Cyber Security News

Microsoft’s Remote Desktop Protocol (RDP) has introduced a lesser-known but critical security feature colloquially referred to as “incognito mode” through its /public command-line parameter.  This functionality, formally called public mode, prevents the client from storing sensitive session artifacts a development with significant implications for cybersecurity, digital forensics, and enterprise IT management. According to Devolutions, public […]

The post Enabling Incognito Mode in RDP to Hide All the Traces appeared first on Cyber Security News.

A newly identified vulnerability in the Cisco Secure Client for Windows could allow attackers to execute arbitrary code with SYSTEM privileges. The vulnerability lies within the interprocess communication (IPC) channel and can be exploited by an authenticated, local attacker to perform a DLL hijacking attack. This vulnerability is present only when the Secure Firewall Posture […]

The post Cisco Secure Client for Windows Let Attackers Execute Arbitrary Code With SYSTEM Privileges appeared first on Cyber Security News.

Network traffic analysis has emerged as one of the most effective methods for detecting and investigating linux based malware infections . By scrutinizing communication patterns, security professionals can uncover signs of malicious activity, including command-and-control (C2) connections, data exfiltration, and Distributed Denial-of-Service (DDoS) attacks. This guide explores how traffic analysis aids in malware detection, the […]

The post As an SOC/DFIR Team Member, How to Analyse Real-Time Linux Malware Network Traffic appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated campaign targeting the Albion Online gaming community through impersonation of the Electronic Frontier Foundation (EFF). The operation, discovered in early March 2025, leverages decoy documents designed to appear as official EFF communications while deploying malware in the background. Albion Online, a multiplayer online role-playing game with a player-driven economy, […]

The post Threat Actors Mimic Electronic Frontier Foundation To Attack Gaming Community appeared first on Cyber Security News.

With recent attack disclosures like Browser Syncjacking and extension infostealers, browser extensions have become a primary security concern at many organizations. SquareX’s research team discovers a new class of malicious extensions that can impersonate any extension installed on the victim’s browser, including password managers and crypto wallets. These malicious extensions can morph themselves to have […]

The post SquareX Unveils Polymorphic Extensions that Morph Infostealers into Any Browser Extension – Password Managers, Wallets at Risk appeared first on Cyber Security News.

Securing Active Directory (AD) is a critical priority for organizations. Misconfigurations in AD, such as excessive permissions, outdated protocols, or unprotected service accounts, are common targets for attackers. Traditional methods of manually running disjointed PowerShell scripts to audit AD environments are time-consuming, error-prone, and ill-suited for modern security demands. To address this gap, cybersecurity professionals […]

The post InvokeADCheck – Powershell Based Tool to Detect Active Directory Misconfigurations appeared first on Cyber Security News.

Security researchers at SEC Consult have discovered a significant vulnerability in CrowdStrike’s Falcon Sensor that allowed attackers to bypass detection mechanisms and execute malicious applications. This vulnerability, dubbed “Sleeping Beauty,” was initially reported to CrowdStrike in late 2023 but was dismissed as merely a “detection gap.” The bypass technique involved suspending the EDR processes rather […]

The post Researchers Bypassed CrowdStrike Falcon Sensor to Execute Malicious Applications appeared first on Cyber Security News.

A newly disclosed critical vulnerability in Sitecore Experience Platform (CVE-2025-27218) allows unauthenticated attackers to execute arbitrary code on unpatched systems.  The flaw, rooted in insecure deserialization practices, affects Sitecore Experience Manager (XM) and Experience Platform (XP) versions 8.2 through 10.4 prior to patch KB1002844.  Security firm Assetnote discovered the vulnerability, which leverages Sitecore’s misuse of […]

The post Sitecore 0-Day Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

A critical security oversight in widely used Apache Airflow instances has exposed credentials for platforms like AWS, Slack, PayPal, and other services, leaving organizations vulnerable to data breaches and supply chain attacks.  Researchers at Intezer discovered thousands of unprotected instances across industries, including finance, healthcare, e-commerce, and cybersecurity. These instances revealed systemic risks tied to […]

The post Misconfigured Apache Airflow Servers Exposes Login Credentials to Hackers appeared first on Cyber Security News.

Federal prosecutors unsealed criminal complaints today against David Jose Gomez Cegarra, 24, and Jesus Segundo Hernandez-Gil, 19, members of the Tren de Aragua Gang, for allegedly orchestrating a coordinated ATM “jackpotting” campaign across four U.S. states.  The defendants face charges of bank theft and conspiracy to commit bank theft, carrying maximum penalties of 10 years […]

The post Two Hackers Arrested For ATM Jackpotting by Deploying Malware appeared first on Cyber Security News.

In its latest Android security update, Google has unveiled a dual-layer defense system combining AI-powered scam detection for both text messages and voice calls.  The new features, powered by Gemini Nano AI models operating entirely on-device, aim to combat the $1 trillion global scam industry exploiting conversational vulnerabilities in mobile communications. Scam Detection Architecture for […]

The post Google Announces AI-Powered Scam Detector For Android Users appeared first on Cyber Security News.

A critical Insecure Direct Object Reference (IDOR) vulnerability chain in ZITADEL’s administration interface (CVE-2025-27507) has exposed organizations to systemic risks of account takeover and configuration tampering.  Rated 9.0/10 on the CVSS v3.1 scale, these flaws enable authenticated low-privilege users to manipulate LDAP authentication settings and other sensitive parameters through ZITADEL’s Admin API endpoints. The vulnerabilities […]

The post ZITADEL IDOR Vulnerabilities Let Attackers Modify Sensitive Settings appeared first on Cyber Security News.

Elastic has issued an urgent security advisory for a critical vulnerability in Kibana, tracked as CVE-2025-25012, that allows authenticated attackers to execute arbitrary code on affected systems.  The flaw, rated 9.9 on the CVSS v3.1 scale, stems from a prototype pollution issue in Kibana’s file upload handler and HTTP request processing. Exploitation could lead to […]

The post Critical Kibana Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

A critical security vulnerability in LibreOffice tracked as CVE-2025-1080, has exposed millions of users to potential remote code execution attacks through manipulated macro URLs.  Patched in versions 24.8.5 and 25.2.1 released on March 4, 2025, this flaw allowed attackers to bypass security protocols and execute arbitrary scripts via LibreOffice’s custom URI scheme.  The vulnerability highlights […]

The post LibreOffice Vulnerability Let Attackers Execute Arbitrary Script Using Macro URL appeared first on Cyber Security News.

Google collects and stores significant amounts of user data on Android devices, even when users haven’t opened any Google apps. The study by Professor D.J. Leith from Trinity College Dublin, documents for the first time how pre-installed Google apps silently track users without seeking consent or providing any opt-out options. The research examined cookies, identifiers, […]

The post Google Silently Tracks Android Device Even No Apps Opened by User appeared first on Cyber Security News.

Two individuals were arrested this week in a sophisticated cybercrime operation targeting high-demand events. They were accused of orchestrating a $600,000 ticket theft scheme involving Taylor Swift’s Eras Tour and other major concerts.  Queens District Attorney Melinda Katz revealed that Tyrone Rose, 34, and Shamara P. Simmons, 29, exploited security flaws in an offshore third-party […]

The post Two Hackers Arrested for Stealing Taylor Swift Era Concert Tickets Worth $600k appeared first on Cyber Security News.

A new ransomware group, SecP0, has emerged on the cybercrime landscape, adopting a novel and deeply concerning tactic: demanding ransom payments not for encrypted data, but for undisclosed software vulnerabilities.  This shift in strategy represents a significant evolution in ransomware operations, targeting organizations’ cybersecurity weaknesses rather than their data. Unlike traditional ransomware groups that encrypt […]

The post SecP0 Ransomware Group Threatens Organizations to Leak Vulnerability Details appeared first on Cyber Security News.

A sophisticated Android banking trojan campaign leveraging a malicious file manager application accumulated over 220,000 downloads on the Google Play Store before its removal.  Dubbed Anatsa (also known as TeaBot), the malware targets global financial institutions through a multi-stage infection process. It deploys fake login overlays and abuses accessibility services to steal credentials and execute […]

The post Android App With 220,000+ Downloads From Google Play Installs Banking Trojan appeared first on Cyber Security News.

Patch management tools are essential for maintaining the security and efficiency of IT systems in 2025. These tools automate the process of identifying, testing, and deploying software updates and security patches across various operating systems and applications. Top contenders in the market include NinjaOne, Automox, Kaseya VSA, ManageEngine Patch Manager Plus, SolarWinds Patch Manager, and […]

The post 15 Best Patch Management Tools In 2025 appeared first on Cyber Security News.

HUMAN Security’s Satori Threat Intelligence team has uncovered a sophisticated malware operation dubbed “BADBOX 2.0” that compromised over 50,000 Android devices using 24 deceptive applications. This operation represents a major expansion of the original BADBOX campaign first identified in 2023, according to researchers who collaborated with Google, Trend Micro, and Shadowserver to partially disrupt the […]

The post BadBox Malware from Google Play Hacked 50,000+ Android Devices Using 24 Apps appeared first on Cyber Security News.