Cyber Security News

Dozens of Fortinet FortiWeb instances have been compromised with webshells in a widespread hacking campaign, according to the threat monitoring organization The Shadowserver Foundation. The attacks are linked to a critical vulnerability, tracked as CVE-2025-25257, for which public proof-of-concept (PoC) exploits were released just days ago. Key Takeaways1. A critical flaw in Fortinet FortiWeb is […]

The post Fortinet FortiWeb Instances Hacked With Webshells Following Public PoC Exploits appeared first on Cyber Security News.

A sophisticated MacOS malware campaign dubbed NimDoor has emerged, targeting Web3 and cryptocurrency organizations through weaponized Zoom SDK updates. The malware, attributed to North Korea-linked threat actors likely associated with Stardust Chollima, represents a significant evolution in offensive capabilities against MacOS systems, having been active since at least April 2025. The attack orchestration begins with […]

The post MacOS Malware NimDoor Weaponizing Zoom SDK Update to Steal Keychain Credentials appeared first on Cyber Security News.

Hong Kong’s financial sector is contending with a fresh surge of SquidLoader samples that glide past conventional defenses with almost no antivirus flags. First spotted in early July 2025, the loader arrives through carefully worded spear-phishing emails written in Simplified Chinese and bearing password-protected RAR attachments masquerading as legitimate bond-registration paperwork. Once the user extracts […]

The post SquidLoader Using Sophisticated Malware With Near-Zero Detection to Swim Under Radar appeared first on Cyber Security News.

A critical design flaw in Microsoft’s latest Windows Server 2025 enables attackers to bypass authentication and generate passwords for all managed service accounts across enterprise networks. The vulnerability, dubbed “Golden dMSA,” exploits a fundamental weakness in the newly introduced delegated Managed Service Accounts (dMSAs) that reduces complex cryptographic protections to a trivial brute-force attack requiring […]

The post Windows Server 2025 Golden dMSA Attack Enables Authentication Bypass and Password Generation appeared first on Cyber Security News.

Google’s revolutionary AI-powered security tool, Big Sleep, has achieved a groundbreaking milestone by discovering and preventing the exploitation of a critical SQLite 0-day vulnerability, marking the first time an artificial intelligence agent has directly thwarted active cyber threats in the wild.  The discovery of CVE-2025-6965, a severe security flaw that was known only to threat […]

The post Google’s AI Tool Big Sleep Uncovered Critical SQLite 0-Day Vulnerability and Blocks Active Exploitation appeared first on Cyber Security News.

The curl development team has announced the release of curl 8.15.0 on July 16, 2025, marking the 269th release of the popular command-line tool and libcurl library.  This update brings 233 documented bugfixes and represents 334 commits from the development community, showcasing continued active maintenance of the critical networking tool used by millions of developers […]

The post curl 8.15.0 Released With 233 Bugfixes and 334 Commits – Update Now appeared first on Cyber Security News.

AI assistant systems were successfully exploited by using a crafted Gmail message to trigger code execution through Claude Desktop while bypassing built-in security protections.  The attack exploits the Model Context Protocol (MCP) ecosystem, where individual components remain secure in isolation but create dangerous attack surfaces when combined.  Key Takeaways1. Attack succeeded by chaining secure components […]

The post Gmail Message Used to Trigger Code Execution in Claude and Bypass Protections appeared first on Cyber Security News.

Oracle released its July 2025 Critical Patch Update on July 15, addressing 309 security vulnerabilities across its extensive product portfolio.  This quarterly security update represents one of the most comprehensive patches in recent history, targeting critical flaws in database systems, middleware, cloud applications, and enterprise software that could potentially expose organizations to severe cyberattacks. The […]

The post Oracle Critical Security Update – 309 Vulnerabilities with 145 Remotely Exploitable Patched appeared first on Cyber Security News.

A critical security vulnerability has been discovered in Vim, the popular open-source command line text editor used by millions of developers worldwide.  The vulnerability, designated as CVE-2025-53906, affects the zip.vim plugin and enables attackers to overwrite arbitrary files through specially crafted zip archives.  Key Takeaways1. CVE-2025-53906, Vim's zip.vim plugin is vulnerable to path traversal attacks […]

The post Vim Command Line Text Editor Vulnerability Let Attackers Overwrite Sensitive Files appeared first on Cyber Security News.

Iranian cyber operatives have intensified their assault on American critical infrastructure, with Intelligence Group 13 emerging as a primary threat actor targeting water treatment facilities, electrical grids, and industrial control systems across the United States. The group, operating under the umbrella of the Islamic Revolutionary Guard Corps (IRGC) Shahid Kaveh Cyber Group, has demonstrated sophisticated […]

The post Iranian Threat Actors Attacking U.S. Critical Infrastructure Including Water Systems appeared first on Cyber Security News.

Multiple severe vulnerabilities have been addressed affecting VMware ESXi, Workstation, Fusion, and Tools that could allow attackers to execute malicious code on host systems.  The vulnerabilities, identified as CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, and CVE-2025-41239, carry CVSS scores ranging from 6.2 to 9.3, with three classified as critical severity.  Security researchers discovered these flaws through the Pwn2Own […]

The post VMware ESXi and Workstation Vulnerabilities Let Attackers Execute Malicious Code on Host appeared first on Cyber Security News.

A sophisticated new credential stealer disguised as a legitimate forensic toolkit has emerged on GitHub, targeting sensitive user data including VPN configurations, browser credentials, and cryptocurrency wallet information. The Octalyn Stealer, first identified in July 2025, presents itself as an educational research tool while functioning as a fully operational malware designed for large-scale data theft […]

The post Octalyn Stealer Steals VPN Configurations, Passwords and Cookies in Structured Folders appeared first on Cyber Security News.

North Korean threat actors have escalated their software supply chain attacks with the deployment of 67 malicious npm packages that collectively garnered over 17,000 downloads before detection. This latest campaign represents a significant expansion of the ongoing “Contagious Interview” operation, introducing a previously unreported malware loader dubbed XORIndex alongside the existing HexEval Loader infrastructure. The […]

The post North Korean Hackers Weaponized 67 Malicious npm Packages to Deliver XORIndex Malware appeared first on Cyber Security News.

A massive network of fraudulent news websites has been uncovered, with cybersecurity researchers identifying over 17,000 Baiting News Sites (BNS) across 50 countries orchestrating sophisticated investment fraud schemes. These malicious platforms masquerade as legitimate news outlets, publishing fabricated stories featuring well-known public figures and respected financial institutions to build trust and lure unsuspecting victims into […]

The post BaitTrap – 17,000+ Fake News Websites Caught Promoting Investment Frauds appeared first on Cyber Security News.

The cybersecurity landscape has witnessed an alarming evolution in hacktivist operations, with threat actors increasingly shifting their focus from traditional DDoS attacks and website defacements to sophisticated industrial control system (ICS) infiltrations. This tactical transformation represents a significant escalation in the hacktivist threat ecosystem, as groups now target critical infrastructure components that directly impact national […]

The post Hacktivist Groups Attacks on Critical ICS Systems to Steal Sensitive Data appeared first on Cyber Security News.

Google has released an emergency security update for Chrome, addressing a critical zero-day vulnerability that attackers are actively exploiting in real-world attacks. The tech giant confirmed that CVE-2025-6558 is being leveraged by threat actors, prompting an immediate patch deployment across all supported platforms. Google Chrome has been updated to version 138.0.7204.157/.158 for Windows and Mac […]

The post Google Chrome 0-day Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.

The cybersecurity landscape has experienced a dramatic shift as ransomware operators increasingly target Linux and VMware environments, abandoning their traditional focus on Windows systems. Recent threat intelligence indicates that criminal groups are developing sophisticated, Linux-native ransomware specifically engineered to exploit the unique vulnerabilities of enterprise virtualization platforms and cloud infrastructures. This strategic pivot represents a […]

The post Ransomware Gangs Actively Expanding to Attack VMware and Linux Systems appeared first on Cyber Security News.

North Korean threat actors have escalated their sophisticated cyber operations against cryptocurrency startups, deploying an evolved malware campaign that leverages fraudulent Zoom meeting invitations to infiltrate target organizations. The campaign, which has been active for over a year, specifically targets individuals and businesses operating within the Web3, cryptocurrency, and blockchain sectors through carefully orchestrated social […]

The post North Korean Hackers Using Fake Zoom Invites to Attack Crypto Startups appeared first on Cyber Security News.

A newly disclosed flaw in Apache Tomcat’s Coyote engine—tracked as CVE-2025-53506—has surfaced in the latest round of HTTP/2 security advisories. First noted in the National Vulnerability Database five days ago, the weakness stems from Coyote’s failure to enforce a hard cap on concurrent streams when an HTTP/2 client never acknowledges the server’s initial SETTINGS frame. […]

The post Apache Tomcat Coyote Vulnerability Let Attackers Trigger DoS Attack appeared first on Cyber Security News.

The National Cyber Security Centre (NCSC) has issued a critical advisory urging organizations to prioritize upgrading to Windows 11 before the October 14, 2025 end-of-life deadline for Windows 10. This recommendation comes amid growing concerns about the cybersecurity implications of maintaining legacy operating systems, particularly as cyber criminals increasingly target outdated infrastructure for exploitation. The […]

The post NCSC Urges Organizations to Upgrade Microsoft Windows 11 to Defend Cyberattacks appeared first on Cyber Security News.