Cyber Security News

A critical vulnerability chain in Salesforce’s Agentforce AI platform, which could have allowed external attackers to steal sensitive CRM data. The vulnerability, dubbed ForcedLeak by Noma Labs, which discovered it, carries a CVSS score of 9.4 and was executed through a sophisticated indirect prompt injection attack. This discovery highlights the expanded and fundamentally different attack surface presented […]

The post Salesforce AI Agent Vulnerability Allows Let Attackers Exfiltration Sensitive Data appeared first on Cyber Security News.

Cybercriminals have orchestrated a sophisticated phishing campaign exploiting GitHub’s notification system to impersonate the prestigious startup accelerator Y Combinator, targeting developers’ cryptocurrency wallets through fake funding opportunity notifications. The attack leverages GitHub’s issue tracking system to mass-distribute phishing notifications, bypassing traditional email security filters by using the platform’s legitimate notification infrastructure.  Threat actors created multiple […]

The post Hackers Leverage GitHub Notifications to Mimic as Y Combinator to Steal Funds from Wallets appeared first on Cyber Security News.

A recent wave of attacks leveraging malicious Windows shortcut files (.LNK) has put security teams on high alert. Emerging in late August 2025, this new LNK malware distribution exploits trusted Microsoft binaries to bypass endpoint protections and execute payloads without raising suspicions. Delivered primarily via spear-phishing emails and compromised websites, the shortcut files appear innocuous, […]

The post New LNK Malware Uses Windows Binaries to Bypass Security Tools and Execute Malware appeared first on Cyber Security News.

Following a major law enforcement disruption in February 2024, the notorious LockBit ransomware group has resurfaced, marking its sixth anniversary with the release of a new version: LockBit 5.0. Trend Micro has identified and analyzed binaries for Windows, Linux, and VMware ESXi, confirming the group’s continued focus on cross-platform attacks that can cripple entire enterprise […]

The post New LockBit 5.0 Ransomware Variant Attacking Windows, Linux, and ESXi Systems appeared first on Cyber Security News.

A critical path traversal flaw in ZendTo has been assigned CVE-2025-34508 researchers discovered that versions 6.15–7 and prior enable authenticated users to manipulate file paths and retrieve sensitive data from the host system.  This issue underscores the persistent risk in web-based file transfer applications. Path Traversal Vulnerability (CVE-2025-34508) ZendTo is a PHP-driven dropoff or pickup […]

The post ZendTo Vulnerability Let Attackers Bypass Security Controls and Access Sensitive Data appeared first on Cyber Security News.

SetupHijack, an open-source research utility, has emerged as a powerful method for red teaming and security research by targeting race conditions and insecure file handling within Windows installer and update mechanisms.  By polling world-writable directories such as %TEMP%, %APPDATA%, and %USERPROFILE%\Downloads, the tool intercepts installer‐dropped payloads before they execute with elevated privileges, enabling full SYSTEM […]

The post SetupHijack Tool Exploits Race Conditions and Insecure File Handling in Windows Installer Processes appeared first on Cyber Security News.

BRICKSTORM has surfaced as a highly evasive backdoor targeting organizations within the technology and legal industries, exploiting trust relationships to infiltrate critical networks. First detected in mid-2025, this malware leverages multi-stage loaders and covert communication channels to avoid detection. Early victims reported unusual latency in remote desktop sessions, prompting deeper forensic investigations. As the campaign […]

The post New BRICKSTORM Stealthy Backdoor Attacking Tech and Legal Sectors appeared first on Cyber Security News.

In recent weeks, security researchers have observed a surge in targeted attacks attributed to the COLDRIVER advanced persistent threat (APT) group. This adversary has introduced a new PowerShell-based backdoor, dubbed BAITSWITCH, which exhibits sophisticated command-and-control techniques while blending into legitimate Windows processes. Initial sightings trace back to late July 2025, when intrusion attempts against government […]

The post COLDRIVER APT Group Uses ClickFix To Deliver a New PowerShell-Based Backdoor BAITSWITCH appeared first on Cyber Security News.

A critical vulnerability in the implementation of the TACACS+ protocol for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication controls or access sensitive data. The flaw originates from the software’s failure to properly verify whether a required TACACS+ shared secret is configured, creating a window for machine-in-the-middle (MitM) […]

The post Cisco IOS and XE Vulnerability Let Remote Attacker Bypass Authentication and Access Sensitive Data appeared first on Cyber Security News.

A critical vulnerability in NVIDIA’s Merlin Transformers4Rec library (CVE-2025-23298) enables unauthenticated attackers to achieve remote code execution (RCE) with root privileges via unsafe deserialization in the model checkpoint loader.  The discovery underscores the persistent security risks inherent in ML/AI frameworks’ reliance on Python’s pickle serialization. NVIDIA Merlin Vulnerability Trend Micro’s Zero Day Initiative (ZDI) stated […]

The post NVIDIA Merlin Vulnerability Allow Attacker to Achieve Remote Code Execution With Root Privileges appeared first on Cyber Security News.

Numerous mobile applications have been found to expose critical user information through misconfigured Firebase services, allowing unauthenticated attackers to access databases, storage buckets, Firestore collections, and Remote Config secrets. This widespread issue first came to light when security researcher Mike Oude Reimer published findings on 16 September 2025, demonstrating that approximately 150 different Firebase endpoints […]

The post Numerous Applications Using Google’s Firebase Platform Leaking Highly Sensitive Data appeared first on Cyber Security News.

Organizations commonly allow traffic to core services like Google Meet, YouTube, Chrome update servers, and Google Cloud Platform (GCP) to ensure uninterrupted operations.  A newly demonstrated domain fronting technique weaponizes this trust to establish covert command-and-control (C2) channels, enabling attackers to tunnel malicious traffic through Google’s own infrastructure without raising suspicion. Domain Fronting Technique Praetorian […]

The post New Domain-fronting Attack Uses Google Meet, YouTube, Chrome and GCP to Tunnel Traffic appeared first on Cyber Security News.

Luxembourg, Luxembourg, September 25th, 2025, CyberNewsWire Gcore, the global edge AI, cloud, network, and security solutions provider, today announced the findings of its Q1-Q2 2025 Radar report into DDoS attack trends. DDoS attacks have reached unprecedented scale and disruption in 2025, and businesses need to act fast to protect themselves from this evolving threat. The […]

The post Gcore Radar Report Reveals 41% Surge in DDoS Attack Volumes appeared first on Cyber Security News.

On the eve of Moldova’s parliamentary elections scheduled for September 28, 2025, cybersecurity researchers have uncovered a sophisticated Russian-backed disinformation campaign designed to undermine public confidence in Moldova’s pro-European leadership. The campaign began surfacing in April 2025, when analysts first observed a cluster of newly registered domains publishing biased news articles in both Romanian and […]

The post New Russian Disinformation Campaign Targeting Upcoming Moldova’s Elections appeared first on Cyber Security News.

A critical vulnerability in Hikvision security cameras, first disclosed in 2017, is being actively exploited by hackers to gain unauthorized access to sensitive information. SANS researchers observed a recent surge in malicious activity targeting a specific flaw, identified as CVE-2017-7921, which carries a critical severity score of 10.0 on the CVSS scale. The exploit attempts […]

The post Hackers Exploiting Hikvision Camera Vulnerability to Access Sensitive Information appeared first on Cyber Security News.

Critical vulnerabilities discovered in Supermicro Baseboard Management Controller (BMC) firmware have exposed a troubling pattern where inadequate security fixes create new attack vectors, allowing sophisticated adversaries to bypass signature verification mechanisms and maintain persistent control over enterprise server infrastructure. These flaws, affecting multiple generations of Supermicro motherboards, demonstrate how design weaknesses in firmware validation processes […]

The post BMC Firmware Vulnerabilities Allow Attackers to Bypass Signature Verification Features appeared first on Cyber Security News.

A severe vulnerability in the Linux kernel’s ksmbd SMB server implementation has been disclosed, potentially allowing authenticated remote attackers to execute arbitrary code on affected systems.  The vulnerability, tracked as CVE-2025-38561 and assigned a CVSS score of 8.5, represents a significant security risk for Linux systems utilizing the kernel-based SMB server functionality. The flaw disclosed […]

The post Linux Kernel ksmbd Vulnerability Allows Remote Attackers to Execute Arbitrary Code appeared first on Cyber Security News.

A sophisticated cybercriminal campaign has emerged targeting Indonesian and Vietnamese Android users with banking trojans disguised as legitimate government identity applications and payment services. The malicious operation, active since approximately August 2024, employs advanced evasion techniques to deliver variants of the BankBot trojan family while maintaining an extensive infrastructure of over 100 domains. The threat […]

The post Banking Trojans Attacking Android Users Mimic as Government and Legitimate Payment Apps appeared first on Cyber Security News.

A critical stored cross-site scripting vulnerability has emerged in the popular DotNetNuke (DNN) Platform, threatening websites powered by this widely-used content management system. The vulnerability, tracked as CVE-2025-59545 with a severity score of 9.1 out of 10, affects all DNN Platform versions prior to 10.1.0 and allows attackers to execute malicious scripts through the platform’s […]

The post Critical DNN Platform Vulnerability Let Attackers Execute Malicious Scripts appeared first on Cyber Security News.

Phishing campaigns are getting harder to spot, sometimes hiding in files you’d never suspect. ANY.RUN’s cybersecurity analysts recently uncovered one such case: a malicious SVG disguised as a PDF, hosted on a legitimate domain and packed with hidden redirects. By mid-September, it scaled into a full spam wave with Microsoft-themed lures. Let’s look at how […]

The post Malicious SVGs in Phishing Campaigns: How to Detect Hidden Redirects and Payloads appeared first on Cyber Security News.