Cyber Security News

PsExec represents one of the most contradictory tools in the cybersecurity landscape, a legitimate system administration utility that has become a cornerstone of malicious lateral movement campaigns. Recent threat intelligence reports indicate that PsExec remains among the top five tools used in cyberattacks as of 2025, with ransomware groups like Medusa, LockBit, and Kasseika actively […]

The post How Windows Command-line Utility PsExec Can Be Abused To Execute Malicious Code appeared first on Cyber Security News.

A critical zero-day vulnerability in Oracle E-Business Suite has emerged as a significant threat to enterprise environments, with proof-of-concept (PoC) exploit code now publicly available.  CVE-2025-61882 presents a severe security risk, achieving a maximum CVSS 3.1 score of 9.8 and enabling remote code execution without authentication across multiple Oracle E-Business Suite versions. The vulnerability affects […]

The post PoC Exploit Released for Remotely Exploitable Oracle E-Business Suite 0-Day Vulnerability appeared first on Cyber Security News.

A zero-day vulnerability in the Zimbra Collaboration Suite (ZCS) was actively exploited in targeted attacks earlier in 2025. The flaw, identified as CVE-2025-27915, is a stored cross-site scripting (XSS) vulnerability that attackers leveraged by sending weaponized iCalendar (.ICS) files to steal sensitive data from victims’ email accounts. The attacks were first identified by StrikeReady, which […]

The post Hackers Exploit Zimbra Vulnerability as 0-Day with Weaponized iCalendar Files appeared first on Cyber Security News.

A newly disclosed vulnerability, named the WireTap attack, allows attackers with physical access to break the security of Intel’s Software Guard eXtensions (SGX) on modern server processors and steal sensitive information. A research paper released in October 2025 details how this method can extract cryptographic keys from supposedly secure SGX enclaves using a low-cost setup, […]

The post New WireTap Attack Break Server SGX To Exfiltrate Sensitive Data appeared first on Cyber Security News.

Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used game development platform.  The flaw, designated CVE-2025-59489, exposes applications built with vulnerable Unity Editor versions to unsafe file loading attacks that could enable local code execution and privilege escalation across multiple operating systems. The vulnerability stems from […]

The post Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

Microsoft has announced a significant security enhancement for Outlook users, implementing the retirement of inline SVG image support across Outlook for Web and the new Outlook for Windows platforms.  This change represents a proactive measure to strengthen email security infrastructure and protect users from potential cybersecurity threats. The rollout timeline has been strategically structured to […]

The post Microsoft to Disable Inline SVG Images Display to Outlook for Web and Windows Users appeared first on Cyber Security News.

A groundbreaking cybersecurity vulnerability has emerged that transforms Perplexity’s AI-powered Comet browser into an unintentional collaborator for data theft.  Security researchers at LayerX have discovered a sophisticated attack vector dubbed “CometJacking” that enables malicious actors to weaponize a single URL to extract sensitive user data without requiring any traditional credential theft or malicious webpage content. […]

The post New CometJacking Attack Let Attackers Turn Perplexity Browser Against You in One Click appeared first on Cyber Security News.

A data breach at a third-party customer service provider has exposed the personal data of some Discord users, including names, email addresses, and a small number of scanned government-issued photo IDs. The incident did not compromise Discord’s main systems, and the unauthorized access was limited to data handled by the company’s support teams. Discord announced […]

The post Discord Data Breach – Customers Personal Data and Scanned Photo IDs leaked appeared first on Cyber Security News.

The digital world continues to face growing threats around software vulnerabilities, data breaches, and cyber supply chain attacks. As companies rely more heavily on open-source software, third-party code, and cloud-native applications, the need for supply chain intelligence security solutions has never been greater. In 2025, organizations must adopt highly reliable platforms that provide visibility, compliance, […]

The post Top 10 Best Supply Chain Intelligence Security Companies in 2025 appeared first on Cyber Security News.

A cybercrime collective known as Scattered LAPSUS$ Hunters has launched a new data leak site on the dark web, claiming it holds nearly one billion records from Salesforce customers. The group is orchestrating a widespread blackmail campaign, setting a ransom deadline of October 10, 2025. They have threatened to publish sensitive data and technical details […]

The post Scattered LAPSUS$ Hunters Announced Salesforce Breach List On New Onion Site appeared first on Cyber Security News.

Renault UK has notified customers of a data breach after a cyberattack on one of its third-party service providers resulted in the theft of personal information. The company has assured its clients that its own internal systems were not compromised and that no financial data was exposed. Renault UK began sending emails to affected drivers […]

The post Renault UK Suffers Cyberattack – Hackers Stolen Users Customers Personal Data appeared first on Cyber Security News.

In 2025, digital transactions are at an all-time high, but so are the risks of fraud. Businesses in banking, e-commerce, fintech, and even social networks are facing increasing pressure to secure their platforms against identity theft, payment fraud, and cybersecurity threats. Fraud prevention tools have evolved into AI-driven, machine-learning-powered solutions that proactively monitor suspicious transactions […]

The post Top 10 Best Fraud Prevention Companies in 2025 appeared first on Cyber Security News.

In recent months, security teams have observed a surge in Android spyware campaigns that prey on privacy-conscious users by masquerading as trusted messaging apps. These malicious payloads exploit users’ trust in Signal and ToTok, delivering trojanized applications that request extensive permissions under the guise of enhanced functionality. Initial distribution relies on phishing websites and fake […]

The post New Android Spyware Attacking Android Users Mimic as Signal and ToTok Apps appeared first on Cyber Security News.

In recent months, a sophisticated campaign dubbed Cavalry Werewolf has emerged, targeting government and critical infrastructure organizations across Russia and neighboring regions. Adversaries initiated these attacks by sending meticulously crafted phishing emails that impersonate officials from Kyrgyz government agencies. These emails contain malicious RAR archives, which deploy a suite of custom tools, including the FoalShell […]

The post Threat Actors Pose as Government Officials to Attack Organizations with StallionRAT appeared first on Cyber Security News.

AmCache plays a vital role in identifying malicious activities in Windows systems. This tool allows the identification of both benign and malicious software execution on a machine.  Managed by the operating system and virtually tamper-proof, AmCache data endures even when malware auto-deletes itself, making it indispensable in incident response.  AmCache stores SHA-1 hashes of executed […]

The post New AmCache EvilHunter Tool For Detecting Malicious Activities in Windows Systems appeared first on Cyber Security News.

The resurgence of XWorm in mid-2025 marks a significant escalation in malware sophistication. After a lull following the abrupt discontinuation of official support for version 5.6 in late 2024, threat actors unveiled XWorm V6.0 on June 4, 2025. A post on hackforums.net by an account named XCoderTools first announced this release, claiming to patch a […]

The post New XWorm V6 Variant Injects Malicious Code into a Legitimate Windows Program appeared first on Cyber Security News.

An operator known as GhostSocks advertised a novel Malware-as-a-Service (MaaS) on the Russian cybercrime forum XSS.is on October 15, 2023, promising to transform compromised devices into residential SOCKS5 proxies. The service capitalized on the inherent trust placed in residential IP addresses to bypass anti-fraud systems and avoid detection by network defenders. Early promotional posts showcased […]

The post New GhostSocks Malware-as-a-Service Enables Threat Actors to Convert Compromised Devices into Proxies appeared first on Cyber Security News.

In today’s hyperconnected digital environment, organizations face increasing threats to their online presence and reputations. From cyberattacks and phishing campaigns to data breaches and brand impersonation, businesses must actively safeguard their digital footprint. Digital footprint monitoring tools are designed to provide organizations with deep insights into risk exposure across surface web, deep web, and dark […]

The post Top 10 Best Digital Footprint Monitoring Tools For Organizations in 2025 appeared first on Cyber Security News.

Brand protection solutions are essential for enterprises in 2025 as digital commerce continues to grow and online threats evolve more rapidly than ever. With the surge in counterfeit products, trademark infringements, phishing attacks, and reputation risks, enterprises must safeguard their intellectual property and digital assets. Choosing the right brand protection tool not only builds consumer […]

The post Top 10 Best Brand Protection Solutions for Enterprises in 2025 appeared first on Cyber Security News.

Microsoft is updating its security policies to require administrator consent for new third-party applications seeking access to Exchange and Teams content. These “Secure by Default” changes, set to roll out from late October to late November 2025, aim to enhance tenant security by giving administrators greater control over data access. This update is a key […]

The post Microsoft to Launch New Secure Default Settings for Exchange and Teams APIs appeared first on Cyber Security News.