Cyber Security News

A malicious Microsoft Compiled HTML Help (CHM) file uploaded from Poland on 30 June 2025 has shown how a legacy documentation format can be repurposed into a potent delivery vehicle for modern malware. Named “deklaracja.chm,” the archive masquerades as a bank‐transfer declaration and opens with a benign receipt image, lulling victims into a false sense […]

The post Hackers Weaponize Compiled HTML Help to Deliver Malicious Payload appeared first on Cyber Security News.

A threat actor using the handle “zeroplayer” advertised a previously unknown remote-code-execution (RCE) exploit for WinRAR on an underground forum.  The post, titled “WINRAR RCE 0DAY – 80,000$,” claims the flaw works “fully on the latest version of WinRAR and below,” is not related to the recently patched CVE-2025-6218, and is available exclusively through the […]

The post Hackers Allegedly Selling WinRAR 0-day Exploit on Dark Web Forums for $80,000 appeared first on Cyber Security News.

Cloud VPNs have become essential for both businesses and individuals seeking secure, private, and reliable internet access in 2025. As cyber threats evolve and remote work becomes the norm, choosing the right cloud VPN provider is crucial for safeguarding sensitive data and ensuring seamless connectivity across the globe. This comprehensive guide reviews the 10 best […]

The post 10 Best Cloud VPN Providers – 2025 appeared first on Cyber Security News.

Let’s face it cybersecurity used to sound like a topic only for programmers in hoodies or government agencies trying to fend off foreign hackers. But in the current day and age, everyone is affected. If you are a gamer, a business owner, or casually browsing on Instagram, you are continuously at the risk of losing […]

The post Cybersecurity Isn’t Just For Experts Anymore: Why You Should Care appeared first on Cyber Security News.

As organizations accelerate digital transformation, the need for robust cloud security has never been greater. Cloud Access Security Broker (CASB) software stands at the forefront, acting as the critical gatekeeper between users and cloud service providers. With the explosion of SaaS, IaaS, and PaaS platforms, businesses face evolving threats, compliance challenges, and the risk of […]

The post 11 Best Cloud Access Security Broker Software (CASB) – 2025 appeared first on Cyber Security News.

In 2025, the digital threat landscape is more dynamic and complex than ever. Cyber attacks are escalating in frequency, sophistication, and impact, targeting businesses, governments, and individuals worldwide. Real-time visibility into these threats is essential for proactive defense, strategic planning, and rapid incident response. Cyber attack maps have become indispensable tools for cybersecurity professionals and […]

The post Top 10 Cyber Attack Maps to See Digital Threats In 2025 appeared first on Cyber Security News.

In 2025, passwordless authentication tools are transforming digital security by eliminating the need for traditional passwords and introducing advanced, user-friendly authentication methods. With cyber threats on the rise and user experience at the forefront, organizations are rapidly adopting these solutions to safeguard sensitive data, reduce breaches, and streamline access for employees and customers alike. Passwordless […]

The post Top 11 Passwordless Authentication Tools – 2025 appeared first on Cyber Security News.

Grok-4 has been jailbroken using a new strategy that combines two different jailbreak methods to bypass artificial intelligence security measures. This raises concerns over the vulnerability of large language models (LLMs) to sophisticated adversarial attacks. Key Takeaways1. Researchers merged Echo Chamber and Crescendo jailbreak techniques to bypass AI safety mechanisms more effectively than individual methods.2. […]

The post Grok-4 Jailbreaked With Combination of Echo Chamber and Crescendo Attack appeared first on Cyber Security News.

Security researchers have uncovered a significant vulnerability in Google Gemini for Workspace that enables threat actors to embed hidden malicious instructions within emails. The attack exploits the AI assistant’s “Summarize this email” feature to display fabricated security warnings that appear to originate from Google itself, potentially leading to credential theft and social engineering attacks. Key […]

The post Google Gemini for Workspace Vulnerability Lets Attackers Hide Malicious Scripts in Emails appeared first on Cyber Security News.

In today’s rapidly evolving digital landscape, the frequency and complexity of cyberattacks are increasing, making it crucial to stay informed about emerging threats. Our weekly newsletter serves as a vital resource, offering an overview of pertinent cybersecurity developments, expert analysis, and actionable recommendations. This issue covers recent cyber incidents, newly identified vulnerabilities, and key legislative […]

The post Weekly Cybersecurity Roundup: Key Vulnerabilities, Threats, and Data Breaches appeared first on Cyber Security News.

Trendyol’s application security team uncovered a series of bypasses that render Meta’s Llama Firewall protections unreliable against sophisticated prompt injection attacks. The findings raise fresh concerns about the readiness of existing LLM security measures and underscore the urgent need for more robust defenses as enterprises increasingly embed large language models into their workflows. During the […]

The post Meta’s Llama Firewall Bypassed Using Prompt Injection Vulnerability appeared first on Cyber Security News.

OpenAI is reportedly preparing to release an artificial intelligence-enhanced web browser within the coming weeks, marking the company’s latest expansion beyond its popular ChatGPT platform. The new browser will feature integrated AI agent capabilities designed to autonomously handle various online tasks, positioning OpenAI as a direct competitor to traditional browser giants like Google Chrome while […]

The post OpenAI is to Launch a AI Web Browser in Coming Weeks appeared first on Cyber Security News.

A sophisticated supply chain attack has compromised the official GravityForms WordPress plugin, allowing attackers to inject malicious code that enables remote code execution on affected websites. The attack, discovered on July 11, 2025, represents a significant security breach affecting one of WordPress’s most popular form-building plugins, with the malware being distributed directly through the official […]

The post WordPress GravityForms Plugin Hacked to Include Malicious Code appeared first on Cyber Security News.

Cybersecurity researchers at the University of Toronto have achieved a breakthrough in hardware-level attacks by successfully demonstrating GPUHammer, the first Rowhammer attack specifically targeting discrete NVIDIA GPUs. The research, which focuses on the popular NVIDIA A6000 GPU with GDDR6 memory, represents a significant expansion of the decade-old Rowhammer vulnerability beyond traditional CPU memories. The research […]

The post GPUHammer – First Rowhammer Attack Targeting NVIDIA GPUs appeared first on Cyber Security News.

The ransomware landscape witnessed a dramatic shift in June 2025 as the Qilin ransomware group surged to become the most active threat actor, recording 81 victims and representing a staggering 47.3% increase in activity compared to previous months. This Ransomware-as-a-Service operation, which has accumulated over 310 victims since its emergence, has distinguished itself through sophisticated […]

The post Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities appeared first on Cyber Security News.

A critical security vulnerability in AWS Organizations has been discovered that could allow attackers to achieve complete control over entire multi-account AWS environments through a mis-scoped managed policy. The flaw, identified in the AmazonGuardDutyFullAccess managed policy version 1, enables privilege escalation from a compromised member account to full organizational takeover, including potential control of the […]

The post AWS Organizations Mis-scoped Managed Policy Let Hackers To Take Full AWS Organization Control appeared first on Cyber Security News.

The cybersecurity landscape is witnessing an alarming surge in macOS-targeted information-stealing malware, marking a significant shift from the traditional Windows-centric threat model. These sophisticated infostealers are rapidly evolving to exploit macOS environments with unprecedented precision, targeting valuable data including browser credentials, cookies, and autofill information that serve as gateways for ransomware groups and initial access […]

The post Infostealers Actively Attacking macOS Users in The Wild to Steal Sensitive Data appeared first on Cyber Security News.

Microsoft has successfully eliminated high-privilege access vulnerabilities across its Microsoft 365 ecosystem as part of its comprehensive Secure Future Initiative, marking a significant milestone in enterprise security architecture. The technology giant’s Deputy Chief Information Security Officer for Experiences and Devices, Naresh Kannan, announced that the company has mitigated over 1,000 high-privilege application scenarios through a […]

The post Microsoft Eliminated High-Privilege Access to Enhance Microsoft 365 Security appeared first on Cyber Security News.

The Federal Bureau of Investigation’s Atlanta Field Office announced today the seizure of several major online criminal marketplaces that provided pirated versions of popular video games, dismantling a multi-million dollar piracy operation that caused an estimated $170 million in losses to the gaming industry. The coordinated law enforcement action targeted websites that had been operating […]

The post FBI Atlanta Seizes Major Video Game Piracy Websites in International Operation appeared first on Cyber Security News.

CISA has issued an urgent warning regarding a critical vulnerability in Citrix NetScaler ADC and Gateway products that is being actively exploited in cyberattacks.  The vulnerability, tracked as CVE-2025-5777, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog with an immediate remediation deadline of July 11, 2025. Key Takeaways1. CISA warns of actively exploited […]

The post CISA Warns of CitrixBleed 2 Vulnerability Exploited in Attacks appeared first on Cyber Security News.