Cyber Security News

A critical vulnerability in macOS allows attackers to escalate privileges to root access through misconfigured daemon services.  The vulnerability, dubbed “Daemon Ex Plist,” exploits weaknesses in how macOS handles service property list (plist) files and has been found to affect multiple popular VPN applications and other software. Key Takeaways1. macOS daemons left behind in /Library/LaunchDaemons/ […]

The post New “Daemon Ex Plist” Vulnerability Gives Attackers Root Access on macOS appeared first on Cyber Security News.

A critical vulnerability in Microsoft Entra ID allows attackers to escalate privileges to the Global Administrator role through the exploitation of first-party applications.  The vulnerability, reported to Microsoft Security Response Center (MSRC) in January 2025, affects organizations using hybrid Active Directory environments with federated domains. Key Takeaways1. Attackers with certain admin or app permissions can […]

The post Microsoft Entra ID Vulnerability Let Attackers Escalate Privileges to Global Admin Role appeared first on Cyber Security News.

Last week, Ukraine’s Main Intelligence Directorate (GUR) orchestrated a sophisticated cyberattack against Gaskar Integration, a leading Russian drone manufacturer. The operation began with reconnaissance of the company’s public-facing infrastructure, where threat actors identified vulnerable remote desktop services and outdated VPN gateways. Leveraging a zero-day in a third-party web application firewall, the attackers gained initial foothold […]

The post Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier appeared first on Cyber Security News.

A sophisticated Chinese state-sponsored cyber espionage campaign has emerged targeting Taiwan’s critical semiconductor industry, employing weaponized Cobalt Strike beacons and advanced social engineering tactics. Between March and June 2025, multiple threat actors launched coordinated attacks against semiconductor manufacturing, design, and supply chain organizations, reflecting China’s strategic imperative to achieve technological self-sufficiency in this vital sector. […]

The post Chinese State-Sponsored Hackers Attacking Semiconductor Industry with Weaponized Cobalt Strike appeared first on Cyber Security News.

The global hacktivist landscape has undergone a dramatic transformation since 2022, evolving from primarily ideologically motivated actors into a complex ecosystem where attention-seeking behavior and monetization strategies drive operational decisions. This shift has fundamentally altered how these groups select targets and conduct campaigns, creating new challenges for cybersecurity professionals and organizations worldwide. Recent analysis reveals […]

The post Researchers Uncover on How Hacktivist Groups Gaining Attention and Selecting Targets appeared first on Cyber Security News.

The H2Miner botnet, first observed in late 2019, has resurfaced with an expanded arsenal that blurs the line between cryptojacking and ransomware. The latest campaign leverages inexpensive virtual private servers (VPS) and a grab-bag of commodity malware to compromise Linux hosts, Windows workstations, and container workloads simultaneously. By chaining cloud-aware shell scripts, cross-compiled binaries, and […]

The post H2Miner Attacking Linux, Windows, and Containers to Mine Monero appeared first on Cyber Security News.

A sophisticated new attack vector where malicious actors are hiding malware inside DNS records, exploiting a critical blind spot in most organizations’ security infrastructure. This technique transforms the Internet’s Domain Name System into an unconventional file storage system, allowing attackers to distribute malware while evading traditional detection methods. Recent investigations using DNSDB Scout, a passive […]

The post Hackers Exploiting DNS Blind Spots to Hide and Deliver Malware appeared first on Cyber Security News.

Researchers have uncovered critical security vulnerabilities affecting millions of computer servers and routers worldwide, stemming from the insecure implementation of fundamental internet tunneling protocols. The flaws could allow attackers to bypass security controls, spoof their identity, access private networks, and launch powerful denial-of-service attacks. The discovery was made by security researchers Mathy Vanhoef and Angelos […]

The post 4M+ Internet-Exposed Systems at Risk From Tunneling Protocol Vulnerabilities appeared first on Cyber Security News.

Emerging in mid-2023 as an apparent successor to Meiya Pico’s notorious MFSocket, the newly identified Android application Massistant has begun surfacing on confiscated handsets at Chinese border checkpoints and police stations. Unlike conventional spyware that relies on covert remote delivery, Massistant is installed physically when a device is in official custody, then pairs with a […]

The post Massistant Chinese Mobile Forensic Tooling Gain Access to SMS Messages, Images, Audio and GPS Data appeared first on Cyber Security News.

A sophisticated espionage campaign targeting multiple Asian jurisdictions has emerged, utilizing weaponized shortcut files and deceptive social engineering techniques to infiltrate high-value targets across China, Hong Kong, and Pakistan. The threat actor, designated UNG0002 (Unknown Group 0002), has demonstrated remarkable persistence and technical evolution throughout two major operational phases spanning from May 2024 to the […]

The post UNG0002 Actors Deploys Weaponize LNK Files Using ClickFix Fake CAPTCHA Verification Pages appeared first on Cyber Security News.

An Armenian national has been extradited from Ukraine to the United States to face federal charges for his alleged involvement in a series of Ryuk ransomware attacks and an extortion conspiracy that targeted U.S. companies, including a technology firm in Oregon. Karen Serobovich Vardanyan, 33, was extradited to the U.S. on June 18, 2025, and […]

The post Armenian Hacker Extradited to U.S. After Ransomware Attacks on Tech Firms appeared first on Cyber Security News.

Co-op has confirmed that all 6.5 million members of the UK retail cooperative had their personal data compromised during a sophisticated cyberattack in April.  The breach, which affected names, addresses, and contact information, represents one of the largest data exfiltrations in recent UK retail history.  Key Takeaways1. 6.5 million Co-op members' personal data stolen in […]

The post UK Retailer Co-op Confirms 6.5 Million Members’ Data Stolen in Massive Cyberattacks appeared first on Cyber Security News.

Cisco has disclosed multiple critical security vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow unauthenticated remote attackers to execute arbitrary commands with root privileges on affected systems. The vulnerabilities, assigned CVE identifiers CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337, all carry the maximum CVSS score of 10.0, indicating the most […]

The post Critical Cisco ISE Vulnerability Allows Remote Attacker to Execute Commands as Root User appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated malware campaign targeting WordPress websites through an ingenious ZIP archive-based attack mechanism. The malware, first reported in July 2025, represents a significant evolution in web-based threats, utilizing advanced obfuscation techniques and stealthy persistence methods to redirect unsuspecting visitors to malicious domains while simultaneously conducting search engine optimization poisoning operations. […]

The post Threat Actors Weaponize WordPress Websites to Redirect Visitors to Malicious Websites appeared first on Cyber Security News.

Chinese state-sponsored hackers known as Salt Typhoon successfully infiltrated and maintained persistent access to a U.S. state’s Army National Guard network for nearly ten months, from March 2024 through December 2024, according to a Department of Homeland Security memo obtained by NBC News. The sophisticated cyberespionage campaign represents a significant escalation in Beijing’s ongoing cyber […]

The post Chinese ‘Salt Typhoon’ Hackers Hijacked US National Guard Network for Nearly a Year appeared first on Cyber Security News.

A sophisticated cyberattack campaign emerged in July 2025, weaponizing Microsoft Teams calls to deploy the latest iteration of Matanbuchus ransomware. The attack begins with adversaries impersonating IT helpdesk personnel through external Teams calls, leveraging social engineering tactics to convince employees to execute malicious scripts. During these fraudulent support sessions, attackers activate Quick Assist and instruct […]

The post Microsoft Teams Call Weaponized to Deploy and Execute Matanbuchus Ransomware appeared first on Cyber Security News.

A sophisticated cybercrime group dubbed “Dark Partners” has emerged as a significant threat to cryptocurrency users worldwide, orchestrating large-scale theft campaigns through an extensive network of fake websites impersonating AI tools, VPN services, and popular software brands. Active since at least May 2025, this financially motivated group has deployed a complex infrastructure spanning over 250 […]

The post Dark Partners Hackers Group Wiping Crypto Wallets With Fake Ai Tools and VPN Services appeared first on Cyber Security News.

How do you lead a security team when threats evolve faster than your tools? It’s a challenge many CISOs face daily. Detection gaps, constant alert noise, and slow incident response make it harder to protect the organization and support the team.  The real issue often comes down to visibility. Without seeing how a threat actually […]

The post Top 3 CISO Challenges And How To Solve Them  appeared first on Cyber Security News.

Dozens of Fortinet FortiWeb instances have been compromised with webshells in a widespread hacking campaign, according to the threat monitoring organization The Shadowserver Foundation. The attacks are linked to a critical vulnerability, tracked as CVE-2025-25257, for which public proof-of-concept (PoC) exploits were released just days ago. Key Takeaways1. A critical flaw in Fortinet FortiWeb is […]

The post Fortinet FortiWeb Instances Hacked With Webshells Following Public PoC Exploits appeared first on Cyber Security News.

A sophisticated MacOS malware campaign dubbed NimDoor has emerged, targeting Web3 and cryptocurrency organizations through weaponized Zoom SDK updates. The malware, attributed to North Korea-linked threat actors likely associated with Stardust Chollima, represents a significant evolution in offensive capabilities against MacOS systems, having been active since at least April 2025. The attack orchestration begins with […]

The post MacOS Malware NimDoor Weaponizing Zoom SDK Update to Steal Keychain Credentials appeared first on Cyber Security News.