Cyber Security News

Threat actors linked to Chinese hosting infrastructure have established a massive network of over 18,000 active command-and-control servers across 48 different hosting providers in recent months. This widespread abuse highlights a serious issue in how malicious infrastructure can hide within trusted networks and cloud services. Traditional threat hunting methods that focus on individual IP addresses […]

The post Chinese Threat Actors Hosted 18,000 Active C2 Servers Across 48 Hosting Providers appeared first on Cyber Security News.

Palo Alto Networks has patched a critical denial-of-service vulnerability in its PAN-OS firewall software, tracked as CVE-2026-0227, which lets unauthenticated attackers disrupt GlobalProtect gateways and portals. The flaw carries a CVSS v4.0 base score of 7.7 (HIGH severity), stemming from improper checks for unusual conditions that force firewalls into maintenance mode after repeated exploitation attempts. […]

The post Palo Alto Networks Firewall Vulnerability Allows Attacker to Trigger DoS Attacks appeared first on Cyber Security News.

Microsoft released security updates on January 13, 2026, addressing a critical elevation of privilege vulnerability in SQL Server that enables authorized attackers to bypass authentication controls and gain elevated system privileges remotely. Tracked as CVE-2026-20803, the vulnerability stems from missing authentication mechanisms for critical functions within the database engine. The flaw affects multiple SQL Server […]

The post Microsoft SQL Server Vulnerability Allows Attackers to Elevate Privileges over a Network appeared first on Cyber Security News.

A sophisticated malware loader known as CastleLoader has emerged as a critical threat to US government agencies and critical infrastructure organizations. First identified in early 2025, this stealthy malware has been used as the initial access point in coordinated attacks targeting multiple sectors including federal agencies, IT firms, logistics companies, and essential infrastructure providers across […]

The post Stealthy CastleLoader Malware Attacking US Government Agencies and Critical Infrastructure appeared first on Cyber Security News.

DragonForce is the latest ransomware brand to move from noisy forum posts to full RaaS operations, targeting both Windows and VMware ESXi environments. First seen in December 2023 on BreachForums, the group advertises stolen data and uses a dark web blog to pressure victims. The early leak post revealed the new cartel-style operation. The group […]

The post Researchers Breakdown DragonForce Ransomware Along with Decryptor for ESXi and Windows Systems appeared first on Cyber Security News.

A novel single-click attack targeting Microsoft Copilot Personal that enables attackers to silently exfiltrate sensitive user data. The vulnerability, now patched, allowed threat actors to hijack sessions via a phishing link without further interaction.​ Attackers initiate Reprompt by sending a phishing email with a legitimate Copilot URL containing a malicious ‘q’ parameter, which auto-executes a […]

The post New One-Click Microsoft Copilot Vulnerability Grants Attackers Undetected Access to Sensitive Data appeared first on Cyber Security News.

North Korean threat actors have launched a sophisticated social engineering campaign targeting software developers through fake recruitment offers. The campaign, known as Contagious Interview, uses malicious repositories disguised as technical assessment projects to deploy a dual-layer malware system. Victims are lured through LinkedIn messages from fake recruiters claiming to represent organizations like Meta2140, then directed […]

The post North Korean Hackers use Code Abuse Tactics for ‘Contagious Interview’ Campaign appeared first on Cyber Security News.

Austin, TX / USA, January 14th, 2026, CyberNewsWire New monitoring capability delivers unprecedented visibility into vendor identity exposures, moving enterprises and government agencies from static risk scoring to protecting against actual identity threats.  SpyCloud, the leader in identity threat protection, today announced the launch of its Supply Chain Threat Protection solution, an advanced layer of […]

The post SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats appeared first on Cyber Security News.

Large language models are changing how ransomware crews plan and run their attacks. Instead of inventing new kinds of malware, LLMs are speeding up every step of the existing ransomware lifecycle, from recon to extortion. Crews can now write fluent phishing lures, localize ransom notes, and triage stolen data in many languages in minutes, not […]

The post LLMs are Accelerating the Ransomware Lifecycle to Gain Speed, Volume, and Multilingual Reach appeared first on Cyber Security News.

New York, NY, January 14th, 2026, CyberNewsWire Leading secrets security platform sees accelerated adoption across Fortune 500, with 60% of new customers choosing multi-year commitments. GitGuardian, the leading secrets and Non-Human Identity security platform, today announced record growth in ARR and customer expansion throughout 2025, reinforcing its position as the enterprise standard for protecting code, […]

The post GitGuardian Closes 2025 with Strong Enterprise Momentum, Protecting Millions of Developers Worldwide appeared first on Cyber Security News.

In August 2025, Fortinet issued an advisory for CVE-2025-25256, an OS command injection vulnerability (CWE-78) in FortiSIEM that exposed the platform to unauthenticated remote code execution via crafted CLI requests. Practical exploits surfaced in the wild, prompting security firm Horizon3.ai to conduct a deep investigation. Their analysis uncovered a devastating chain: an unauthenticated argument injection […]

The post Critical FortiSIEM Vulnerability(CVE-2025-64155) Enable Full RCE and Root Compromise appeared first on Cyber Security News.

Panorays has just dropped the latest edition of its annual CISO Survey for Third-Party Cyber Risk Management, and it contains some major wakeup calls for security professionals. The biggest takeaway is that software supply chain attacks are rising once more, as cybercriminals look to take advantage of their complexity by targeting a growing laundry list of third-party components.   The situation isn’t helped by […]

The post As Third-Party Vulnerabilities Rise, CISOs Accelerate Push for Security Modernization   appeared first on Cyber Security News.

Discord users are facing a growing threat from VVS Stealer, a Python-based information-stealing malware that targets sensitive account data, including credentials and tokens. This stealer was actively marketed on Telegram as early as April 2025, promoting its ability to steal Discord data, intercept active sessions through injection, and extract web browser information such as cookies, […]

The post VVS Stealer Attacking Discord Users to Exfiltrate Credentials and Tokens appeared first on Cyber Security News.

Microsoft patched a critical zero-day information disclosure flaw in its Desktop Window Manager (DWM) on January 13, 2026, in the Patch Tuesday update after detecting active exploitation in the wild. Tracked as CVE-2026-20805, the vulnerability allows low-privilege local attackers to expose sensitive user-mode memory, specifically section addresses, via remote ALPC ports. This could aid further […]

The post Microsoft Desktop Window Manager 0-Day Vulnerability Exploited in the wild appeared first on Cyber Security News.

Microsoft’s January 2026 updates fix 114 vulnerabilities, with several remote code execution bugs rated critical across Office applications and Windows services such as LSASS. This Patch Tuesday addresses critical remote code execution flaws and numerous elevation of privilege issues that could enable attackers to compromise systems. Vulnerability Type Count Remote Code Execution 22 Denial of […]

The post Microsoft Patch Tuesday January 2026 – 114 Vulnerabilities Fixed Including 3 Zero-days appeared first on Cyber Security News.

Fortinet disclosed a Server-Side Request Forgery (SSRF) vulnerability in its FortiSandbox appliance on January 13, 2026, urging users to update amid risks of internal network proxied requests. Tracked as CVE-2025-67685 (FG-IR-25-783), the flaw resides in the GUI component and stems from CWE-918, enabling authenticated attackers to craft HTTP requests that proxy traffic to internal plaintext […]

The post FortiSandbox SSRF Vulnerability Allow Attacker to proxy Internal Traffic via Crafted HTTP Requests appeared first on Cyber Security News.

Node.js issued critical security updates across its active release lines on January 13, 2026, patching vulnerabilities that could lead to memory leaks, denial-of-service attacks, and permission bypasses. These releases address three high-severity flaws, among others, urging immediate upgrades for affected systems. High Severity Vulnerabilities High-severity issues dominate this release, with CVE-2025-55131 exposing uninitialized memory in […]

The post Node.js Security Release Patches 7 Vulnerabilities Across All Release Lines appeared first on Cyber Security News.

Fortinet has disclosed a critical heap-based buffer overflow vulnerability (CWE-122) in the cw_acd daemon of FortiOS and FortiSwitchManager. This flaw enables a remote, unauthenticated attacker to execute arbitrary code or commands by sending specially crafted requests over the network. Organizations relying on Fortinet’s firewalls, secure access service edge (SASE) solutions, and switch management tools face […]

The post FortiOS and FortiSwitchManager Vulnerability Let Remote Attackers Execute Arbitrary Code appeared first on Cyber Security News.

Over 8,000 internet-exposed SmarterMail servers remain vulnerable to a critical remote code execution flaw tracked as CVE-2025-52691, according to scans conducted on January 12, 2026. Security researchers identified 8,001 unique IP addresses likely affected out of 18,783 exposed instances, with proof-of-concept exploits now publicly available. This maximum-severity vulnerability poses severe risks to organizations relying on […]

The post 8000+ SmarterMail Hosts Vulnerable to RCE Attack – PoC Exploit Released appeared first on Cyber Security News.

Security researchers have identified a sophisticated multi-stage Windows malware campaign called SHADOW#REACTOR that represents a significant evolution in delivery mechanisms for remote access tools. The campaign demonstrates how threat actors combine traditional scripting techniques with modern obfuscation methods to bypass security defenses. The infection begins with an obfuscated Visual Basic Script that initiates a carefully […]

The post Multi-Stage Windows Malware Invokes PowerShell Downloader Using Text-based Payloads Using Remote Host appeared first on Cyber Security News.