Cyber Security News

A critical authentication bypass vulnerability in the Case Theme User WordPress plugin has emerged as a significant security threat, allowing unauthenticated attackers to gain administrative access to websites by exploiting the social login functionality. The vulnerability, tracked as CVE-2025-5821 with a CVSS score of 9.8, affects all versions of the plugin up to 1.0.3 and […]

The post WordPress Plugin Vulnerability Let Attackers Bypass Authentication via Social Login appeared first on Cyber Security News.

An ongoing supply chain attack has compromised multiple npm packages published by CrowdStrike, extending a malicious campaign known as the “Shai-Halud attack.” The incident, which involves the same malware previously used to target the popular tinycolor package, highlights the persistent threat of supply chain vulnerabilities within the open-source ecosystem. The npm registry acted swiftly to […]

The post CrowdStrike npm Packages Compromised in Ongoing Supply Chain Attack appeared first on Cyber Security News.

The eruption of widespread protests across Nepal in early September 2025 provided fertile ground for a sophisticated campaign orchestrated by the Sidewinder APT group. As demonstrators mobilized against government policies and social media restrictions, threat actors exploited the turbulence to distribute malicious applications masquerading as legitimate emergency services. Victims seeking live updates or assistance were […]

The post Sidewinder APT Hackers Leverage Nepal Protests to Push Mobile and Windows Malware appeared first on Cyber Security News.

Cybercriminals are increasingly exploiting legitimate remote monitoring and management (RMM) tools to establish persistent access to compromised systems through sophisticated phishing campaigns. Joint research conducted by Red Canary Intelligence and Zscaler threat hunters has identified multiple malicious campaigns utilizing ITarian (also known as Comodo), PDQ, SimpleHelp, and Atera RMM solutions as attack vectors. The appeal […]

The post Threat Actors Leverage Several RMM Tools in Phishing Attack to Maintain Remote Access appeared first on Cyber Security News.

A sophisticated pro-Russian cybercriminal group known as SectorJ149 (also identified as UAC-0050) has emerged as a significant threat to critical infrastructure worldwide, conducting targeted attacks against manufacturing, energy, and semiconductor companies across multiple nations. The group’s activities represent a strategic shift from traditional financially motivated cybercrime to geopolitically driven operations that align with broader Russian […]

The post Pro-Russian Hackers Attacking Key Industries in Major Countries Around The World appeared first on Cyber Security News.

Microsoft has resolved a significant audio bug in Windows 11 version 24H2 that prevented Bluetooth headsets and speakers from functioning correctly on certain devices. The issue, which first appeared in December 2024, has now been fixed through a new driver update, and the company has lifted the temporary block that prevented affected users from installing […]

The post Microsoft Fixes Windows 11 24H2 Audio Issue that Stops Bluetooth Headsets and Speakers Working appeared first on Cyber Security News.

Burger King has invoked the U.S. Digital Millennium Copyright Act (DMCA) to force the removal of a security researcher’s blog post that exposed critical vulnerabilities in its drive-thru “Assistant” system.  The move has caused a debate over the use of copyright law to suppress legitimate cybersecurity disclosures. Key Takeaways1. Burger King issued a DMCA takedown […]

The post Burger King Uses DMCA Complaint to Take Down Blog Post Detailing Security Flaws on Drive-Thru Systems appeared first on Cyber Security News.

In mid-July 2025, a novel campaign emerged in which cybercriminals weaponized generative AI to fabricate deepfake images of government IDs, embedding them within spear-phishing messages that bypassed traditional antivirus safeguards. These emails impersonated military and security institutions, complete with convincing visual assets generated by ChatGPT. Recipients were urged to review “draft” ID cards, triggering the […]

The post Hackers Using Generative AI ‘ChatGPT’ to Evade Anti-virus Defenses appeared first on Cyber Security News.

The BlackNevas ransomware group has emerged as a significant threat since November 2024, continuously launching devastating attacks against businesses and critical infrastructure organizations across Asia, North America, and Europe. This sophisticated malware operation combines file encryption with data theft tactics, threatening to leak stolen information if ransom demands are not met within seven days. The […]

The post BlackNevas Ransomware Encrypts Files and Steals Sensitive Data From Affected Companies appeared first on Cyber Security News.

The cybersecurity landscape witnessed a significant escalation in July 2025 when the China-aligned threat actor Hive0154, commonly known as Mustang Panda, deployed sophisticated new malware variants designed to breach air-gapped systems. This advanced persistent threat group introduced SnakeDisk, a novel USB worm, alongside an updated Toneshell9 backdoor, representing a calculated evolution in their cyber espionage […]

The post Mustang Panda With SnakeDisk USB Worm and Toneshell Backdoor Seeking to Penetrate Air-Gap Systems appeared first on Cyber Security News.

Red AI Range (RAR), an open-source AI red teaming platform, is transforming the way security professionals assess and harden AI systems.  Designed to simulate realistic attack scenarios, RAR streamlines the discovery, analysis, and mitigation of AI-specific vulnerabilities by leveraging containerized architectures and automated tooling.  Key Takeaways1. Arsenal/Target buttons spin up isolated AI testing containers.2. Recording, […]

The post New Red Teaming Tool “Red AI Range” Discovers, Analyzes, and Mitigates AI Vulnerabilities appeared first on Cyber Security News.

In August 2025, security researchers uncovered a sophisticated SEO poisoning campaign targeting Chinese-speaking Windows users. By manipulating search result rankings with tailored SEO plugins and registering lookalike domains, attackers successfully masqueraded malicious software download sites as legitimate providers. Victims searching for popular applications such as DeepL were redirected to spoofed pages bearing minimal character substitutions […]

The post New SEO Poisoning Attacking Windows Users With Weaponized Software Sites appeared first on Cyber Security News.

In the complex and rapidly evolving world of cybersecurity, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) stand as the crucial first line of defense for a diverse array of clients. From small businesses to large enterprises, client endpoints the laptops, desktops, servers, and mobile devices represent the most vulnerable and frequently targeted […]

The post Top 10 Best Endpoint Protection Solutions For MSPs/MSSPs in 2025 appeared first on Cyber Security News.

Of all the vulnerabilities that plague modern applications, Cross-Site Scripting (XSS) is one of the oldest and most persistent. Despite being a known threat for over two decades, XSS continues to appear in everything from legacy systems to new, cloud-native architectures. The Microsoft Security Response Center (MSRC) recently highlighted the enduring nature of this threat, […]

The post Microsoft Confirms 900+ XSS Vulnerabilities Found in IT Services, Ranging from Low Impact to Zero-Click appeared first on Cyber Security News.

A high-severity vulnerability was identified in LangChainGo, the Go implementation of the popular LLM orchestration framework LangChain.  Tracked as CVE-2025-9556, this flaw allows unauthenticated attackers to perform arbitrary file reads through maliciously crafted prompt templates, effectively exposing sensitive server files without requiring direct system access. Key Takeaways1. CVE-2025-9556, Jinja2 prompt injection enables arbitrary file reads.2. […]

The post Critical LangChainGo Vulnerability Let Attackers Access Sensitive Files by Injecting Malicious Prompts appeared first on Cyber Security News.

Security researchers have uncovered a sophisticated malware campaign spanning seven years, where threat actors behind AppSuite-PDF and PDF Editor applications systematically abused code-signing certificates to legitimize their malicious software. The actors, tracked under the malware family name BaoLoader, have utilized at least 26 code-signing certificates obtained through fraudulent business registrations, primarily targeting users seeking PDF […]

The post Actors Behind AppSuite-PDF and PDF Editor Used 26 Code-Signing Certificates to Make Software Appear Legitimate appeared first on Cyber Security News.

A critical permission misconfiguration in the IBM QRadar Security Information and Event Management (SIEM) platform could allow local privileged users to manipulate configuration files without authorization.  Tracked as CVE-2025-0164, the flaw stems from improper permission assignment and carries a CVSS 3.1 base score of 2.3 (AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). Key Takeaways1. CVE-2025-0164 in QRadar SIEM v7.5–7.5.0 UP13 IF01 lets privileged […]

The post IBM QRadar SIEM Vulnerability Let Attackers Perform Unauthorized Actions appeared first on Cyber Security News.

The Great Firewall of China (GFW) suffered its largest-ever internal data breach. More than 500 GB of sensitive material—including source code, work logs, configuration files, and internal communications—was exfiltrated and published online.  The breach stems from Geedge Networks and the MESA Lab at the Institute of Information Engineering, Chinese Academy of Sciences.  The leaked archive […]

The post Great Firewall of China’s Sensitive Data of Over 500GB+ Leaked Online appeared first on Cyber Security News.

DarkCloud Stealer has recently emerged as a potent threat targeting financial organizations through convincing phishing campaigns. Adversaries employ weaponized RAR attachments masquerading as legitimate documents to deliver a multi-stage JavaScript-based payload. Upon opening the archive, victims execute a VBE script that leverages Windows Script Host to initiate a PowerShell downloader hidden in innocuous-seeming image files. […]

The post DarkCloud Stealer Attacking Financial Companies With Weaponized RAR Attachments appeared first on Cyber Security News.

Emerging in early September 2025, the Yurei ransomware has swiftly drawn attention for its novel combination of Go-based execution and ChaCha20 encryption. First documented on September 5 when a Sri Lankan food manufacturer fell victim, the threat actor behind Yurei adopted a double-extortion model: encrypting files while exfiltrating sensitive data for additional leverage. Within days, […]

The post New Yurei Ransomware With PowerShell Commands Encrypts Files With ChaCha20 Algorithm appeared first on Cyber Security News.