Cyber Security News

A severe security vulnerability has been discovered in Plesk for Linux that could allow users to gain root access on affected servers. The flaw, tracked as CVE-2025-66430, exists within Plesk’s Password-Protected Directories feature and allows attackers to inject arbitrary data into Apache configuration files. The vulnerability stems from improper handling of user input within the […]

The post Critical Plesk Vulnerability Allows Plesk Users to Gain Root-Level Access appeared first on Cyber Security News.

A novel social engineering campaign, dubbed ClickFix, has been identified, which cleverly employs an old Windows command-line tool, finger.exe, to install malware on victims’ systems. This attack begins with a deceptive CAPTCHA verification page, tricking users into running a script that initiates the infection process. The technique has been in use since at least November […]

The post New Clickfix Attack Exploits finger.exe Tool to Trick Users into Execute Malicious Code appeared first on Cyber Security News.

Shannon is a fully autonomous AI pentesting tool for web applications that identifies attack vectors via code analysis and validates them with live browser exploits. Unlike traditional static analysis tools that merely flag potential issues, Shannon operates as a fully autonomous penetration tester that identifies attack vectors and actively executes real-world exploits to validate them. […]

The post Shannon – AI Pentesting Tool that Autonomously Checks for Code Vulnerabilities and Executes Real Exploits appeared first on Cyber Security News.

Storm-0249, once known primarily as a mass phishing group, has undergone a significant transformation into a sophisticated initial access broker specializing in precision attacks. This evolution marks a critical shift in threat tactics, moving away from noisy phishing campaigns toward stealthy, post-exploitation techniques designed to deliver ransomware-ready access to criminal affiliates. The threat actor now […]

The post Storm-0249 Abusing EDR Process Via Sideloading to Hide Malicious Activity appeared first on Cyber Security News.

Microsoft’s December 2025 security updates have unleashed an unexpected headache for enterprise admins relying on Message Queuing (MSMQ). Installed via KB5071546 on December 9, the patch targeting OS Build 19045.6691 alters MSMQ’s security model, leading to widespread failures in queue operations. Confirmed on December 12, the issue is most severe in high-load clustered environments, causing […]

The post Microsoft December 2025 Security Updates Breaking Message Queuing (MSMQ) Functionality Affects IIS Sites appeared first on Cyber Security News.

Gentlemen ransomware, first identified in August 2025, has rapidly evolved into a significant threat targeting corporate networks globally. Operating on a double extortion model, this group exfiltrates sensitive data before encrypting it, ensuring they can leverage stolen information even if backups exist. The ransomware is developed in the Go programming language, allowing for efficient cross-platform […]

The post New Gentlemen Ransomware Breaching Corporate Networks to Exfiltrate and Encrypt Sensitive Data appeared first on Cyber Security News.

A critical security issue involving the Windows Remote Access Connection Manager (RasMan) that allows local attackers to execute arbitrary code with System privileges. While investigating CVE-2025-59230, the vulnerability that Microsoft addressed in the October 2025 security updates. 0patch security analysts discovered a complex exploit chain that relies on a secondary, previously unknown zero-day flaw to function […]

The post Windows Remote Access Connection Manager Vulnerability Enables Arbitrary Code Execution appeared first on Cyber Security News.

A critical vulnerability affecting Sierra Wireless routers has been added to its Known Exploited Vulnerabilities (KEV) catalog. This decision comes after evidence emerged that the flaw is being actively exploited in the wild. Posing significant risks to organizations that still utilize these legacy devices. Federal agencies and private organizations are now urged to take immediate […]

The post CISA Adds Sierra Router Vulnerability to KEV Catalogue Following Active Exploitation appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), has issued new guidance urging enterprises to verify and manage UEFI Secure Boot configurations to counter bootkit threats. Released in December 2025 as a Cybersecurity Information Sheet (CSI), the document addresses vulnerabilities like PKFail, BlackLotus, and BootHole that bypass […]

The post CISA Releases Guidance for Managing UEFI Secure Boot on Enterprise Devices appeared first on Cyber Security News.

Google Threat Intelligence Group (GTIG) has issued a warning regarding the widespread exploitation of a critical security flaw in React Server Components. Known as React2Shell (CVE-2025-55182), this vulnerability allows attackers to take control of servers remotely without needing a password. Since the vulnerability was disclosed on December 3, 2025, Google has observed multiple distinct hacker groups […]

The post Google Warns Multiple Hacker Groups Are Exploiting React2Shell to Spread Malware appeared first on Cyber Security News.

BC Security has announced the release of Empire 6.3.0, the latest iteration of the widely used post-exploitation and adversary emulation framework. This update reinforces Empire’s position as a premier tool for Red Teams and penetration testers, offering a flexible, modular server architecture written in Python 3 along with extensive agent support. Unified Architecture and Expanded Agent […]

The post Empire 6.3.0 Launches With New Features for Red Teams and Penetration Testers appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability in Google Chromium’s ANGLE graphics engine to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-14174, the flaw allows remote attackers to trigger out-of-bounds memory access via a malicious HTML page, potentially leading to arbitrary code execution in browsers. Discovered and […]

The post CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Threat actors are increasingly abandoning traditional languages like C and C++ in favor of modern alternatives such as Golang, Rust, and Nim. This strategic shift enables developers to compile malicious code for both Linux and Windows with minimal modifications. Among the emerging threats in this landscape is “Luca Stealer,” a Rust-based information stealer that has […]

The post Rust-Based Luca Stealer Spreads Across Linux and Windows Systems appeared first on Cyber Security News.

Researchers have uncovered a sophisticated phishing campaign originating in Russia that deploys the Phantom information-stealing malware via malicious ISO files. The attack, dubbed “Operation MoneyMount-ISO,” targets finance and accounting departments explicitly using fake payment confirmation emails to trick victims into executing the payload. The campaign primarily focuses on finance, accounting, treasury, and payment departments in […]

The post New Phantom Stealer Campaign Hits Windows Machines Through ISO Mounting appeared first on Cyber Security News.

Apple patches two WebKit zero-day flaws actively exploited in sophisticated attacks targeting specific iPhone users running iOS versions prior to 26.​ The iOS 26.2 and iPadOS 26.2 updates, released December 12, 2025, address CVE-2025-43529 and CVE-2025-14174 in WebKit. CVE-2025-43529 involves a use-after-free vulnerability enabling arbitrary code execution via malicious web content, discovered by Google Threat […]

The post Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users appeared first on Cyber Security News.

Kali Linux 2025.4, released with substantial desktop environment improvements, full Wayland support across virtual machines, and three powerful new hacking tools, including the much-anticipated Wifipumpkin3.​ Released on December 12, 2025, this update focuses on modernizing the user experience while maintaining Kali’s position as the premier penetration testing platform. The release brings GNOME 49, KDE Plasma […]

The post Kali Linux 2025.4 Released With 3 New Hacking Tools and Wifipumpkin3 appeared first on Cyber Security News.

Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple security vendors reported scanning activity and suspected exploitation attempts, and CISA has since added the flaw to its Known Exploited Vulnerabilities […]

The post Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide appeared first on Cyber Security News.

JSCEAL has emerged as a serious threat to Windows users, specifically targeting those who work with cryptocurrency applications and valuable accounts. First reported by Check Point Research in July 2025, this information stealing malware has quietly grown stronger, introducing advanced techniques designed to avoid detection by security tools. A new wave of attacks starting in […]

The post New JSCEAL Infostealer Malware Attacking Windows Systems to Steal Login Credentials appeared first on Cyber Security News.

When users encounter a phishing email, the danger extends far beyond the initial click. A typical phishing attack begins when someone is deceived into entering their login credentials on a fake website. However, this is merely the starting point. Once cybercriminals obtain the stolen information, it immediately becomes valuable merchandise in the underground market. The […]

The post New Research Details on What Happens to Data Stolen in a Phishing Attack appeared first on Cyber Security News.

Security researchers have successfully extracted firmware from a budget smartwatch by bringing back a 20-year-old attack method originally used to steal data from network devices. The technique, known as “Blinkenlights,” was adapted to work with modern TFT screens instead of traditional LED indicators. Quarkslab analysts purchased a cheap smartwatch for approximately €12 from a local […]

The post Researchers Revive 2000s ‘Blinkenlights’ Technique to Dump Smartwatch Firmware via Screen Pixels appeared first on Cyber Security News.