that the November 2025 non-security preview update KB5070311 (OS builds 26200.7309 and 26100.7309) and subsequent patches are causing RemoteApp connection failures in Azure Virtual Desktop (AVD) environments. The issue primarily affects enterprise users running Windows 11 versions 24H2 and 25H2, as well […]

The post Microsoft Confirms Recent Windows 11 24H2/25H2 and Server 2025 Update Breaks RemoteApp Connections appeared first on Cyber Security News.

RansomHouse has emerged as a significant threat in the ransomware landscape, operated by a group tracked as Jolly Scorpius. This ransomware-as-a-service platform combines data theft with encryption, creating a dual pressure point that forces victims into difficult decisions. Since December 2021, the group has targeted at least 123 organizations across critical sectors, resulting in major […]

The post RansomHouse RaaS Service Upgraded with Double Extortion Strategy that Steals and Encrypt Data appeared first on Cyber Security News.

A joint investigation by Hunt.io and the Acronis Threat Research Unit has exposed an extensive network of North Korean state-sponsored infrastructure, revealing fresh connections between Lazarus and Kimsuky operations across global campaigns. The research uncovered active tool-staging servers, credential-theft environments, FRP tunneling nodes, and a certificate-linked infrastructure fabric controlled by DPRK operators. This discovery provides […]

The post Researchers Uncovered New Lazarus and Kimsuky Infrastructure with Active Tools and Tunnelling Nodes appeared first on Cyber Security News.

A coalition of U.S. and international cybersecurity agencies issued a stark warning this week about pro-Russia hacktivists exploiting exposed Virtual Network Computing (VNC) connections to infiltrate operational technology (OT) systems in critical infrastructure. The joint advisory, released December 9, 2025, highlights groups like Cyber Army of Russia Reborn (CARR), Z-Pentest, NoName057(16), and Sector16 targeting water, […]

The post Hackers Hijacking VNC Connections to Gain Access to OT Control Devices in Critical Infrastructure appeared first on Cyber Security News.

Ink Dragon, a Chinese espionage group, has significantly expanded its operations from Southeast Asia and South America into European government networks. This advancement marks a notable shift in the threat actor’s strategic focus, utilizing a blend of well-engineered tools combined with techniques that mimic standard enterprise activity. The group’s expansion has been methodical and disciplined, […]

The post Chinese-based Ink Dragon Compromises Asia and South America into European Government Networks appeared first on Cyber Security News.

Phantom Stealer version 3.5 has emerged as a serious threat to users worldwide, capable of extracting sensitive information including passwords, browser cookies, credit card details, and cryptocurrency wallet data. This sophisticated malware operates through deceptive packaging, often disguised as legitimate Adobe software installers, making it difficult for unaware users to identify the danger before infection […]

The post Phantom Stealer Attacking Users to Steal Sensitive Data like Passwords, Browser Cookies, Credit Card Data appeared first on Cyber Security News.

Enterprise-Grade Disaster Recovery and MSP Capabilities Now Available  NAKIVO, a leading provider of data protection solutions, has released NAKIVO Backup & Replication v11.1, marking a significant leap forward in protecting virtual environments and empowering managed service providers (MSPs).  After completing the closed beta testing phase, v11.1 has been released with enhanced capabilities for virtualized infrastructures and […]

The post NAKIVO v11.1 Introduces Stronger Protection for Virtual Environments  appeared first on Cyber Security News.

An active campaign exploiting a zero-day vulnerability in Cisco AsyncOS Software, targeting Secure Email Gateway (formerly Email Security Appliance, ESA) and Secure Email and Web Manager (formerly Content Security Management Appliance, SMA). The attack, spotted since late November 2025 and publicly disclosed on December 10, allows attackers to run system-level commands and plant a persistent […]

The post Cisco AsyncOS 0-Day Vulnerability Exploited in the Wild to run System-level Commands appeared first on Cyber Security News.

Threat actors launched a coordinated brute-force campaign against enterprise VPN gateways, hammering Palo Alto Networks GlobalProtect portals and Cisco SSL VPN endpoints with millions of automated login attempts in mid-December 2025. GreyNoise intelligence revealed the attacks stemmed from centralized infrastructure hosted by Germany’s 3xK GmbH, using scripted credential stuffing rather than zero-day exploits. The operation […]

The post Hackers Actively Attacking Cisco and Palo Alto Networks VPN Gateways to Gain Login Access appeared first on Cyber Security News.

Thousands of users in Japan and China faced widespread access and sign-in disruptions to Microsoft 365 and Copilot services early Thursday, stemming from a critical routing issue in the company’s infrastructure. Microsoft’s admin center status page confirmed the outage began around 12:00 AM UTC (8:00 AM JST / 8:00 AM CST), affecting a portion of […]

The post Microsoft 365 Services Including Teams, Outlook and Copilot Outage Hits Users in Japan and China appeared first on Cyber Security News.

The North Korean state-linked threat group Kimsuky has expanded its attack methods by distributing a dangerous mobile malware through weaponized QR codes, targeting users through sophisticated phishing sites that imitate package delivery services. Security researchers discovered the malicious campaign in September 2025, when victims received smishing messages with links that redirected them to fake delivery […]

The post Kimsuky Hackers Attacking Users via Weaponized QR Code to Deliver Malicious Mobile App appeared first on Cyber Security News.

Operation ForumTrol, an advanced persistent threat group, has launched a new targeted phishing campaign against Russian political scientists and researchers. This sophisticated operation continues the group’s pattern of cyberattacks that began in March 2025 with the exploitation of CVE-2025-2783, a zero-day vulnerability in Google Chrome. The threat group previously deployed rare malware like the LeetAgent […]

The post Operation ForumTrol Known for Exploiting Chrome 0-Day Attacking Users With New Phishing Campaign appeared first on Cyber Security News.

Every extra minute spent guessing during triage puts your SOC at risk. When it’s unclear what a file does, whether it’s malicious, or how urgent it is, real threats slip through while time is wasted on noise.  Fast triage depends on removing uncertainty early, so decisions are based on evidence, not guesswork or incomplete signals.  Here are five practical […]

The post 5 SOC Analyst Tips for Super-Fast Triage  appeared first on Cyber Security News.

Modern vehicles are increasingly defined by their connectivity, transforming them into sophisticated IoT devices on wheels. While this digital evolution enhances the driving experience, it introduces severe security risks. A hypothetical scenario where a car dashboard is remotely hijacked to run video games like Doom has become a frightening reality. This vulnerability stems from the […]

The post Hackers Could Take Control of Car Dashboard by Hacking Its Modem appeared first on Cyber Security News.

Microsoft has confirmed a critical out-of-bounds vulnerability in the Desktop Window Manager (DWM) that allows local attackers to escalate privileges to SYSTEM on affected Windows systems. The vulnerability, identified as CVE-2025-55681, resides in the dwmcore.dll component and impacts Windows 10, Windows 11, and related server editions worldwide. Product Affected Versions Windows 10 All versions Windows 11 […]

The post Microsoft Desktop Windows Manager Out-Of-Bounds Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

Microsoft has confirmed that its December 2025 Windows security update (KB5071546, OS Build 19045.6691) is causing Message Queuing (MSMQ) failures, leading to widespread IIS site crashes. First reported on December 12 and last updated December 16, the problem manifests under load, particularly in clustered setups, disrupting critical messaging workflows. Affected users report MSMQ queues going […]

The post Microsoft Asks IT Admins to Contact for Fix Related to Windows IIS Failure Issues appeared first on Cyber Security News.

In a sophisticated cyberespionage campaign, the BlindEagle threat actor has once again targeted Colombian government institutions. This latest operation specifically zeroed in on an agency under the Ministry of Commerce, Industry, and Tourism, leveraging a highly effective strategy to bypass standard email security protocols. By compromising an internal email account within the target organization, the […]

The post BlindEagle Hackers Attacking Organization to Abuse Trust and Bypass Email Security Controls appeared first on Cyber Security News.