Cyber Security News

Threat actors are now targeting Microsoft 365 accounts using a growing attack method known as OAuth device code phishing. This technique takes advantage of the OAuth 2.0 device authorization flow, a legitimate Microsoft feature designed for devices with limited input options. Attackers trick users into entering codes on authentic Microsoft login pages, which grants them […]

The post Hackers Using Phishing Tools to Access M365 Accounts via OAuth Device Code appeared first on Cyber Security News.

The Shadowserver Foundation identified approximately 125,000 WatchGuard Firebox firewall devices worldwide at risk due to a critical vulnerability actively exploited. The flaw, tracked as CVE-2025-14733, enables unauthenticated remote attackers to execute arbitrary code on unpatched devices with minimal effort.​ The vulnerability stems from an out-of-bounds write flaw in the WatchGuard Fireware OS IKEv2 VPN key […]

The post 125,000 IPs WatchGuard Firebox Devices Exposed to Internet Vulnerable to 0-day RCE Attacks appeared first on Cyber Security News.

Microsoft is set to enhance the security integration between Microsoft Teams and Microsoft Defender for Office 365 with a new feature rolling out next month. According to a new notification in the Microsoft 365 Message Center (MC1200058), security administrators will soon be able to manage blocked external users in Teams directly through the Tenant Allow/Block […]

The post Now Admins Can Block External Users in Microsoft Teams From Defender Portal appeared first on Cyber Security News.

Cyber criminals are changing their tactics by recruiting insiders within organizations instead of relying on traditional attack methods like brute force or social engineering. Recent findings show that employees in banks, telecom companies, and technology firms are being approached through darknet forums to sell access to corporate networks, user devices, and cloud systems. The payouts […]

The post Threat Actors are Hiring Insiders in Banks, Telecoms, and Tech from $3,000 to $15,000 for Access or Data appeared first on Cyber Security News.

A new and ominous player has emerged in the rapidly expanding landscape of “Shadow AI.” Researchers at Resecurity have identified DIG AI, an uncensored artificial intelligence tool hosted on the darknet that is empowering threat actors to automate cyberattacks, generate illicit content, and bypass the safety guardrails of traditional AI models. First detected on September […]

The post DIG AI – Darknet AI Tool Enabling Threat Actors to Launch Sophisticated Attacks appeared first on Cyber Security News.

The U.S. Department of Justice (DOJ) has charged 54 individuals in a sweeping crackdown on a transnational cyber-physical attack network. The indictments, announced by U.S. Attorney Lesley A. Woods, allege a massive conspiracy involving “ATM jackpotting” to fund Tren de Aragua (TdA), a designated Foreign Terrorist Organization. The coordinated operation targeted a sophisticated criminal ring […]

The post U.S. DOJ Charged 54 in Connection With ATM Hacking Attack by Deploying Ploutus Malware appeared first on Cyber Security News.

In a week that revealed the flaws in digital trust, cybersecurity headlines were filled with high-profile breaches, zero-day exploits, and bold nation-state espionage. Attackers claimed to have swiped usernames, emails, and encrypted passwords from over 1.2 million accounts, underscoring the persistent risks of adult platforms as lucrative targets for credential stuffing and phishing campaigns. As […]

The post Cybersecurity Weekly Recap – PornHub Breach, Cisco 0-Day, Amazon Detains DPRK IT Worker, and more appeared first on Cyber Security News.

Security researchers have identified at least 120 Cisco Secure Email Gateway and Cisco Secure Email and Web Manager devices vulnerable to a critical zero-day flaw that attackers are actively exploiting in the wild. The vulnerability, tracked as CVE-2025-20393, currently has no available patch, leaving organizations exposed to potential compromise. According to threat intelligence from Shadowserver […]

The post 100+ Cisco Secure Email Devices Exposed to Zero‑Day Exploited in the Wild appeared first on Cyber Security News.

GitHub has announced the general availability of Claude Opus 4.5, Anthropic’s advanced AI model, across its Copilot platform. This integration enhances AI capabilities for developers using GitHub’s code assistance tools. The Claude Opus 4.5 model is now accessible to users with Copilot Enterprise, Copilot Business, Copilot Pro, and Copilot Pro+ subscriptions. Developers can leverage this […]

The post Claude Opus 4.5 Now Integrated with GitHub Copilot appeared first on Cyber Security News.

Microsoft has begun deploying Baseline Security Mode across Microsoft 365 tenants, a new dashboard in the M365 Admin Center that centralizes recommended security configurations for Office, SharePoint, Exchange, Teams, and Entra. Announced at Ignite 2025, this opt-in feature helps administrators quickly assess vulnerabilities, run impact reports, and apply risk-based hardening without immediate user disruptions. As […]

The post Microsoft Rolls Out Baseline Security Mode for Office, SharePoint, Exchange, Teams, and Entra appeared first on Cyber Security News.

In a shocking betrayal of industry trust, two former cybersecurity professionals have pleaded guilty to federal charges for launching ransomware attacks against U.S. businesses. The pair, whose day jobs involved helping companies respond to hacks and negotiate ransoms, admitted to moonlighting as cybercriminals in a plot to extort millions of dollars from victims. Ryan Clifford […]

The post Cybersecurity Professionals Plead Guilty to Launching Ransomware Attacks appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency (NSA) and Canadian Centre for Cyber Security (Cyber Centre), has released updated indicators of compromise (IOCs) and detection signatures for BRICKSTORM malware. The latest update, published on December 19, 2025, includes an analysis of three additional malware samples, bringing the total to […]

The post CISA Releases New Indicators of Compromise Tied to BRICKSTORM Malware appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated email campaign deploying a commodity loader to distribute Remote Access Trojans and information stealers. The operation primarily targets manufacturing and government organizations across Italy, Finland, and Saudi Arabia, using highly evasive techniques. Multi-Vector Attack Strategy The campaign employs multiple infection methods to compromise Windows systems. Threat actors are distributing […]

The post Hackers Weaponize SVG Files and Office Documents to Target Windows Users appeared first on Cyber Security News.

In a major disruption to remote work and collaboration, Microsoft Teams experienced a significant outage on Friday, affecting thousands of users across multiple regions. Reports of messaging delays, failed message deliveries, and issues with other service functions began surging around 2:30 PM ET (7:30 PM GMT), bringing productivity to a halt for businesses and individuals […]

The post Microsoft Teams Down – Users Face Messaging Delays and Service Disruptions Worldwide appeared first on Cyber Security News.

Over 25,000 Fortinet devices worldwide with FortiCloud Single Sign-On (SSO) enabled, leaving them potentially exposed to remote attacks. The finding stems from enhanced device fingerprinting in a new Device Identification report, which scanned global IP addresses and flagged these systems as openly advertising their SSO configuration. FortiCloud SSO streamlines authentication for Fortinet’s ecosystem, including firewalls, […]

The post 25,000+ FortiCloud SSO-Enabled Devices Exposed to Remote Attacks appeared first on Cyber Security News.

Torrance, United States / California, December 19th, 2025, CyberNewsWire Criminal IP (criminalip.io), the AI-powered threat intelligence and attack surface monitoring platform developed by AI SPERA, is now officially integrated into Palo Alto Networks’ Cortex XSOAR. The integration embeds real-time external threat context, exposure intelligence, and automated multi-stage scanning directly into Cortex XSOAR’s orchestration engine, giving security […]

The post Criminal IP and Palo Alto Networks Cortex XSOAR integrate to bring AI-driven exposure intelligence to automated incident response appeared first on Cyber Security News.

A new credential-harvesting campaign has been discovered targeting users of UKR.NET, a popular Ukrainian webmail and news platform. The attacks are linked to BlueDelta, a Russian state-sponsored hacker group also known as APT28, Fancy Bear, and Forest Blizzard. This group has been running operations for over ten years, focusing on stealing login credentials from government […]

The post BlueDelta Hackers Attacking Users of Widely Used Ukrainian Webmail and News Service appeared first on Cyber Security News.

Apache Logging Services has disclosed a critical security vulnerability in Log4j Core that exposes applications to potential interception of log data. The flaw resides in the Socket Appender component. It affects versions 2.0-beta9 through 2.25.2, creating a man-in-the-middle attack vector for malicious actors. The Socket Appender in affected Log4j versions fails to verify the TLS […]

The post Apache Log4j Vulnerability Allow Attackers to Intercept Sensitive Log Data appeared first on Cyber Security News.

Three major ransomware groups have joined forces to create what cybersecurity experts are calling one of the most concerning developments in the criminal underground. On September 15, 2025, the ransomware group DragonForce announced the formation of an alliance between DragonForce, Qilin, and LockBit through a post on a Russian underground forum. This coalition represents a […]

The post New Research Uncovers the Alliance Between Qilin, DragonForce and LockBit appeared first on Cyber Security News.

The Cloud Atlas advanced persistent threat group has continued its sophisticated campaign targeting organizations across Eastern Europe and Central Asia during the first half of 2025, leveraging outdated Microsoft Office vulnerabilities to deliver multiple backdoor implants. This campaign reveals a coordinated effort to establish persistent access and extract sensitive data from high-value targets. Cloud Atlas, […]

The post Cloud Atlas Hacker Group Exploiting Office Vulnerabilities to Execute Malicious Code appeared first on Cyber Security News.