Cyber Security News

A cybersecurity researcher has disclosed zero-day clickjacking vulnerabilities affecting eleven major password managers, potentially exposing tens of millions of users to credential theft through a single malicious click. The research, conducted by security expert Marek Tóth, reveals that attackers can exploit these vulnerabilities to steal credit card details, personal information, login credentials, and even two-factor […]

The post 0-Day Clickjacking Vulnerabilities Found in Major Password Managers like 1Password, LastPass and Others appeared first on Cyber Security News.

Microsoft is in the process of deploying a fix for a service degradation issue affecting Microsoft Teams users globally, which presents a “couldn’t connect to this app” error upon launching the desktop and web applications. The problem, tracked under Microsoft reference TM1131505, stems from a recent update intended to enhance the platform’s user interface. Users […]

The post Microsoft Teams “couldn’t connect” Error Following Recent Sidebar Update – Fix Released appeared first on Cyber Security News.

Recent cybersecurity intelligence has exposed a sophisticated infiltration campaign orchestrated by North Korean state-sponsored threat actors, specifically the Jasper Sleet group, who have systematically penetrated Western organizations through fraudulent employment schemes. This operation, targeting primarily Web3, blockchain, and cryptocurrency companies, represents a significant evolution in North Korean cyber warfare tactics, eliminating the need for traditional […]

The post New Research Unmask DPRK IT Workers Email Address and Hiring Patterns appeared first on Cyber Security News.

A comprehensive security analysis has revealed alarming vulnerabilities affecting over 700 million users across multiple VPN applications, exposing critical flaws that compromise the very privacy and security these services promise to protect. Research conducted by cybersecurity experts from Arizona State University, Citizen Lab, and Bowdoin College has uncovered three distinct families of VPN providers that […]

The post New Research Uncovers Connection Between VPN Apps and Multiple Security Vulnerabilities appeared first on Cyber Security News.

Despite the escalating danger of cybersecurity breaches, high-performing Security Operations Centers are able to maintain their resilience and prevent attacks. That’s what makes them essential for sustainable growth of businesses and organizations. But what enables powerful SOC teams to stay ahead of threats?  Choosing Quality Over Quantity  Winning SOCs use threat intelligence for early detection […]

The post How Winning SOCs Always Stay Ahead of Threats  appeared first on Cyber Security News.

OpenAI has unveiled ChatGPT Go, a budget-friendly subscription plan priced at just ₹399 per month (approximately $4 USD, GST included). The announcement, made today, positions the service as an accessible entry point to cutting-edge AI capabilities, including unlimited access to the company’s latest GPT-5 model. Initially rolling out exclusively in India, this geo-restricted launch underscores […]

The post OpenAI Launches $4 ChatGPT Go Plan with Unlimited Access to GPT-5 appeared first on Cyber Security News.

Researchers have identified a significant surge in malicious HTTP scanning activities originating from approximately 2,200 compromised small business routers across multiple vendors.  The campaign, which began escalating on July 30th, 2025, primarily targets Cisco Small Business RV series, Linksys LRT series, and Araknis Networks AN-300-RT-4L2W devices, indicating a coordinated botnet operation exploiting known vulnerabilities in […]

The post Scans From Hacked Cisco Small Business Routers, Linksys and Araknis are at the Raise appeared first on Cyber Security News.

Microsoft has unveiled a groundbreaking AI-powered security feature that addresses one of cybersecurity’s most persistent vulnerabilities: plain text credentials stored in Active Directory (AD) free-text fields.  The new posture alert in Microsoft Defender for Identity leverages artificial intelligence to detect exposed credentials with unprecedented precision, helping organizations identify and remediate identity misconfigurations before they can […]

The post Microsoft Defender AI to Uncover Plain Text Credentials Within Active Directory appeared first on Cyber Security News.

A sophisticated phishing campaign has emerged targeting enterprises with significant social media footprints, leveraging weaponized copyright infringement notices to deliver the evolved Noodlophile Stealer malware. This highly targeted threat represents a significant escalation from previous iterations, exploiting enterprises’ reliance on social media platforms through meticulously crafted spear-phishing emails that allege copyright violations on specific Facebook […]

The post Threat Actors Attacking Organizations Key Employees With Weaponized Copyright Documents to Deliver Noodlophile Stealer appeared first on Cyber Security News.

A series of alarming vulnerabilities in McDonald’s digital infrastructure, from free food exploits to exposed executive data. What started as a simple app glitch developed into a months-long trial, culminating in the researcher, BobDaHacker, cold-calling the company’s headquarters while mentioning security employees he found on LinkedIn. The fixes were implemented only after extraordinary efforts to […]

The post MCDonald’s Free Nuggets Hack Leads to Expose of Confidential Data appeared first on Cyber Security News.

A sophisticated espionage campaign targeting diplomatic missions in South Korea has exposed the evolving tactics of North Korean state-sponsored hackers. Between March and July 2025, threat actors linked to the notorious Kimsuky group conducted at least 19 spear-phishing attacks against embassies worldwide, demonstrating an alarming escalation in their operational sophistication and targeting scope. The campaign […]

The post North Korean Kimsuky Hackers Leveraged GitHub to Attack Foreign Embassies with XenoRAT Malware appeared first on Cyber Security News.

Key Takeaways1. ShinyHunters publicly released exploits for critical SAP vulnerabilities.2. Unauthenticated attackers can achieve complete system takeover and remote code execution.3. Immediately apply SAP Security Notes 3594142 and 3604119. A working exploit targeting critical SAP vulnerabilities CVE-2025-31324 and CVE-2025-42999 has been publicly released by the notorious cybercriminal group “Scattered LAPSUS$ Hunters – ShinyHunters” via Telegram […]

The post New Exploit for SAP 0-Day Vulnerability Allegedly Released in the Wild by ShinyHunters Hackers appeared first on Cyber Security News.

A sophisticated new cyberthreat campaign has emerged that combines impersonation of trusted news sources with deceptive security verification prompts to trick users into executing malicious commands on their systems. According to a Reddit post, the ClickFix attack masquerades as legitimate BBC news content while employing fake Cloudflare verification screens to deliver malware. How the Attack Works The […]

The post New ClickFix Attack Uses Fake BBC News Page and Fraudulent Cloudflare Verification to Trick Users appeared first on Cyber Security News.

A sophisticated malware campaign has been identified, utilizing PipeMagic, a highly modular backdoor deployed by the financially motivated threat actor Storm-2460.  This advanced malware masquerades as a legitimate open-source ChatGPT Desktop Application while exploiting the zero-day vulnerability CVE-2025-29824 in Windows Common Log File System (CLFS) to deploy ransomware across multiple sectors globally. Key Takeaways1. PipeMagic […]

The post PipeMagic Malware Mimic as ChatGPT App Exploits Windows Vulnerability to Deploy Ransomware appeared first on Cyber Security News.

Enterprise security strategies have evolved dramatically to address modern threats, yet SSH keys—critical cryptographic credentials that provide direct access to mission-critical systems—remain largely ungoverned and poorly managed across organizations. Despite their fundamental role in securing remote access to servers, cloud infrastructure, and automated processes, SSH keys represent one of the most significant blind spots in […]

The post SSH Keys Are Crucial for Secure Remote Access but Often Remain a Blind Spot in Enterprise Security appeared first on Cyber Security News.

A sophisticated new threat campaign has emerged targeting cryptocurrency developers through malicious npm packages designed to steal sensitive credentials and wallet information. The attack, dubbed “Solana-Scan” by researchers, specifically targets the Solana cryptocurrency ecosystem by masquerading as legitimate software development kits and scanning tools. The campaign centers around multiple malicious npm packages, including “solana-pump-test” and […]

The post Crypto Developers Attacked With Malicious npm Packages to Steal Login Details appeared first on Cyber Security News.

CISA has issued a critical warning regarding a high-severity OS command injection vulnerability in Trend Micro Apex One Management Console that threat actors are actively exploiting in the wild.  The vulnerability, tracked as CVE-2025-54948 and classified under CWE-78, poses significant risks to organizations running on-premise installations of the enterprise security platform. Key Takeaways1. CISA confirms […]

The post CISA Warns of Trend Micro Apex One OS Command Injection Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A sophisticated attack campaign uncovered where cybercriminals are weaponizing Cisco’s own security infrastructure to conduct phishing attacks.  The attackers are exploiting Cisco Safe Links technology, designed to protect users from malicious URLs, to evade detection systems and bypass network filters by leveraging the trust associated with Cisco’s security brand. Key Takeaways1. Attackers use legitimate Cisco […]

The post Hackers Exploit Cisco Secure Links to Evade Link Scanners and Bypass Network Filters appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated malware campaign exploiting Microsoft Help Index Files (.mshi) to deliver the notorious PipeMagic backdoor, marking a significant evolution in the threat actors’ tactics since the malware’s first detection in 2022. The campaign, which has targeted organizations across Saudi Arabia and Brazil throughout 2025, demonstrates the attackers’ continued refinement of […]

The post Threat Actors Abuse Microsoft Help Index File to Execute PipeMagic Malware appeared first on Cyber Security News.

The U.S. Department of Justice (DoJ) announced the seizure of over $2.8 million in cryptocurrency, $70,000 in cash, and a luxury vehicle linked to Zeppelin ransomware operations.  The warrants were unsealed on August 14, 2025, in federal courts across Virginia, California, and Texas.  Authorities allege that the assets belong to Ianis Aleksandrovich Antropenko, who has […]

The post DoJ Seizes $2.8 Million in Crypto From Zeppelin Ransomware Operators appeared first on Cyber Security News.