Cyber Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert about a critical use-after-free vulnerability in the Linux kernel, tracked as CVE-2024-1086. This vulnerability, hidden within the netfilter: nf_tables component, allows local attackers to escalate their privileges and potentially deploy ransomware, which could severely disrupt enterprise systems worldwide. First disclosed earlier this […]

The post CISA Warns of Linux Kernel Use-After-Free Vulnerability Exploited in Attacks to Deploy Ransomware appeared first on Cyber Security News.

Cybercriminals and state-sponsored actors are ramping up attacks on unpatched Cisco IOS XE devices across Australia, deploying a persistent Lua-based web shell known as BADCANDY to maintain unauthorized access. This implant, first spotted in variations since October 2023, has seen renewed exploitation throughout 2024 and into 2025, exploiting the critical CVE-2023-20198 vulnerability in the software’s […]

The post Hackers Exploiting Cisco IOS XE Vulnerability in the Wild to Deploy BADCANDY Web Shell appeared first on Cyber Security News.

Windows Server Update Services (WSUS) vulnerability is actively exploited in the wild. Criminals are using this vulnerability to steal sensitive data from organizations in various industries. The vulnerability, tracked as CVE-2025-59287, was patched by Microsoft on October 14, 2025, but attackers quickly began abusing it after proof-of-concept code became publicly available on GitHub. Sophos telemetry […]

The post Hackers Exploiting Windows Server Update Services Flaw to Steal Sensitive Data from Organizations appeared first on Cyber Security News.

Throughout the first half of 2025, financially motivated threat actors have shifted their approach to intrusions, abandoning traditional implant-heavy methods in favor of a more cost-effective strategy. Rather than deploying sophisticated malware payloads, attackers are leveraging stolen credentials and valid account access to establish persistence within target networks across multiple industries. The FortiGuard Incident Response […]

The post Stolen Credentials and Valid Account Abuse Fuel the Financially Motivated Attacks appeared first on Cyber Security News.

The explosive growth of artificial intelligence has created an unexpected security threat as cybercriminals exploit ChatGPT’s popularity through counterfeit mobile applications. Recent security research uncovered sophisticated malicious apps masquerading as legitimate ChatGPT interfaces, designed to harvest sensitive user data and monitor digital activities without consent. These fraudulent applications have infiltrated third-party app stores, targeting users […]

The post Beware of Malicious ChatGPT Apps That Records Users Action and Steals Sensitive Data appeared first on Cyber Security News.

In mid-2025, researchers discovered a sophisticated campaign orchestrated by the Chinese state-sponsored threat group BRONZE BUTLER (also known as Tick) targeting organizations relying on Motex LANSCOPE Endpoint Manager. The attackers exploited a previously unknown zero-day vulnerability tracked as CVE-2025-61932, which grants remote adversaries the ability to execute arbitrary commands with SYSTEM privileges. This marks the […]

The post Threat Actors Exploit LANSCOPE Endpoint Manager Zero-Day Vulnerability to Steal Confidential Data appeared first on Cyber Security News.

Google is strengthening its defense against mobile scams with advanced AI-powered protections built directly into Android devices. As cybercriminals become more sophisticated, using AI themselves to create convincing fraud schemes, Google’s new safeguards work around the clock to protect your personal information and money from theft. Mobile scams cost people worldwide over $400 billion annually, […]

The post Google Unveils new AI-Protection for Android to Keep You Safe From Mobile Scams appeared first on Cyber Security News.

Progress Software has released critical security patches addressing a high-severity vulnerability affecting MOVEit Transfer, a widely used enterprise file transfer solution. The vulnerability, tracked as CVE-2025-10932, carries a CVSS score of 8.2 and impacts the AS2 module across multiple product versions. The uncontrolled resource consumption vulnerability in MOVEit Transfer’s AS2 module could allow attackers to […]

The post Progress Patches MOVEit Transfer Uncontrolled Resource Consumption Vulnerability appeared first on Cyber Security News.

Microsoft has launched Researcher with Computer Use in Microsoft 365 Copilot, marking a significant advancement in autonomous AI technology. This new feature allows the AI assistant to move beyond simple research tasks and actively perform actions on behalf of users through a secure virtual computer environment. The innovation enables Copilot to navigate public websites, access […]

The post Microsoft Introduces Researcher in 365 Copilot: Your Secure Virtual Assistant for Enhanced Productivity appeared first on Cyber Security News.

A new wave of cyber threats is emerging as criminals increasingly weaponize AdaptixC2, a free and open-source Command and Control framework originally designed for legitimate penetration testing and red team operations. Security researchers have uncovered a disturbing trend where advanced threat actors deploy this extensible post-exploitation tool across global ransomware campaigns, transforming a utility meant […]

The post Threat Actors Actively Using Open-Source C2 Framework to Deliver Malicious Payloads appeared first on Cyber Security News.

Chinese-affiliated threat actor UNC6384 has been actively leveraging a critical Windows shortcut vulnerability to target European diplomatic entities across Hungary, Belgium, Serbia, Italy, and the Netherlands. Arctic Wolf researchers identified this sophisticated cyber espionage campaign operating throughout September and October 2025, representing a significant evolution in the group’s operational capabilities and geographic reach. The attack […]

The post Hackers Weaponizing Windows LNK 0-Day RCE Vulnerability to Attack European Diplomats appeared first on Cyber Security News.

Threat actors operating under the control of North Korea’s regime have demonstrated continued technical sophistication by introducing advanced malware toolsets designed to establish persistent backdoor access and remote control over compromised systems. Recent findings have revealed that Kimsuky, known for orchestrating espionage campaigns, deployed HttpTroy, while the Lazarus APT group introduced an enhanced variant of […]

The post Kimsuky and Lazarus Hacker Groups Unveil New Tools That Enable Backdoor and Remote Access appeared first on Cyber Security News.

Sophisticated threat actors have orchestrated a coordinated multilingual phishing campaign targeting financial and government organizations across East and Southeast Asia. The campaign leverages carefully crafted ZIP file lures combined with region-specific web templates to deceive users into downloading staged malware droppers. Recent analysis reveals three interconnected clusters spanning Traditional Chinese, English, and Japanese-language variants, each […]

The post Threat Actors Using Multilingual ZIP File to Attack Financial and Government Organizations appeared first on Cyber Security News.

AzureHound, an open-source data collection tool designed for legitimate penetration testing and security research, has become a favored weapon in the hands of sophisticated threat actors. The tool, which is part of the BloodHound suite, was originally created to help security professionals and red teams identify and fix cloud vulnerabilities. However, malicious actors have increasingly […]

The post AzureHound Penetration Testing Tool Weaponized by Threat Actors to Enumerate Azure and Entra ID appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a severe injection vulnerability in the XWiki Platform, designated as CVE-2025-24893. This flaw allows unauthenticated attackers to execute arbitrary remote code, posing significant risks to organizations using the open-source wiki software. Discovered and actively exploited, the vulnerability underscores the dangers of […]

The post CISA Warns of XWiki Platform Injection vulnerability Exploited to Execute Remote Code appeared first on Cyber Security News.

In an unprecedented cybersecurity incident that occurred in September 2025, over 500 gigabytes of internal data from China’s Great Firewall infrastructure were exposed in what security experts are calling one of the most consequential breaches in digital surveillance history. The massive leak encompasses more than 100,000 documents, including internal source code, work logs, configuration files, […]

The post Historic Great Firewall Breach – 500GB+ Censorship Data Exposed appeared first on Cyber Security News.

WhatsApp has unveiled passkey-encrypted backups, simplifying the protection of cherished chat histories without the burden of memorizing complex passwords. This feature allows users to secure their end-to-end encrypted backups using biometric methods like fingerprints, facial recognition, or device screen locks, ensuring seamless access even after losing a phone or switching devices. Announced on October 29, […]

The post WhatsApp Introduces Passkey Encryption for Enhanced Chat Message Backup Security appeared first on Cyber Security News.

A sophisticated Linux kernel rootkit designed to slip past the defenses of Elastic Security, a leading endpoint detection and response (EDR) platform. Released on GitHub by researcher 0xMatheuZ, the rootkit employs advanced obfuscation techniques to evade YARA-based detection and behavioral monitoring. While presented strictly for educational purposes, Singularity underscores the evolving challenges in kernel-level threat […]

The post Researchers Created a Linux Rootkit that Evades Elastic Security EDR Detection appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-41244 to its Known Exploited Vulnerabilities catalog. This local privilege escalation flaw affects Broadcom’s VMware Aria Operations and VMware Tools, with evidence of active exploitation in the wild. Security researchers and officials urge immediate patching to prevent potential ransomware and other attacks that could compromise virtualized […]

The post CISA Warns of VMware Tools and Aria Operations 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Researchers have uncovered a sophisticated campaign leveraging the Lampion banking trojan, a malware strain that has operated since 2019 with a renewed focus on Portuguese financial institutions. The threat actor group behind these operations has refined its tactics significantly, introducing novel social engineering techniques that make traditional detection increasingly difficult. What distinguishes this latest iteration […]

The post New Lampion Stealer Uses ClickFix Attack to Silently Steal Login Credentials appeared first on Cyber Security News.