Cyber Security News

Active Directory serves as the foundation of enterprise authentication systems, making it a prime target for sophisticated threat actors. The NTDS.dit database file, which stores encrypted password hashes and critical domain configurations, has become one of the most sought-after assets in corporate networks. When adversaries successfully obtain this file, they gain unrestricted access to an […]

The post Hackers Exfiltrating NTDS.dit File to Gain Full Active Directory Access appeared first on Cyber Security News.

Two months following the disclosure of CVE-2025-55182, exploitation activity targeting React Server Components has evolved from broad scanning into consolidated, high-volume attack campaigns. According to telemetry from GreyNoise collected between January 26 and February 2, 2026, threat actors are actively leveraging this critical vulnerability to deploy cryptominers and establish persistent remote access. While the total […]

The post Hackers Exploiting React Server Components Vulnerability in the Wild to Deploy Malicious Payloads appeared first on Cyber Security News.

GlassWorm has emerged as a serious threat to developers using the Open VSX Registry, where popular VSX extensions were silently turned into delivery vehicles for malware. Threat actors compromised a trusted publisher account and pushed poisoned updates that looked like routine releases but actually carried a staged loader. These extensions, which had more than 22,000 […]

The post GlassWorm Infiltrated VSX Extensions with More than 22,000 Downloads to Attack Developers appeared first on Cyber Security News.

Infostealer campaigns that once focused mainly on Windows are now expanding aggressively to macOS, using Python and trusted platforms to reach new victims. Recent attacks show a clear shift: threat actors are abusing online ads, fake apps, and familiar tools to quietly steal credentials, session cookies, and cryptocurrency data from Mac users. Cross‑platform Python stealers […]

The post Infostealer Campaigns Expand to macOS as Attackers Abuse Python and Trusted Platforms appeared first on Cyber Security News.

Cybercriminals are launching a dangerous phishing campaign that tricks users into giving away their login credentials by impersonating Dropbox. This attack uses a multi-stage approach to bypass email security checks and content scanners. The threat actors exploit trusted cloud platforms and harmless-looking PDF files to create a deception chain that leads victims to a fake […]

The post Beware of Fake Dropbox Phishing Attack that Harvest Login Credentials appeared first on Cyber Security News.

Threat actors are actively exploiting a critical remote code execution vulnerability in React Native’s Metro Development Server to deliver advanced malware payloads across Windows and Linux systems. VulnCheck’s Canary honeypot network first detected operational exploitation of CVE-2025-11953 dubbed “Metro4Shell” on December 21, 2025, with continued attacks observed in January 2026, yet the vulnerability remains largely […]

The post Hackers Exploiting React Native’s Metro Server in the Wild to Attack Developers appeared first on Cyber Security News.

Security updates addressing critical cross-site scripting (XSS) vulnerabilities in Foxit PDF Editor Cloud that could allow attackers to execute arbitrary JavaScript code in users’ browsers. The vulnerabilities were discovered in the application’s File Attachments list and Layers panel, where insufficient input validation and improper output encoding create pathways for malicious code execution. Two related cross-site […]

The post Foxit PDF Editor Vulnerabilities Let Attackers Execute Arbitrary JavaScript appeared first on Cyber Security News.

There is a comforting illusion in cybersecurity leadership: when things get noisy, you add more people. More analysts. More shifts. More headcount. It feels decisive. It looks responsible. It even photographs well for internal reports.  But SOC inefficiency is rarely a staffing problem. It is a signal problem.  When More People Don’t Mean Better Security  Across industries, security […]

The post Stronger Incident Prevention Takes Just One CISO Decision  appeared first on Cyber Security News.

A sophisticated phishing campaign targeting macOS users has emerged, using fake compliance emails as a delivery mechanism for advanced malware. Chainbase Lab recently detected this campaign, which impersonates legitimate audit and compliance notifications to deceive users. The attack chain combines social engineering with multi-stage fileless payloads designed to steal credentials and establish persistent remote access […]

The post Beware of New Compliance Emails Weaponizing Word/PDF Files to Steal Sensitive Data appeared first on Cyber Security News.

A new variant of the PDFly malware has emerged with advanced techniques that challenge traditional analysis methods. The malware uses a modified PyInstaller executable that prevents standard extraction tools from working properly. This makes it difficult for security teams to examine the code and understand how the threat operates. The modified version changes key identifiers […]

The post PDFly Variant Uses Custom PyInstaller Modification, Forcing Analysts to Reverse-Engineer Decryption appeared first on Cyber Security News.

French authorities raided the Paris headquarters of Elon Musk’s social media platform X today, escalating a year-old cybercrime probe into alleged algorithmic manipulation and illicit content distribution. The operation, led by the Paris prosecutor’s cybercrime unit alongside France’s national cybercrime police and Europol, marks a significant intensification of scrutiny on X’s data practices and moderation […]

The post French Authorities Raid X Office Following Cybercrime Allegations appeared first on Cyber Security News.

The transition away from NTLM (New Technology LAN Manager), a legacy authentication protocol that has existed in Windows for over three decades, is being accelerated. The company has announced a phased roadmap to reduce, restrict, and ultimately disable NTLM by default in upcoming Windows releases, marking a significant evolution in Windows authentication security. NTLM has […]

The post Microsoft to Disable NTLM by Default as a Step Towards More Secure Authentication appeared first on Cyber Security News.

A critical XML External Entity (XXE) vulnerability has been disclosed in the Syncope identity management console. The flaw could allow administrators to expose sensitive user data and compromise session security inadvertently. The vulnerability, tracked as CVE-2026-23795, affects multiple versions of the platform and requires immediate patching. The improper restriction of XML External Entity references in […]

The post Apache Syncope Vulnerability Let Attackers Hijack User Sessions appeared first on Cyber Security News.

APT28, the Russia-linked advanced persistent threat group, has launched a sophisticated campaign targeting Central and Eastern Europe using a zero-day vulnerability in Microsoft Office. The threat actors leveraged specially crafted Microsoft Rich Text Format (RTF) files to exploit the vulnerability and deliver malicious backdoors through a multi-stage infection chain. The campaign, tracked as Operation Neusploit, […]

The post APT28 Hackers Exploiting Microsoft Office 0-Day in the Wild to Deploy Malware appeared first on Cyber Security News.

A dangerous banking malware called Anatsa has been discovered spreading through the Google Play Store, reaching more than fifty thousand downloads before detection. The malicious application was cleverly hidden as a document reader, making it appear harmless to unsuspecting users searching for legitimate file management tools. This discovery highlights how cybercriminals continue to exploit official […]

The post Malicious App on The Google Play with 50K+ Downloads Deploy Anatsa Banking Malware appeared first on Cyber Security News.

A critical authenticated command execution vulnerability has been disclosed affecting multiple Hikvision Wireless Access Point (WAP) models. The flaw, tracked as CVE-2026-0709, stems from insufficient input validation in device firmware, potentially allowing attackers with valid credentials to execute arbitrary commands on affected systems. The vulnerability carries a CVSS v3.1 base score of 7.2, indicating a […]

The post Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution appeared first on Cyber Security News.

Hundreds of malicious skills designed to deliver trojans, infostealers, and backdoors disguised as legitimate automation tools. VirusTotal has uncovered a significant malware distribution campaign targeting OpenClaw, a rapidly growing personal AI agent ecosystem. OpenClaw, previously known as Clawdbot and briefly as Moltbot, is a self-hosted AI agent that executes real system actions, including shell commands, […]

The post OpenClaw AI Agent Skills Abused by Threat Actors to Deliver Malware appeared first on Cyber Security News.

A sophisticated espionage campaign attributed to the Chinese Advanced Persistent Threat (APT) group Lotus Blossom (also known as Billbug). The threat actors compromised the infrastructure hosting the popular text editor Notepad++ to deliver a custom, previously undocumented backdoor named “Chrysalis”. This campaign, discovered by Rapid7 researcher Ivan Feigl, primarily targets organizations in the government, telecommunications, […]

The post Notepad++ Hack Detailed Along With the IoCs and Custom Malware Used appeared first on Cyber Security News.

A dangerous new data-wiping malware known as DynoWiper has emerged, targeting energy companies in Poland with destructive attacks designed to permanently erase critical data. The malware surfaced in December 2025 when security researchers detected its deployment at a Polish energy firm. Unlike typical ransomware that encrypts files for monetary gain, DynoWiper operates with a single […]

The post DynoWiper Data-Wiping Malware Attacking Energy Companies to Destroy Data appeared first on Cyber Security News.

On December 29, 2025, Poland faced a coordinated assault targeting more than 30 wind and solar farms, alongside a large combined heat and power plant and a manufacturing facility. The attacks occurred during severe winter weather, when temperatures dropped and snowstorms threatened the nation’s energy stability. All operations had purely destructive intentions, designed to damage […]

The post 30 Wind and Solar Farms in Poland Faced Coordinated Cyberattacks appeared first on Cyber Security News.