Cyber Security News

In August 2025, Fortinet issued an advisory for CVE-2025-25256, an OS command injection vulnerability (CWE-78) in FortiSIEM that exposed the platform to unauthenticated remote code execution via crafted CLI requests. Practical exploits surfaced in the wild, prompting security firm Horizon3.ai to conduct a deep investigation. Their analysis uncovered a devastating chain: an unauthenticated argument injection […]

The post Critical FortiSIEM Vulnerability(CVE-2025-64155) Enable Full RCE and Root Compromise appeared first on Cyber Security News.

Panorays has just dropped the latest edition of its annual CISO Survey for Third-Party Cyber Risk Management, and it contains some major wakeup calls for security professionals. The biggest takeaway is that software supply chain attacks are rising once more, as cybercriminals look to take advantage of their complexity by targeting a growing laundry list of third-party components.   The situation isn’t helped by […]

The post As Third-Party Vulnerabilities Rise, CISOs Accelerate Push for Security Modernization   appeared first on Cyber Security News.

Discord users are facing a growing threat from VVS Stealer, a Python-based information-stealing malware that targets sensitive account data, including credentials and tokens. This stealer was actively marketed on Telegram as early as April 2025, promoting its ability to steal Discord data, intercept active sessions through injection, and extract web browser information such as cookies, […]

The post VVS Stealer Attacking Discord Users to Exfiltrate Credentials and Tokens appeared first on Cyber Security News.

Microsoft patched a critical zero-day information disclosure flaw in its Desktop Window Manager (DWM) on January 13, 2026, in the Patch Tuesday update after detecting active exploitation in the wild. Tracked as CVE-2026-20805, the vulnerability allows low-privilege local attackers to expose sensitive user-mode memory, specifically section addresses, via remote ALPC ports. This could aid further […]

The post Microsoft Desktop Window Manager 0-Day Vulnerability Exploited in the wild appeared first on Cyber Security News.

Microsoft’s January 2026 updates fix 114 vulnerabilities, with several remote code execution bugs rated critical across Office applications and Windows services such as LSASS. This Patch Tuesday addresses critical remote code execution flaws and numerous elevation of privilege issues that could enable attackers to compromise systems. Vulnerability Type Count Remote Code Execution 22 Denial of […]

The post Microsoft Patch Tuesday January 2026 – 114 Vulnerabilities Fixed Including 3 Zero-days appeared first on Cyber Security News.

Fortinet disclosed a Server-Side Request Forgery (SSRF) vulnerability in its FortiSandbox appliance on January 13, 2026, urging users to update amid risks of internal network proxied requests. Tracked as CVE-2025-67685 (FG-IR-25-783), the flaw resides in the GUI component and stems from CWE-918, enabling authenticated attackers to craft HTTP requests that proxy traffic to internal plaintext […]

The post FortiSandbox SSRF Vulnerability Allow Attacker to proxy Internal Traffic via Crafted HTTP Requests appeared first on Cyber Security News.

Node.js issued critical security updates across its active release lines on January 13, 2026, patching vulnerabilities that could lead to memory leaks, denial-of-service attacks, and permission bypasses. These releases address three high-severity flaws, among others, urging immediate upgrades for affected systems. High Severity Vulnerabilities High-severity issues dominate this release, with CVE-2025-55131 exposing uninitialized memory in […]

The post Node.js Security Release Patches 7 Vulnerabilities Across All Release Lines appeared first on Cyber Security News.

Fortinet has disclosed a critical heap-based buffer overflow vulnerability (CWE-122) in the cw_acd daemon of FortiOS and FortiSwitchManager. This flaw enables a remote, unauthenticated attacker to execute arbitrary code or commands by sending specially crafted requests over the network. Organizations relying on Fortinet’s firewalls, secure access service edge (SASE) solutions, and switch management tools face […]

The post FortiOS and FortiSwitchManager Vulnerability Let Remote Attackers Execute Arbitrary Code appeared first on Cyber Security News.

Over 8,000 internet-exposed SmarterMail servers remain vulnerable to a critical remote code execution flaw tracked as CVE-2025-52691, according to scans conducted on January 12, 2026. Security researchers identified 8,001 unique IP addresses likely affected out of 18,783 exposed instances, with proof-of-concept exploits now publicly available. This maximum-severity vulnerability poses severe risks to organizations relying on […]

The post 8000+ SmarterMail Hosts Vulnerable to RCE Attack – PoC Exploit Released appeared first on Cyber Security News.

Security researchers have identified a sophisticated multi-stage Windows malware campaign called SHADOW#REACTOR that represents a significant evolution in delivery mechanisms for remote access tools. The campaign demonstrates how threat actors combine traditional scripting techniques with modern obfuscation methods to bypass security defenses. The infection begins with an obfuscated Visual Basic Script that initiates a carefully […]

The post Multi-Stage Windows Malware Invokes PowerShell Downloader Using Text-based Payloads Using Remote Host appeared first on Cyber Security News.

Large language models have become essential tools across industries, from healthcare to creative services, revolutionizing how humans interact with artificial intelligence. However, this rapid expansion has exposed significant security vulnerabilities. Jailbreak attacks—sophisticated techniques designed to bypass safety mechanisms—pose an escalating threat to the safe deployment of these systems. These attacks manipulate models into generating harmful, […]

The post HoneyTrap – A New LLM Defense Framework to Counter Jailbreak Attacks appeared first on Cyber Security News.

Anthropic has launched Claude for Healthcare, a new set of tools designed to help doctors, insurance companies, and patients use artificial intelligence for medical purposes while meeting strict privacy regulations. The announcement represents a significant expansion of Claude’s capabilities in the Healthcare and life sciences sectors. New Tools Connect to Medical Databases The platform introduces […]

The post Anthropic Unveils “Claude for Healthcare” to Help Users Understand Medical Records appeared first on Cyber Security News.

Moxa has issued a critical security advisory regarding CVE-2023-38408, a severe vulnerability in OpenSSH affecting multiple Ethernet switch models. The flaw, with a CVSS 3.1 score of 9.8, allows unauthenticated remote attackers to execute arbitrary code on vulnerable devices without requiring user interaction. CVE-2023-38408 stems from an unreliable search path in the PKCS#11 feature of […]

The post Critical OpenSSH Vulnerability Exposes Moxa Ethernet Switches to Remote Code Execution appeared first on Cyber Security News.

A sophisticated Android banking threat has emerged in the threat landscape, posing serious risks to mobile users across certain regions. The malware, known as deVixor, represents a significant evolution in Android-based attacks, combining financial data theft, device control, and extortion within a single platform. Since October 2025, security researchers have identified over 700 samples of […]

The post Android Banking Malware deVixor Actively Targeting Users with Ransomware Capabilities appeared first on Cyber Security News.

A significant security incident has emerged in Apex Legends, where attackers gained the ability to remotely control player inputs during active gameplay. The incident came to light when Respawn Entertainment disclosed the vulnerability through their official social media channels on January 10, 2026. This represents a notable breach in the competitive gaming environment, allowing malicious […]

The post Hackers Hijacked Apex Legends Game to Control the Inputs of Another Player Remotely appeared first on Cyber Security News.

Overcoming these five challenges commonly faced by SOC teams means taking a quantum leap in performance.   The catalyst for this shift is simple: high quality threat intelligence, an essential component for modern security experts.  With accurate, real time data on malicious indicators, organization can match, or even surpass results reported by ANY.RUN’s clients who adopted TI solutions:  High-quality threat intelligence drives such improvements by solving some of the hardest SOC challenges. Read further to see what they are and […]

The post 5 SOC Challenges You Can Eliminate with a Single Improvement  appeared first on Cyber Security News.

In today’s digital world, databases act as fortified storehouses for an organization’s crown jewels its critical data. Yet these vaults face nonstop assaults from cyber threats. As a cybersecurity defender, you stand as the ever-watchful guardian, shielding these assets from relentless foes. Success demands a strategic blueprint for every database under your purview. This guide […]

The post Top 10 Best Practices for Cybersecurity Professionals to Secure Your Database appeared first on Cyber Security News.

In today’s escalating threat landscape, spotting and patching open vulnerabilities ranks as a top priority for security teams. Pinpointing weaponized, high-risk CVEs exploited by threat actors and ransomware amid thousands of disclosures proves essential. Qualys researchers recently highlighted the top 20 most exploited vulnerabilities, noting hackers’ heavy focus on Microsoft products. Several from this list […]

The post Top 20 Most Exploited Vulnerabilities: Microsoft Products Draw Hackers appeared first on Cyber Security News.

DevOps refers to a collection of processes and technologies used in software development and IT operations that reduce the system development life cycle and enable continuous delivery. However, when time and resources are limited, security measures tend to be minimized. Utilizing DevOps technologies created with security in mind is vital to this strategy. Maintaining the […]

The post 10 Best DevOps Tools to Shift Your Security in 2026 appeared first on Cyber Security News.

Introduction : Security management across multiple Software-as-a-Service (SaaS) clouds can present challenges, primarily stemming from the heightened prevalence of malware and ransomware attacks. In the present landscape, organizations encounter many challenges with Software-as-a-Service (SaaS). One of the main challenges businesses face is the absence of standardized configuration practices, which leads to the need to handle […]

The post Top 10 Best SaaS Security Tools – 2026 appeared first on Cyber Security News.