Cyber Security News

An open-source scanning tool has been released to identify SharePoint servers vulnerable to the critical zero-day exploit CVE-2025-53770.  The newly published scanner, available on GitHub, enables organizations to rapidly assess their SharePoint infrastructure for this unauthenticated Remote Code Execution vulnerability that has been actively exploited in the wild.  Key Takeaways1. Open-source tool detects SharePoint servers […]

The post New Scanner Released to Detect SharePoint Servers Vulnerable to 0-Day Attack appeared first on Cyber Security News.

Multiple security vulnerabilities affecting Sophos firewall products, with two enabling pre-authentication remote code execution that could allow attackers to compromise systems without valid credentials.  The vulnerabilities, tracked as CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, and CVE-2024-13973, impact various configurations of Sophos Firewall versions 21.5 GA and older, with automatic hotfixes already deployed to address the most severe […]

The post Critical Sophos Firewall Vulnerabilities Enables pre-auth Remote Code Execution appeared first on Cyber Security News.

Cisco Systems has issued a critical security advisory warning of multiple remote code execution vulnerabilities in its Identity Services Engine (ISE) that are being actively exploited by attackers in the wild. The vulnerabilities, carrying the maximum CVSS severity score of 10.0, allow unauthenticated remote attackers to execute arbitrary commands with root privileges on affected systems. […]

The post Cisco Warns of Identity Services Engine RCE Vulnerability Exploited in the Wild appeared first on Cyber Security News.

The UK Government has imposed sanctions on Russian military intelligence units and 18 individuals following the exposure of a sophisticated cyber espionage campaign targeting Microsoft cloud services.  The National Cyber Security Centre (NCSC) revealed that the Russian Advanced Persistent Threat group APT 28 deployed previously unknown malware called AUTHENTIC ANTICS to steal login credentials and […]

The post UK Sanctions Russian APT 28 Hackers for Attacking Microsoft Cloud Service Login Details appeared first on Cyber Security News.

A sophisticated new ransomware threat has emerged from the cybercriminal underground, targeting organizations across multiple operating systems with advanced cross-platform capabilities. In June 2025, a ransomware actor operating under the alias “Dollar Dollar Dollar” introduced GLOBAL GROUP on the Ramp4u cybercrime forum, marketing it as a cutting-edge Ransomware-as-a-Service (RaaS) platform. The group promised affiliates scalable […]

The post GLOBAL GROUP’s Golang Ransomware Attacks Windows, Linux, and macOS Environments appeared first on Cyber Security News.

Wireshark Foundation has announced the availability of Wireshark 4.4.8, the latest maintenance release of the world’s most widely used network-protocol analyzer. Although the update does not introduce brand-new protocols, it delivers a focused package of stability improvements, expanded dissector capabilities, and quality-of-life fixes that will be immediately valuable to network engineers, security analysts, and developers. […]

The post Wireshark 4.4.8 Released With Bug Fixes and Updated Protocol Support appeared first on Cyber Security News.

Christian Dior Couture, the luxury fashion house owned by Louis Vuitton, has begun notifying customers of a major cybersecurity incident that exposed sensitive personal information of clients.  The breach, discovered in May 2025, involved unauthorized access to customer databases containing personal data including names, addresses, dates of birth, and in some cases, Social Security numbers. […]

The post Dior, a Louis Vuitton Brand, Alerts Customers Following Cyber Attack appeared first on Cyber Security News.

Thousands of organizations worldwide face active cyberattacks targeting Microsoft SharePoint servers through two critical vulnerabilities, prompting urgent government warnings and emergency patches. Microsoft confirmed over the weekend that threat actors are actively exploiting two zero-day vulnerabilities in on-premises SharePoint servers, designated CVE-2025-53770 and CVE-2025-53771. The attacks, dubbed “ToolShell” by security researchers, have compromised dozens of […]

The post Microsoft Releases Mitigations and Threat Hunting Queries for SharePoint Zero-Day appeared first on Cyber Security News.

A financially motivated threat group dubbed Greedy Sponge has been systematically targeting Mexican financial institutions and organizations since 2021 with a heavily modified version of the AllaKore remote access trojan (RAT). The campaign represents a sophisticated evolution of cybercriminal tactics, combining traditional social engineering with advanced technical capabilities designed specifically for financial fraud operations. The […]

The post Greedy Sponge Hackers Attacking Financial Institutions With Modified Version of AllaKore RAT appeared first on Cyber Security News.

A sophisticated new phishing campaign has emerged, delivering the DeerStealer malware through weaponized .LNK shortcut files that exploit legitimate Windows binaries in a technique known as “Living off the Land” (LOLBin). The malware masquerades as a legitimate PDF document named “Report.lnk” while covertly executing a complex multi-stage attack chain that leverages mshta.exe, a legitimate Microsoft […]

The post DeerStealer Malware Delivered Via Weaponized .LNK Using LOLBin Tools appeared first on Cyber Security News.

A sophisticated supply chain attack has compromised several widely-used npm packages, including eslint-config-prettier and eslint-plugin-prettier, after threat actors successfully stole maintainer authentication tokens through a targeted phishing campaign. The attack leveraged a typosquatted domain, npnjs.com, designed to mimic the legitimate npmjs.org site and harvest developer credentials through convincing phishing emails. The malicious campaign represents a […]

The post Threat Actors Hijack Popular npm Packages to Steal The Project Maintainers’ npm Tokens appeared first on Cyber Security News.

A sophisticated phishing campaign has emerged targeting Node.js developers through a meticulously crafted attack that impersonates the official npm package registry. The malicious operation utilizes the typosquatted domain npnjs.com, substituting the letter “m” with “n” to create a nearly identical copy of the legitimate npmjs.com website. This attack demonstrates an alarming evolution in supply chain […]

The post Developers Beware of npm Phishing Email That Steal Your Login Credentials appeared first on Cyber Security News.

FortiGuard Labs has discovered a sophisticated new ransomware strain called NailaoLocker that represents a significant departure from conventional encryption malware. This Windows-targeting threat introduces the first documented use of China’s SM2 cryptographic standard in ransomware operations, marking a notable shift toward region-specific cryptographic implementations in cybercriminal activities. The malware’s name, derived from the Chinese word […]

The post NailaoLocker Ransomware Attacking Windows Systems Using Chinese SM2 Cryptographic Standard appeared first on Cyber Security News.

Cybercriminals have escalated their attack sophistication by utilizing legitimate cloud storage services to distribute advanced malware, as demonstrated in a recent campaign targeting a certified public accounting firm in the United States. The attack, discovered in May 2025, showcases how threat actors are exploiting trusted platforms like Zoho WorkDrive to bypass traditional security measures and […]

The post Threat Actors Leverage Zoho WorkDrive Folder to Deliver Obfuscated PureRAT Malware appeared first on Cyber Security News.

A critical configuration flaw in Microsoft’s AppLocker block list policy has been discovered, revealing how attackers could potentially bypass security restrictions through a subtle versioning error.  The issue centers on an incorrect MaximumFileVersion value that creates an exploitable gap in Microsoft’s application control framework, highlighting the importance of precise security policy implementation in enterprise environments. […]

The post Microsoft’s AppLocker Flaw Allows Malicious Apps to Run and Bypass Restrictions appeared first on Cyber Security News.

A single compromised password brought down KNP Logistics, putting 730 employees out of work and highlighting the devastating impact of cyber attacks on British businesses. One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work. KNP Logistics, a Northamptonshire […]

The post Weak Password Let Ransomware Gang Destroy 158-Year-Old Company appeared first on Cyber Security News.

A surveillance company has been detected exploiting a sophisticated SS7 bypass technique to track mobile phone users’ locations. The attack leverages previously unknown vulnerabilities in the TCAP (Transaction Capabilities Application Part) layer of SS7 networks to circumvent security protections implemented by mobile operators worldwide. Key Takeaways1. Malformed SS7 commands mask the IMSI to enable location […]

The post Surveillance Company Using SS7 Bypass Attack to Track the User’s Location Information appeared first on Cyber Security News.

The notorious Chinese-speaking cyberespionage group APT41 has expanded its operations into new territories, launching sophisticated attacks against government IT services across Africa using advanced Windows administration modules. This represents a significant geographical expansion for the group, which has previously concentrated its efforts on organizations across 42 countries in various sectors including telecommunications, energy, healthcare, and […]

The post APT41 Hackers Leveraging Atexec and WmiExec Windows Modules to Deploy Malware appeared first on Cyber Security News.

Dell Technologies has confirmed a security breach of its Customer Solution Centers platform by the World Leaks extortion group, marking another high-profile attack by the newly rebranded threat actor.  The incident, which occurred earlier this month, targeted Dell’s isolated product demonstration environment used for showcasing solutions to commercial customers.  Key Takeaways1. Dell data breach, synthetic […]

The post Dell Data Breach – Test Lab Platform Hacked by World Leaks Group appeared first on Cyber Security News.

CISA has issued an urgent warning about a critical zero-day remote code execution vulnerability affecting Microsoft SharePoint Server on-premises installations that threat actors are actively exploiting in the wild. The vulnerability, tracked as CVE-2025-53770, poses a significant security risk to organizations running SharePoint infrastructure and has prompted immediate action requirements from federal agencies, as well […]

The post CISA Warns of Microsoft SharePoint Server 0-Day RCE Vulnerability Exploited in Wild appeared first on Cyber Security News.