Cyber Security News

Google has rolled out a critical security update for its Chrome browser, addressing multiple high-severity vulnerabilities that could enable arbitrary code execution and sandbox escapes.  The Stable Channel Update 134.0.6998.88/.89 for Windows and Mac, and 134.0.6998.88 for Linux, released on March 10, 2025, includes patches for five security flaws, three of which are rated as […]

The post Chrome Security Update – Patch for Multiple High-Severity Vulnerabilities appeared first on Cyber Security News.

A sophisticated cybercriminal group known as EncryptHub has successfully compromised approximately 600 organizations through a multi-stage malware campaign. The threat actor exploited operational security mistakes, inadvertently exposing critical elements of their infrastructure, which allowed researchers to map their tactics with unprecedented depth. EncryptHub’s campaign employs several layers of PowerShell scripts to gather system data, exfiltrate […]

The post EncryptHub A Multi-Stage Malware Compromised 600 Organizations appeared first on Cyber Security News.

A sophisticated malware toolkit known as Ragnar Loader has been identified as a critical component in targeted ransomware attacks. The loader, also known as Sardonic Backdoor, serves as the primary infiltration mechanism for the Monstrous Mantis ransomware group, formerly known as Ragnar Locker, which has been attacking organizations since its emergence in 2020. Security researchers […]

The post Ragnar Loader Employed By Multiple Ransomware Groups To Evade Detection appeared first on Cyber Security News.

Passwordless authentication tools are revolutionizing digital security by eliminating the reliance on traditional passwords. Instead, they use advanced technologies such as biometrics (fingerprints, facial recognition), hardware tokens, or one-time passcodes to verify user identities. This approach significantly enhances security by mitigating risks like phishing, credential theft, and brute-force attacks, which are common vulnerabilities of password-based […]

The post Top 11 Passwordless Authentication Tools – 2025 appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) updated its KEV catalog on March 10, 2025, to include three newly identified vulnerabilities in Ivanti Endpoint Manager (EPM), a widely used enterprise software for managing endpoints. The KEV catalog tracks vulnerabilities actively exploited in the wild, urging organizations to prioritize remediation to safeguard critical systems. All three […]

The post CISA Adds 3 Ivanti Endpoint Manager Bugs to Known Exploited Vulnerabilities Catalog appeared first on Cyber Security News.

CISA has likely added two VeraCore vulnerabilities, CVE-2024-57968 and CVE-2025-25181, to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation by the XE Group. These vulnerabilities impact VeraCore, a warehouse management software by Advantive, critical for supply chains in manufacturing and distribution. CVE-2024-57968 is patched in version 2024.4.2.1, while CVE-2025-25181 remains unpatched as of […]

The post CISA Adds 2 VeraCore Vulnerabilities to Known Actively Exploit Vulnerability Catalog appeared first on Cyber Security News.

Security researchers have identified a sophisticated attack campaign attributed to APT37, a North Korean state-sponsored hacking group also known as ScarCruft, Reaper, and Red Eyes. The group, active since 2012, has expanded its targets from South Korea to include Japan, Vietnam, the Middle East, and industries like healthcare and manufacturing. Their latest attack leverages ZIP […]

The post North Korean Hackers Weaponizing ZIP Files To Execute Malicious PowerShell Scripts appeared first on Cyber Security News.

Apple has taken another step toward the official release of iOS 18.4 by seeding the third developer beta of the update to testers late on March 10, 2025. This latest beta, identified by build number 22E5222f, arrives just one week after the release of iOS 18.4 Beta 2 and continues to refine the features introduced […]

The post Apple iOS 18.4 Beta 3 Released – New Features, Enhancements, and What to Expect appeared first on Cyber Security News.

A security researcher known as newp1ayer48 has successfully demonstrated a method to extract firmware from IoT and embedded devices using direct Flash Memory dumps, providing valuable insights for security professionals and bug bounty hunters. The technique, while potentially risky for the hardware, offers a reliable way to obtain firmware when other methods aren’t viable. This […]

The post Researcher Hacked Embedded Devices To Extract The Firmware appeared first on Cyber Security News.

IT systems management tools are essential for organizations to monitor, manage, and optimize their IT infrastructure effectively. These tools provide comprehensive solutions for handling networks, servers, applications, and devices, ensuring seamless operations and improved productivity. SolarWinds stands out with its robust monitoring capabilities and user-friendly interface, enabling proactive issue resolution. ManageEngine Applications Manager offers an […]

The post 10 Best IT Systems Management Tools – 2025 appeared first on Cyber Security News.

A critical security vulnerability (CVE-2024-13918) in the Laravel framework allows attackers to execute arbitrary JavaScript code on websites running affected versions of the popular PHP framework.  The flaw, discovered in Laravel’s debug-mode error page rendering, exposes applications to reflected cross-site scripting (XSS) attacks when running in development configurations.  With a CVSS v3.1 score of 8.0 […]

The post Laravel Framework Vulnerability Let Attackers Execute Malicious Java Script appeared first on Cyber Security News.

A critical security flaw in Moxa’s PT series industrial Ethernet switches enables attackers to bypass authentication mechanisms and compromise device integrity.  Tracked as CVE-2024-12297, this vulnerability (CVSS 4.0: 9.2) affects nine PT switch models and stems from weaknesses in the authorization logic implementation despite layered client-side and server-side verification protocols.  Researchers warn that exploitation could […]

The post Moxa Industrial Ethernet Switches Vulnerability Let Attackers Gain Admin Access  appeared first on Cyber Security News.

X (formerly Twitter) experienced a global outage today, March 10, 2025, leaving many users unable to access the platform. The disruption, which affected both the app and website, sparked frustration and confusion among users worldwide. Reports of the outage began to surface around 3:20 PM IST, with users encountering error messages such as “Something went […]

The post X (Twitter) Down? Massive Outage Leads to Page Load Issues appeared first on Cyber Security News.

Multiple US organizations reported receiving suspicious physical letters claiming to be from the BianLian ransomware group. These letters have been delivered via regular mail to executive team members, falsely asserting that the recipient’s corporate IT network has been compromised and sensitive data stolen. This unusual campaign represents a significant departure from typical ransomware tactics, which […]

The post Fake BianLian Ransom Claims Targeting US Firms With Physical Letters appeared first on Cyber Security News.

Security researchers have uncovered a sophisticated malware campaign where threat actors are coercing popular YouTubers to distribute SilentCryptoMiner malware disguised as restriction bypass tools. This campaign has already affected more than 2,000 victims in Russia, with the actual number potentially much higher. The malware leverages Windows Packet Divert drivers, a technology increasingly used in utilities […]

The post Threat Actors Leverage YouTubers to Attack Windows Systems Via SilentCryptoMiner appeared first on Cyber Security News.

Physical penetration testing provides crucial insights into real-world security vulnerabilities that might be overlooked in purely digital assessments. A recent case study conducted by Hackmosphere for a furniture retailer, referred to as ExCorp, revealed how physical access to facilities could compromise internal networks despite robust cybersecurity measures. The penetration test identified four critical vulnerabilities that […]

The post Getting Access to Internal Networks Via Physical Pentest – Case Study appeared first on Cyber Security News.

Security researchers at Positive Technologies have uncovered a sophisticated malware campaign dubbed “Desert Dexter” that has compromised more than 900 victims worldwide since September 2024. The attack, discovered in February 2025, primarily targets countries in the Middle East and North Africa, with Egypt, Libya, UAE, Russia, Saudi Arabia, and Turkey being the most affected regions. […]

The post New Malware Attacked ‘Desert Dexter’ Compromised 900+ Victims Worldwide appeared first on Cyber Security News.

Cybersecurity researchers at G DATA have uncovered a sophisticated malware campaign using fake CAPTCHA prompts to deliver LummaStealer, a dangerous information-stealing malware. This emerging threat, first discovered in January 2025, represents a new approach for LummaStealer distribution which previously spread primarily through channels like GitHub or Telegram. The attack specifically targets users of booking websites […]

The post Beware of Fake CAPTCHA Prompts That May Silently Install LummaStealer on Your Device appeared first on Cyber Security News.

Advanced threat actors increasingly leverage x86-64 binaries and Apple’s Rosetta 2 translation technology to bypass execution policies and deploy malware on Apple Silicon devices. The technique exploits architectural differences between Intel and ARM64 processors while leaving behind forensic artifacts that investigators can use to reconstruct attacks. Attackers Leveraging x86-64 Binaries on Apple Silicon Apple’s Rosetta […]

The post Hackers Leveraging x86-64 Binaries on Apple Silicon to Deploy macOS Malware appeared first on Cyber Security News.

The Tails Project announced the release of Tails 6.13 on March 6, 2025, marking a significant update to its privacy-centric Linux distribution.  This iteration introduces improved diagnostics for Wi-Fi hardware compatibility, updates to the Tor Browser and client, and critical fixes for Persistent Storage creation and software installation workflows.  Targeted at users prioritizing anonymity, Tails […]

The post Linux Distro Tails 6.13 Released with Improved Wi-Fi Hardware Detection appeared first on Cyber Security News.