Cyber Security News

Cybersecurity researchers have discovered a new variant of the MacSync malware targeting macOS users. Unlike previous versions that relied on complex ClickFix techniques, this iteration masquerades as a legitimately signed, notarised Apple application, thereby bypassing macOS Gatekeeper security and stealing sensitive data. Code-Signed Malware Bypasses Security Jamf Threat Labs recently identified this evolved MacSync stealer, […]

The post New MacSync Stealer Uses Signed macOS App to Evade Gatekeeper and Steal Data appeared first on Cyber Security News.

A significant security breach has compromised approximately 17.5 million Instagram user accounts, exposing sensitive personal information that is now circulating on the dark web. The incident reported earlier this week by cybersecurity firm Malwarebytes raised urgent concerns about user privacy and account security. What Data Was Exposed The breach encompasses a wide range of personal […]

The post Instagram Data Leak Exposes Sensitive Info of 17.5M Accounts [Updated] appeared first on Cyber Security News.

The Spanish National Police, working alongside the Bavarian State Criminal Police Office and Europol, has conducted a major operation targeting the international Black Axe criminal organisation. The coordinated action resulted in 34 arrests and dealt a significant blow to the network’s operations across Spain. Law enforcement arrested 34 suspects across multiple Spanish cities: 28 in […]

The post Europol‑Backed Operation Leads to 34 Arrests in Black Axe Crime Network Bust appeared first on Cyber Security News.

Cybercriminals are leveraging the recent arrest of Venezuelan President Nicolás Maduro to distribute sophisticated backdoor malware. The threat actors exploited news surrounding Maduro’s arrest on January 3, 2025, demonstrating how geopolitical events continue to serve as effective lures for malicious campaigns. The attack likely begins with a spear-phishing email containing a zip archive named “US […]

The post Phishing Campaign Uses Maduro Arrest Story to Deliver Backdoor Malware appeared first on Cyber Security News.

In a dramatic turn for the cybercrime underworld, a mysterious hacker known as “James” has leaked the complete user database of BreachForums, a notorious Dark Web forum serving as a hub for stolen data trading and hacking discussions. The breach, announced on January 9, 2026, via the site shinyhunte.rs, exposes metadata for over 323,986 users, […]

The post BreachForums Hack: Hackers Expose All User Records from Popular Dark Web Forum appeared first on Cyber Security News.

A dangerous malware threat has emerged targeting Windows users across Korea through webhard file-sharing services. The Ahnlab Security Intelligence Center recently identified xRAT, also known as QuasarRAT, being distributed as fake adult games to unsuspecting users. This remote access trojan represents a significant security concern for Windows systems, combining sophisticated evasion techniques with social engineering […]

The post xRAT Malware Attacking Windows Users Disguised as Adult Game appeared first on Cyber Security News.

A new ransomware variant called Fog has emerged as a significant threat to educational and recreation organizations across the United States. Starting in early May 2024, Arctic Wolf Labs began monitoring its deployment across multiple incident response cases, with 80 percent of affected organizations operating in the education sector while 20 percent were in recreation. […]

The post Fog Ransomware Attacking US Organizations Leveraging Compromised VPN Credentials appeared first on Cyber Security News.

Between December 25–28, a single threat actor conducted a large-scale scanning campaign, testing over 240 different exploits against internet-facing systems and collecting data on every vulnerable target found. This reconnaissance operation, operating from two IP addresses linked to CTG Server Limited (AS152194), represents a new level of sophistication in how initial access is secured for […]

The post Threat Actors Attacking Systems with 240+ Exploits Before Ransomware Deployment appeared first on Cyber Security News.

The cyber threat environment across Australia and New Zealand has entered a critical phase throughout 2025, with threat actors orchestrating increasingly sophisticated attacks centered on the sale of compromised network access. The Cyble Research and Intelligence Labs documented 92 instances of compromised access sales affecting organizations across both regions during the year, revealing a mature […]

The post Cyber Threats Targeting Australia and New Zealand Fueled by Initial Access Sales, and Ransomware Campaigns appeared first on Cyber Security News.

A new and sophisticated phishing campaign is targeting remote workers and IT administrators by impersonating the official Fortinet VPN download portal. This attack is particularly dangerous because it leverages search engine optimization (SEO) and, alarmingly, AI-generated search summaries to lure victims into a trap. The campaign utilizes a multi-stage redirect mechanism starting with trusted domains […]

The post Fake Fortinet Sites Steal VPN Credentials in Sophisticated Phishing Attack appeared first on Cyber Security News.

The Iran-linked MuddyWater Advanced Persistent Threat group has launched a sophisticated spear-phishing campaign targeting diplomatic, maritime, financial, and telecom sectors across the Middle East. The threat actors are using weaponized Word documents to deliver a new Rust-based malware called RustyWater, which represents a major change from their traditional PowerShell and VBS tooling. This upgraded implant […]

The post MuddyWater APT Weaponizing Word Documents to Deliver ‘RustyWater’ Toolkit Evading AV and EDR Tools appeared first on Cyber Security News.

A newly discovered malware campaign is using fake WinRAR download sites to deliver the dangerous Winzipper malware directly to unsuspecting users. The attack emerged from links distributed across various Chinese websites, targeting users who attempt to download the popular file compression tool from non-official sources. This trojanized installer presents a significant threat to anyone seeking […]

The post Beware of Fake WinRAR Website That Delivers Malware with WinRAR Installer appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) announced a significant milestone on January 8, 2026, by retiring ten Emergency Directives issued between 2019 and 2024. This marks the highest number of Emergency Directives retired by the agency simultaneously, reflecting progress in federal cybersecurity efforts. Emergency Directives are urgent orders issued by CISA to rapidly address […]

The post CISA Retires Ten Emergency Directives Following Milestone Achievement appeared first on Cyber Security News.

Microsoft is rolling out a new role-based access control (RBAC) role designed to simplify external collaboration management in Microsoft Teams. The Teams External Collaboration Administrator role will become available starting late January 2026, with full global deployment expected by mid-February 2026. The new administrative role provides organizations with a targeted approach to delegating external collaboration responsibilities. Rather […]

The post Microsoft’s New Teams New Admin Role to Manage External Collaboration Settings appeared first on Cyber Security News.

North Korean state‑sponsored group Kimsuky is running new spearphishing campaigns that abuse QR codes to compromise U.S. organizations. The FBI warns that think tanks, NGOs, academic bodies, and government‑linked entities with a North Korea focus are now being lured with “Quishing” emails that hide malicious URLs behind QR images instead of clickable links. The shift […]

The post FBI Warns of Kimsuky Actors Leverage Malicious QR Codes to Target U.S. Organizations appeared first on Cyber Security News.

CrowdStrike announced its agreement to acquire SGNL, a leading identity-first security company, for $740 million. The acquisition marks a significant strategic move to strengthen CrowdStrike’s Falcon Next-Gen Identity Security platform. Address the growing complexity of protecting human, non-human, and AI agent identities in modern cloud environments. The identity landscape has transformed dramatically in recent years. […]

The post CrowdStrike to Acquire Identity Security Startup SGNL in $740 Million Deal appeared first on Cyber Security News.

K-12 IT teams face intensifying pressure to deliver affordable cybersecurity, as attackers exploit schools as “soft targets” rich in sensitive student data. Beyond students’ skills tests, educators must counter ransomware, phishing, and breaches head-on. Explore the top 10 challenges in Cynet’s free guide, “Top 10 Cybersecurity Challenges Faced by K-12 Institutions.” Drawing from real-world successes […]

The post How U.S K-12 Schools Can Solve Their Top 10 Cybersecurity Challenges – Free E-Book appeared first on Cyber Security News.

A critical pre-authentication remote code execution vulnerability, identified as CVE-2025-52691, has been discovered in SmarterTools’ SmarterMail solution. The flaw received a maximum CVSS score of 10.0, indicating its severe nature and potential impact on affected systems. SmarterTools describes SmarterMail as “a secure, all-in-one business email and collaboration server for Windows and Linux – an affordable […]

The post SmarterTools SmarterMail Vulnerability Enables Remote Code Execution Attack – PoC Released appeared first on Cyber Security News.

Security researchers have identified over 91,000 attack sessions targeting AI infrastructure between October 2025 and January 2026, exposing systematic campaigns against large language model deployments. GreyNoise’s Ollama honeypot infrastructure captured 91,403 attack sessions during this period, revealing two distinct threat campaigns. The findings corroborate and extend previous research from Defused on AI system targeting. The […]

The post Hackers Actively Exploiting AI Deployments – 91,000+ Attack Sessions Observed appeared first on Cyber Security News.

Chinese threat actors have developed a dangerous new way to steal money directly from bank accounts using specially crafted Android applications. Known as Ghost Tapped, these malicious apps exploit Near Field Communication (NFC) technology, the same wireless technology that powers contactless payments. Instead of needing your physical bank card, criminals can complete transactions from anywhere […]

The post New Ghost Tapped Attack Uses Your Android Device to Drain Your Bank Account appeared first on Cyber Security News.