Latest Cyber News

Chinese hackers abuse Microsoft APP-v tool to evade antivirus - The Chinese APT hacking group "Mustang Panda" has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. ...
18 minutes ago Bleepingcomputer.com
Ecuador's legislature says hackers attempted to access confidential information | The Record from Recorded Future News - Ecuador's legislature, the National Assembly, reported that it suffered two cyberattacks on Monday aimed at disrupting its systems and accessing sensitive data. In 2023, Ecuador’s national election agency reported that cyberattacks originating ...
26 minutes ago Therecord.media
New OpenSSH flaws expose SSH servers to MiTM and DoS attacks - "The attack against the OpenSSH client (CVE-2025-26465) succeeds regardless of whether the VerifyHostKeyDNS option is set to "yes" or "ask" (its default is "no"), requires no user interaction, and does not depend on the existence of an SSHFP resource ...
1 hour ago Bleepingcomputer.com
Juniper patches critical auth bypass in Session Smart routers - "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based attacker to bypass authentication and take administrative control of the device," the American networking ...
1 hour ago Bleepingcomputer.com
LLM Vulnerability Let Attackers Exploit The ChatGPT Like AI Models - To address this vulnerability, developers must enhance temporal reasoning safeguards within LLMs by strengthening context validation mechanisms to detect and block temporal ambiguities, limiting search functionalities to prevent exploitation through ...
1 hour ago Cybersecuritynews.com
Cyberattack likely to have ‘material impact’ on media giant Lee Enterprises’ bottom line | The Record from Recorded Future News - The incident follows several other high-profile cyberattacks on news outlets in recent years that have disrupted operations, including a 2021 ransomware attack that stopped the presses at 78 Norwegian newspapers owned by the company Amedia. Media ...
1 hour ago Therecord.media
Google Gerrit Unauthorized Access to Code Tickets Supply Chain Attack - Research Advisory | Tenable® - Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Enjoy full access to a modern, cloud-based vulnerability management platform that enables you ...
2 hours ago Tenable.com
4 Million Stolen Credit Cards to Be Released for Free by B1ack’s Stash Marketplace - Preliminary analyses suggest that the stolen credit card data was likely obtained through phishing campaigns, malware attacks, and compromised e-commerce platforms. The cybersecurity community is on high alert as B1ack’s Stash, a known ...
2 hours ago Cybersecuritynews.com
Weaponized PDF Documents Deliver Lumma InfoStealer Attacking Educational Institutions - Security analysts at Cloudsek noted that the malware employs advanced evasion techniques like obfuscated scripts and encrypted communications with Command-and-Control (C2) servers. This sophisticated campaign exploits malicious LNK (shortcut) files ...
2 hours ago Cybersecuritynews.com
Google Cloud Platform (GCP) Privilege Escalation Vulnerability in GCP Cloud Run - Research Advisory | Tenable® - Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Enjoy full access to a modern, cloud-based vulnerability management platform that enables you ...
2 hours ago Tenable.com
OpenSSH Vulnerabilities Expose Clients and Servers to MitM & DoS Attacks - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With OpenSSH integral to enterprise infrastructure, these vulnerabilities pose significant risks to data integrity, system ...
2 hours ago Cybersecuritynews.com
Intruder Enhances Free Vulnerability Intelligence Platform ‘Intel’ with AI-Generated CVE Descriptions - Intruder, a leader in attack surface management, has launched AI-generated descriptions for Common Vulnerabilities and Exposures (CVEs) within its free vulnerability intelligence platform, Intel. Intel by Intruder now uses AI to contextualize NVD ...
3 hours ago Cybersecuritynews.com
Introducing enQase for Quantum-Safe Security - enQase offers security beyond PQC; the only comprehensive, flexible, scalable solution that utilizes enhanced quantum technologies to protect data against current and future quantum threats without compromising operational performance. "enQase ...
4 hours ago Darkreading.com
Hackers Hiding Credit Card Stealer Script Within Tag - To protect against such attacks, organizations should sanitize inputs by removing non-whitelisted attributes like onerror from HTML tags, monitor checkout pages by regularly inspecting the page source code for anomalies, and keep CMS platforms like ...
4 hours ago Cybersecuritynews.com
Lee Enterprises newspaper disruptions caused by ransomware attack - Lee newsrooms across the United States have reported that the cyberattack forced the newspaper publisher to shut down many of its networks, leading to widespread printing and delivery disruptions for dozens of newspapers. BleepingComputer also ...
5 hours ago Bleepingcomputer.com
Earth Preta Abuse Microsoft Application Virtualization Injector To Inject Malicious Payloads - Advanced Persistent Threat (APT) group Earth Preta (a.k.a. Mustang Panda) has been observed weaponizing the Microsoft Application Virtualization Injector (MAVInject.exe) to bypass security software and implant backdoors in government systems across ...
5 hours ago Cybersecuritynews.com
EagerBee Malware Attacking Government Entities & ISPs To Deploy Backdoor - Organizations should patch Exchange servers to protect against CVE-2021-26855, actively hunt for modified service DLLs using file system checks, and monitor the Service Control Manager for unexpected configurations, such as unauthorized changes to ...
6 hours ago Cybersecuritynews.com
DarkMind A Novel Backdoor Attack Exploits Reasoning Capabilities of Customized LLMs - While the security analysts noted that unlike conventional backdoor attacks that rely on poisoned training data or overt triggers in user prompts, DarkMind embeds latent triggers directly into the model’s reasoning chain. Dubbed DarkMind, this ...
7 hours ago Cybersecuritynews.com
Indian Authorities Seize Loot From Collapsed BitConnect Crypto Scam - This seizure sets a precedent for India’s fight against crypto-enabled financial crimes, signaling tighter scrutiny of DeFi projects and cross-agency collaboration to trace illicit flows across chains like Binance Smart Chain and Solana. Between ...
7 hours ago Cybersecuritynews.com
Juniper Warns of Critical Authentication Bypass Vulnerability Affecting Multiple Products - Juniper Networks has issued an urgent security advisory addressing a critical API authentication bypass vulnerability (CVE-2025-21589) affecting its Session Smart Router, Session Smart Conductor, and WAN Assurance Managed Router product lines. ...
7 hours ago Cybersecuritynews.com
Free Security Incident Response Toolkit Released to Detect Cyber Intrusions - The release also complements SecTemplates’ broader ecosystem, including its Vulnerability Management Pack and Security Exceptions Pack, which together provide a holistic approach to cyber risk mitigation. For now, the Incident Response Pack 1.5 ...
7 hours ago Cybersecuritynews.com
Unauthorized Access to Grok-3 AI Achieved via Client-Side Code Exploitation - A researcher with the handle “single mode” has demonstrated how client-side code manipulation can bypass access controls and gain unauthorized access to Grok-3, an AI model integrated into Elon Musk’s X platform. The script modifies ...
8 hours ago Cybersecuritynews.com
WinRAR 7.10 Released For 500 Million Users - What's New - Critical fixes target semi-solid archive corruption during updates, a memory allocation error in “-m1” compression mode, and context menu rendering glitches on high-DPI displays. The latest version of the widely-used file compression ...
10 hours ago Cybersecuritynews.com
LibreOffice Vulnerabilities Let Attackers Write to Arbitrary File & Extract Values - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. For enterprises, integrating security tools like intrusion detection systems (IDS) to monitor LibreOffice’s file operations ...
10 hours ago Cybersecuritynews.com
Vgod RANSOMWARE Encrypt Your Entire System and Set A Ransom Notes As Wallpaper - Vgod ransomware uses a hybrid cryptographic approach, leveraging AES-256 for file encryption and RSA-4096 for key protection, a methodology consistent with advanced ransomware families like Ryuk and LockBit. The ransomware employs multiple ...
10 hours ago Cybersecuritynews.com
ChatGPT Operator Prompt Injection Exploit Leaking Private Data - OpenAI’s ChatGPT Operator, a cutting-edge research preview tool designed for ChatGPT Pro users, has recently come under scrutiny for vulnerabilities that could expose sensitive personal data through prompt injection exploits. Navigating to ...
11 hours ago Cybersecuritynews.com
Beware of Fake Timesheet Report Email Leading to the Tycoon 2FA Phishing Kit - Pinterest Visual Bookmark: The link leads to a page hosted on Pinterest, displaying a Microsoft logo and a “Visit” button. Fake Timesheet Notification: According to SpiderLabs’ post on X, the attack begins with an email titled ...
11 hours ago Cybersecuritynews.com
Chase will soon block Zelle payments to sellers on social media - While Chase didn't share what exactly prompted this decision, the U.S. Consumer Financial Protection Bureau (CFPB) sued Early Warning Services (Zelle's operator) and three of its owner banks (Bank of America, JPMorgan Chase, and Wells Fargo) in ...
21 hours ago Bleepingcomputer.com
Microsoft to remove the Location History feature in Windows - “We are deprecating and removing the Location History feature, an API that allowed Cortana to access 24 hours of device history when location was enabled,” reads Microsoft's announcement. The API behind the feature, ...
23 hours ago Bleepingcomputer.com
X now blocks Signal contact links, flags them as malicious - According to BleepingComputer's tests and other users' reports, attempting to post Signal.me links via public posts, direct messages, or profile bios receive error messages citing spam or malware risks. Social media platform X (formerly Twitter) is ...
1 day ago Bleepingcomputer.com
Microsoft spots XCSSET macOS malware variant used for crypto theft - A new variant of the XCSSET macOS modular malware has emerged in attacks that target users' sensitive information, including digital wallets and data from the legitimate Notes app. XCSSET then creates a malicious Launchpad application with ...
1 day ago Bleepingcomputer.com
Ransomware Gangs Encrypt Systems After 17hrs From Initial Infection - A 2025 threat report by cybersecurity firm Huntress reveals ransomware gangs now take just 17 hours on average to encrypt systems after initial network intrusion, with some groups like Akira and RansomHub operating in as little as 4–6 hours. New ...
1 day ago Cybersecuritynews.com
Fintech giant Finastra notifies victims of October data breach - While Finastra has yet to share the number of individuals affected by the data breach and the nature of the exposed data (besides victims' names), the company started sending breach notification letters last week to at least 65 people in the state ...
1 day ago Bleepingcomputer.com
RansomHub Evolves To Attack Windows, ESXi, Linux and FreeBSD Operating Systems - With RansomHub actively exploiting zero-day vulnerabilities and recruiting displaced ALPHV/LockBit affiliates, organizations must strengthen endpoint security and ensure backup isolation to prevent potential attacks. RansomHub ransomware group ...
1 day ago Cybersecuritynews.com
CISA Warns of Apple iOS Vulnerability Exploited in Wild - The flaw, an authorization bypass in Apple’s USB Restricted Mode, enables attackers with physical access to disable security protections on locked devices, potentially exposing sensitive data. CVE-2025-24200, cataloged under CWE-863 (Incorrect ...
1 day ago Cybersecuritynews.com
Xerox Printers Vulnerability Let Attackers Capture Auth Data From LDAP & SMB - In one demonstrated attack chain, researchers gained admin access via default credentials (Xerox devices often retain factory defaults), modified LDAP settings to attacker IP, triggered LDAP sync via “Test Connection” feature and used captured ...
1 day ago Cybersecuritynews.com
Hidden Malware in WordPress Websites Allows Attackers to Execute Malicious Code Remotely - A sophisticated malware campaign has recently been uncovered by security researchers at Sucuri, targeting WordPress websites through hidden malware and backdoors in the mu-plugins directory. This campaign shows the importance of continuous WordPress ...
1 day ago Cybersecuritynews.com
Microsoft rolls out BIOS update that fixes ASUS blue screen issues - "Devices with ASUS models X415KA and X515KA running a BIOS version lower than 311 will need to install the latest BIOS update to remove the safeguard and proceed with the Windows 11, version 24H2 upgrade," Microsoft said. However, in a ...
1 day ago Bleepingcomputer.com
New XCSSET Malware Attacking macOS Users by Infecting Xcode Projects  - This modular backdoor, first documented in 2020, now employs advanced obfuscation techniques, refined persistence mechanisms, and novel infection vectors to subvert Apple’s security frameworks and compromise software supply chains. Microsoft Threat ...
1 day ago Cybersecuritynews.com
IDOR vulnerability in ExHub Let Attacker Modify Web Hosting Configuration - The consequences of this IDOR vulnerability were severe where attackers could manipulate deployment configurations, potentially gaining unauthorized access to sensitive resources. This vulnerability effectively allowed unauthorized users to perform ...
1 day ago Cybersecuritynews.com
Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication - Security researchers at Volexity have uncovered multiple Russian threat actors conducting sophisticated social engineering and spear-phishing campaigns targeting Microsoft 365 accounts through Device Code Authentication exploitation. The threat ...
1 day ago Cybersecuritynews.com
Indian Post Office Portal Exposed Thousands of KYC Records With Username & Mobile Number - According to Gokuleswaran, a Cyber Security Analyst, the vulnerability allowed unauthorized users to access private KYC records by exploiting a flaw in the portal’s URL structure. This breach exemplifies how IDOR vulnerabilities can lead to ...
1 day ago Cybersecuritynews.com
New Android Security Feature that Blocks Changing Sensitive Setting During Calls - A common tactic involves guiding victims over the phone to enable sideloading or accessibility permissions, which allow malicious apps to bypass safeguards and gain control of the device. This feature, currently live in the beta version, prevents ...
1 day ago Cybersecuritynews.com
Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment - A sophisticated cyber threat has emerged in recent weeks, targeting unsuspecting users with fake Outlook troubleshooting calls. To protect yourself from fake Outlook troubleshooting scams, always verify the caller’s identity, as legitimate ...
1 day ago Cybersecuritynews.com
PurpleLab - A Free Cybersecurity Lab for Security Teams To Analyse Cyber Threats - PurpleLab is a cybersecurity lab that integrates various tools and technologies to support analysts in testing detection rules and simulating real-world cyber threats. In a significant step forward for cybersecurity professionals, PurpleLab offers an ...
1 day ago Cybersecuritynews.com
Meta Paid Out $2.3 Million to Researchers via Bug Bounty Program - This initiative, which began in 2011, has now surpassed $20 million in total payouts, underscoring Meta’s dedication to collaborating with the global security research community to enhance platform safety and integrity. Meta’s bug bounty ...
1 day ago Cybersecuritynews.com
Threat Actors Leveraging Modified Version of SharpHide Tool To Create Hidden Registry - Threat actors have been utilizing a modified version of the SharpHide tool to create hidden registry values, significantly complicating detection and deletion efforts. [+] SharpDelete by Andrew Petrus - Tool to delete hidden registry values ...
1 day ago Cybersecuritynews.com
Hackers Abusing Microsoft Teams Meeting Invites to Trick Victims for Gaining Access - In a sophisticated cyberattack campaign, a threat actor identified as Storm-2372 has been leveraging Microsoft Teams meeting invites to execute “device code phishing” attacks. These emails prompt recipients to authenticate using the ...
1 day ago Cybersecuritynews.com
Google Chrome AI-Powered Security Now Available for All Users - This step is critical as it allows users to consciously decide whether they want their browsing data to be analyzed by Google for security purposes, which might be a concern for privacy advocates. This change underscores Google’s commitment to ...
1 day ago Cybersecuritynews.com
Linux Kernel 6.14 rc3 Released - What's New! - This release also includes significant updates, including the introduction of the Faux Bus, a new feature aimed at simplifying device driver development, alongside a range of critical fixes. Paolo Bonzini, the maintainer of the Kernel-based Virtual ...
1 day ago Cybersecuritynews.com
Cybersecurity Weekly Recap: Latest on Attacks, Vulnerabilities, & Data Breaches - A critical SSRF vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to impersonate users and access sensitive data. Ivanti patched a critical command injection vulnerability in its Cloud Services Appliance (CSA), ...
1 day ago Cybersecuritynews.com
Estonian spy chief: ‘Hybrid schmybrid, what’s happening is attacks’ | The Record from Recorded Future News - Estonia, which was occupied by Russia during WWII — with tens of thousands of Estonian families deported to Russia, including the mother of former Prime Minister Kaja Kallas, now the European Union’s foreign policy chief — has been a vocal ...
1 day ago Therecord.media
Google Chrome's AI-powered security feature rolls out to everyone - Previously, Google said Chrome used "proactive protection" to protect users from malicious or suspicious websites, but the terminology has been updated to reflect AI integration. It's unclear how the feature is different from the older 'non-AI' ...
1 day ago Bleepingcomputer.com
New FinalDraft malware abuses Outlook mail service for stealthy comms - A new malware called FinalDraft has been using Outlook email drafts for command-and-control communication in attacks against a ministry in a South American country. The attack begins with the threat actor compromising the targer's system with ...
2 days ago Bleepingcomputer.com
SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild - The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by researchers at Bishop Fox, amplifying risks for organizations with unpatched devices. Security analysts attribute the rapid weaponization ...
2 days ago Cybersecuritynews.com
Microsoft: Hackers steal emails in device code phishing attacks - "The invitations lure the user into completing a device code authentication request emulating the experience of the messaging service, which provides Storm-2372 initial access to victim accounts and enables Graph API data collection activities, such ...
3 days ago Bleepingcomputer.com
New Go-Based Malware Exploits Telegram and Use It as C2 Channel - Researchers have identified a new backdoor malware, written in Go programming language, that leverages Telegram as its command-and-control (C2) channel. Netskope Advanced Threat Protection proactively detects this threat under the identifier ...
3 days ago Cybersecuritynews.com
Beware of Fake BSOD Delivered by Malicious Python Script - According to security consultant Xavier Mertens, the tkinter library, a standard Python module, is typically used to create graphical user interfaces (GUIs). Security teams should consider monitoring for unusual uses of GUI libraries like tkinter as ...
3 days ago Cybersecuritynews.com
Elon Musk's DOGE Website Database Vulnerability Let Anyone Make Entries Directly - A website launched by Elon Musk’s Department of Government Efficiency (DOGE) has been found to have a significant security vulnerability, allowing unauthorized users to directly modify its content. Sam Curry, a coding expert, noted that the ...
3 days ago Cybersecuritynews.com
Hackers exploit authentication bypass in Palo Alto Networks PAN-OS - The security issue received a high-severity score and impacts the PAN-OS management web interface and allows an unauthenticated attacker on the network to bypass authentication and invoke certain PHP scripts, potentially compromising integrity ...
3 days ago Bleepingcomputer.com
Police risk losing society’s trust in fight against cybercrime, warns Europol chief | The Record from Recorded Future News - Speaking at the Munich Cyber Security Conference, Catherine De Bolle — who took the reins at the agency in 2018 — defended law enforcement’s need to be able to lawfully access encrypted data amid controversy over one such attempt by the United ...
3 days ago Therecord.media
Lazarus Group Infostealer Malwares Attacking Developers In New Campaign - The attack leverages social engineering tactics, including fake job interviews and compromised NPM packages, to deceive developers into executing malicious scripts. The malware campaign involves a multi-stage modular approach, using techniques such ...
3 days ago Cybersecuritynews.com
XELERA Ransomware Attacking Job Seekers With Weaponized Word Documents - Upon extraction, the OLE object reveals a PE64 binary, which is a compressed PyInstaller executable named “jobnotification2025.exe.” This executable is the first stage of the malware, designed to evade detection by traditional antivirus ...
3 days ago Cybersecuritynews.com
How This Security Firm's 'Bias' Is Also Its Superpower - "We are helping our clients simplify their strategies and align them to their actual business objectives so that they have a much easier and more efficient approach to developing not just minimum viable security for whatever their product is, ...
3 days ago Darkreading.com
SonicWall firewall bug leveraged in attacks after PoC exploit release - On Thursday, cybersecurity company Arctic Wolf said they started detecting exploitation attempts targeting this vulnerability in attacks "shortly after the PoC was made public," confirming SonicWall's fears regarding the vulnerability's ...
4 days ago Bleepingcomputer.com
SonicWall firewall bug targeted in attacks after PoC exploit release - On Thursday, cybersecurity company Arctic Wolf said they started detecting exploitation attempts targeting this vulnerability in attacks "shortly after the PoC was made public," confirming SonicWall's fears regarding the vulnerability's ...
4 days ago Bleepingcomputer.com
Pennsylvania utility says MOVEit breach at vendor exposed some customer data | The Record from Recorded Future News - PPL Electric Utilities said in an emailed statement that the vendor notified it in June 2023 of a breach through a widespread bug in the MOVEit file transfer software, which affected hundreds of organizations and exposed the data of tens of millions ...
4 days ago Therecord.media
Malicious PirateFi game infects Steam users with Vidar malware - Malware infiltrating the Steam store is not common, but it's not unprecedented either. In February 2023, Steam users were targeted by malicious Dota 2 game modes that leveraged a Chrome n-day exploit to perform remote code execution on the ...
4 days ago Bleepingcomputer.com
EarthKapre APT Drops Weaponized PDF to Compromise Windows Systems - Upon successful execution of the final stage, EarthKapre initiates a series of commands to gather system information, including user account details, system configurations, disk information, and installed antivirus products. A highly sophisticated ...
4 days ago Cybersecuritynews.com
Lazarus Group Using New Malware Tactic To Attack Developers Globally - So, as a result, it is crucial for organizations to adopt robust security measures, including continuous monitoring of supply chain activities and integration of advanced threat intelligence solutions. Cyber Security News is a Dedicated News Platform ...
4 days ago Cybersecuritynews.com
North Korean IT Workers Infiltrate International Companies To Plant Backdoors on Systems - The infiltration of North Korean IT workers into international companies poses a dual threat of sanctions violations and severe cybersecurity risks. The rise of remote work has provided new opportunities for North Korean IT workers to gain employment ...
4 days ago Cybersecuritynews.com
Open Source AI Models: Big Risks for Malicious Code, Vulns - Companies pursing internal AI development using models from Hugging Face and other open source repositories need to focus on supply chain security and checking for vulnerabilities. While the attacks appeared to be proofs-of-concept, their success in ...
4 days ago Darkreading.com
How Banks Can Adapt to the Rising Threat of Financial Crime - To combat this, banks need to implement advanced AI-driven fraud monitoring and detection tools, enhance identity verification processes, and stay vigilant with continuous monitoring and staff training to recognize anomalies. While most banks ...
4 days ago Darkreading.com
PostgreSQL flaw exploited as zero-day in BeyondTrust breach - Rapid7 security researchers have also identified a method to exploit CVE-2025-1094 for remote code execution in vulnerable BeyondTrust Remote Support (RS) systems independently of the CVE-2024-12356 argument injection vulnerability. Rapid7's tests ...
4 days ago Bleepingcomputer.com
Warning: Tunnel of Love Leads to Scams - That's according to ChainAnalysis, which said the scams, in which fraudsters approach their victims on dating apps or sites, groom them, and convince them to give them money or invest in a supposed "business venture," are growing in ...
4 days ago Darkreading.com

Trending Cyber News (last 7 days)

US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News - Alexander Vinnik, the Russian operator of the now-defunct BTC-e cryptocurrency exchange, has reportedly been released from U.S. custody in a prisoner swap for American school teacher Marc Fogel, according to media reports citing anonymous U.S. ...
5 days ago Therecord.media
Dutch police say they took down 127 servers used by sanctioned hosting service | The Record from Recorded Future News - “The Cybercrime Team Amsterdam will, in consultation with the Public Prosecution Service, further investigate the data found on the seized servers,” Dutch police said. Police in the Netherlands say they seized 127 servers this week that were used ...
4 days ago Therecord.media
Munich Cyber Security and Security Conferences 2025 [Live Updates] | The Record from Recorded Future News - Recorded Future News will be providing live coverage from the Munich Cyber Security Conference (February 13 & 14) and Munich Security Conference (February 14 - 16). We will be updating this page with live coverage throughout the conferences with ...
5 days ago Therecord.media
An Italian journalist speaks about being targeted with Paragon spyware | The Record from Recorded Future News - In an interview with Recorded Future News, Cancellato said he is not sure if Prime Minister Giorgia Meloni’s government is tied to the incident, though Paragon has reportedly ended its contract with Italy. [We found] a lot of antisemitic and racist ...
5 days ago Therecord.media
Pennsylvania utility says MOVEit breach at vendor exposed some customer data | The Record from Recorded Future News - PPL Electric Utilities said in an emailed statement that the vendor notified it in June 2023 of a breach through a widespread bug in the MOVEit file transfer software, which affected hundreds of organizations and exposed the data of tens of millions ...
4 days ago Therecord.media
CVE-2024-13439 - The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9. This makes it possible for authenticated ...
3 days ago Tenable.com
Indian Post Office Portal Exposed Thousands of KYC Records With Username & Mobile Number - According to Gokuleswaran, a Cyber Security Analyst, the vulnerability allowed unauthorized users to access private KYC records by exploiting a flaw in the portal’s URL structure. This breach exemplifies how IDOR vulnerabilities can lead to ...
1 day ago Cybersecuritynews.com
New Go-Based Malware Exploits Telegram and Use It as C2 Channel - Researchers have identified a new backdoor malware, written in Go programming language, that leverages Telegram as its command-and-control (C2) channel. Netskope Advanced Threat Protection proactively detects this threat under the identifier ...
3 days ago Cybersecuritynews.com
PurpleLab - A Free Cybersecurity Lab for Security Teams To Analyse Cyber Threats - PurpleLab is a cybersecurity lab that integrates various tools and technologies to support analysts in testing detection rules and simulating real-world cyber threats. In a significant step forward for cybersecurity professionals, PurpleLab offers an ...
1 day ago Cybersecuritynews.com
CVE-2025-0822 - Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of ...
3 days ago Tenable.com
CVE-2024-13500 - The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.6.17 ...
3 days ago Tenable.com
CVE-2025-26793 - The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial ...
3 days ago Tenable.com
Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication - Security researchers at Volexity have uncovered multiple Russian threat actors conducting sophisticated social engineering and spear-phishing campaigns targeting Microsoft 365 accounts through Device Code Authentication exploitation. The threat ...
1 day ago Cybersecuritynews.com
Ransomware attack disrupting Michigan's Sault Tribe operations | The Record from Recorded Future News - “A Sault Tribe data security incident has impacted Sault Tribe Health Division’s ability to provide comprehensive medical services,” Lowes said. A recent ransomware attack on the Sault Tribe in Michigan has knocked many of its most critical ...
5 days ago Therecord.media
CVE-2024-10581 - The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it ...
3 days ago Tenable.com
Microsoft: Hackers steal emails in device code phishing attacks - "The invitations lure the user into completing a device code authentication request emulating the experience of the messaging service, which provides Storm-2372 initial access to victim accounts and enables Graph API data collection activities, such ...
3 days ago Bleepingcomputer.com
CVE-2025-1359 - A vulnerability, which was classified as problematic, has been found in SIAM Industria de Automação e Monitoramento SIAM 2.0. This issue affects some unknown processing of the file /qrcode.jsp. The manipulation of the argument url leads to cross ...
1 day ago Tenable.com
Hackers Abusing Microsoft Teams Meeting Invites to Trick Victims for Gaining Access - In a sophisticated cyberattack campaign, a threat actor identified as Storm-2372 has been leveraging Microsoft Teams meeting invites to execute “device code phishing” attacks. These emails prompt recipients to authenticate using the ...
1 day ago Cybersecuritynews.com
Meta Paid Out $2.3 Million to Researchers via Bug Bounty Program - This initiative, which began in 2011, has now surpassed $20 million in total payouts, underscoring Meta’s dedication to collaborating with the global security research community to enhance platform safety and integrity. Meta’s bug bounty ...
1 day ago Cybersecuritynews.com
Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment - A sophisticated cyber threat has emerged in recent weeks, targeting unsuspecting users with fake Outlook troubleshooting calls. To protect yourself from fake Outlook troubleshooting scams, always verify the caller’s identity, as legitimate ...
1 day ago Cybersecuritynews.com
CVE-2024-13834 - The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remote_request' function. ...
3 days ago Tenable.com
CVE-2024-13488 - The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter ...
3 days ago Tenable.com
CVE-2025-1354 - A vulnerability was found in Asus RT-N12E 2.0.0.19. It has been classified as problematic. Affected is an unknown function of the file sysinfo.asp. The manipulation of the argument SSID leads to cross site scripting. It is possible to launch the ...
2 days ago Tenable.com
Threat Actors Leveraging Modified Version of SharpHide Tool To Create Hidden Registry - Threat actors have been utilizing a modified version of the SharpHide tool to create hidden registry values, significantly complicating detection and deletion efforts. [+] SharpDelete by Andrew Petrus - Tool to delete hidden registry values ...
1 day ago Cybersecuritynews.com
New Android Security Feature that Blocks Changing Sensitive Setting During Calls - A common tactic involves guiding victims over the phone to enable sideloading or accessibility permissions, which allow malicious apps to bypass safeguards and gain control of the device. This feature, currently live in the beta version, prevents ...
1 day ago Cybersecuritynews.com
Hacker leaks account data of 12 million Zacks Investment users - In late January, a threat actor published data samples on a hacker forum, claiming a breach at Zacks in June 2024 that exposed data of millions of customers. Zacks Investment Research (Zacks) last year reportedly suffered another data breach that ...
5 days ago Bleepingcomputer.com
SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild - The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by researchers at Bishop Fox, amplifying risks for organizations with unpatched devices. Security analysts attribute the rapid weaponization ...
2 days ago Cybersecuritynews.com
IDOR vulnerability in ExHub Let Attacker Modify Web Hosting Configuration - The consequences of this IDOR vulnerability were severe where attackers could manipulate deployment configurations, potentially gaining unauthorized access to sensitive resources. This vulnerability effectively allowed unauthorized users to perform ...
1 day ago Cybersecuritynews.com
CVE-2025-26508 - Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. ...
4 days ago Tenable.com
Beware of Fake BSOD Delivered by Malicious Python Script - According to security consultant Xavier Mertens, the tkinter library, a standard Python module, is typically used to create graphical user interfaces (GUIs). Security teams should consider monitoring for unusual uses of GUI libraries like tkinter as ...
3 days ago Cybersecuritynews.com
CVE-2025-26506 - Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. ...
4 days ago Tenable.com
CVE-2025-26156 - A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter. ...
4 days ago Tenable.com
New Windows UI 0-Day Vulnerability Actively Exploited in the Wild - ClearSky Cyber Security has uncovered a user interface (UI) vulnerability in Microsoft Windows that is currently being exploited by a sophisticated threat actor known as Mustang Panda, a group believed to be affiliated with Chinese state interests. ...
4 days ago Cybersecuritynews.com
Hidden Malware in WordPress Websites Allows Attackers to Execute Malicious Code Remotely - A sophisticated malware campaign has recently been uncovered by security researchers at Sucuri, targeting WordPress websites through hidden malware and backdoors in the mu-plugins directory. This campaign shows the importance of continuous WordPress ...
1 day ago Cybersecuritynews.com
How Public & Private Sectors Can Better Align Cyber Defense - Over the past 25 years, organizations like the FBI's Internet Crime Complaint Center (IC3), the National Cyber Investigative Joint Task Force (NCIJTF), and the Cybersecurity and Infrastructure Security Agency (CISA) have been created. Uncovering ...
4 days ago Darkreading.com
CVE-2025-26507 - Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. ...
4 days ago Tenable.com
CVE-2025-26157 - A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST request parameter. ...
4 days ago Tenable.com
CVE-2025-25997 - Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component. ...
4 days ago Tenable.com
Burp AI - Burp Suite Now Integrate AI Powered Extension for Web Pentesting - “We’re starting by bringing AI-powered extensions to Burp Suite Professional giving you even more ways to integrate AI into your security testing! The ability to build AI-powered extensions is now available in Early Adopter 2025.2.” ...
4 days ago Cybersecuritynews.com
CVE-2024-12562 - The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. This makes it possible for ...
3 days ago Tenable.com
CVE-2025-1358 - A vulnerability classified as problematic was found in Pix Software Vivaz 6.0.10. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to ...
1 day ago Tenable.com
CVE-2025-1355 - A vulnerability was found in needyamin Library Card System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signup.php of the component Add Picture. The manipulation leads to unrestricted ...
2 days ago Tenable.com
Microsoft rolls out BIOS update that fixes ASUS blue screen issues - "Devices with ASUS models X415KA and X515KA running a BIOS version lower than 311 will need to install the latest BIOS update to remove the safeguard and proceed with the Windows 11, version 24H2 upgrade," Microsoft said. However, in a ...
1 day ago Bleepingcomputer.com
RansomHub Evolves To Attack Windows, ESXi, Linux and FreeBSD Operating Systems - With RansomHub actively exploiting zero-day vulnerabilities and recruiting displaced ALPHV/LockBit affiliates, organizations must strengthen endpoint security and ensure backup isolation to prevent potential attacks. RansomHub ransomware group ...
1 day ago Cybersecuritynews.com
Winnti Hackers Attacking Japanese Organizations With New Malware - The China-based Winnti Group has targeted Japanese organizations in a recent cyberattack campaign known as “RevivalStone,” in the manufacturing, materials, and energy sectors. With the increasing sophistication of such threats, ...
5 days ago Cybersecuritynews.com
Chinese espionage tools deployed in RA World ransomware attack - A China-based threat actor, tracked as Emperor Dragonfly and commonly associated with cybercriminal endeavors, has been observed using in a ransomware attack a toolset previously attributed to espionage actors. Researchers from Symantec’s ...
5 days ago Bleepingcomputer.com
CVE-2025-0503 - Mattermost versions 9.11.x ...
4 days ago Tenable.com
CVE-2025-26158 - A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department ...
4 days ago Tenable.com
CVE-2025-25991 - SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component. ...
4 days ago Tenable.com
CVE-2025-25990 - Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component. ...
4 days ago Tenable.com