Cyber Security News

A persistent privilege escalation technique in AWS that allows attackers with limited permissions to execute code under higher-privileged execution roles on EC2 instances and SageMaker notebook instances. First documented by Grzelak in 2016 for EC2, the method exploits modifiable boot-time configurations to inject malicious payloads, bypassing standard IAM controls like PassRole. Recent analysis from Security […]

The post AWS Execution Roles Enable Subtle Privilege Escalation in SageMaker and EC2 appeared first on Cyber Security News.

A new Remote Access Trojan known as CastleRAT has emerged as a growing threat to Windows systems worldwide. First observed around March 2025, this malware enables attackers to gain complete remote control over compromised machines. The threat comes in two main builds: a lightweight Python version and a more powerful compiled C version, with the […]

The post Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access appeared first on Cyber Security News.

Russian threat actors are running a new wave of phishing campaigns that spoof major European security events to quietly steal cloud credentials. Invitations that look legitimate, often tied to conferences such as the Belgrade Security Conference or the Brussels Indo-Pacific Dialogue, direct targets to polished registration sites that mimic real organizers. Behind this professional surface, […]

The post Russian Hackers Spoof European Events in Targeted Phishing Attacks appeared first on Cyber Security News.

A critical security vulnerability in Apache Tika has been discovered that allows attackers to compromise systems by uploading specially crafted PDF files. Organizations worldwide are urged to patch immediately. Apache Tika is a popular open-source toolkit used by thousands of organizations to extract text and metadata from documents, including PDFs, Word files, and images. Apache […]

The post Critical Apache Tika Core Vulnerability Exploited by Uploading Malicious PDF appeared first on Cyber Security News.

Russian-backed threat actors continue their sophisticated cyber espionage operations against Western institutions through advanced phishing tactics. Calisto, a Russia-nexus intrusion set attributed to the Russian FSB’s Center 18 for Information Security (military unit 64829), has emerged as a persistent threat targeting NATO research entities and strategic organizations. The group has expanded its attack scope to […]

The post Russian Calisto Hackers Target NATO Research Sectors with ClickFix Malicious Code appeared first on Cyber Security News.

A new sophisticated threat actor has emerged in the cybersecurity landscape, targeting critical infrastructure across the United States. The adversary, operating under the name WARP PANDA, has demonstrated remarkable technical capabilities in infiltrating VMware vCenter environments at legal, technology, and manufacturing organizations. This group’s emergence marks a significant escalation in cloud-based cyberattacks, with particular focus […]

The post China-Nexus Hackers Exploiting VMware vCenter Environments to Deploy Web Shells and Malware Implants appeared first on Cyber Security News.

Critical security updates have been released to fix two high-severity flaws in the Triton Inference Server that let attackers crash systems remotely from NVIDIA. Both flaws received a CVSS score of 7.5, indicating they are high-priority threats requiring immediate patching. The first vulnerability (CVE-2025-33211) involves improper validation of input quantity. An attacker can exploit this […]

The post NVIDIA Triton Vulnerability Let Attackers Trigger DoS Attack Using Malicious Payload appeared first on Cyber Security News.

Attackers are actively exploiting a serious vulnerability in Array Networks’ ArrayOS AG series to gain unauthorized access to enterprise networks. The flaw exists in the DesktopDirect function, a feature designed to provide remote desktop access to administrators. Security researchers have discovered that this command injection vulnerability allows attackers to execute arbitrary commands on affected systems […]

The post Hackers Actively Exploiting ArrayOS AG VPN Vulnerability to Deploy Webshells appeared first on Cyber Security News.

A major disruption swept across the internet today as Cloudflare, a critical backbone for millions of websites, reported widespread issues with its Dashboard and APIs, triggering 500 Internal Server Errors for users globally. The outage, confirmed by Cloudflare’s status page, began around 08:56 UTC and impacted management tools, automations, and integrations reliant on these services. […]

The post Cloudflare Outage Hits Internet with 500 Internal Server Error appeared first on Cyber Security News.

A dangerous new Android spyware variant called ClayRat has emerged as a significant threat to mobile device security worldwide. First identified in October by the zLabs team, this malware represents a concerning evolution in mobile threats with capabilities that allow attackers to gain near-complete control over infected devices. The spyware demonstrates sophisticated techniques to steal […]

The post ClayRat Android Malware Steals SMS Messages, Call Logs and Capture Victim Photos appeared first on Cyber Security News.

A dangerous new wave of phishing attacks is targeting Solana users by changing wallet ownership permissions rather than stealing private keys. A victim lost more than USD 3 million in a single attack, with an additional USD 2 million locked in investment platforms. What makes this attack unique is that the user’s funds remained visible […]

The post Beware of Solana Phishing Attacks That Let Hackers Initiate Unauthorized Account Transfer appeared first on Cyber Security News.

A critical command injection vulnerability in the open-source network monitoring tool Cacti allows authenticated attackers to execute arbitrary code remotely, potentially compromising the entire monitoring infrastructure. The flaw, tracked as CVE-2025-66399, affects all versions up to 1.2.28 and stems from inadequate input validation in the SNMP device configuration functionality. The vulnerability resides in the device […]

The post Cacti Command Injection Vulnerability Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.

A high-severity vulnerability has been disclosed in Splunk affecting its Enterprise and Universal Forwarder products for Windows, stemming from incorrect file permissions during installation and upgrades. The vulnerability, tracked as CVE-2025-20386 for Splunk Enterprise and CVE-2025-20387 for Universal Forwarder. Allows non-administrator users to access sensitive installation directories and their contents, creating a pathway for privilege […]

The post Splunk Enterprise Vulnerabilities Allows Privileges Escalation Via Incorrect File Permissions appeared first on Cyber Security News.

SeedSnatcher represents a significant threat to cryptocurrency users worldwide. Packaged under the seemingly innocent name “Coin” and distributed through Telegram, this Android malware has emerged as a sophisticated tool designed specifically to steal digital wallet recovery codes and execute remote commands on infected devices. The malware, registered under the package name com.pureabuladon.auxes, operates as a […]

The post SEEDSNATCHER Android Malware Attacking Users to Exfiltrate Sensitive Data and Execute Malicious Commands appeared first on Cyber Security News.

Security researchers have uncovered a sophisticated Linux malware campaign that merges Mirai-derived DDoS botnet capabilities with a stealthy fileless cryptominer, representing a significant evolution in IoT and cloud-targeted threats. The malware, dubbed V3G4 by Cyble Research Intelligence Labs, employs a multi-stage infection chain designed to compromise Linux servers and IoT devices across multiple architectures while […]

The post New Stealthy Linux Malware Combines Mirai-Derived DDoS Botnet and Fileless Cryptominer appeared first on Cyber Security News.

China-nexus threat groups are racing to weaponize the new React2Shell bug, tracked as CVE-2025-55182, only hours after its public disclosure. The flaw sits in React Server Components and lets an attacker run code on the server without logging in. Early scans show broad probing of internet-facing React and Next[.]js apps, with a focus on high-value […]

The post China-Nexus Hackers Actively Exploiting React2Shell Vulnerability (CVE-2025-55182) in the Wild appeared first on Cyber Security News.

A proof-of-concept (PoC) exploit for CVE-2025-55182, a maximum-severity remote code execution (RCE) flaw in React Server Components, surfaced publicly this week, heightening alarms for developers worldwide. Dubbed “React2Shell” by some researchers, the vulnerability carries a CVSS score of 10.0 and affects React versions 19.0.0 through 19.2.0, as well as Next.js 15.x and 16.x using App […]

The post PoC Exploit Released for Critical React, Next.js RCE Vulnerability (CVE-2025-55182) appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Canadian Centre for Cyber Security (Cyber Centre) issued a joint advisory today, warning of a sophisticated new malware campaign orchestrated by People’s Republic of China (PRC) state-sponsored cyber actors. The advisory details “BRICKSTORM,” a formidable backdoor designed to establish long-term persistence […]

The post CISA and NSA Warn of BRICKSTORM Malware Attacking VMware ESXi and Windows Environments appeared first on Cyber Security News.

A new class of prompt injection vulnerabilities, dubbed “PromptPwnd,” has been uncovered by cybersecurity firm Aikido Security. The flaws affect GitHub Actions and GitLab CI/CD pipelines that are integrated with AI agents, including Google’s Gemini CLI, Claude Code, and OpenAI Codex. The vulnerability has been confirmed to impact at least five Fortune 500 companies, with […]

The post Prompt Injection Flaw in GitHub Actions Hits Fortune 500 Firms appeared first on Cyber Security News.

Austin, TX, USA, December 4th, 2025, CyberNewsWire Phishing has surged 400% year-over-year, highlighting need for real-time visibility into identity exposures. SpyCloud, the leader in identity threat protection, today released new data showing a sharp rise in phishing attacks that disproportionately target corporate users. The company tracked a 400% year-over-year increase in successfully phished identities, with […]

The post SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware appeared first on Cyber Security News.