Cyber Security News

CISA has issued an urgent warning regarding two critical vulnerabilities in TeleMessage TM SGNL that threat actors are currently exploiting in active attack campaigns. The vulnerabilities, tracked as CVE-2025-48927 and CVE-2025-48928, pose significant security risks to organizations utilizing this communication platform, with CISA adding both flaws to its Known Exploited Vulnerabilities (KEV) catalog on July […]

The post CISA Warns of TeleMessage TM SGNL Vulnerabilities Exploited in Attacks appeared first on Cyber Security News.

Microsoft has announced significant modifications to its popular Authenticator application, with critical features being discontinued in the coming months.  Starting July 2025, the autofill functionality within Microsoft Authenticator will cease operations, followed by the complete removal of password accessibility features in August 2025.  Key Takeaways1. Automatic credential filling feature will stop working starting July 2025.2. […]

The post Microsoft Authenticator to Discontinue Password Support and Cease Operations by August 2025 appeared first on Cyber Security News.

A sophisticated Remote Access Trojan (RAT) campaign targeting Colombian organizations has emerged, employing advanced evasion techniques to establish persistent remote control over Windows systems. The malware, identified as DCRAT, represents a significant escalation in cyber threats against Latin American entities, utilizing government impersonation tactics to deceive victims into executing malicious payloads. The attack campaign leverages […]

The post DCRAT Attack Windows to Remotely Control, Keylogging, Screen Capture and Steal Personal Files appeared first on Cyber Security News.

Microsoft Intune administrators are facing a critical issue where their carefully configured security baseline policy customizations are being lost during version updates, potentially leaving enterprise environments vulnerable to security gaps.  The Intune Support Team officially acknowledged this known issue on July 1, 2025, affecting organizations that have implemented custom security configurations differing from Microsoft’s recommended […]

The post Microsoft Intune Admins Beware! Your Security Baseline Policy Tweaks are not Saved During Updates appeared first on Cyber Security News.

A sophisticated Chinese threat group identified as Houken has been exploiting multiple zero-day vulnerabilities in Ivanti Cloud Service Appliance (CSA) devices to deploy advanced Linux rootkits and establish persistent access to critical infrastructure networks. The campaign, which began in September 2024, has successfully compromised organizations across governmental, telecommunications, media, finance, and transport sectors in France […]

The post Chinese Houken Hackers Exploiting Ivanti CSA Zero-Days to Deploy Linux Rootkits appeared first on Cyber Security News.

Australia’s flagship carrier, Qantas Airways, has disclosed a significant cybersecurity breach affecting up to 6 million customers, with cybercriminals gaining unauthorized access to a third-party customer service platform used by the airline’s contact centre operations. The incident, detected on Monday and contained shortly thereafter, represents one of the most significant data breaches in Australian aviation […]

The post Qantas Airlines Hit by Cyberattack, Customer Data Compromised appeared first on Cyber Security News.

A significant security flaw has been identified in the popular YONO SBI banking application that could potentially expose millions of users to cybersecurity threats.  The vulnerability, designated as CVE-2025-45080, affects version 1.23.36 of the YONO SBI: Banking & Lifestyle app and stems from insecure network configuration settings that allow unencrypted data transmission. Summary1. CVE-2025-45080 in […]

The post YONO SBI Banking App Vulnerability Let Attackers Execute a Man-in-the-Middle Attack appeared first on Cyber Security News.

As digital security and privacy demands evolve, users and businesses are increasingly seeking VPN alternatives that offer more robust protection, better scalability, and seamless remote access. While traditional VPNs remain popular, their limitations such as latency, complex management, and scalability issues have paved the way for next-generation solutions. This guide explores the 10 best VPN […]

The post 10 Best VPN Alternative Solutions In 2025 appeared first on Cyber Security News.

A sophisticated new ransomware variant identified as DEVMAN has emerged from the DragonForce ransomware-as-a-service ecosystem, targeting both Windows 10 and Windows 11 systems with notable behavioral differences between operating system versions. This hybrid malware represents a concerning evolution in the ransomware landscape, combining the established DragonForce codebase with unique modifications that create distinct operational signatures. […]

The post New DEVMAN Ransomware From DragonForce Attacking Windows 10 and 11 Users appeared first on Cyber Security News.

Malware analysis is a critical skill for cybersecurity professionals, threat hunters, and incident responders. With the growing sophistication of cyber threats, having access to reliable, free malware analysis tools is essential for dissecting, understanding, and mitigating malicious software. This article reviews the 10 best free malware analysis tools in 2025 covering their specifications, features, reasons […]

The post 10 Best Free Malware Analysis Tools To Break Down The Malware Samples – 2025 appeared first on Cyber Security News.

A newly disclosed security advisory from Tenable reveals serious vulnerabilities in the Nessus vulnerability scanner that could enable attackers to compromise Windows systems through privilege escalation attacks.  The security flaws, affecting all Nessus versions prior to 10.8.5, include a critical Windows-specific vulnerability (CVE-2025-36630) that allows unauthorized file overwrites at SYSTEM privilege level, alongside two additional […]

The post Nessus for Windows Vulnerabilities Enables Overwrite of Arbitrary Local System Files appeared first on Cyber Security News.

A sophisticated new variation of cyberattacks emerged in July 2025, exploiting a critical vulnerability in how Chrome and Microsoft Edge handle webpage saving functionality. The attack, dubbed “FileFix 2.0,” bypasses Windows’ Mark of the Web (MOTW) security feature by leveraging legitimate browser saving mechanisms combined with HTML Application (HTA) execution. Key Points1. Saving HTML pages […]

The post FileFix Attack Exploits Windows Browser Features to Bypass Mark-of-the-Web Protection appeared first on Cyber Security News.

The cybersecurity landscape faces a renewed threat as TA829, a sophisticated threat actor group, has emerged with enhanced tactics, techniques, and procedures (TTPs) alongside an upgraded version of the notorious RomCom backdoor. This hybrid cybercriminal-espionage group has demonstrated remarkable adaptability, conducting both financially motivated attacks and state-aligned espionage operations, particularly following the invasion of Ukraine. […]

The post TA829 Hackers Employs New TTPs and Upgraded RomCom Backdoor to Evade Detections appeared first on Cyber Security News.

The notorious North Korean threat group Kimsuky has adopted a sophisticated social engineering tactic known as “ClickFix” to deceive users into executing malicious scripts on their own systems. Originally introduced by Proofpoint researchers in April 2024, this deceptive technique tricks victims into believing they need to troubleshoot browser errors or verify security documents, ultimately leading […]

The post Kimsuky Hackers Using ClickFix Technique to Execute Malicious Scripts on Victim Machines appeared first on Cyber Security News.

The escalating tensions between Iran and Israel have triggered an unprecedented surge in hacktivist cyber operations, with over 80 distinct groups launching coordinated attacks across 18 critical infrastructure sectors. Following Israeli airstrikes on Iranian military and nuclear facilities in June 2025, pro-Iranian and pro-Palestinian hacktivist collectives mobilized almost immediately, targeting Israeli government systems, energy infrastructure, […]

The post Hacktivist Group Claimed Attacks Across 20+ Critical Sectors Following Iran–Israel Conflict appeared first on Cyber Security News.

A sophisticated phishing campaign leveraging the Snake Keylogger malware has emerged, exploiting legitimate Java debugging utilities to bypass security mechanisms and target organizations worldwide. The Russian-originated .NET malware, distributed through a Malware as a Service (MaaS) model, represents a significant evolution in cybercriminal tactics by abusing trusted system components that typically evade detection. The campaign […]

The post Snake Keyloggers Abuse Java Utilities to Evade Security Tools appeared first on Cyber Security News.

Asia is not only a hub of economic and technological growth—it’s also a frontline battlefield for cybersecurity evolution. Across the continent, major cities are combining traditional IT foundations with modern security frameworks to defend against rising digital threats. Whether you’re a CISO traveling for insights or a digital nomad with an Asia data eSIM, staying secure […]

The post 5 Asian Cities Where Cybersecurity Maturity Meets Innovation appeared first on Cyber Security News.

As attack vectors multiply and threat actors become increasingly sophisticated, security teams struggle to keep pace with the volume and complexity of modern cyber threats. SOCs and MSSPs operate in a high-stakes environment where every minute counts.  Main Challenges Of Security Teams  Outdated reactive security approaches often fall short in addressing several critical challenges:   Threat […]

The post Cyber Threat Intelligence: 3 Key Benefits For SOCs And MSSPs  appeared first on Cyber Security News.

Google Chrome for Android is on the verge of a major upgrade that could reshape how users consume online content. The browser is testing a new feature called AI Audio Overviews, which transforms any webpage into a podcast-style audio summary, making information more accessible and engaging for users on the go. Unlike the traditional “Read […]

The post Google Chrome May Soon Turn Webpages Into Podcasts With AI Audio Overviews appeared first on Cyber Security News.

A sophisticated multi-stage malware campaign has been discovered targeting WordPress websites, employing an intricate infection chain that delivers Windows trojans to unsuspecting visitors while maintaining complete invisibility to standard security checks. The malware represents a significant evolution in web-based attack techniques, combining PHP backdoors with advanced evasion mechanisms to establish persistent access to victim systems. […]

The post Stealthy WordPress Malware Deliver Windows Trojan via PHP Backdoor appeared first on Cyber Security News.