Cyber Security News

Threat actors have been actively exploiting a critical path-traversal vulnerability in Fortinet’s FortiWeb web application firewall since early October 2025, allowing unauthenticated attackers to create rogue administrator accounts and gain full control of exposed devices. Researchers at watchTowr Labs first detailed the flaw on November 13, 2025, revealing a chain of path traversal and authentication bypass issues […]

The post Fortinet FortiWeb Vulnerability (CVE-2025-64446) Exploited in the Wild for Full Admin Takeover appeared first on Cyber Security News.

A new local privilege escalation vulnerability in Microsoft’s Windows Admin Center (WAC), affecting versions up to 2.4.2.1 and environments running WAC 2411 and earlier. Tracked as CVE-2025-64669, the flaw stems from insecure directory permissions on the folder C:\ProgramData\WindowsAdminCenter, which is writable by standard users yet used by services running with elevated privileges. Because Windows Admin […]

The post Windows Admin Center Vulnerability (CVE-2025-64669) Let Attackers Escalate Privileges appeared first on Cyber Security News.

NoName057(16), also known as 05716nnm or NoName05716, has emerged as a significant threat targeting NATO member states and European organizations. The group, which originated as a covert project within Russia’s Centre for the Study and Network Monitoring of the Youth Environment, has been actively conducting distributed denial-of-service attacks since March 2022. Operating with support from […]

The post NoName057(16) Hackers Using DDoSia DDoS Tool to Attack Organizations in NATO appeared first on Cyber Security News.

The dark web landscape constantly shifts between emerging platforms and sudden closures, often driven by the very anonymity they promise. On November 21, 2025, a new contender named Omertà Market emerged, positioning itself as a bastion of stability and security. Its administrators touted a philosophy of “security over flash,” claiming years of silent development and […]

The post Dark Web Omertà Market Shut Downed Following the Leak of Real Server IPs appeared first on Cyber Security News.

FreePBX has addressed critical vulnerabilities enabling authentication bypass and remote code execution in its Endpoint Manager module. Discovered by Horizon3.ai researchers, these flaws affect telephony endpoint configurations in the open-source IP PBX system. Researchers identified three high-severity issues distinct from the earlier CVE-2025-57819, which was added to CISA’s Known Exploited Vulnerabilities catalog. CVE-2025-66039 allows authentication […]

The post FreePBX Vulnerabilities Enables Authentication Bypass that Leads Remote Code Execution appeared first on Cyber Security News.

The cybersecurity landscape has once again been rattled by a subtle yet dangerous supply chain attack. A malicious NuGet package named Tracer.Fody.NLog was discovered masquerading as a legitimate .NET tracing library. Published in 2020, this package successfully deceived developers for years, accumulating roughly 2,000 downloads by impersonating the popular Tracer.Fody tool and its maintainer. The […]

The post Malicious NuGet Package Uses .NET Logging Tool to Steal Cryptocurrency Wallet Data appeared first on Cyber Security News.

ConnectWise has issued a security update for ScreenConnect™ to address a critical vulnerability that could enable attackers to expose sensitive configuration data and install untrusted extensions. The flaw, identified as CVE-2025-14265, affects only the ScreenConnect server component, leaving host and guest clients unaffected. The vulnerability stems from improper code integrity validation during extension installations, classified […]

The post Critical ScreenConnect Vulnerability Let Attackers Expose Sensitive Configuration Data appeared first on Cyber Security News.

A new information stealer called SantaStealer has emerged as a serious threat to Windows users worldwide. This malware-as-a-service tool is being aggressively marketed through Telegram channels and underground hacker forums, with plans for full release before the end of 2025. The malware represents a rebranding of the earlier BluelineStealer, reflecting the evolving nature of the […]

The post SantaStealer Attacks Users to Exfiltrates Sensitive Documents, Credentials, and Wallet Data appeared first on Cyber Security News.

A sophisticated Android malware campaign named NexusRoute is actively targeting Indian citizens by impersonating government services. The operation uses fake versions of the official mParivahan and e-Challan applications to harvest login credentials and financial information from unsuspecting users. This coordinated attack combines phishing websites, fraudulent payment interfaces, and advanced malware to execute a multi-stage theft […]

The post New Android Malware Mimic as mParivahan and e-Challan Attacking Android Users to Steal Login Credentials appeared first on Cyber Security News.

A severe security vulnerability has been discovered in Plesk for Linux that could allow users to gain root access on affected servers. The flaw, tracked as CVE-2025-66430, exists within Plesk’s Password-Protected Directories feature and allows attackers to inject arbitrary data into Apache configuration files. The vulnerability stems from improper handling of user input within the […]

The post Critical Plesk Vulnerability Allows Plesk Users to Gain Root-Level Access appeared first on Cyber Security News.

A novel social engineering campaign, dubbed ClickFix, has been identified, which cleverly employs an old Windows command-line tool, finger.exe, to install malware on victims’ systems. This attack begins with a deceptive CAPTCHA verification page, tricking users into running a script that initiates the infection process. The technique has been in use since at least November […]

The post New Clickfix Attack Exploits finger.exe Tool to Trick Users into Execute Malicious Code appeared first on Cyber Security News.

Shannon is a fully autonomous AI pentesting tool for web applications that identifies attack vectors via code analysis and validates them with live browser exploits. Unlike traditional static analysis tools that merely flag potential issues, Shannon operates as a fully autonomous penetration tester that identifies attack vectors and actively executes real-world exploits to validate them. […]

The post Shannon – AI Pentesting Tool that Autonomously Checks for Code Vulnerabilities and Executes Real Exploits appeared first on Cyber Security News.

Storm-0249, once known primarily as a mass phishing group, has undergone a significant transformation into a sophisticated initial access broker specializing in precision attacks. This evolution marks a critical shift in threat tactics, moving away from noisy phishing campaigns toward stealthy, post-exploitation techniques designed to deliver ransomware-ready access to criminal affiliates. The threat actor now […]

The post Storm-0249 Abusing EDR Process Via Sideloading to Hide Malicious Activity appeared first on Cyber Security News.

Microsoft’s December 2025 security updates have unleashed an unexpected headache for enterprise admins relying on Message Queuing (MSMQ). Installed via KB5071546 on December 9, the patch targeting OS Build 19045.6691 alters MSMQ’s security model, leading to widespread failures in queue operations. Confirmed on December 12, the issue is most severe in high-load clustered environments, causing […]

The post Microsoft December 2025 Security Updates Breaking Message Queuing (MSMQ) Functionality Affects IIS Sites appeared first on Cyber Security News.

Gentlemen ransomware, first identified in August 2025, has rapidly evolved into a significant threat targeting corporate networks globally. Operating on a double extortion model, this group exfiltrates sensitive data before encrypting it, ensuring they can leverage stolen information even if backups exist. The ransomware is developed in the Go programming language, allowing for efficient cross-platform […]

The post New Gentlemen Ransomware Breaching Corporate Networks to Exfiltrate and Encrypt Sensitive Data appeared first on Cyber Security News.

A critical security issue involving the Windows Remote Access Connection Manager (RasMan) that allows local attackers to execute arbitrary code with System privileges. While investigating CVE-2025-59230, the vulnerability that Microsoft addressed in the October 2025 security updates. 0patch security analysts discovered a complex exploit chain that relies on a secondary, previously unknown zero-day flaw to function […]

The post Windows Remote Access Connection Manager Vulnerability Enables Arbitrary Code Execution appeared first on Cyber Security News.

A critical vulnerability affecting Sierra Wireless routers has been added to its Known Exploited Vulnerabilities (KEV) catalog. This decision comes after evidence emerged that the flaw is being actively exploited in the wild. Posing significant risks to organizations that still utilize these legacy devices. Federal agencies and private organizations are now urged to take immediate […]

The post CISA Adds Sierra Router Vulnerability to KEV Catalogue Following Active Exploitation appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), has issued new guidance urging enterprises to verify and manage UEFI Secure Boot configurations to counter bootkit threats. Released in December 2025 as a Cybersecurity Information Sheet (CSI), the document addresses vulnerabilities like PKFail, BlackLotus, and BootHole that bypass […]

The post CISA Releases Guidance for Managing UEFI Secure Boot on Enterprise Devices appeared first on Cyber Security News.

Google Threat Intelligence Group (GTIG) has issued a warning regarding the widespread exploitation of a critical security flaw in React Server Components. Known as React2Shell (CVE-2025-55182), this vulnerability allows attackers to take control of servers remotely without needing a password. Since the vulnerability was disclosed on December 3, 2025, Google has observed multiple distinct hacker groups […]

The post Google Warns Multiple Hacker Groups Are Exploiting React2Shell to Spread Malware appeared first on Cyber Security News.

BC Security has announced the release of Empire 6.3.0, the latest iteration of the widely used post-exploitation and adversary emulation framework. This update reinforces Empire’s position as a premier tool for Red Teams and penetration testers, offering a flexible, modular server architecture written in Python 3 along with extensive agent support. Unified Architecture and Expanded Agent […]

The post Empire 6.3.0 Launches With New Features for Red Teams and Penetration Testers appeared first on Cyber Security News.