Aggregator

You must login to view this content

A threat actor known as “skart7” is allegedly offering a zero-day Local Privilege Escalation (LPE) exploit targeting Apple’s macOS operating system for sale on a prominent hacker forum.  This development represents a significant security concern for macOS users, particularly those in enterprise environments and high-value target organizations. Key Takeaways1. Threat actor "skart7" allegedly selling macOS […]

The post Threat Actors Allegedly Selling macOS 0-day LPE Exploit on Hacker Forums appeared first on Cyber Security News.

You must login to view this content

You must login to view this content

You must login to view this content

You must login to view this content

You must login to view this content

You must login to view this content

The breach of Tehran-based security contractor Amnban has ripped the cover off a multi-year espionage program that quietly burrowed into airline reservation systems across Africa, Europe, and the Middle East. Internal documents and screen-captured videos obtained by investigatory journalist Nariman Gharib reveal methodical reconnaissance of Royal Jordanian, Turkish Airlines, Wizz Air, Qatar Airways and more, […]

The post Iran’s Cyber Actors Attacking Global Airlines to Exfiltrate Sensitive Data appeared first on Cyber Security News.

You must login to view this content

You must login to view this content

Apache Jena has disclosed two significant security vulnerabilities affecting versions through 5.4.0, prompting an immediate upgrade recommendation to version 5.5.0.  Both CVE-2025-49656 and CVE-2025-50151, announced on July 21, 2025, represent important severity flaws that exploit administrative access to compromise server file system integrity.  Key Takeaways1. Apache Jena through v5.4.0 has two vulnerabilities (CVE-2025-49656, CVE-2025-50151).2. Exploit […]

The post Apache Jena Vulnerability Leads to Arbitrary File Access or Manipulation appeared first on Cyber Security News.

The threat actor group LARVA-208, notorious for phishing attacks and social engineering against English-speaking IT staff, has pivoted to targeting Web3 developers. Employing spearphishing links (T1566.002), the group lures victims with fabricated job offers or portfolio review requests, directing them to counterfeit AI workspace platforms. These deceptive sites, such as the domain norlax.ai (T1583.001), mimic […]

The post New Web3 Phishing Scam Uses Fake AI Platforms to Steal Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The UK government has announced comprehensive measures to tackle ransomware attacks, with public sector organizations and critical national infrastructure operators facing an outright ban on paying ransom demands to cyber criminals.  This landmark decision, supported by nearly three-quarters of consultation respondents, represents a strategic shift toward disrupting the lucrative business model that drives Advanced Persistent […]

The post UK Confirms Ban of Ransomware Payments to Public and Critical National Infrastructure Sectors appeared first on Cyber Security News.

Private companies would also have to report to the government if they plan to pay off cybercriminals.

The post UK moves to ban public sector organizations from making ransom payments appeared first on CyberScoop.