Cyber Security News

A critical security vulnerability in Windows BitLocker enables attackers to bypass the encryption feature through a sophisticated time-of-check time-of-use (TOCTOU) race condition attack.  Designated as CVE-2025-48818, this vulnerability affects multiple Windows versions and carries an Important severity rating with a CVSS score of 6.8.  The flaw allows unauthorized attackers with physical access to circumvent BitLocker […]

The post Windows BitLocker Bypass Vulnerability Let Attackers Bypass Security Feature appeared first on Cyber Security News.

Splunk has released critical security updates addressing multiple Common Vulnerabilities and Exposures (CVEs) in third-party packages across Enterprise versions 9.4.3, 9.3.5, 9.2.7, 9.1.10, and higher.  Published on July 7, 2025, these updates remediate high-severity vulnerabilities in essential components, including setuptools, golang.org/x/crypto, OpenSSL, and libcurl packages that could potentially compromise system security. Key Takeaways1. Splunk addressing […]

The post Splunk Address Third Party Packages Vulnerabilities in Enterprise Versions – Update Now appeared first on Cyber Security News.

A sophisticated Trojan malware known as SparkKitty has been actively targeting iOS and Android devices since early 2024, infiltrating both official app stores and untrusted websites to steal images from users’ device galleries. This malware campaign, which appears to be an evolution of the previous SparkCat operation, poses significant threats to users primarily in Southeast […]

The post SparkKitty Malware Attacking iOS and Android Device Users to Steal Photos From Gallery appeared first on Cyber Security News.

A critical security vulnerability has been discovered in Citrix Windows Virtual Delivery Agent that allows local attackers to escalate privileges and gain SYSTEM-level access to affected systems.  The vulnerability, tracked as CVE-2025-6759, affects multiple versions of Citrix Virtual Apps and Desktops and Citrix DaaS platforms, posing significant risks to enterprise environments relying on these virtualization […]

The post Citrix Windows Virtual Delivery Agent Vulnerability Let Attackers Gain SYSTEM Privileges appeared first on Cyber Security News.

A critical security vulnerability has been discovered in FortiWeb web application firewalls that enables unauthenticated attackers to execute unauthorized SQL commands through specially crafted HTTP and HTTPS requests.  This vulnerability, classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), represents a significant threat to organizations relying on FortiWeb for web application […]

The post FortiWeb SQL Injection Vulnerability Allows Attacker to Execute Malicious SQL Code appeared first on Cyber Security News.

Apache Tomcat has addressed three critical denial-of-service (DoS) vulnerabilities that could allow malicious actors to disrupt web applications and services.  These security flaws, tracked as CVE-2025-52434, CVE-2025-52520, and CVE-2025-53506, affect all Apache Tomcat versions from 9.0.0.M1 to 9.0.106.  The vulnerabilities exploit different attack vectors, including HTTP/2 protocol weaknesses, file upload mechanisms, and stream handling capabilities.  […]

The post Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks appeared first on Cyber Security News.

Security researchers discover novel animation-based vulnerability affecting 76% of Android apps. Security researchers at TU Wien have uncovered a sophisticated new attack vector dubbed “TapTrap” that enables malicious Android applications to bypass the operating system’s permission system and execute destructive actions without user knowledge. The attack exploits a previously unknown vulnerability in Android’s activity transition […]

The post New Android TapTrap Attack Let Malicious Apps Bypass Permission and Carry out Destructive Actions appeared first on Cyber Security News.

In today’s digital-first business landscape, advanced endpoint security is not just a luxury it’s a necessity. As organizations expand their operations across cloud, remote, and hybrid environments, every endpoint becomes a potential target for cybercriminals. From sophisticated ransomware to zero-day exploits, the threats are evolving at an unprecedented pace. Selecting the right endpoint security tool […]

The post 10 Best Advanced Endpoint Security Tools – 2025 appeared first on Cyber Security News.

A critical information disclosure vulnerability in Microsoft SQL Server, designated as CVE-2025-49719, allows unauthorized attackers to access sensitive data over network connections.  This vulnerability stems from improper input validation within SQL Server’s processing mechanisms, enabling attackers to disclose uninitialized memory contents without requiring authentication or user interaction.  Key Takeaways1. Critical SQL Server bug (CVE-2025-49719) exposes […]

The post Microsoft SQL Server 0-Day Vulnerability Exposes Sensitive Data Over Network appeared first on Cyber Security News.

In 2025, the need for robust secure web gateways (SWGs) has never been greater. As organizations shift to hybrid work, cloud-first strategies, and digital transformation, threats targeting web traffic have grown in sophistication. Secure web gateways are now a foundational element for cybersecurity, providing real-time protection against malware, phishing, data leaks, and unauthorized access. Businesses […]

The post 10 Best Secure Web Gateway Vendors In 2025 appeared first on Cyber Security News.

A critical security vulnerability in Microsoft Remote Desktop Client could allow attackers to execute arbitrary code on victim systems.  The vulnerability, designated as CVE-2025-48817, affects multiple versions of Windows and poses significant security risks for organizations that rely on Remote Desktop Protocol (RDP) connections. Key Takeaways1. CVE-2025-48817 enables remote code execution via Microsoft Remote Desktop […]

The post Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

Microsoft rolled out its latest cumulative update for Windows 10, version 21H2 and 22H2, as well as Windows 10 Enterprise LTSC 2021 and Windows 10 IoT Enterprise LTSC 2021. The update, identified as KB5062554 (OS Builds 19044.6093 and 19045.6093), includes critical security fixes and quality improvements to enhance system stability and performance. Additionally, Microsoft issued […]

The post KB5062554 – Microsoft Releases Cumulative Update for Windows 10 With July 2025 Patch Tuesday appeared first on Cyber Security News.

Nippon Steel Solutions has disclosed a significant data breach affecting customer, partner, and employee personal information following a zero-day cyber attack that exploited a previously unknown software vulnerability in their network infrastructure. The incident, detected on March 7, 2025, represents a serious security compromise that has prompted the company to implement immediate containment measures and […]

The post Nippon Steel Solutions 0-Day Network Vulnerability Exposes Users Personal Information appeared first on Cyber Security News.

Recently, two vulnerabilities have been discovered in specific Zoom Clients for Windows, which could enable attackers to launch Denial of Service (DoS) attacks. These flaws, tracked under CVE-2025-49464 and CVE-2025-46789, were reported by security researcher fre3dm4n and carry a Medium severity rating with a CVSS score of 6.5 each. Nature of the Vulnerabilities Both vulnerabilities […]

The post Zoom Clients for Windows Vulnerability Exposes Users to DoS Attacks appeared first on Cyber Security News.

Microsoft released patch Tuesday June 2025 as a monthly security update, addressing a total of 130 Microsoft Common Vulnerabilities and Exposures (CVEs) and republishing 10 non-Microsoft CVEs. Vulnerability Type Count Remote Code Execution (RCE) 41 Elevation of Privilege (EoP) 53 Information Disclosure (ID) 18 Denial of Service (DoS) 5 Spoofing 4 Data Tampering 1 Security […]

The post Microsoft Patch Tuesday July 2025: 130 Vulnerabilities Fixed Including 41 RCE appeared first on Cyber Security News.

MediaTek has released a comprehensive security bulletin addressing 16 critical vulnerabilities across its extensive chipset portfolio, affecting devices from smartphones to IoT platforms.  The update, evaluated using the Common Vulnerability Scoring System version 3.1 (CVSS v3.1), includes seven high-severity and nine medium-severity vulnerabilities that impact Bluetooth, WLAN, and various system components.  Device OEMs received notifications […]

The post MediaTek July 2025 Security Update Patches Vulnerabilities Affecting a Wide Range of Their Chipsets appeared first on Cyber Security News.

Ivanti has identified and resolved three high-severity vulnerabilities in its Endpoint Manager (EPM) software. If exploited, these flaws could enable attackers to decrypt other users’ passwords or gain access to sensitive database information, posing significant risks to organizations that rely on this endpoint management solution. Ivanti Endpoint Manager Mobile Vulnerabilities Ivanti’s recent security update targets […]

The post Ivanti Endpoint Manager Mobile Vulnerabilities Allow Attackers to Decrypt Other Users’ Passwords appeared first on Cyber Security News.

Phishing kits are evolving fast. Threat actors behind toolkits like Tycoon2FA, EvilProxy, and Sneaky2FA are getting smarter, setting up infrastructure that bypasses 2FA and mimics trusted platforms like Microsoft 365 and Cloudflare to steal user credentials without raising red flags.  But if you’re part of a SOC or threat intel team, you don’t have to […]

The post Tycoon2FA, EvilProxy, Sneaky2FA: How To Defend Against These Phishing Kit Attacks  appeared first on Cyber Security News.

A critical vulnerability in DNN (formerly DotNetNuke) that allows attackers to steal NTLM credentials through a sophisticated Unicode normalization bypass technique.  The vulnerability, tracked as CVE-2025-52488, affects one of the oldest open-source content management systems and demonstrates how defensive coding measures can be circumvented through clever exploitation of Windows and .NET quirks. Key Takeaways1. CVE-2025-52488 […]

The post DNN Vulnerability Let Attackers Steal NTLM Credentials via Unicode Normalization Bypass appeared first on Cyber Security News.

ThreatFabric researchers have identified a sophisticated new campaign by the Anatsa banking trojan specifically targeting mobile banking customers across the United States and Canada, marking the malware’s third major offensive against North American financial institutions. The latest campaign represents a significant escalation in the threat landscape, with cybercriminals successfully infiltrating the official Google Play Store […]

The post Anatsa Android Banking Malware from Google Play Targeting Users in the U.S. and Canada appeared first on Cyber Security News.