Cyber Security News

The cybersecurity landscape has darkened with the sophisticated evolution of the KongTuke campaign. Active since mid-2025, this threat actor group has continuously refined its techniques to bypass conventional enterprise security filters. Their primary weapon remains the “ClickFix” strategy, a social engineering vector that deceives unsuspecting users into manually fixing simulated website errors. In these attacks, […]

The post Attackers Using DNS TXT Records in ClickFix Script to Execute Powershell Commands appeared first on Cyber Security News.

A sophisticated cyber-espionage group known as Amaranth-Dragon has launched a series of highly targeted attacks against government and law enforcement agencies across Southeast Asia. Active throughout 2025, these campaigns have demonstrated a keen interest in geopolitical intelligence, often timing their operations to coincide with significant local political events. The threat actors have focused their efforts […]

The post Amaranth-Dragon Exploiting WinRAR Vulnerability to Gain Persistent to Victim Systems appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently confirmed that ransomware groups are actively exploiting CVE-2025-22225, a high-severity VMware ESXi sandbox escape vulnerability. This flaw, patched by Broadcom in March 2025, enables attackers to escape virtual machine isolation and deploy ransomware across hypervisors. CVE-2025-22225 is an arbitrary write vulnerability in VMware ESXi, rated Important […]

The post CISA Warns of VMware ESXi 0-day Vulnerability Exploited in Ransomware Attacks appeared first on Cyber Security News.

TP-Link has released urgent firmware updates for its Archer BE230 Wi-Fi 7 routers to address multiple high-severity security flaws. These vulnerabilities could allow authenticated attackers to execute arbitrary operating system (OS) commands, effectively granting them complete administrative control over the device. The vulnerabilities affect the Archer BE230 v1.2 model running firmware versions before 1.2.4 Build […]

The post Multiple TP-Link OS Command Injection Vulnerabilities Let Attackers Gain Admin Control of the Device appeared first on Cyber Security News.

The SystemBC malware family, a persistent threat first documented in 2019, has evolved into a massive botnet infrastructure controlling over 10,000 hijacked devices globally. Functioning primarily as a SOCKS5 proxy and a backdoor, this malware enables threat actors to mask their malicious traffic and maintain long-term access to compromised networks. By converting infected systems into […]

The post SystemBC Botnet Hijacked 10,000 Devices Worldwide to Use for DDoS Attacks appeared first on Cyber Security News.

A sophisticated custom loader named PhantomVAI has emerged in global phishing campaigns, delivering various stealers and remote access trojans (RATs) to compromised systems. This malware loader operates by masquerading as legitimate software and employing process hollowing techniques to inject malicious payloads into Windows processes. Security researchers across multiple organizations have documented this threat under different […]

The post PhantomVAI Custom Loader Uses RunPE Utility to Attack Users appeared first on Cyber Security News.

The Interlock ransomware group has emerged as a distinct threat in the cybersecurity landscape, particularly targeting the education sector in the United States and United Kingdom. Unlike many contemporary ransomware operations that function under a Ransomware-as-a-Service (RaaS) model, Interlock operates as a smaller, dedicated team. These operators develop and manage their own proprietary malware to […]

The post Interlock Ransomware Actors New Tool Exploiting Gaming Anti-Cheat Driver 0-Day to Disable EDR and AV appeared first on Cyber Security News.

False negatives are becoming the most expensive “quiet” failure in SOCs. In 2026, AI-generated phishing and multi-stage malware chains are built to look clean on the outside, behave normally at first, and only reveal intent after real interaction. The result is brutal for security leaders: real attacks get labeled “benign,” “low risk,” or “no verdict,” and the […]

The post False Negatives Are a New SOC Headache. Here’s the Fast Way to Fix It  appeared first on Cyber Security News.

Washington, DC, February 4th, 2026, CyberNewsWire MomentProof, Inc., a provider of AI-resilient digital asset certification and verification technology, today announced the successful deployment of MomentProof Enterprise for AXA, enabling cryptographically authentic, tamper-proof digital assets for insurance claims processing. MomentProof’s patented technology certifies images, video, voice recordings, and associated metadata at the moment of capture, ensuring […]

The post MomentProof Deploys Patented Digital Asset Protection appeared first on Cyber Security News.

The developers of Notepad++ disclosed a critical security breach on February 2, 2026, affecting their update infrastructure. The popular text editor, widely used by developers worldwide, became the target of a sophisticated supply chain attack that remained undetected for several months. According to the official statement, attackers gained unauthorized access through a hosting provider-level incident […]

The post Supply Chain Attack Abused Notepad++ Update Infrastructure to Deliver Targeted Malware appeared first on Cyber Security News.

A sophisticated malware campaign has surfaced where threat actors are distributing the ValleyRAT backdoor disguised as a legitimate installer for the popular messaging application, LINE. This targeted attack primarily focuses on Chinese-speaking users, leveraging a deceptive executable to infiltrate systems and compromise sensitive login credentials. The malware employs a complex loading chain involving shellcode execution […]

The post ValleyRAT Mimic as LINE Installer Attacking Users to Steal Login Details appeared first on Cyber Security News.

Enterprise security teams are facing a sophisticated new challenge as cybercriminals increasingly exploit trusted cloud platforms to launch phishing attacks. Instead of relying on suspicious newly registered domains, threat actors now host their malicious infrastructure on legitimate services like Microsoft Azure Blob Storage, Google Firebase, and AWS CloudFront. This strategic shift allows attackers to hide […]

The post Threat Actors Abuse Microsoft & Google Platforms to Attack Enterprise Users appeared first on Cyber Security News.

A critical GitLab vulnerability has been added to the Known Exploited Vulnerabilities (KEV) catalog. Threat actors are actively exploiting a server-side request forgery (SSRF) flaw in GitLab Community and Enterprise editions. The vulnerability, tracked as CVE-2021-39935, poses significant risks to organizations using affected versions of GitLab. The SSRF vulnerability allows unauthorized external attackers to perform […]

The post CISA Warns of GitLab Community and Enterprise Editions SSRF Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Threat actors leveraging artificial intelligence tools have compressed the cloud attack lifecycle from hours to mere minutes, according to new findings from the Sysdig Threat Research Team (TRT). In a November 2025 incident, adversaries escalated from initial credential theft to full administrative privileges in less than 10 minutes by using large language models (LLMs) to […]

The post Hackers Using AI to Get AWS Admin Access Within 10 Minutes appeared first on Cyber Security News.

Microsoft has resolved an outage affecting inline images in Microsoft Teams chats, restoring normal functionality for millions of enterprise users worldwide. The incident, tracked under incident ID TM1226769 in the Microsoft 365 admin center, caused delays or complete failures in loading and retrieving embedded images within chat threads. The issue surfaced recently, impacting Teams users […]

The post Microsoft Investigating Teams Chat Image Retrieval Issue Affecting Enterprise Users appeared first on Cyber Security News.

Most internet users trust their routers to direct traffic correctly, never suspecting that the very signposts of the web could be manipulated. A sophisticated “shadow” network has been silently hijacking home internet connections by compromising vulnerable routers and altering their DNS configurations. Instead of using a legitimate Service Provider’s servers, these infected devices send all […]

The post Shadow DNS Hacking Routers Internet Traffic Through Compromised Routers appeared first on Cyber Security News.

Alisa Viejo, United States, February 4th, 2026, CyberNewsWire One Identity, a leader in unified identity security, today announced the appointment of Gihan Munasinghe as Chief Technology Officer. Munasinghe brings more than 15 years of experience leading global engineering organizations and delivering large-scale, customer-centric software platforms. In this role, he will lead the engineering organization and set […]

The post One Identity Appoints Gihan Munasinghe as Chief Technology Officer appeared first on Cyber Security News.

Active Directory serves as the foundation of enterprise authentication systems, making it a prime target for sophisticated threat actors. The NTDS.dit database file, which stores encrypted password hashes and critical domain configurations, has become one of the most sought-after assets in corporate networks. When adversaries successfully obtain this file, they gain unrestricted access to an […]

The post Hackers Exfiltrating NTDS.dit File to Gain Full Active Directory Access appeared first on Cyber Security News.

Two months following the disclosure of CVE-2025-55182, exploitation activity targeting React Server Components has evolved from broad scanning into consolidated, high-volume attack campaigns. According to telemetry from GreyNoise collected between January 26 and February 2, 2026, threat actors are actively leveraging this critical vulnerability to deploy cryptominers and establish persistent remote access. While the total […]

The post Hackers Exploiting React Server Components Vulnerability in the Wild to Deploy Malicious Payloads appeared first on Cyber Security News.

GlassWorm has emerged as a serious threat to developers using the Open VSX Registry, where popular VSX extensions were silently turned into delivery vehicles for malware. Threat actors compromised a trusted publisher account and pushed poisoned updates that looked like routine releases but actually carried a staged loader. These extensions, which had more than 22,000 […]

The post GlassWorm Infiltrated VSX Extensions with More than 22,000 Downloads to Attack Developers appeared first on Cyber Security News.