Cyber Security News

Cisco warns of a Critical remote code execution flaw in web services across multiple Cisco platforms.  Tracked as CVE-2025-20363 (CWE-122), this vulnerability carries a CVSS 3.1 Base Score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) and impacts ASA, FTD, IOS, IOS XE, and IOS XR Software. Cisco Input Validation Flaw (CVE-2025-20363) The flaw stems from improper validation of user-supplied […]

The post Critical Cisco Vulnerability Let Remote Attackers Execute Arbitrary Code on Firewalls and Routers appeared first on Cyber Security News.

Cybersecurity authorities are urging organizations to take immediate action following the discovery of a sophisticated espionage campaign targeting Cisco Adaptive Security Appliance (ASA) firewalls. In a significant update, Cisco and the UK’s National Cyber Security Centre (NCSC) have revealed that a state-sponsored threat actor is exploiting a zero-day vulnerability (CVE-2025-20333) in Cisco ASA 5500-X series […]

The post Hackers Exploiting Cisco ASA Zero-Day to Deploy RayInitiator and LINE VIPER Malware appeared first on Cyber Security News.

Cisco has issued an emergency security advisory warning of active exploitation of a critical zero-day vulnerability in its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software platforms.  The vulnerability, tracked as CVE-2025-20333, carries a maximum CVSS score of 9.9 and enables authenticated remote attackers to execute arbitrary code with root […]

The post Cisco ASA 0-Day RCE Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.

In mid-2024, cybersecurity professionals began observing a surge of targeted intrusions against government, defense, and technology organizations worldwide. These incidents were linked to a previously uncharacterized threat group later christened RedNovember, which leverages open-source and commodity tools to deploy a stealthy Go-based backdoor. Initial compromises often stemmed from the exploitation of Internet-facing devices—including VPN appliances, […]

The post RedNovember Hackers Attacking Government and Technology Organizations to Deploy Backdoor appeared first on Cyber Security News.

Cybercriminals are increasingly turning to artificial intelligence to enhance their attack capabilities, as demonstrated in a sophisticated phishing campaign recently uncovered by security researchers. The campaign represents a significant evolution in malware obfuscation techniques, utilizing AI-generated code to disguise malicious payloads within seemingly legitimate business documents. This development marks a concerning shift in the threat […]

The post Hackers Leverage AI-Generated Code to Obfuscate Its Payload and Evade Traditional Defenses appeared first on Cyber Security News.

A sophisticated phishing campaign has emerged targeting maintainers of packages on the Python Package Index (PyPI), employing domain confusion tactics to steal authentication credentials from unsuspecting developers. The attack leverages fraudulent emails designed to mimic official PyPI communications, directing recipients to malicious domains that closely resemble the legitimate PyPI infrastructure. The phishing operation utilizes carefully […]

The post New Phishing Attack Targeting PyPI Maintainers to Steal Login Credentials appeared first on Cyber Security News.

Living Security, a global leader in Human Risk Management (HRM), today announced the full speaker lineup for the Human Risk Management Conference (HRMCon 2025), taking place October 20, 2025, at Austin’s Q2 Stadium and virtually worldwide. The announcement follows findings from the newly published 2025 State of Human Cyber Risk Report, produced by the Cyentia […]

The post Living Security Unveils HRMCon 2025 Speakers as Report Finds Firms Detect Just 19% of Human Risk appeared first on Cyber Security News.

A critical vulnerability chain in Salesforce’s Agentforce AI platform, which could have allowed external attackers to steal sensitive CRM data. The vulnerability, dubbed ForcedLeak by Noma Labs, which discovered it, carries a CVSS score of 9.4 and was executed through a sophisticated indirect prompt injection attack. This discovery highlights the expanded and fundamentally different attack surface presented […]

The post Salesforce AI Agent Vulnerability Allows Let Attackers Exfiltration Sensitive Data appeared first on Cyber Security News.

Cybercriminals have orchestrated a sophisticated phishing campaign exploiting GitHub’s notification system to impersonate the prestigious startup accelerator Y Combinator, targeting developers’ cryptocurrency wallets through fake funding opportunity notifications. The attack leverages GitHub’s issue tracking system to mass-distribute phishing notifications, bypassing traditional email security filters by using the platform’s legitimate notification infrastructure.  Threat actors created multiple […]

The post Hackers Leverage GitHub Notifications to Mimic as Y Combinator to Steal Funds from Wallets appeared first on Cyber Security News.

A recent wave of attacks leveraging malicious Windows shortcut files (.LNK) has put security teams on high alert. Emerging in late August 2025, this new LNK malware distribution exploits trusted Microsoft binaries to bypass endpoint protections and execute payloads without raising suspicions. Delivered primarily via spear-phishing emails and compromised websites, the shortcut files appear innocuous, […]

The post New LNK Malware Uses Windows Binaries to Bypass Security Tools and Execute Malware appeared first on Cyber Security News.

Following a major law enforcement disruption in February 2024, the notorious LockBit ransomware group has resurfaced, marking its sixth anniversary with the release of a new version: LockBit 5.0. Trend Micro has identified and analyzed binaries for Windows, Linux, and VMware ESXi, confirming the group’s continued focus on cross-platform attacks that can cripple entire enterprise […]

The post New LockBit 5.0 Ransomware Variant Attacking Windows, Linux, and ESXi Systems appeared first on Cyber Security News.

A critical path traversal flaw in ZendTo has been assigned CVE-2025-34508 researchers discovered that versions 6.15–7 and prior enable authenticated users to manipulate file paths and retrieve sensitive data from the host system.  This issue underscores the persistent risk in web-based file transfer applications. Path Traversal Vulnerability (CVE-2025-34508) ZendTo is a PHP-driven dropoff or pickup […]

The post ZendTo Vulnerability Let Attackers Bypass Security Controls and Access Sensitive Data appeared first on Cyber Security News.

SetupHijack, an open-source research utility, has emerged as a powerful method for red teaming and security research by targeting race conditions and insecure file handling within Windows installer and update mechanisms.  By polling world-writable directories such as %TEMP%, %APPDATA%, and %USERPROFILE%\Downloads, the tool intercepts installer‐dropped payloads before they execute with elevated privileges, enabling full SYSTEM […]

The post SetupHijack Tool Exploits Race Conditions and Insecure File Handling in Windows Installer Processes appeared first on Cyber Security News.

BRICKSTORM has surfaced as a highly evasive backdoor targeting organizations within the technology and legal industries, exploiting trust relationships to infiltrate critical networks. First detected in mid-2025, this malware leverages multi-stage loaders and covert communication channels to avoid detection. Early victims reported unusual latency in remote desktop sessions, prompting deeper forensic investigations. As the campaign […]

The post New BRICKSTORM Stealthy Backdoor Attacking Tech and Legal Sectors appeared first on Cyber Security News.

In recent weeks, security researchers have observed a surge in targeted attacks attributed to the COLDRIVER advanced persistent threat (APT) group. This adversary has introduced a new PowerShell-based backdoor, dubbed BAITSWITCH, which exhibits sophisticated command-and-control techniques while blending into legitimate Windows processes. Initial sightings trace back to late July 2025, when intrusion attempts against government […]

The post COLDRIVER APT Group Uses ClickFix To Deliver a New PowerShell-Based Backdoor BAITSWITCH appeared first on Cyber Security News.

A critical vulnerability in the implementation of the TACACS+ protocol for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication controls or access sensitive data. The flaw originates from the software’s failure to properly verify whether a required TACACS+ shared secret is configured, creating a window for machine-in-the-middle (MitM) […]

The post Cisco IOS and XE Vulnerability Let Remote Attacker Bypass Authentication and Access Sensitive Data appeared first on Cyber Security News.

A critical vulnerability in NVIDIA’s Merlin Transformers4Rec library (CVE-2025-23298) enables unauthenticated attackers to achieve remote code execution (RCE) with root privileges via unsafe deserialization in the model checkpoint loader.  The discovery underscores the persistent security risks inherent in ML/AI frameworks’ reliance on Python’s pickle serialization. NVIDIA Merlin Vulnerability Trend Micro’s Zero Day Initiative (ZDI) stated […]

The post NVIDIA Merlin Vulnerability Allow Attacker to Achieve Remote Code Execution With Root Privileges appeared first on Cyber Security News.

Numerous mobile applications have been found to expose critical user information through misconfigured Firebase services, allowing unauthenticated attackers to access databases, storage buckets, Firestore collections, and Remote Config secrets. This widespread issue first came to light when security researcher Mike Oude Reimer published findings on 16 September 2025, demonstrating that approximately 150 different Firebase endpoints […]

The post Numerous Applications Using Google’s Firebase Platform Leaking Highly Sensitive Data appeared first on Cyber Security News.

Organizations commonly allow traffic to core services like Google Meet, YouTube, Chrome update servers, and Google Cloud Platform (GCP) to ensure uninterrupted operations.  A newly demonstrated domain fronting technique weaponizes this trust to establish covert command-and-control (C2) channels, enabling attackers to tunnel malicious traffic through Google’s own infrastructure without raising suspicion. Domain Fronting Technique Praetorian […]

The post New Domain-fronting Attack Uses Google Meet, YouTube, Chrome and GCP to Tunnel Traffic appeared first on Cyber Security News.

Luxembourg, Luxembourg, September 25th, 2025, CyberNewsWire Gcore, the global edge AI, cloud, network, and security solutions provider, today announced the findings of its Q1-Q2 2025 Radar report into DDoS attack trends. DDoS attacks have reached unprecedented scale and disruption in 2025, and businesses need to act fast to protect themselves from this evolving threat. The […]

The post Gcore Radar Report Reveals 41% Surge in DDoS Attack Volumes appeared first on Cyber Security News.