Cyber Security News

Hackers are turning to Evilginx, a powerful adversary-in-the-middle tool, to get around multi-factor authentication and take over cloud accounts. The framework acts as a reverse proxy between the victim and real single sign-on pages, so the login screen looks and behaves just like the real thing. To the user, the fake site feels normal, with […]

The post Hackers Leverage Evilginx to Undermine MFA Security Mimicking Legitimate SSO Sites appeared first on Cyber Security News.

A new type of phishing attack that combines two different phishing kits: Salty2FA and Tycoon2FA. This marks a significant change in the Phishing-as-a-Service (PhaaS) landscape. While phishing kits typically maintain unique signatures in their code and delivery mechanisms, recent campaigns targeting enterprise users have begun deploying payloads that combine elements from both frameworks. This convergence […]

The post Salty2FA and Tycoon2FA Phishing Kits Attacking Enterprise Users to Steal Login Credentials appeared first on Cyber Security News.

Cybercriminals targeting Brazilian users have aggressively escalated their tactics, launching a highly sophisticated campaign dubbed “Water Saci.” This new wave of attacks weaponizes WhatsApp Web, a platform implicitly trusted by millions, to deliver banking trojans and steal sensitive financial data. By compromising user accounts, the attackers send convincing messages to trusted contacts, creating a rapid, […]

The post Water Saci Hackers Leveraging AI Tools to Attack WhatsApp Web Users appeared first on Cyber Security News.

A collaborative investigation by Mauro Eldritch of BCA LTD, ANYRUN, and NorthScan has provided unprecedented visibility into how North Korean threat actors from the Lazarus Group recruit and operate against Western companies. Researchers documented the complete attack cycle in real-time, capturing live footage of attackers using compromised systems. This breakthrough reveals the human side of […]

The post Researchers Expose Lazarus Recruitment Pipeline Live on Camera Through Honeypot Operation appeared first on Cyber Security News.

The Android TV community faces a significant security crisis as SmartTube, a popular third-party YouTube client, has been compromised due to exposed signing keys. Security researchers have identified malicious code embedded within official releases, prompting Google to forcibly disable the application on affected devices. The incident, which came to light through extensive community analysis, demonstrates […]

The post SmartTube YouTube App for Android TV Compromised Following Exposure of Signing Keys appeared first on Cyber Security News.

Bethesda, USA / Maryland, December 2nd, 2025, CyberNewsWire While most cybersecurity companies pour resources into AI models, massive compute, hoovering up all the data, and enhanced analytics to detect and prevent threats, Frenetik, a Maryland cyber startup, is betting on something simpler: making sure attackers don’t know what defenders know. The company emerged today with […]

The post Cyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms Race appeared first on Cyber Security News.

Baltimore, MD, December 2nd, 2025, CyberNewsWire The 2025 State of AI Data Security Report reveals a widening contradiction in enterprise security: AI adoption is nearly universal, yet oversight remains limited. Eighty-three percent of organizations already use AI in daily operations, but only 13 percent say they have strong visibility into how these systems handle sensitive […]

The post AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk appeared first on Cyber Security News.

Google has released critical security updates to address multiple zero-day vulnerabilities affecting Android devices worldwide. The December 2025 security bulletin reveals that threat actors are actively exploiting at least two of these vulnerabilities in real-world attacks, prompting urgent action from the tech giant. Critical Vulnerabilities Under Active Exploitation The two most concerning vulnerabilities being actively […]

The post Google Patches Android 0-Day Vulnerabilities Exploited in the Wild appeared first on Cyber Security News.

OpenVPN has released critical security updates for its 2.6 stable and 2.7 development branches, addressing three vulnerabilities that could lead to local denial-of-service (DoS), security bypasses, and buffer over-reads. The patches, included in the newly released version 2.6.17 and 2.7_rc3, fix issues ranging from logic errors in HMAC verification to stability flaws in the Windows […]

The post OpenVPN Vulnerabilities Let Hackers Triggers Dos Attack and Bypass Security Checks appeared first on Cyber Security News.

India’s Department of Telecommunications (DoT) has ordered smartphone manufacturers to preload a government-backed cybersecurity app, “Sanchar Saathi,” on all new devices sold in the country. The order, issued privately on November 28, 2025, gives major players like Apple, Samsung, Xiaomi, Vivo, and Oppo 90 days to comply, requiring the “Sanchar Saathi” app to be installed […]

The post India Mandates ‘Undeletable’ Government Cybersecurity App for All Smartphones appeared first on Cyber Security News.

A malicious Visual Studio Code extension posing as the popular “Material Icon Theme” has been used to attack Windows and macOS users, turning the add-on into a hidden backdoor. The fake extension shipped through the marketplace with backdoored files, giving the attackers a direct path into developer workstations once it was installed. After installation, the […]

The post Malicious VS Code Extension as Icon Theme Attacking Windows and macOS Users appeared first on Cyber Security News.

Advanced steganography techniques are becoming increasingly central to state-sponsored cyber operations. Recent analysis has exposed two Chinese technology companies, BIETA and CIII, that allegedly provide sophisticated steganography solutions to support advanced persistent threat campaigns. These organizations operate as front companies linked to China’s Ministry of State Security, playing a critical role in modernizing the country’s […]

The post Chinese Front Companies Providing Advanced Steganography Solutions for APT Operations appeared first on Cyber Security News.

A new remote access trojan dubbed KimJongRAT has surfaced, posing a severe threat to Windows users. This sophisticated malware is believed to be orchestrated by the Kimsuky group, a threat actor with alleged state backing. The campaign typically begins with a phishing email containing a deceptive archive named National Tax Notice, which lures unsuspecting victims […]

The post KimJongRAT Attacking Windows Users via Weaponized .hta Files to Steal Logins appeared first on Cyber Security News.

A sophisticated cyberespionage campaign dubbed “Operation Hanoi Thief” has surfaced, specifically targeting IT professionals and recruitment teams in Vietnam. Discovered on November 3, 2025, this threat activity employs a complex multi-stage infection chain designed to harvest sensitive browser credentials and history. The attackers leverage a malicious spear-phishing strategy, distributing a ZIP archive named Le-Xuan-Son_CV.zip, which […]

The post Operation Hanoi Thief Attacking IT Professionals with Pseudo-Polyglot Payload to Hide Malware appeared first on Cyber Security News.

With the holiday shopping season kicking into high gear, a massive cybersecurity threat has emerged, putting online shoppers at significant risk. A coordinated campaign has been discovered, involving the registration of over 2,000 fake holiday-themed online stores. These malicious sites are designed to lure unsuspecting consumers with the promise of steep discounts, only to steal […]

The post Hackers Registered 2,000+ Fake Holiday-Themed Online Stores to Steal User Payments appeared first on Cyber Security News.

New York, New York, December 1st, 2025, CyberNewswire BreachLock, the global leader in Penetration Testing as a Service (PTaaS), has been named a Leader and Fast Mover in the 2025 GigaOm Radar Report for PTaaS for the third year in a row. The GigaOm Radar Report for PTaaS is published annually to help security leaders and practitioners […]

The post BreachLock Named a Leader in 2025 GigaOm Radar Report for Penetration Testing as a Service (PTaaS) for Third Consecutive Year appeared first on Cyber Security News.

A newly discovered Windows malware packer named TangleCrypt has emerged as a serious threat in ransomware attacks, specifically designed to evade endpoint detection and response (EDR) solutions. The packer was first observed during a September 2025 ransomware incident involving Qilin ransomware, where threat actors deployed it alongside the ABYSSWORKER driver to disable security tools before […]

The post TangleCrypt Windows Packer with Ransomware Payloads Evades EDR Using ABYSSWORKER Driver appeared first on Cyber Security News.

Microsoft has acknowledged a frustrating new issue affecting users of the “new Outlook” for Windows, where Excel attachments fail to open if their filenames contain non-ASCII characters. The technical glitch, tracked under the reference ID EX1189359, triggers a vague error message advising users to “Try opening the file again later,” leaving many confused about the […]

The post Microsoft Confirms New Outlook Bug Blocking Excel Attachments appeared first on Cyber Security News.

A sophisticated Advanced Persistent Threat group known as Bloody Wolf has intensified its cyber espionage operations across Central Asia, targeting government and private sectors. Since late June 2025, the group has orchestrated spear-phishing campaigns primarily focusing on organizations within Kyrgyzstan and Uzbekistan. By meticulously impersonating state entities such as the Ministry of Justice, the attackers […]

The post Bloody Wolf Hackers Mimic as Government Agencies to Deploy NetSupport RAT via Weaponized PDF’s appeared first on Cyber Security News.

OpenAI has patched a command injection flaw in its Codex CLI tool that allowed attackers to execute arbitrary commands on developers’ machines simply by getting a malicious configuration file into a project repository. The issue, now fixed in Codex CLI version 0.23.0, effectively turned routine use of the codex command into a silent remote‑code‑execution trigger.​ […]

The post OpenAI Codex CLI Command Injection Vulnerability Let Attackers Execute Arbitrary Commands appeared first on Cyber Security News.