Cyber Security News

A sophisticated malware campaign has emerged in the npm ecosystem, utilizing an innovative steganographic technique to conceal malicious code within QR codes. The malicious package, identified as “fezbox,” presents itself as a legitimate JavaScript/TypeScript utility library while secretly executing password-stealing operations through a cleverly disguised QR code payload. This attack represents a significant evolution in […]

The post New Malware in npm Package Steals Browser Passwords Using Steganographic QR Code appeared first on Cyber Security News.

Zloader, a sophisticated Zeus-based modular trojan that first emerged in 2015, has undergone a significant transformation from its original banking-focused operations to become a dangerous entry point for ransomware attacks in corporate environments. Originally designed to facilitate financial fraud, this malware family has evolved into a powerful tool for initial access brokers who specialize in […]

The post Zloader Malware Repurposed to Act as Entry Point Into Corporate Environments to Deploy Ransomware appeared first on Cyber Security News.

A sophisticated malware campaign has emerged that leverages fake online speed test applications to deploy obfuscated JavaScript payloads on Windows systems. These malicious utilities masquerade as legitimate network speed testing tools, manual readers, PDF utilities, and various search frontends to deceive unsuspecting users into installing dangerous code that operates covertly in the background. The attack […]

The post Beware of Fake Online Speedtest Application With Obfuscated JS Codes appeared first on Cyber Security News.

Defy Security, a leading provider of cybersecurity solutions and services, today announced the appointment of Gary Warzala to its Board of Directors. Warzala is a highly regarded cybersecurity executive with more than 20 years of leadership experience, having served as Chief Information Security Officer (CISO) at Visa Inc., PNC Bank, Fifth Third Bank, Aon Corporation, […]

The post Defy Security Appoints Esteemed Cybersecurity Leader Gary Warzala to Its Board of Directors appeared first on Cyber Security News.

Alex sighed at his third energy drink of the night shift, watching another batch of security alerts flood his SIEM dashboard. As a Level 2 threat analyst at a mid-sized financial firm, he was drowning in false positives and spending precious hours manually investigating each suspicious hash, IP address, and domain.   Then everything changed during […]

The post Want to Validate Alerts Faster? Use Free Threat Intel from 15K SOCs  appeared first on Cyber Security News.

The Iranian threat actor known as Nimbus Manticore has intensified its campaign targeting defense manufacturing, telecommunications, and aviation sectors across Western Europe with sophisticated new malware variants. This mature advanced persistent threat group, also tracked as UNC1549 and Smoke Sandstorm, has evolved its tactics to include previously undocumented techniques for evading detection and maintaining persistence […]

The post Nimbus Manticore Attacking Defense and Telecom Sectors With New Malware appeared first on Cyber Security News.

Cybercriminals have embraced a new deceptive technique that transforms seemingly harmless vector graphics into dangerous malware delivery systems. A recent campaign targeting Latin America demonstrates how attackers are exploiting oversized SVG files containing embedded malicious payloads to distribute AsyncRAT, a potent remote access trojan capable of comprehensive system compromise. The campaign begins with carefully crafted […]

The post Hackers Weaponizing SVG Files to Stealthily Deliver Malicious Payloads appeared first on Cyber Security News.

Jaguar Land Rover (JLR), the United Kingdom’s largest automotive manufacturer, has announced an additional delay in resuming production at its factories following a significant cyber-attack that occurred earlier this month. The company has extended its current production pause until Wednesday, October 1, 2025, as it continues to manage the fallout from the security incident and […]

The post Tata-Owned Jaguar Land Rover Delays Factory Reopening Following Major Cyber Attack appeared first on Cyber Security News.

SonicWall has issued an urgent firmware update, version 10.2.2.2-92sv, for its Secure Mobile Access (SMA) 100 series appliances to detect and remove known rootkit malware. The advisory, SNWLID-2025-0015, published on September 22, 2025, strongly recommends that all users of SMA 210, 410, and 500v devices apply the update immediately to protect against persistent threats. This […]

The post SonicWall Releases Urgent Update to Remove Rootkit Malware ‘OVERSTEP’ from SMA Devices appeared first on Cyber Security News.

In recent months, a sophisticated campaign has emerged in which state-linked threat actors are leveraging fake job offers to ensnare unsuspecting job seekers and deliver advanced malware. These attackers craft convincing phishing emails that direct victims to look-alike career portals, impersonating leading aerospace and defense firms. The lure often begins with a personalized outreach on […]

The post Threat Actors with Fake Job Lures Attacking Job Seekers to Deploy Advanced Malware appeared first on Cyber Security News.

The U.S. Secret Service has dismantled a massive, sophisticated network of electronic devices in the New York tristate area, thwarting what it described as an “imminent threat” to senior U.S. government officials and the agency’s protective operations. The operation led to the seizure of over 300 SIM servers and 100,000 SIM cards that could have […]

The post U.S. Secret Service Dismantles 300 SIM Servers and 100,000 SIM Cards Disabling Cell Phone Towers appeared first on Cyber Security News.

Austin, Texas, USA, September 23rd, 2025, CyberNewsWire New SpyCloud 2025 Identity Threat Report reveals dangerous disconnect between perceived security readiness and operational reality. SpyCloud, the leader in identity threat protection, today released the 2025 SpyCloud Identity Threat Report, revealing that while 86% of security leaders report confidence in their ability to prevent identity-based attacks, 85% […]

The post SpyCloud Report: 2/3 Orgs Extremely Concerned About Identity Attacks Yet Major Blind Spots Persist appeared first on Cyber Security News.

SolarWinds has released an urgent security advisory for a critical vulnerability in its Web Help Desk software that could allow an unauthenticated attacker to achieve remote code execution (RCE). The flaw, tracked as CVE-2025-26399, carries a critical severity rating of 9.8 out of 10, highlighting the severe risk it poses to affected systems. The vulnerability […]

The post SolarWinds Web Help Desk Vulnerability Enables Unauthenticated RCE appeared first on Cyber Security News.

Threat actors were manipulating the Instance Metadata Service (IMDS), a core component designed to securely furnish compute instances with temporary credentials to infiltrate and navigate cloud infrastructures.  By compelling unsuspecting applications to query IMDS endpoints, attackers harvest short-lived tokens, enabling credential theft, lateral movement, and privilege escalation within victim environments. Exploit IMDS Service  Wiz reports […]

The post Hackers Exploits IMDS Service to Gain Initial Access to a Cloud Environment appeared first on Cyber Security News.

Recent High-profile supply‐chain attacks have exposed critical weaknesses in package registry security, prompting GitHub to roll out a suite of defenses designed to harden the npm ecosystem.  “GitHub Enhances npm’s security with strict authentication, granular tokens, and trusted publishing” marks the latest milestone in defending open source against account takeovers and malicious post-install payloads. Account […]

The post GitHub Enhances NPM’s Security with Strict Authentication, Granular Tokens, and  Trusted Publishing appeared first on Cyber Security News.

Digital Charging Solutions GmbH (DCS), a leading provider of white-label charging services for automotive OEMs and fleet operators, has confirmed a data breach affecting a limited number of its customers.  DCS disclosed that unauthorized access to personal data occurred in the course of its customer-support processes. The incident was detected through irregularities in log data and […]

The post EV Charging Provider Confirm Data Breach – Customers Personal Data Exposed appeared first on Cyber Security News.

A sophisticated cyber campaign, dubbed “Operation Rewrite,” is actively hijacking Microsoft Internet Information Services (IIS) web servers to serve malicious content through a technique known as search engine optimization (SEO) poisoning. Palo Alto Networks uncovered the operation in March 2025, attributing it with high confidence to a Chinese-speaking threat actor who uses a malicious IIS […]

The post Hackers Hijacking IIS Servers Using Malicious BadIIS Module to Serve Malicious Content appeared first on Cyber Security News.

In recent weeks, security researchers have uncovered an elaborate phishing campaign that leverages legitimate GitHub notification mechanisms to deliver malicious content. Victims receive seemingly authentic repository alerts, complete with real-looking commit messages and collaborator updates. Upon closer inspection, the notification headers reveal altered sender addresses and obfuscated links. The campaign’s sophistication has allowed it to […]

The post Hackers Abusing GitHub Notifications to Deliver Phishing Emails appeared first on Cyber Security News.

A seemingly innocent patch update for the popular 2D platformer game BlockBlasters has transformed into a sophisticated malware campaign, exposing hundreds of Steam users to data theft and system compromise. The malicious patch, deployed on August 30, 2025, demonstrates how threat actors are increasingly exploiting the gaming ecosystem to distribute information-stealing malware while users remain […]

The post BlockBlasters Steam Game Downloads Malware to Computer Disguised as Patch appeared first on Cyber Security News.

In recent weeks, security researchers have observed a surge in attacks exploiting Oracle Database Scheduler’s External Jobs feature to gain a foothold in corporate environments. This technique abuses the scheduler’s ability to execute arbitrary commands on Windows-based database servers, allowing adversaries to bypass perimeter defenses. Initial intrusion vectors involve probing publicly exposed Oracle listener ports […]

The post Threat Actors Leverage Oracle Database Scheduler to Gain Access to Corporate Environments appeared first on Cyber Security News.