Cyber Security News

Recent findings indicate that a sophisticated threat actor is actively exploiting multiple outdated FortiWeb appliances to deploy the Sliver Command and Control (C2) framework. This campaign highlights a concerning trend where adversaries leverage open-source offensive tools to maintain persistent access within compromised networks, often bypassing traditional security defenses. The attackers appear to prioritize unpatched edge […]

The post Threat Actor Exploited Multiple FortiWeb Appliances to Deploy Sliver C2 for Persistent Access appeared first on Cyber Security News.

A dangerous new malware called Kimwolf has quietly infected over 2 million devices around the world, forcing them to act as illegal proxy servers without the owners knowing. The botnet has grown at an alarming speed and is currently being used to carry out online fraud, launch powerful cyberattacks, and steal information from millions of […]

The post Kimwolf Botnet Hacked 2 Million Devices and Turned User’s Internet Connection as Proxy Node appeared first on Cyber Security News.

A critical security vulnerability has been discovered in GNU Wget2, a widely used command-line tool for downloading files from the web. `The flaw, tracked as CVE-2025-69194, allows remote attackers to overwrite arbitrary files on a victim’s system, potentially leading to data loss or complete system compromise. The vulnerability stems from improper validation of file paths […]

The post Critical GNU Wget2 Vulnerability Let Remote Attackers to Overwrite Sensitive Files appeared first on Cyber Security News.

Brightspeed, one of America’s leading fiber broadband infrastructure providers, has become the latest victim of a significant cyberattack. The threat group known as Crimson Collective has publicly claimed responsibility for breaching the company’s systems and obtaining sensitive data. Brightspeed operates across 20 states with network infrastructure capable of serving 7.3 million homes and businesses, making […]

The post Threat Group ‘Crimson Collective’ Allegedly Claim Breach of Largest Fiber Broadband Brightspeed appeared first on Cyber Security News.

A critical security advisory addressing multiple vulnerabilities discovered in the Eaton UPS Companion (EUC) software. These security flaws, if exploited, could allow attackers to execute arbitrary code on the host system, potentially giving them complete control over affected devices. The advisory, identified as ETN-VA-2025-1026, highlights two specific vulnerabilities affecting all versions of the Eaton UPS Companion […]

The post Eaton Vulnerabilities Let Attackers Execute Arbitrary Code On the Host System appeared first on Cyber Security News.

A threat actor operating under the identifier 1011 has publicly claimed to have obtained and leaked sensitive data from NordVPN’s development infrastructure on a dark web forum. The breach reportedly exposes over ten database source codes, along with critical authentication credentials that could pose significant risks to the VPN provider’s operational security. The attacker alleges […]

The post Threat Actor Allegedly Claim Leak of NordVPN Salesforce Database with Source Codes appeared first on Cyber Security News.

GHOSTCREW emerges as a game-changing open-source toolkit for red teamers and penetration testers. This AI-powered assistant leverages large language models, integrates the MCP protocol, and supports the optional RAG architecture to orchestrate security tools via natural-language prompts.​ Developed by GH05TCREW, the project has garnered over 450 stars on GitHub, signaling strong interest in the infosec […]

The post GHOSTCREW – AI-based Red Team Toolkit for Penetration Testing Invoking Metasploit, Nmap and Other Tools appeared first on Cyber Security News.

QNAP has patched multiple security vulnerabilities in its License Center application that could allow attackers to access sensitive information or disrupt services on affected NAS devices. The issues, tracked as CVE-2025-52871 and CVE-2025-53597, were disclosed on January 3, 2026. QNAP rated the flaws as Moderate severity and confirmed that the issues have been resolved in the latest releases. The vulnerabilities affect License Center 2.0.x, a component used to […]

The post Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret Data appeared first on Cyber Security News.

Resecurity deploys synthetic data honeypots to outsmart threat actors, turning reconnaissance into actionable intelligence. A recent operation not only trapped an Egyptian-linked hacker but also duped the ShinyHunters group into false breach claims.​ Resecurity has refined deception technologies for counterintelligence, mimicking enterprise environments to lure threat actors into controlled traps. These build on traditional honeypots, […]

The post Hackers Trapped in Resecurity’s Honeypot During Targeted Attack on Employee Network appeared first on Cyber Security News.

A dangerous cybercrime feedback loop has emerged where stolen credentials from infostealer malware enable attackers to hijack legitimate business websites and turn them into malware distribution platforms. Recent research by the Hudson Rock Threat Intelligence Team reveals this self-sustaining cycle transforms victims into unwitting accomplices. The ClickFix Attack Method Cybercriminals use a sophisticated social engineering […]

The post Infostealers Enable Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting appeared first on Cyber Security News.

Finnish authorities have detained all 14 crew members of a cargo vessel suspected of deliberately damaging an undersea telecommunications cable connecting Helsinki to Estonia. The ship, named Fitburg, was sailing from St. Petersburg, Russia, to Haifa, Israel, under a St. Vincent and the Grenadines flag when the incident occurred. The crew, comprising Russian, Georgian, Kazakh, […]

The post Finland Arrests Two Cargo Ship Crew Members Over Undersea Cable Damage appeared first on Cyber Security News.

The cybersecurity landscape is witnessing a rise in sophisticated malware that leverages legitimate tools to mask malicious intent. A prime example is VVS Stealer (also styled VVS $tealer). This Python-based malware family has been actively marketed on Telegram since April 2025. This threat targets Discord users explicitly to exfiltrate sensitive credentials, tokens, and browser data. […]

The post VVS Stealer Uses PyArmor Obfuscation to Evade Static Analysis and Signature Detection appeared first on Cyber Security News.

Over 10,000 Fortinet firewalls worldwide remain vulnerable to CVE-2020-12812, a multi-factor authentication (MFA) bypass flaw disclosed over five and a half years ago. Shadowserver recently added the issue to its daily Vulnerable HTTP Report, highlighting persistent exposure amid active exploitation confirmed by Fortinet in late 2025.​ CVE-2020-12812 stems from improper authentication in FortiOS SSL VPN […]

The post 10,000+ Fortinet Firewalls Still Exposed to 5-year Old MFA Bypass Vulnerability appeared first on Cyber Security News.

In December 2025, the Iranian-linked hacking group Handala claimed to have fully compromised the mobile devices of two prominent Israeli political figures. However, detailed analysis by Kela cyber intelligence researchers revealed a more limited scope—the breaches targeted Telegram accounts specifically, not complete device access. The group claimed to have breached former Prime Minister Naftali Bennett’s […]

The post Handala Hackers Targeted Israeli Officials by Compromising Telegram Accounts appeared first on Cyber Security News.

Hackers have launched a sophisticated phishing campaign exploiting Google Tasks notifications to target over 3,000 organizations worldwide, primarily in the manufacturing sector. The December 2025 attacks signal a dangerous shift in email-based threats, in which attackers abuse legitimate Google infrastructure rather than spoofing domains or forging email headers. The phishing emails originated from a legitimate […]

The post Hackers Abusing Google Tasks Notification for Sophisticated Phishing Attack appeared first on Cyber Security News.

A sophisticated threat group has intensified its campaign against organizations by leveraging the latest vulnerabilities in web applications and Internet of Things (IoT) devices. The RondoDoX botnet, tracked through exposed command-and-control logs spanning nine months from March to December 2025, demonstrates a relentless approach to compromising enterprise infrastructure. The malware operates through a multi-stage infection […]

The post RondoDoX Botnet Weaponizing a Critical React2Shell Vulnerability to Deploy Malware appeared first on Cyber Security News.

A sophisticated phishing campaign is currently circulating within the Cardano community, posing significant risks to users seeking to download the newly announced Eternl Desktop application. The attack leverages a professionally crafted email claiming to promote a legitimate wallet solution designed for secure Cardano token staking and governance participation. The fraudulent announcement references ecosystem-specific incentives, including […]

The post Potential Wallet Phishing Campaign Targets Cardano Users via ‘Eternl Desktop’ Announcement appeared first on Cyber Security News.

Cybersecurity researchers have identified a new variant of the Shai Hulud malware that reveals important insights into how threat actors are evolving their attack strategies. The malware, first observed in recent security analysis, demonstrates significant changes from its original version, suggesting deliberate improvements made by individuals with deep access to the worm’s source code. This […]

The post Threat Actors Testing Modified and Highly Obfuscated Version of Shai Hulud Strain appeared first on Cyber Security News.

Cognizant Technology Solutions is facing multiple class-action lawsuits following a significant data breach at TriZetto Provider Solutions (TPS), its healthcare claims processing subsidiary. The lawsuits, filed in federal courts in New Jersey and Missouri, allege that the company failed to protect sensitive personal information and delayed disclosing the security incident. According to court filings, hackers […]

The post Cognizant Hit With Multiple US Class-Action Lawsuits Following TriZetto Data Breach appeared first on Cyber Security News.

A critical security advisory warned of severe vulnerabilities in WHILL electric wheelchairs that could allow attackers to hijack the devices via Bluetooth remotely. The alert affects two popular models used worldwide: the WHILL Model C2 Electric Wheelchair and Model F Power Chair, both manufactured by Japan-based WHILL Inc. Security researchers from QED Secure Solutions discovered […]

The post CISA Warns of WHILL Model C2 Wheelchairs Vulnerability Let Attackers Take Control of Product appeared first on Cyber Security News.