Cyber Security News

HardBit ransomware continues to evolve as a serious threat to organizations worldwide. The latest version, HardBit 4.0, emerged as an upgraded variant of a strain that has been active since 2022, bringing with it more advanced features and enhanced techniques to avoid detection. This newest iteration represents a significant step forward in the ransomware’s ability […]

The post HardBit 4.0 Ransomware Actors Attack Open RDP and SMB Services to Persist Access appeared first on Cyber Security News.

Cybercriminals have increasingly weaponized the Income Tax Return (ITR) filing season to orchestrate sophisticated phishing campaigns targeting Indian businesses. By exploiting public anxiety surrounding tax compliance and refund timelines, attackers have crafted high-fidelity lures that mimic official government communications. The latest wave of these attacks involves a meticulously designed infection chain that begins with a […]

The post Indian Income Tax-Themed Attacking Businesses with a Multi-Stage Infection Chain appeared first on Cyber Security News.

University of Phoenix, one of the largest for-profit educational institutions in the United States, disclosed a significant data breach affecting approximately 3.5 million individuals on December 22, 2025. The breach resulted from an external system compromise via unauthorized access, exposing sensitive personal information of current students, former attendees, and staff members. The breach was discovered on […]

The post University of Phoenix Data Breach – 3.5 Million+ Individuals Affected appeared first on Cyber Security News.

A critical remote code execution vulnerability has been discovered in n8n, the open-source workflow automation platform, exposing over 103,000 potentially vulnerable instances worldwide. Tracked as CVE-2025-68613 with a maximum CVSS severity score of 9.9. The vulnerability exists within n8n’s workflow expression evaluation system. The flaw allows authenticated attackers to execute arbitrary code with full process […]

The post Critical n8n Automation Platform Vulnerability Enables RCE Attacks – 103,000+ Instances Exposed appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated campaign where threat actors impersonate writers from major Korean broadcasting networks to distribute malicious documents. The operation, tracked as Operation Artemis, represents a notable evolution in social engineering tactics by leveraging trusted media personalities to establish credibility with potential victims before delivering harmful payloads. The campaign demonstrates a multi-stage […]

The post Threat Actors Poses as Korean TV Programs’ Writer to Trick Victims and Install Malware appeared first on Cyber Security News.

A comprehensive analysis of CVE-2025-50165, a critical Windows vulnerability affecting the Windows Imaging Component (WIC). That could potentially enable remote code execution through specially crafted JPEG files. However, their findings suggest the real-world exploitation risk is significantly lower than initially feared. The Vulnerability Details The flaw stems from dereferencing an uninitialized function pointer during the […]

The post Windows Imaging Component Vulnerability Can Lead to RCE Attacks Under Complex Attack Scenarios appeared first on Cyber Security News.

A new version of MacSync Stealer malware is targeting macOS users through digitally signed and notarized applications, marking a major shift in how this threat is delivered. Unlike older versions that required users to paste commands into Terminal, this updated variant operates silently in the background. The malware comes disguised as a legitimate installer, distributed […]

The post New MacSync Stealer Malware Attacking macOS Users Using Digitally Signed Apps appeared first on Cyber Security News.

Security researchers have released a Proof-of-Concept (PoC) exploit for a critical vulnerability in HPE OneView, a popular IT infrastructure management platform. The flaw, tracked as CVE-2025-37164, carries a maximum CVSS score of 10.0, indicating immediate danger to enterprise environments. The vulnerability allows remote attackers to execute malicious code on affected systems without needing a password or any […]

The post PoC Exploit Released HPE OneView Vulnerability that Enables Remote Code Execution appeared first on Cyber Security News.

A new tool named GhostLocker has been released, demonstrating a novel technique to neutralize Endpoint Detection and Response (EDR) systems by weaponizing the native Windows AppLocker feature. Developed by security researcher zero2504, the tool highlights a fundamental architectural vulnerability in modern EDR solutions: their reliance on userland components for analysis and reporting.​ Unlike traditional EDR […]

The post New GhostLocker Tool that Uses Windows AppLocker to Neutralize and Control EDR appeared first on Cyber Security News.

Two fake Chrome extensions named “Phantom Shuttle” are deceiving thousands of users by posing as legitimate VPN services while secretly intercepting their web traffic and stealing sensitive login information. These malicious extensions, active since 2017, have been distributed to over 2,180 users through the Chrome Web Store, where they continue to operate undetected. The threat […]

The post Malicious Chrome Extensions as VPN Intercept User Traffic to Steal Credentials appeared first on Cyber Security News.

BlindEagle, a South American threat group, has launched a sophisticated campaign against Colombian government agencies, demonstrating an alarming evolution in attack techniques. In early September 2025, the group targeted a government agency under the Ministry of Commerce, Industry and Tourism (MCIT) using coordinated phishing emails and multi-stage malware delivery. This attack represents a significant escalation […]

The post BlindEagle Hackers Attacking Government Agencies with Powershell Scripts appeared first on Cyber Security News.

A proof-of-concept (PoC) exploit has been publicly released for CVE-2025-38352, a race condition vulnerability affecting the Linux kernel’s POSIX CPU timer implementation. The flaw enables attackers to trigger use-after-free conditions in kernel memory, potentially leading to privilege escalation and system compromise. CVE-2025-38352 is a race condition that occurs in the kernel’s handle_posix_cpu_timers() function, which processes timer signals […]

The post PoC Exploit Released for Use-After-Free Vulnerability in Linux Kernel’s POSIX CPU Timers Implementation appeared first on Cyber Security News.

Microsoft has patched a significant use-after-free vulnerability in its Brokering File System (BFS) driver, tracked as CVE-2025-29970. The flaw enables local attackers to escalate privileges on Windows systems running isolated or sandboxed applications, making it a notable concern for enterprise security. The vulnerability exists in bfs.sys, a minifilter driver developed alongside Windows AppContainer and AppSilo, […]

The post Microsoft Brokering File System Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

Nissan Motor Corporation has publicly confirmed a significant data breach stemming from unauthorized access to Red Hat servers. Managed by a third-party contractor responsible for developing a customer management system. The incident exposed personal information for approximately 21,000 Nissan Fukuoka Sales Co., Ltd. customers. Red Hat, the contracted service provider, detected the unauthorized server access […]

The post Nissan Confirms Data Breach Following Unauthorized Access to Red Hat Servers appeared first on Cyber Security News.

The campaign is run by the SideWinder advanced persistent threat group and aims to plant a silent Windows backdoor on victim machines. Once active, the malware can steal files, capture data and give remote control to the attacker. Each attack starts with a tax-themed email that urges the victim to review an inspection document. The […]

The post SideWinder APT Hackers Attacking Indian Entities by Masquerading as the Income Tax Department of India appeared first on Cyber Security News.

A significant security vulnerability has emerged affecting motherboards from Gigabyte, MSI, ASRock, and ASUS. Riot Games analysts and researchers identified a critical flaw during their ongoing investigation into gaming system security. The vulnerability, termed “Sleeping Bouncer,” exploits a weakness in the pre-boot protection mechanisms that are supposed to safeguard computer hardware during system initialization. The […]

The post Sleeping Bouncer Vulnerability Impacts Motherboards from Gigabyte, MSI, ASRock and ASUS appeared first on Cyber Security News.

Docker has announced a significant shift in its container security strategy, making its Docker Hardened Images (DHI) freely available to all developers. Previously a commercial-only offering, DHI provides a set of secure, minimal, and production-ready container images. By releasing these under an Apache 2.0 license, Docker aims to combat the rising tide of software supply chain attacks, which […]

The post Docker Open Sources Production-Ready Hardened Images for Free appeared first on Cyber Security News.

The threat actor group known as Arcane Werewolf, also tracked as Mythic Likho, has refreshed its attack capabilities by deploying a new version of its custom malware called Loki 2.1. During October and November 2025, researchers observed this group launching campaigns specifically targeting Russian manufacturing companies. The group continues to refine its tactics, showing a […]

The post Arcane Werewolf Hacker Group Added Loki 2.1 Malware Toolkit to their Arsenal appeared first on Cyber Security News.

A sophisticated new Android malware family called Wonderland has emerged as a significant threat to users in Uzbekistan and the broader Central Asia region. The malware, which specializes in stealing SMS messages and intercepting one-time passwords, represents a major escalation in mobile threats targeting financial systems. First discovered in October 2025, this advanced stealer demonstrates […]

The post New Wonderland Android Malware with Bidirectional SMS-Stealing Capabilities Stealing OTPs appeared first on Cyber Security News.

Cybercriminals are increasingly weaponizing legitimate Microsoft infrastructure to bypass security filters and trick users into falling for Telephone-Oriented Attack Delivery (TOAD) scams. By abusing the default .onmicrosoft.com When domains are assigned to Azure tenants, attackers send malicious invites that appear to originate from trusted Microsoft addresses. The attack vector is deceptively simple yet highly effective. […]

The post Hackers Exploiting .onmicrosoft.com Domains to Launch TOAD Scam Attack appeared first on Cyber Security News.