Cyber Security News

Fortinet has uncovered a sophisticated post-exploitation technique used by a threat actor to maintain unauthorized access to FortiGate devices, even after initial vulnerabilities were patched. The discovery, detailed in a recent Fortinet investigation, highlights the persistent risks of unpatched systems and underscores the company’s commitment to responsible transparency and rapid response. According to Fortinet’s findings, […]

The post Hackers Actively Exploit Patched Fortinet FortiGate Devices to Gain Root Access Using Symbolic Link appeared first on Cyber Security News.

The “Active Directory Kill Chain Attack & Defense” concept is a structured approach to understanding the sequence of events or stages involved in an Active Directory (AD) attack and the corresponding defensive measures to counteract or prevent such attacks. Microsoft developed the service Active Directory for Windows domain networks for user and resource management in […]

The post Active Directory Attack Kill Chain Checklist & Tools List- 2025 appeared first on Cyber Security News.

Microsoft has recently uncovered a sharp rise in ransomware attacks exploiting domain controllers (DCs) through Remote Desktop Protocol (RDP), with the average attack costing organizations $9.36 million in 2024. These sophisticated campaigns aim to cripple enterprises by encrypting critical systems by leverage DCs, the pivotal role of RDP, and practical defenses, based on Microsoft’s findings […]

The post Hackers Exploiting Domain Controller to Deploy Ransomware Using RDP appeared first on Cyber Security News.

Businesses face significant hazards from ransomware attacks, which are capable of causing severe damage in a brief period. Over the past few years, numerous well-known companies, including CNA Financial, JBS Foods, and Colonial Pipeline, have fallen victim to such attacks, resulting in disruptions to insurance payments, food supplies, and fuel availability. These incidents have highlighted […]

The post Ransomware Attack Prevention Checklist – 2025 appeared first on Cyber Security News.

Cybercriminals have launched a sophisticated malware campaign targeting Android users through fake traffic violation messages on WhatsApp. The malware, disguised as “NextGen mParivahan,” mimics the official government application developed by the Ministry of Road Transport & Highways, which provides digital access to driving licenses, vehicle registration certificates, and other transport services. The attack begins with […]

The post Beware of Fake mParivahan App Attacking Mobile Users Via WhatsApp to Steal Sensitive Data appeared first on Cyber Security News.

Recent investigations have revealed an intricate network of sophisticated hacking tools and methodologies being shared and developed within Russian-speaking cybercrime forums. Security researchers have infiltrated what they describe as “one of the most sophisticated and impactful ecosystems within the global cybercrime landscape.” The discovered materials indicate a highly organized underground community with advanced technical capabilities […]

The post Researchers Uncovered Hacking Tools and Techniques Discussed on Russian-Speaking Hacking Forums appeared first on Cyber Security News.

A sophisticated malware campaign dubbed “HollowQuill” has emerged as a significant threat to academic institutions and government agencies worldwide. The attack leverages weaponized PDF documents disguised as research papers, grant applications, or official government communiques to entice unsuspecting victims into initiating the infection chain. The malware employs advanced social engineering tactics to increase its success […]

The post HollowQuill Malware Attacking Government Agencies Worldwide Via Weaponized PDF Documents appeared first on Cyber Security News.

A sophisticated campaign by the Pakistan-linked SideCopy Advanced Persistent Threat (APT) group has emerged since late December 2024, targeting critical Indian government sectors with enhanced tactics. The group has significantly expanded its scope beyond traditional defense and maritime sectors to now include entities under railway, oil & gas, and external affairs ministries, demonstrating an alarming […]

The post SideCopy APT Hackers Mimic as Government Personnel to Deploy Open-Source XenoRAT Tool appeared first on Cyber Security News.

A moderate-severity vulnerability has been identified in Microsoft Identity Web. Under specific conditions, it could potentially expose sensitive client secrets and certificate information in service logs.  The flaw, tracked as CVE-2025-32016, impacts versions 3.2.0 through 3.8.1 of the library and has prompted an urgent advisory from Microsoft. The vulnerability affects Microsoft.Identity.Web, a widely used NuGet […]

The post Microsoft Identity Web Package Vulnerability Exposes Client Secrets & Certificate Information appeared first on Cyber Security News.

Law enforcement agencies across Europe and North America have arrested five individuals linked to the Smokeloader botnet service as part of Operation Endgame’s second phase.  This follow-up action, conducted in early April 2025, specifically targeted the “customers” of the notorious pay-per-install malware service operated by a threat actor known as ‘Superstar’. Customers deployed malware for […]

The post Authorities Seized Smokeloader Malware Operators & Seized Servers appeared first on Cyber Security News.

IPFire has announced the release of version 2.29 (Core Update 193), introducing significant enhancements to the Linux-based firewall distribution.  This update brings forward-thinking security features, including post-quantum cryptography support for IPsec tunnels and major toolchain upgrades that strengthen the system’s core infrastructure. Post-Quantum Cryptography Implementation The standout feature in IPFire 2.29 is the implementation of […]

The post Linux Firewall IPFire 2.29 Released With Support for Post-Quantum Cryptography & Core Updates appeared first on Cyber Security News.

Cybersecurity researchers have identified a significant spike in exploitation attempts targeting TVT NVMS9000 digital video recorders (DVRs), with activity surging to three times normal levels in early April 2025. This new campaign appears to be linked to the infamous Mirai botnet, which continues to evolve by incorporating new vulnerabilities into its arsenal of attack vectors. […]

The post New Mirai Botnet Exploiting TVT DVRs To Gain Administrative Control appeared first on Cyber Security News.

A sophisticated cyber campaign orchestrated by the Russian state-backed group Storm-2372 has emerged, exploiting device code phishing tactics to circumvent Multi-Factor Authentication (MFA) security measures. This targeted approach represents a significant escalation in threat actors’ capabilities to defeat advanced security systems through social engineering, allowing attackers to gain unauthorized access to high-value targets without triggering […]

The post Russian APT Hackers Using Device Code Phishing Technique to Bypass MFA appeared first on Cyber Security News.

A sophisticated fraud scheme known as SMS pumping is quietly draining millions from businesses worldwide by exploiting SMS verification systems. This cybercrime tactic, similar to a modern-day toll scam, involves artificially inflating SMS traffic through automated means, generating fraudulent revenue while leaving legitimate businesses to absorb unexpected costs. The scheme has become increasingly prevalent as […]

The post Threat Actors Turning Messaging Service into a Cash Making Machine appeared first on Cyber Security News.

A hacker known by the alias “Satanic” has claimed responsibility for a massive data breach involving WooCommerce, one of the most widely used eCommerce platforms on the web. The breach, which reportedly occurred on April 6, 2025, involves the theft of over 4.4 million user records, including detailed personal and business information. Cyber Security News […]

The post Hackers Allegedly Claiming WooCommerce Breach, 4.4 Million Customer Details Stolen appeared first on Cyber Security News.

A new wave of phishing emails is sweeping across Latin America, and once again, Grandoreiro is behind it. This banking trojan is no newcomer; it’s been active for years, evolving steadily into a more sophisticated and evasive threat.   With targeted tactics like geofencing and DNS evasion, Grandoreiro is staying just ahead of standard security solutions.  […]

The post How Banking Trojan Grandoreiro is Evolving Tactics To Attack Victims in LATAM  appeared first on Cyber Security News.

OpenSSH 10.0, a significant update to the widely adopted secure remote login and file transfer toolset, was officially released on April 9, 2025.  This milestone version introduces substantial protocol changes, enhanced security features, and critical improvements to prepare for quantum computing threats. The most notable security enhancement is the implementation of the hybrid post-quantum algorithm […]

The post OpenSSH 10.0 Released With Protocol Changes & Security Upgrades appeared first on Cyber Security News.

Hackers intercepted and monitored the emails of over 103 bank regulators at the Office of the Comptroller of the Currency (OCC) for more than a year, gaining access to highly sensitive financial data. The breach was discovered on February 11, 2025, when Microsoft’s security team alerted the OCC about unusual activities on its network. The […]

The post Hackers Intercepted 100+ Bank Regulators’ Emails for More Than a Year appeared first on Cyber Security News.

Google has unveiled Firebase Studio, a groundbreaking cloud-based platform designed to streamline the creation of full-stack AI applications. This innovative tool integrates the power of Gemini AI with existing Firebase services, offering developers an end-to-end solution to prototype, build, test, and deploy applications with unprecedented speed and efficiency. Key Features of Firebase Studio Firebase Studio […]

The post Google Released AI-powered Firebase Studio to Accelerate Build, Test, & Deployment appeared first on Cyber Security News.

A critical vulnerability in the USB-audio driver, which could lead to out-of-bounds memory reads, has been addressed by a recent patch to the Linux kernel, authored by Takashi Iwai of SUSE. The USB-audio driver in the Linux kernel has an out-of-bounds access vulnerability that possibly enables an attacker with physical access to the system to […]

The post Linux USB Audio Driver Vulnerability Let Attackers Execute Arbitrary Code Via Malicious USB Device appeared first on Cyber Security News.