Cyber Security News

A critical vulnerability in Lenovo’s Dispatcher drivers has come under the spotlight after researchers released a proof-of-concept exploit that demonstrates privilege escalation on affected Windows systems. Identified as CVE-2025-8061, this flaw stems from insufficient access controls in the drivers, potentially allowing local attackers to execute arbitrary code with elevated privileges. Discovered by security firm Quarkslab, […]

The post PoC Exploit Unveiled for Lenovo Code Execution Vulnerability Enabling Privilege Escalation appeared first on Cyber Security News.

Linus Torvalds has announced the release of Linux 6.18-rc1, marking the start of the release candidate phase for the upcoming kernel version. In his typical straightforward style, Torvalds noted that the merge window concluded smoothly after two weeks, with the new candidate tagged and pushed out to developers and testers worldwide. This iteration appears unremarkable […]

The post Linux Kernel 6.18-rc1 Released With Extensive Updates Following a Steady Merge Window appeared first on Cyber Security News.

Scattered Lapsus$ Hunters, a threat group previously associated with high-profile data thefts, recently claimed responsibility for exfiltrating over one billion records from Salesforce environments worldwide. Emerging in mid-2025, the group has honed its tactics to exploit misconfigurations in cloud identities and exposed APIs. Initial reports surfaced when multiple Salesforce customers observed anomalous queries against their […]

The post Scattered Lapsus$ Hunters Claim to Have Stolen More Than 1 Billion Salesforce Records appeared first on Cyber Security News.

New research uncovers valuable insights hidden within Microsoft Intune’s Mobile Device Management (MDM) certificates, offering a more reliable way to verify device and tenant identities compared to traditional methods like registry values. These certificates, issued to enrolled devices, contain Object Identifiers (OIDs) that, when properly decoded, reveal unique GUIDs for the MDM Device ID and […]

The post Microsoft Intune MDM and Entra ID Leveraged to Elevate your Trust in Device Identity appeared first on Cyber Security News.

A new wave of the Astaroth banking trojan has emerged, leveraging a novel approach to distribute its malicious configuration files. First detected in late 2025, this latest campaign employs GitHub’s raw content service to host encrypted JSON configurations containing target URLs, browser injection parameters, and command-and-control (C2) endpoints. By hiding critical settings behind GitHub’s trusted […]

The post Astaroth Banking Malware Leveraging GitHub to Host Malware Configurations appeared first on Cyber Security News.

A critical vulnerability in AMD’s Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP), a cornerstone of confidential computing deployed by major cloud providers like AWS, Azure, and Google Cloud. Dubbed RMPocalypse, the attack exploits a flaw in the initialization of the Reverse Map Table (RMP), which enforces memory integrity to prevent hypervisors from tampering with […]

The post New RMPocalypse Attack Let Hackers Break AMD SEV-SNP To Exfiltrate Confidential Data appeared first on Cyber Security News.

Cybercriminals have discovered a novel way to co-opt Discord webhooks as surrogate command-and-control (C2) channels across popular language ecosystems. Unlike traditional C2 servers, webhooks offer free, low-profile exfiltration that blends seamlessly into legitimate HTTPS traffic. Over the past month, malicious packages in npm, PyPI, and RubyGems have quietly siphoned sensitive files and telemetry from developer […]

The post Threat Actors Weaponize Discord Webhooks for Command and Control with npm, PyPI, and Ruby Packages appeared first on Cyber Security News.

A recent analysis from researcher Itamar Hällström has revealed the technical workings and forensic trail of “EDR-Freeze,” a proof-of-concept technique that temporarily disables security software. By abusing legitimate Windows components, this method can place Endpoint Detection and Response (EDR) and antivirus (AV) processes into a temporary, reversible coma, allowing attackers to operate undetected. How EDR-Freeze […]

The post EDR-Freeze Tool Technical Workings Along With Forensic Artifacts Revealed appeared first on Cyber Security News.

A significant security flaw has been discovered in Happy DOM, a popular JavaScript DOM implementation, affecting versions up to v19. This vulnerability places systems at risk of Remote Code Execution (RCE) attacks, potentially impacting the package’s 2.7 million weekly users. The flaw arises because the Node.js VM Context used by Happy DOM is not a […]

The post Happy DOM Vulnerability Exposes 2.7 Million Users To Remote Code Execution Attacks appeared first on Cyber Security News.

A sophisticated new malware campaign targeting Windows systems has emerged, leveraging Node.js Single Executable Application (SEA) features to distribute malicious payloads while evading traditional detection mechanisms. The Stealit malware represents a significant evolution in malware-as-a-service operations, combining advanced obfuscation techniques with extensive anti-analysis capabilities to establish persistent control over infected systems. The campaign has been […]

The post New Stealit Malware Attacking Windows Systems Abuses Node.js Extensions appeared first on Cyber Security News.

An open-source tool called RealBlindingEDR enables attackers to blind, permanently disable, or terminate antivirus (AV) and endpoint detection and response (EDR) software by clearing critical kernel callbacks on Windows systems. Released on GitHub in late 2023, the utility leverages signed drivers for arbitrary memory read and write operations, bypassing protections like PatchGuard to target six […]

The post RealBlindingEDR Tool That Permanently Turns Off AV/EDR Using Kernel Callbacks appeared first on Cyber Security News.

A surge in attacks targeting SonicWall SSLVPN devices, affecting numerous customer networks, just weeks after a major breach exposed sensitive firewall data. Starting October 4, 2025, threat actors have rapidly authenticated into over 100 accounts across 16 environments, using what appear to be stolen valid credentials rather than brute-force methods. This coordinated attack highlights the […]

The post SonicWall SSLVPN Under Attack Following the Breach of All Customers’ Firewall Backups appeared first on Cyber Security News.

Oracle has disclosed a critical vulnerability in its E-Business Suite that enables unauthenticated attackers to remotely access sensitive data, raising alarms for enterprises relying on the platform for core operations. Tracked as CVE-2025-61884, the flaw affects the Oracle Configurator component and was detailed in a security alert released on October 11, 2025. This comes just […]

The post Oracle E-Business Suite RCE Vulnerability Exposes Sensitive Data to Hackers Without Authentication appeared first on Cyber Security News.

Welcome to this week’s edition of the Cybersecurity Newsletter Weekly, where we dive into the most pressing threats and vulnerabilities shaping the digital landscape. As cyber risks continue to evolve at breakneck speed, our October 12, 2025, roundup spotlights a Discord platform breach exposing user data to potential exploitation, the alarming Red Hat data leak […]

The post Cybersecurity Newsletter Weekly – Discord, Red Hat Data Breach, 7-Zip Vulnerabilities and Sonicwall Firewall Hack appeared first on Cyber Security News.

VirusTotal (VT) is making important changes to its platform access and pricing. These updates aim to improve accessibility and strengthen its commitment to collaboration. The initiative, detailed in a recent company announcement, aims to simplify user options while reinforcing VT’s commitment to the global cybersecurity community as an open, collaborative platform for the common good. […]

The post VirusTotal Simplifies User Options With Platform Access and New Contributor Model appeared first on Cyber Security News.

A new technique enables attackers to exploit antivirus software by injecting harmful code directly into the antivirus processes. This approach makes it easier for them to evade detection and compromise the security that antivirus software is designed to provide. This method, detailed by cybersecurity researcher Two Seven One Three on X (@TwoSevenOneT), involves cloning protected […]

The post Hackers Can Inject Malicious Code into Antivirus to Create a Backdoor appeared first on Cyber Security News.

Critical flaws uncovered in the network communication between Microsoft Defender for Endpoint (DFE) and its cloud services, allowing post-breach attackers to bypass authentication, spoof data, disclose sensitive information, and even upload malicious files to investigation packages. These vulnerabilities, detailed in a recent analysis by InfoGuard Labs, highlight ongoing risks in endpoint detection and response (EDR) […]

The post Microsoft Defender Vulnerabilities Allow Attackers to Bypass Authentication and Upload Malicious Files appeared first on Cyber Security News.

Microsoft has rolled out a fix in its latest preview builds to resolve a notorious glitch with the “update and shut down” feature. This long-standing issue, which has haunted the operating system for years, tricked users into believing their PCs were powering off when updates were pending, only for the machines to restart unexpectedly and disrupt sleep cycles with noisy fans. The bug emerged shortly after Windows 11’s launch in 2021 and quickly became a source of […]

The post Microsoft Fixes Long-standing Windows 11 ‘Update and Shut down’ Bug appeared first on Cyber Security News.

Clicking on a malicious link can quickly turn your device into a security risk. Just seconds after clicking, your browser might start downloading malware, taking advantage of weaknesses, or sending you to fake websites that try to steal your personal information. The crucial moments following this action determine whether you’ll successfully contain the threat or […]

The post 5 Immediate Steps to be Followed After Clicking on a Malicious Link appeared first on Cyber Security News.

A massive, coordinated botnet campaign is actively targeting Remote Desktop Protocol (RDP) services across the United States. Security firm GreyNoise reported on October 8, 2025, that it has been tracking a significant wave of attacks originating from over 100,000 unique IP addresses spanning more than 100 countries. The operation appears to be centrally controlled, with […]

The post Hackers Attacking Remote Desktop Protocol Services from 100,000+ IP Addresses appeared first on Cyber Security News.