CyberSecurityBoard
Sponsor Register Login

Cyber News

CyberSecurityBoard.com is a cyber news aggregator platform with all of the top news, blogs, podcasts and more about Cyber Security, InfoSec, Cryptography, Online Privacy, Hacking, Vulnerability and Threat Research into one place. CyberSecurityBoard's ultimate goal is providing a useful and effective tool to help you getting a better understanding and quicker overview of everything happening in the world of Cybersecurity.

Latest Cyber News

Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts - A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code. However, all ...
6 hours ago Bleepingcomputer.com
Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches - Threat actors have exploited a PHP CGI remote code execution (RCE) vulnerability, enabling unauthorized access and potential system compromise. Commvault patched a critical webserver vulnerability that could allow attackers to deploy malicious ...
10 hours ago Cybersecuritynews.com CVE-2024-31317 BianLian Medusa
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts - Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The attacks are similar to those reported years ago, indicating that OAuth apps ...
10 hours ago Bleepingcomputer.com
100+ Auto Dealers Hacked With A ClickFix Webpage Leads To SectopRAT Malware Installation - The attack leveraged a shared video service specifically used by auto dealerships, injecting malicious code that redirected unsuspecting users to fraudulent webpages designed to install the dangerous SectopRAT remote access trojan on their systems. ...
11 hours ago Cybersecuritynews.com
RedCurl APT leveraging Active Directory Explorer & 7-Zip To Archive Exfiltrated Data - Cyber Security News - “The victim sees a single file, ‘CV Applicant *.scr’ which is the legitimate signed Adobe executable ‘ADNotificationManager.exe’. After the victim opens the file, the EarthKapre loader (netutils.dll) is side ...
12 hours ago Cybersecuritynews.com
Critical Vulnerabilities In Delphi Code Leads To Memory Corruption - Analysts at Include Security identified that despite its reputation for safety, Delphi code can be just as vulnerable to memory corruption issues as C/C++ when certain coding patterns are followed. Researchers have uncovered serious memory corruption ...
13 hours ago Cybersecuritynews.com
Hackers Attacking Exposed Jupyter Notebooks To Deliver Cryptominer - Analysts at Cado Security Labs identified this attack through their honeypot systems, noting that the campaign represents a new vector for cryptomining attacks that hasn’t been previously reported, despite sharing similarities with earlier ...
1 day ago Cybersecuritynews.com
AWS SNS Abused To Exfiltrate Data & Phishing Attack - The attacks leverage legitimate AWS functionality to create SNS topics, subscribe external email addresses, and publish sensitive data through API calls that appear as normal AWS service usage. Elastic Security Labs provided hunting queries that ...
1 day ago Cybersecuritynews.com
New Akira ransomware decryptor cracks encryptions keys using GPUs - Nugroho developed the decryptor after being asked for help from a friend, deeming the encrypted system solvable within a week, based on how Akira generates encryption keys using timestamps. Akira ransomware dynamically generates unique encryption ...
1 day ago Bleepingcomputer.com Akira
DeepSeek R1 Jailbreaked To Develop Malware, Such As A Keylogger And Ransomware - Cyber Security News - These findings suggest that while DeepSeek R1 doesn’t provide turnkey malware solutions, it significantly lowers the technical barrier for creating harmful software, potentially accelerating malicious actors’ capabilities in developing ...
1 day ago Cybersecuritynews.com
Top Cybersecurity Tools of 2025 To Managing Remote Device Threats - Microsoft Defender for Endpoint is an enterprise-grade security solution that protects remote devices through AI-driven threat detection, automated response mechanisms, and seamless integration with Microsoft’s security ecosystem. By leveraging ...
1 day ago Cybersecuritynews.com
Coinbase phishing email tricks users with fake wallet migration - A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. Instead, the phishing email includes a recovery phrase, which ...
2 days ago Bleepingcomputer.com
Week-long Exchange Online outage causes email failures, delays - Two weeks ago, the company linked a weekend Microsoft 365 outage affecting Outlook and Exchange Online authentication to another "code issue." A subsequent advisory revealed that Exchange Online users still had issues accessing calendars and email ...
2 days ago Bleepingcomputer.com
New Context Compliance Attack Jailbreaks Most of The Major AI Models - Rather than requiring complex prompt engineering or computationally expensive optimization, CCA works through a basic three-step process: initiating a conversation about a sensitive topic, injecting a fabricated assistant response into the ...
2 days ago Cybersecuritynews.com
Ransomware gang creates tool to automate VPN brute-force attacks - Büyükkaya says Black Basta has been using the automated BRUTED platform since 2023 to conduct large-scale credential-stuffing and brute-force attacks on edge network devices. The Black Basta ransomware operation created an automated ...
2 days ago Bleepingcomputer.com Black Basta
Cisco IOS XR vulnerability lets attackers crash BGP on routers - The same week, CISA tagged a remote command execution security flaw impacting Cisco RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers as actively exploited in attacks and ordered U.S. federal agencies to secure any vulnerable devices by March ...
2 days ago Bleepingcomputer.com CVE-2025-20115
Alleged Russian LockBit developer extradited from Israel, appears in New Jersey court | The Record from Recorded Future News - Since December, Justice Department officials have sought Panev’s extradition after a criminal complaint was unsealed last year accusing him of acting as a developer of the LockBit ransomware from 2019 to at least February 2024. The dual ...
2 days ago Therecord.media LockBit
Black Basta Ransomware Attack Edge Network Devices With Automated Brute Force Attacks - After gaining initial access through compromised edge devices, Black Basta actors follow a structured attack chain deploying post-exploitation frameworks like Cobalt Strike or Brute Ratel to establish command-and-control channels, extract ...
2 days ago Cybersecuritynews.com Black Basta
Hackers Allegedly Selling 3.17 Million Records of Honda Cars India Customers - The hacker’s post on the forum claims to possess detailed records of Honda Cars India customers, with 2,866,348 mobile numbers and 1,907,053 email addresses among the compromised data. While Honda Cars India has yet to issue an official ...
2 days ago Cybersecuritynews.com
Suspected LockBit ransomware dev extradited to United States - Panev remained an active member of LockBit ransomware's core team until February 2024, when an international law enforcement operation led by the UK's National Crime Agency (NCA) and the FBI severely disrupted the cybercrime organization. Panev has ...
2 days ago Bleepingcomputer.com LockBit Inception
Cisco Warns of IOS XR Software Vulnerability Let Attackers Trigger DoS condition - According to Cisco’s security advisory released on March 12, 2025, an attacker could exploit this vulnerability by sending crafted BGP update messages to trigger memory corruption, which may force the BGP process to restart and result in a ...
2 days ago Cybersecuritynews.com CVE-2025-20115
Camaleon CMS Privilege Escalation - Research Advisory | Tenable® - Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Enjoy full access to a modern, cloud-based vulnerability management platform that enables you ...
2 days ago Tenable.com
Critical ruby-saml Vulnerabilities Let Attackers Bypass Authentication - Security researchers from GitHub Security Lab have identified parser differential vulnerabilities (CVE-2025-25291 and CVE-2025-25292) affecting ruby-saml versions up to 1.17.0, which could allow attackers to impersonate any user within affected ...
2 days ago Cybersecuritynews.com CVE-2025-25291
Lazarus Hackers Exploiting IIS Servers to Deploy ASP-based Web Shells - Unlike previous iterations that used the password “1234qwer,” the latest variant employs “2345rdx” as its authentication mechanism, indicating an evolution in their operational security measures. The continued evolution of ...
2 days ago Cybersecuritynews.com Lazarus Group
Microsoft Warns of Cyber Attack Mimic Booking .com To Deliver Password Stealing Malware - Security analysts at Microsoft noted that this campaign employs a technique called “ClickFix,” which displays fake error messages instructing users to execute commands that download malware. The addition of ClickFix to their tactics shows ...
2 days ago Cybersecuritynews.com
United States Charges Developer of LockBit Ransomware Group - Technical analysis of LockBit 3.0, also known as “LockBit Black,” reveals sophisticated execution techniques, including command execution, batch scripts, and extensive use of the Native Windows API and PowerShell to interface with system ...
2 days ago Cybersecuritynews.com LockBit
CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
2 days ago Cybersecuritynews.com CVE-2024-5594
Microsoft365 Themed Attack Leveraging OAuth Redirection for Account Takeover  - Threat researchers at @Proofpoint are tracking two ongoing, highly targeted campaigns combining OAuth redirection mechanisms with brand impersonation techniques, malware proliferation and #Microsoft365 themed #credential phishing for #Account ...
2 days ago Cybersecuritynews.com
New Campaign Attacking PyPI Users to Steal Sensitive Data Including Cloud Tokens - This latest attack vector involves several malicious packages disguised as time-related utilities, which are actually designed to steal sensitive information including cloud access tokens, API keys, and other credentials. In February 2025, security ...
2 days ago Cybersecuritynews.com
Decrypting Linux/ESXi Akira Ransomware Files Without Paying Ransomware - The researcher has published the full source code and methodology on GitHub, providing a potential lifeline for organizations affected by this specific ransomware strain active since late 2023. According to the researcher, the malware uses the ...
2 days ago Cybersecuritynews.com Akira
SuperBlack Actors Exploiting Two Fortinet Vulnerabilities to Deploy Ransomware - The attackers consistently created local system administrator accounts with names designed to blend in with legitimate services, including “forticloud-tech,” “fortigate-firewall,” and “adnimistrator” (a deliberate ...
2 days ago Cybersecuritynews.com LockBit CVE-2024-55591
10 Best Cyber Attack Simulation Tools - 2025 - Cyber attack simulation tools help organizations identify vulnerabilities, test security defenses, and improve their cybersecurity posture by simulating real-world attacks. The Cyber Attack Simulation tools act like a continuous and automated process ...
2 days ago Cybersecuritynews.com
Ransomware attack takes down health system network in Micronesia | The Record from Recorded Future News - One of the four states that make up the Pacific nation of Micronesia is battling against ransomware hackers who have forced all of the computers used by its government health agency offline. On Wednesday, the Department of Health Services for the ...
2 days ago Therecord.media
Microsoft apologizes for removing VSCode extensions used by millions - Microsoft has reinstated the 'Material Theme – Free' and 'Material Theme Icons – Free' extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn't actually malicious. According to Astorino, the ...
3 days ago Bleepingcomputer.com
New SuperBlack ransomware exploits Fortinet auth bypass flaws - A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. When Fortinet first disclosed CVE-2024-55591 on ...
3 days ago Bleepingcomputer.com LockBit CVE-2024-55591
Windows Notepad to get AI text summarization in Windows 11 - Microsoft is now testing an AI-powered text summarization feature in Notepad and a Snipping Tool "Draw & Hold" feature that helps draw perfect shapes. Today, it also added a "Draw & Hold" feature in Snipping Tool version 11.2502.18.0 to help ...
3 days ago Bleepingcomputer.com
Microsoft says button to restore classic Outlook is broken - Since the beginning of the year, it has addressed other Outlook issues, including one that causes classic Outlook to crash when writing, replying to, or forwarding an email, and another one that led to Classic Outlook and Microsoft 365 applications ...
3 days ago Bleepingcomputer.com
Juniper patches bug that let Chinese cyberspies backdoor routers - Earlier this year, Black Lotus Labs researchers said that unknown threat actors have been targeting Juniper edge devices (many acting as VPN gateways) with J-magic malware that opens a reverse shell if it detects a "magic packet" in the network ...
3 days ago Bleepingcomputer.com CVE-2025-21590
CISA Warns of Juniper Junos OS Improper Isolation Vulnerability Exploited in Wild - Mandiant’s research indicated that the attackers were exploiting end-of-life Juniper MX routers running older versions of Junos OS and were able to bypass the operating system’s Veriexec security subsystem by injecting malicious code into ...
3 days ago Cybersecuritynews.com CVE-2025-24201
CISA Warns of Apple WebKit Out-of-Bounds Write Vulnerability Exploited in Wild - The Cybersecurity and Infrastructure Security Agency (CISA) has warned about an actively exploited zero-day vulnerability in Apple’s WebKit browser engine, tracked as CVE-2025-24201. Enterprise Mitigation: Deploy Mobile Device Management (MDM) ...
3 days ago Cybersecuritynews.com CVE-2025-24201
GitLab patches critical authentication bypass vulnerabilities - GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. The two critical flaws GitLab addressed this time ...
3 days ago Bleepingcomputer.com CVE-2025-25291
86,000+ Healthcare Staff Records Exposed from Misconfigured AWS S3 Bucket - The misconfigured cloud storage contained highly sensitive personally identifiable information (PII), including profile images, work schedules, professional certificates, and medical documents potentially protected under HIPAA regulations, creating ...
3 days ago Cybersecuritynews.com
Hackers Abuse Microsoft Copilot for Sophisticated Phishing Attack - “Phishing, sadly, works for many of the bad actors who continue to use this vector to attack.” As Microsoft continues to integrate AI capabilities across its product suite, security professionals must remain vigilant about emerging ...
3 days ago Cybersecuritynews.com
Siemens SINAMICS S200 Bootloader Vulnerability Let Attackers Compromise the Device - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Industrial cybersecurity experts recommend that organizations prioritize addressing this vulnerability, as compromised drive ...
3 days ago Cybersecuritynews.com
DeepSeek Generating Fully Working Keyloggers & Data Exfiltration Tools - Security researchers at Unit 42 have successfully prompted DeepSeek, a relatively new large language model (LLM), to generate detailed instructions for creating keyloggers, data exfiltration tools, and other harmful content. The research findings ...
3 days ago Cybersecuritynews.com
Apache NiFi Vulnerability Let Attackers Access MongoDB Username & Passwords - This exposure creates a significant security risk, as compromised database credentials could lead to unauthorized data access, manipulation, or exfiltration of sensitive information stored in MongoDB databases connected to the NiFi instance. For ...
3 days ago Cybersecuritynews.com
Multiple Vulnerabilities in Sante PACS Server - Research Advisory | Tenable® - Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Enjoy full access to a modern, cloud-based vulnerability management platform that enables you ...
3 days ago Tenable.com
ClickFix attack delivers infostealers, RATs in fake Booking.com emails - Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. In the phishing campaign discovered by ...
3 days ago Bleepingcomputer.com
2-year-old Windows Kernel 0-day Vulnerability Exploited in the Wild - Other significant vulnerabilities patched in this release included CVE-2025-26633 (a security feature bypass in Microsoft Management Console), CVE-2025-24985 (a remote code execution flaw in Windows Fast FAT File System Driver), and CVE-2025-24993 (a ...
3 days ago Cybersecuritynews.com CVE-2025-26633
Mozilla Urging Users to Update Firefox, Else Add-ons Will Stop Working - The company stated in its support documentation that “not updating Firefox before the root certificate expires can expose you to significant security threats. iOS users are not impacted due to Firefox on Apple’s mobile platform utilizing ...
3 days ago Cybersecuritynews.com
Red Report 2025: Unmasking a 3X Spike in Credential Theft and Debunking the AI Hype - The data-driven insights from Red Report 2025 paint a vivid picture of the cyber threat landscape: credential thieves roaming unchecked, a handful of techniques enabling the vast majority of breaches, and new “heist-style” attack ...
3 days ago Bleepingcomputer.com
Bitdefender Warns of Multiple Vulnerabilities that Let Attackers Execute MITM Attack - This vulnerability specifically affects firmware version 1.3.11.490. The security flaw allows unauthenticated, network-adjacent attackers to execute arbitrary commands on the affected device. Bitdefender has disclosed two critical vulnerabilities ...
3 days ago Cybersecuritynews.com CVE-2024-13872
INE Security Alert: Using AI-Driven Cybersecurity Training to Counter Emerging Threats - Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business ...
3 days ago Cybersecuritynews.com
Beware of North Korean Hackers DocSwap Malware Disguised As Security Document Viewer - “The malicious app performs an XOR (0xCC) operation on the ‘security.db’ file in a subdirectory, which drops an APK file and loads the DEX file stored within it,” explained the report detailing the threat. A sophisticated ...
3 days ago Cybersecuritynews.com Kimsuky
Tenda AC7 Routers Vulnerability Let Attackers Gain Root Shell With Malicious Payload - In the absence of an official patch, network administrators should consider implementing additional security measures, such as restricting access to the router’s management interface to trusted devices only. Attackers within the same network as ...
3 days ago Cybersecuritynews.com
GitLab Warns of Multiple Vulnerabilities Let Attackers Login as Valid User - Security experts recommend that organizations running GitLab implement these updates as soon as possible, especially those using SAML authentication or considering enabling the Direct Transfer feature. The vulnerability can be exploited if an ...
3 days ago Cybersecuritynews.com CVE-2025-27407
Hackers Using JSPSpy Tool To Manage Malicious Webshell Infrastructure - Cybersecurity researchers have identified a cluster of servers hosting JSPSpy, a Java-based webshell first observed in 2013, now being deployed alongside a rebranded file management tool. The investigation revealed that two of the four servers were ...
3 days ago Cybersecuritynews.com Lazarus Group
Fake Captcha Malware Attacking Windows Users To execute PowerShell Commands - A sophisticated malware campaign is targeting Windows users through deceptive CAPTCHA verification prompts that trick victims into executing malicious PowerShell scripts. Security experts recommend implementing robust security awareness training and ...
3 days ago Cybersecuritynews.com
Fortinet Addresses Multiple Vulnerabilities in FortiSandbox, FortiOS, and Other Products - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. FortiSandbox suffers from CVE-2024-45328, a high-severity incorrect authorization vulnerability (CWE-863) that might allow ...
3 days ago Cybersecuritynews.com CVE-2024-45328
New OBSCURE#BAT Manipulates System Processes & Registry Entries To Evade Detection - A sophisticated malware campaign, tracked as OBSCURE#BAT, has been identified using heavily obfuscated batch scripts to install stealthy rootkits, allowing attackers to maintain persistent access to compromised systems while avoiding detection. The ...
3 days ago Cybersecuritynews.com
Medusa Ransomware Hacked 300+ Organizations Worldwide from Variety of Critical Infrastructure - In a particularly concerning development, FBI investigations uncovered instances where victims who paid the initial ransom were subsequently contacted by different Medusa actors claiming the first negotiator had stolen the payment, demanding an ...
3 days ago Cybersecuritynews.com Medusa
US Charges 12 Chinese Hackers For Hacking National Security Infrastructure - The hackers functioned as what one senior FBI official described as “cyber mercenaries,” exploiting vulnerable systems and extracting sensitive data that was subsequently sold to Chinese government security services. The indictments mark ...
3 days ago Cybersecuritynews.com
China-Nexus Group Hacked Juniper Networks and Implant Backdoors on Its Routers - The investigation revealed that UNC3886 leveraged legitimate credentials to gain privileged access to the routers and subsequently deployed six distinct malware variants across multiple Juniper MX devices. The compromise of these critical routing ...
3 days ago Cybersecuritynews.com
Cisco IOS XR Software Vulnerability Allows Attackers to Execute Commands as Root - Recent security disclosures reveal multiple high-severity vulnerabilities in Zoom’s client software, exposing millions of users to potential data breaches, privilege escalation, and unauthorized access. The vulnerability originates from ...
3 days ago Cybersecuritynews.com CVE-2025-20138
Multiple Zoom Client Vulnerabilities Exposes Sensitive data - These vulnerabilities affect Zoom’s desktop, mobile, and Workplace applications, enabling authenticated attackers to execute arbitrary code, corrupt memory, or bypass security protocols via network access. Recent security disclosures reveal ...
3 days ago Cybersecuritynews.com
HOLT Group Files Notice of Data Breach Leaking Consumer’s Financial Information | Console and Associates, P.C. - JDSupra - Build a custom email digest by following topics, people, and firms published on JD Supra. ...
4 days ago Jdsupra.com
Tata Technologies' data leaked by ransomware gang | TechCrunch - A ransomware group called Hunters International has published some of the data it claims to have stolen from Tata Technologies, just over a month after the Indian company confirmed a ransomware attack that resulted in the suspension of some services. ...
4 days ago Techcrunch.com Hunters
Facebook discloses FreeType 2 flaw exploited in attacks - Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks. Facebook disclosed the flaw yesterday, warning that the vulnerability is ...
4 days ago Bleepingcomputer.com CVE-2025-27363
CISA: More than 300 critical infrastructure orgs attacked by Medusa ransomware | The Record from Recorded Future News - “FBI investigations identified that after paying the ransom, one victim was contacted by a separate Medusa actor who claimed the negotiator had stolen the ransom amount already paid and requested half of the payment be made again to provide the ...
4 days ago Therecord.media CVE-2024-1709 Medusa
CISA: Medusa ransomware hit over 300 critical infrastructure orgs - Last month, CISA and the FBI issued another joint alert warning that victims from multiple industry sectors across over 70 countries, including critical infrastructure, have been breached in Ghost ransomware attacks. "As of February 2025, ...
4 days ago Bleepingcomputer.com Medusa
Granola API Endpoint Information Disclosure - Research Advisory | Tenable® - Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Enjoy full access to a modern, cloud-based vulnerability management platform that enables you ...
4 days ago Tenable.com
New North Korean Android spyware slips onto Google Play - A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. The five apps Lookout identified ...
4 days ago Bleepingcomputer.com APT3 APT37
Garantex crypto exchange admin arrested while on vacation - Besciokov (aka "proforg" and "iram") controlled Garantex with 40-year-old Russian national and United Arab Emirates resident Aleksandr Mira Serda (the crypto exchange's other co-founder) between 2019 and 2025. According to court ...
4 days ago Bleepingcomputer.com
Tycoon2FA Phishkit Updates Tactics with PDF Lures and Redirects - Tycoon is back with a new phishing trick! The threat group has updated its tactics, using PDF lures and clever redirects to steal credentials. The script first displays a Cloudflare “Verify You’re a Human” check: a common tactic used to ...
4 days ago Cybersecuritynews.com
CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts | The Record from Recorded Future News - A CISA spokesperson said the agency planned to cut annual funding of $10 million that was given to the Center for Internet Security (CIS) for managing the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Election Infrastructure ...
4 days ago Therecord.media

Trending Cyber News (last 7 days)

Windows Notepad to get AI text summarization in Windows 11 - Microsoft is now testing an AI-powered text summarization feature in Notepad and a Snipping Tool "Draw & Hold" feature that helps draw perfect shapes. Today, it also added a "Draw & Hold" feature in Snipping Tool version 11.2502.18.0 to help ...
3 days ago Bleepingcomputer.com
GitLab patches critical authentication bypass vulnerabilities - GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. The two critical flaws GitLab addressed this time ...
3 days ago Bleepingcomputer.com CVE-2025-25291
CVE-2025-24201 - An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to ...
3 days ago CVE-2025-21590
Alleged Russian LockBit developer extradited from Israel, appears in New Jersey court | The Record from Recorded Future News - Since December, Justice Department officials have sought Panev’s extradition after a criminal complaint was unsealed last year accusing him of acting as a developer of the LockBit ransomware from 2019 to at least February 2024. The dual ...
2 days ago Therecord.media LockBit
New SuperBlack ransomware exploits Fortinet auth bypass flaws - A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. When Fortinet first disclosed CVE-2024-55591 on ...
3 days ago Bleepingcomputer.com LockBit CVE-2024-55591
New Context Compliance Attack Jailbreaks Most of The Major AI Models - Rather than requiring complex prompt engineering or computationally expensive optimization, CCA works through a basic three-step process: initiating a conversation about a sensitive topic, injecting a fabricated assistant response into the ...
2 days ago Cybersecuritynews.com
Ransomware attack takes down health system network in Micronesia | The Record from Recorded Future News - One of the four states that make up the Pacific nation of Micronesia is battling against ransomware hackers who have forced all of the computers used by its government health agency offline. On Wednesday, the Department of Health Services for the ...
2 days ago Therecord.media
Ransomware gang creates tool to automate VPN brute-force attacks - Büyükkaya says Black Basta has been using the automated BRUTED platform since 2023 to conduct large-scale credential-stuffing and brute-force attacks on edge network devices. The Black Basta ransomware operation created an automated ...
2 days ago Bleepingcomputer.com Black Basta
New Campaign Attacking PyPI Users to Steal Sensitive Data Including Cloud Tokens - This latest attack vector involves several malicious packages disguised as time-related utilities, which are actually designed to steal sensitive information including cloud access tokens, API keys, and other credentials. In February 2025, security ...
2 days ago Cybersecuritynews.com
Cisco IOS XR vulnerability lets attackers crash BGP on routers - The same week, CISA tagged a remote command execution security flaw impacting Cisco RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers as actively exploited in attacks and ordered U.S. federal agencies to secure any vulnerable devices by March ...
2 days ago Bleepingcomputer.com CVE-2025-20115
Signal no longer cooperating with Ukraine on Russian cyber threats, official says | The Record from Recorded Future News - Speaking to Recorded Future News on the sidelines of the Kyiv cyber forum, Demediuk said that Ukraine used “an official communication channel” to reach out to Signal about how the app is being abused by Russians, including for phishing attacks ...
4 days ago Therecord.media
New OBSCURE#BAT Manipulates System Processes & Registry Entries To Evade Detection - A sophisticated malware campaign, tracked as OBSCURE#BAT, has been identified using heavily obfuscated batch scripts to install stealthy rootkits, allowing attackers to maintain persistent access to compromised systems while avoiding detection. The ...
3 days ago Cybersecuritynews.com
GitLab Warns of Multiple Vulnerabilities Let Attackers Login as Valid User - Security experts recommend that organizations running GitLab implement these updates as soon as possible, especially those using SAML authentication or considering enabling the Direct Transfer feature. The vulnerability can be exploited if an ...
3 days ago Cybersecuritynews.com CVE-2025-27407
Tata Technologies' data leaked by ransomware gang | TechCrunch - A ransomware group called Hunters International has published some of the data it claims to have stolen from Tata Technologies, just over a month after the Indian company confirmed a ransomware attack that resulted in the suspension of some services. ...
4 days ago Techcrunch.com Hunters
Scam spoofs Binance website and uses TRUMP coin as lure for malware | The Record from Recorded Future News - The researchers said that if victims follow the instructions in the email and hit the download link to get the TRUMP coins, they instead install a malicious version of a remote access tool known as ConnectWise. Hackers are spreading a malicious ...
6 days ago Therecord.media
Hackers Abuse Microsoft Copilot for Sophisticated Phishing Attack - “Phishing, sadly, works for many of the bad actors who continue to use this vector to attack.” As Microsoft continues to integrate AI capabilities across its product suite, security professionals must remain vigilant about emerging ...
3 days ago Cybersecuritynews.com
SuperBlack Actors Exploiting Two Fortinet Vulnerabilities to Deploy Ransomware - The attackers consistently created local system administrator accounts with names designed to blend in with legitimate services, including “forticloud-tech,” “fortigate-firewall,” and “adnimistrator” (a deliberate ...
2 days ago Cybersecuritynews.com LockBit CVE-2024-55591
Microsoft Warns of Cyber Attack Mimic Booking .com To Deliver Password Stealing Malware - Security analysts at Microsoft noted that this campaign employs a technique called “ClickFix,” which displays fake error messages instructing users to execute commands that download malware. The addition of ClickFix to their tactics shows ...
2 days ago Cybersecuritynews.com
CVE-2025-27363 - An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed ...
3 days ago
Trump nominates Plankey to run top US cyber agency | The Record from Recorded Future News - Sean Plankey, who served in cybersecurity roles in the first Trump administration, has been officially nominated to run the Cybersecurity and Infrastructure Security Agency (CISA), according to a Monday posting of nominations. In a September ...
5 days ago Therecord.media
New North Korean Android spyware slips onto Google Play - A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. The five apps Lookout identified ...
4 days ago Bleepingcomputer.com APT3 APT37
Red Report 2025: Unmasking a 3X Spike in Credential Theft and Debunking the AI Hype - The data-driven insights from Red Report 2025 paint a vivid picture of the cyber threat landscape: credential thieves roaming unchecked, a handful of techniques enabling the vast majority of breaches, and new “heist-style” attack ...
3 days ago Bleepingcomputer.com
10 Best Cyber Attack Simulation Tools - 2025 - Cyber attack simulation tools help organizations identify vulnerabilities, test security defenses, and improve their cybersecurity posture by simulating real-world attacks. The Cyber Attack Simulation tools act like a continuous and automated process ...
2 days ago Cybersecuritynews.com
Hackers Allegedly Selling 3.17 Million Records of Honda Cars India Customers - The hacker’s post on the forum claims to possess detailed records of Honda Cars India customers, with 2,866,348 mobile numbers and 1,907,053 email addresses among the compromised data. While Honda Cars India has yet to issue an official ...
2 days ago Cybersecuritynews.com
MirrorFace APT Hackers Exploited Windows Sandbox & Visual Studio Code Using Custom Malware - The campaign, attributed to a threat actor known as “MirrorFace,” a subgroup operating under the APT10 umbrella, exploited Windows Sandbox and Visual Studio Code to execute malicious activities while evading detection from security tools ...
4 days ago Cybersecuritynews.com APT1
Tycoon2FA Phishkit Updates Tactics with PDF Lures and Redirects - Tycoon is back with a new phishing trick! The threat group has updated its tactics, using PDF lures and clever redirects to steal credentials. The script first displays a Cloudflare “Verify You’re a Human” check: a common tactic used to ...
4 days ago Cybersecuritynews.com
Fake Captcha Malware Attacking Windows Users To execute PowerShell Commands - A sophisticated malware campaign is targeting Windows users through deceptive CAPTCHA verification prompts that trick victims into executing malicious PowerShell scripts. Security experts recommend implementing robust security awareness training and ...
3 days ago Cybersecuritynews.com
DeepSeek Generating Fully Working Keyloggers & Data Exfiltration Tools - Security researchers at Unit 42 have successfully prompted DeepSeek, a relatively new large language model (LLM), to generate detailed instructions for creating keyloggers, data exfiltration tools, and other harmful content. The research findings ...
3 days ago Cybersecuritynews.com
CISA Warns of Apple WebKit Out-of-Bounds Write Vulnerability Exploited in Wild - The Cybersecurity and Infrastructure Security Agency (CISA) has warned about an actively exploited zero-day vulnerability in Apple’s WebKit browser engine, tracked as CVE-2025-24201. Enterprise Mitigation: Deploy Mobile Device Management (MDM) ...
3 days ago Cybersecuritynews.com CVE-2025-24201
Medusa Ransomware Attacks Grown By 42% With New Tools & Techniques - Following the pattern of most modern ransomware operators, Spearwing and its affiliates implement double extortion attacks, first stealing victims’ data before encrypting networks to increase pressure on victims to pay ransoms. In almost all ...
6 days ago Cybersecuritynews.com LockBit Medusa
CVE-2025-21169 - Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
4 days ago
AI-Assisted Fake GitHub Repositories Steal Sensitive Data Including Login Credentials - This operation exploits GitHub’s trusted reputation to bypass security defenses, targeting users seeking gaming mods, cracked software, and cryptocurrency tools through AI-generated documentation and strategically obfuscated scripts. This ...
4 days ago Cybersecuritynews.com
Mozilla warns users to update Firefox before certificate expires - Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates. "On 14 March a root certificate (the ...
4 days ago Bleepingcomputer.com
CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts | The Record from Recorded Future News - A CISA spokesperson said the agency planned to cut annual funding of $10 million that was given to the Center for Internet Security (CIS) for managing the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Election Infrastructure ...
4 days ago Therecord.media
China-Nexus Group Hacked Juniper Networks and Implant Backdoors on Its Routers - The investigation revealed that UNC3886 leveraged legitimate credentials to gain privileged access to the routers and subsequently deployed six distinct malware variants across multiple Juniper MX devices. The compromise of these critical routing ...
3 days ago Cybersecuritynews.com
Mozilla Urging Users to Update Firefox, Else Add-ons Will Stop Working - The company stated in its support documentation that “not updating Firefox before the root certificate expires can expose you to significant security threats. iOS users are not impacted due to Firefox on Apple’s mobile platform utilizing ...
3 days ago Cybersecuritynews.com
Critical ruby-saml Vulnerabilities Let Attackers Bypass Authentication - Security researchers from GitHub Security Lab have identified parser differential vulnerabilities (CVE-2025-25291 and CVE-2025-25292) affecting ruby-saml versions up to 1.17.0, which could allow attackers to impersonate any user within affected ...
2 days ago Cybersecuritynews.com CVE-2025-25291
Microsoft lifts Windows 11 update block for some AutoCAD users - Microsoft has removed a compatibility hold that prevented some AutoCAD users from installing the Windows 11 2024 Update due to launch and crash issues. After installing the AutoCAD 2022 update that addresses this known issue, it may take up to 48 ...
6 days ago Bleepingcomputer.com
Critical PHP RCE vulnerability mass exploited in new attacks - "While initial reports focused on attacks in Japan, GreyNoise data confirms that exploitation is far more widespread [..] More than 43% of IPs targeting CVE-2024-4577 in the past 30 days are from Germany and China," the threat intelligence firm said, ...
5 days ago Bleepingcomputer.com CVE-2024-4577
New XCSSET Malware Attacking macOS Users With Enhanced Obfuscation - The malware utilizes three distinct persistence techniques, ensuring its payload launches whenever a new shell session begins, a user opens a fake Launchpad application, or a developer commits changes in Git. Microsoft recommends that users run the ...
4 days ago Cybersecuritynews.com
CISA: More than 300 critical infrastructure orgs attacked by Medusa ransomware | The Record from Recorded Future News - “FBI investigations identified that after paying the ransom, one victim was contacted by a separate Medusa actor who claimed the negotiator had stolen the ransom amount already paid and requested half of the payment be made again to provide the ...
4 days ago Therecord.media CVE-2024-1709 Medusa
US Charges 12 Chinese Hackers For Hacking National Security Infrastructure - The hackers functioned as what one senior FBI official described as “cyber mercenaries,” exploiting vulnerable systems and extracting sensitive data that was subsequently sold to Chinese government security services. The indictments mark ...
3 days ago Cybersecuritynews.com
2-year-old Windows Kernel 0-day Vulnerability Exploited in the Wild - Other significant vulnerabilities patched in this release included CVE-2025-26633 (a security feature bypass in Microsoft Management Console), CVE-2025-24985 (a remote code execution flaw in Windows Fast FAT File System Driver), and CVE-2025-24993 (a ...
3 days ago Cybersecuritynews.com CVE-2025-26633
ClickFix attack delivers infostealers, RATs in fake Booking.com emails - Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. In the phishing campaign discovered by ...
3 days ago Bleepingcomputer.com
Decrypting Linux/ESXi Akira Ransomware Files Without Paying Ransomware - The researcher has published the full source code and methodology on GitHub, providing a potential lifeline for organizations affected by this specific ransomware strain active since late 2023. According to the researcher, the malware uses the ...
2 days ago Cybersecuritynews.com Akira
United States Charges Developer of LockBit Ransomware Group - Technical analysis of LockBit 3.0, also known as “LockBit Black,” reveals sophisticated execution techniques, including command execution, batch scripts, and extensive use of the Native Windows API and PowerShell to interface with system ...
2 days ago Cybersecuritynews.com LockBit
Week-long Exchange Online outage causes email failures, delays - Two weeks ago, the company linked a weekend Microsoft 365 outage affecting Outlook and Exchange Online authentication to another "code issue." A subsequent advisory revealed that Exchange Online users still had issues accessing calendars and email ...
2 days ago Bleepingcomputer.com
Apple iOS 18.4 Beta 3 Released With New Features & Enhancements - Here’s a detailed look at what’s new in iOS 18.4 Beta 3, what has carried over from previous betas, and what iPhone users can expect as Apple fine-tunes this update. Apple typically uses later betas like this one to polish performance and address ...
6 days ago Cybersecuritynews.com
CVE-2025-24452 - InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
4 days ago
CVE-2025-2218 - A vulnerability has been found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This vulnerability affects unknown code of the file /api/system/other of the component Setting Handler. The manipulation leads to improper access ...
5 days ago