Cyber Security News

A critical Cross-Site Request Forgery (CSRF) vulnerability in Zimbra Collaboration Server (ZCS) versions 9.0 through 10.1, tracked as CVE-2025-32354, allows attackers to execute unauthorized GraphQL operations and access sensitive user data.  The flaw resides in Zimbra’s webmail interface’s GraphQL endpoint (/service/extension/graphql), where improper CSRF token validation enables malicious actors to manipulate authenticated users into triggering […]

The post Zimbra Collaboration Server GraphQL Vulnerability Exposes Sensitive User Data appeared first on Cyber Security News.

Advanced Persistent Threats (APTs) represent one of the most formidable challenges in the cybersecurity landscape. These sophisticated attacks, typically orchestrated by nation-states or well-funded criminal organizations, target critical infrastructure, government agencies, and enterprises with surgical precision. Unlike conventional cyber threats, APTs maintain a long-term, stealthy presence within networks, often for months or years, maximizing damage […]

The post Defending Against APTs – CISO’s Strategic Guide appeared first on Cyber Security News.

A newly disclosed vulnerability in Docker Desktop’s Registry Access Management (RAM) feature has left macOS users vulnerable to unauthorized image pulls, undermining critical container security controls.  Designated CVE-2025-4095, the flaw allows developers to bypass registry restrictions enforced by administrators, potentially exposing organizations to malicious container images or unapproved software dependencies. Registry Access Management Vulnerability on […]

The post Docker Registry Vulnerability Lets MacOS Users Pull Images from Any Registry appeared first on Cyber Security News.

A high-severity vulnerability (CVE-2025-30194) in PowerDNS DNSdist, a widely used DNS load balancer and security tool, enables remote attackers to trigger denial-of-service (DoS) conditions by exploiting flaws in its DNS-over-HTTPS (DoH) implementation.  The vulnerability, disclosed in PowerDNS Security Advisory, affects DNSdist versions 1.9.0 through 1.9.8 when configured to use the nghttp2 library for DoH processing. […]

The post PowerDNS DNSdist Vulnerability Let Attackers Cause Denial of Service Condition appeared first on Cyber Security News.

Cybercriminals have discovered a new attack vector utilizing the legitimate file-sharing service GetShared to distribute malware and conduct phishing campaigns. This emerging threat allows attackers to circumvent traditional email security measures by exploiting the trusted status of notifications from recognized platforms. The technique represents an evolution in threat actors’ methodologies as they continue to adapt […]

The post Hackers Leveraging GetShared to Deploy Malware Bypassing Defenses appeared first on Cyber Security News.

WhatsApp, the world’s largest messaging platform, has announced a major leap in privacy-preserving artificial intelligence (AI) with the introduction of its new “Private Processing” system.  This technology enables users to access advanced AI features-such as message summarization and writing suggestions-while upholding WhatsApp’s core promise of end-to-end message secrecy, ensuring that not even Meta, WhatsApp, or […]

The post WhatsApp Introduces AI Tools With Promise of Full Message Secrecy appeared first on Cyber Security News.

CISA has added a critical SAP NetWeaver vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on April 29, 2025.  The zero-day flaw, tracked as CVE-2025-31324, carries a maximum CVSS score of 10.0 and has been actively exploited in the wild since at least March 2025. CVE-2025-31324: Critical SAP NetWeaver File Upload Flaw CVE-2025-31324 is an […]

The post CISA Warns SAP 0-day Vulnerability Exploited in the Wild  appeared first on Cyber Security News.

Security researchers have disclosed a critical vulnerability in Avast Free Antivirus that could allow attackers to gain elevated system privileges and execute malicious code with kernel-level access. The vulnerability, tracked as CVE-2025-3500, received a high CVSS score of 8.8 and was publicly disclosed on April 24, 2025, after being patched by Avast. The security flaw […]

The post Avast Antivirus Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

By fusing agentic AI and contextual threat intelligence, SecAI transforms investigation from a bottleneck into a force multiplier. SecAI, an AI-enriched threat intelligence company, made its official debut today at RSA Conference 2025 in San Francisco, marking the company’s first public appearance on the global cybersecurity stage. At the event, the SecAI team is showcasing […]

The post SecAI Debuts at RSA 2025, Redefining Threat Investigation with AI appeared first on Cyber Security News.

According to IBM Security annual research, “Cost of a Data Breach Report 2024”, an average cost of a data breach in healthcare in 2024 was $9.77 million, the highest among all industries due to sensitive patient data and regulatory penalties.  A Reality Check: Healthcare Cybercrime Scale  Just some more statistics from recent research:   Prevention Is […]

The post How Healthcare Providers Investigate And Prevent Cyber Attacks: Real-world Examples  appeared first on Cyber Security News.

A critical security flaw in NVIDIA’s Riva framework, an AI-powered speech and translation service, has left cloud environments vulnerable to unauthorized access and exploitation. Trend Micro researchers uncovered two vulnerabilities-CVE-2025-23242 and CVE-2025-23243-stemming from misconfigured deployments that expose Riva’s gRPC and Triton Inference Server endpoints to the public internet. These flaws enable threat actors to bypass […]

The post NVIDIA Riva Vulnerabilities Exposes Enable Authorized Access to Cloud Environments appeared first on Cyber Security News.

CISA officially added a significant security flaw affecting Broadcom’s Brocade Fabric OS to its authoritative Known Exploited Vulnerabilities (KEV) Catalog, underscoring the urgent need for remediation across enterprise and government environments.  The vulnerability, tracked as CVE-2025-1976, is classified as a code injection vulnerability and carries a high CVSS base score of 8.6 due to its […]

The post CISA Adds Broadcom Brocade Fabric OS Vulnerability to Known Exploited Vulnerabilities Catalog appeared first on Cyber Security News.

A critical vulnerability in Apple’s AirPlay protocol, dubbed AirBorne, has exposed over 2.35 billion active Apple devices and tens of millions of third-party gadgets to remote code execution (RCE) attacks requiring no user interaction. Researchers at Oligo Security discovered that the flaw allows attackers on the same Wi-Fi network to hijack devices ranging from Macs […]

The post AirPlay Zero-Click RCE Vulnerability Enables Remote Device Takeover via Wi-Fi appeared first on Cyber Security News.

A critical vulnerability in Google Chrome has recently been discovered that allows malicious actors to break out of the browser’s protective sandbox environment, potentially giving attackers access to the underlying operating system. The flaw, identified as CVE-2025-2783, affects Chrome versions prior to 134.0.6998.142 across Windows, macOS, and Linux platforms. This vulnerability represents a significant security […]

The post Google Chrome Vulnerability Let Attackers Escape Payload from Sandbox – Technical Details Disclosed appeared first on Cyber Security News.

In response to the concerning rise of “violence-as-a-service” (VaaS) and the exploitation of youth by organized crime, Europol has announced the formation of a new Operational Task Force (OTF), codenamed GRIMM.  This multinational initiative, led by Sweden, brings together law enforcement agencies from Belgium, Denmark, Finland, France, Germany, the Netherlands, and Norway. Europol provides operational […]

The post Europol Creates Operational Taskforce to Tackle Violence-as-a-Service appeared first on Cyber Security News.

Google’s Threat Intelligence Group (GTIG) has revealed that 75 zero-day vulnerabilities were exploited in the wild during 2024, highlighting both evolving attacker tactics and shifting targets in the global cybersecurity landscape.  While this figure decreases from the 98 zero-days observed in 2023, it still represents a significant increase from the 63 tracked in 2022, underscoring […]

The post Google Warns of 75 Zero-Day Vulnerabilities Exploited in the Wild appeared first on Cyber Security News.

OpenBSD 7.7, the 58th release of the security-focused operating system, was officially launched on April 28, 2025. This release substantially improves multiple areas, including performance optimization, hardware support, and security enhancements. The new version features notable performance improvements, particularly on ARM64 architecture, where the PMAP teardown has been optimized by skipping TLB flushes, resulting in […]

The post OpenBSD 7.7 Released with Significant Performance & Security Enhancements appeared first on Cyber Security News.

Microsoft has confirmed that its hotpatching feature for Windows Server 2025, which has been in preview since 2024, will transition to a paid subscription model starting July 1st, 2025.  The announcement, made by Janine Patrick, Windows Server Product Marketing Manager, and Artem Pronichkin, Senior Program Manager, marks a significant shift in how organizations can manage […]

The post Windows Server 2025 Hotpatching Service to be Rolled Out From July 1st, 2025 appeared first on Cyber Security News.

In today’s hyper-connected world, cyber threats are evolving at breakneck speed, making it more crucial than ever to stay informed and vigilant. Each week, our newsletter delivers a curated roundup of the most pressing news, expert insights, and actionable strategies to help you safeguard your digital assets and stay ahead of emerging threats. Inside this […]

The post Weekly Cyber Security News Letter – Last Week’s Top Cyber Attacks & Vulnerabilities appeared first on Cyber Security News.

A recent security assessment by Shelltrail has uncovered three critical vulnerabilities in the IXON VPN client, potentially allowing attackers to escalate privileges on both Windows and Linux systems. Identified as CVE-2025-ZZZ-01, CVE-2025-ZZZ-02, and CVE-2025-ZZZ-03, these flaws expose users to local privilege escalation (LPE) risks, with one additional impact currently undisclosed. CVE IDs are pending due […]

The post Critical IXON VPN Vulnerabilities Let Attackers Gain Access to Windows & Linux Systems appeared first on Cyber Security News.