Cyber Security News

Security teams drown in alerts but starve for insight. Blocklists catch the obvious. SIEM correlation gives clues. But only context reveals what an alert really means, and what you should do about it.  Every SOC sees thousands of signals: odd domains, masquerading binaries, strange persistence artifacts. On their own, these indicators mean almost nothing. A suspicious […]

The post Beat Threats with Context: 5 Actionable Tactics for SOC Analysts  appeared first on Cyber Security News.

XLoader remains one of the most challenging malware families confronting cybersecurity researchers. This sophisticated information-stealing loader emerged in 2020 as a rebrand of FormBook and has evolved into an increasingly complex threat. The malware’s code decrypts only at runtime and sits protected behind multiple encryption layers, each locked with different keys hidden throughout the binary. […]

The post XLoader Malware Analyzed Using ChatGPT’s, Breaks RC4 Encryption Layers in Hours appeared first on Cyber Security News.

The Tycoon 2FA phishing kit has emerged as one of the most sophisticated Phishing-as-a-Service platforms since its debut in August 2023, specifically engineered to circumvent two-factor authentication and multi-factor authentication protections on Microsoft 365 and Gmail accounts. This advanced threat employs an Adversary-in-the-Middle approach, utilizing reverse proxy servers to host convincing phishing pages that perfectly […]

The post Attack Techniques of Tycoon 2FA Phishing Kit Targeting Microsoft 365 and Gmail Accounts Detailed appeared first on Cyber Security News.

A sophisticated evolution of the RondoDox botnet has emerged with a staggering 650% increase in exploitation capabilities, marking a significant escalation in the threat landscape for both enterprise and IoT infrastructure. First documented by FortiGuard Labs in September 2024, the original RondoDox variant focused narrowly on DVR systems with just two exploit vectors. The newly […]

The post RondoDox Botnet Updated Their Arsenal with 650% More Exploits Targeting Enterprises appeared first on Cyber Security News.

A sophisticated remote access trojan named SleepyDuck has infiltrated the Open VSX IDE extension marketplace, targeting developers using code editors like Cursor and Windsurf. The malware disguised itself as a legitimate Solidity extension under the identifier juan-bianco.solidity-vlang, exploiting name squatting techniques to deceive unsuspecting users. Initially published on October 31st as version 0.0.7, the extension […]

The post New ‘SleepyDuck’ Malware in Open VSX Marketplace Allow Attackers to Control Windows Systems Remotely appeared first on Cyber Security News.

A critical remote code execution (RCE) vulnerability tracked as CVE-2025-11953 in the @react-native-community/cli NPM package. With nearly 2 million weekly downloads, this package powers the command-line interface for React Native, a JavaScript framework beloved by developers building cross-platform mobile apps. The vulnerability, scored at CVSS 9.8 for its network accessibility, low complexity, and potential for […]

The post Critical RCE Vulnerability in Popular React Native NPM Package Exposes Developers to Attacks appeared first on Cyber Security News.

Delaware, United States, November 4th, 2025, CyberNewsWire Brinker, the narrative intelligence company dedicated to combating disinformation and influence campaigns, announced today that Bob Flores, former Chief Technology Officer of the U.S. Central Intelligence Agency, has joined its advisory board. His appointment strengthens Brinker’s mission to transform the fight against disinformation, moving from detection to real-time, […]

The post Bob Flores, Former CTO of the CIA, Joins Brinker appeared first on Cyber Security News.

Critical vulnerabilities in Microsoft Teams, a platform central to workplace communication for over 320 million users worldwide, enable attackers to impersonate executives and tamper with messages undetected. These vulnerabilities, now patched by Microsoft, allowed both external guests and insiders to spoof identities in chats, notifications, and calls, potentially leading to fraud, malware distribution, and misinformation. […]

The post Hackers Can Exploit Microsoft Teams Vulnerabilities to Manipulate Messages and Alter Notifications appeared first on Cyber Security News.

Hackers have successfully stolen more than $100 million by exploiting a critical vulnerability in the Balancer protocol. Balancer, a leading DeFi platform known for its automated market-making pools, confirmed that only its V2 Composable Stable Pools were affected by the exploit. The remainder of its pools, including Balancer V3 and other older pools, remain untouched […]

The post Hackers Stolen Over $100 Million by Exploiting Balancer DeFi Protocol appeared first on Cyber Security News.

Baltimore, USA, November 4th, 2025, CyberNewsWire The new 2025 Insider Risk Report, produced by Cybersecurity Insiders in collaboration with Cogility, highlights that nearly all security leaders (93%) say insider threats are as difficult or harder to detect than external cyberattacks. Yet only 23% express strong confidence in stopping them before serious damage occurs. The report […]

The post 2025 Insider Risk Report Finds Most Organizations Struggle to Detect and Predict Insider Risks appeared first on Cyber Security News.

Microsoft is implementing a significant security enhancement to its Authenticator app, introducing automatic detection of jailbroken and rooted devices for Microsoft Entra credentials. Beginning in February 2026, the company will automatically delete all Microsoft Entra credentials stored on jailbroken iOS devices and rooted Android devices to prevent unauthorized access and strengthen the organization’s security posture. […]

The post Microsoft Entra Credentials in the Authenticator App on Jail-Broken Devices to be Wiped Out appeared first on Cyber Security News.

A sophisticated new backdoor named SesameOp has emerged with a novel approach to command-and-control communications that fundamentally challenges traditional security assumptions. Discovered in July 2025 by Microsoft’s Incident Response and Detection and Response Team, this malware represents a significant shift in how threat actors exploit legitimate cloud services for covert operations. Rather than relying on […]

The post SesameOp Leveraging OpenAI Assistants API for Stealthy Communication with C2 Servers appeared first on Cyber Security News.

Zscaler, a leading cloud security company, has announced the acquisition of SPLX, an innovative AI security firm, to enhance its Zero Trust Exchange platform with advanced artificial intelligence protection capabilities. The acquisition aims to help organizations secure their AI investments throughout the entire development and deployment lifecycle. The integration of SPLX’s technology into Zscaler’s platform […]

The post Zscaler Acquires Enterprise AI Security Firm SPLX to Boost Zero Trust Exchange appeared first on Cyber Security News.

Cybercriminals have shifted their focus to a highly profitable target: the trucking and logistics industry. Over the past several months, a coordinated threat cluster has been actively compromising freight companies through deliberate attack chains designed to facilitate multi-million-dollar cargo theft operations. The emergence of this campaign represents a disturbing intersection of physical crime and digital […]

The post Threat Actors Leverage RMM Tools to Hack Trucking Companies and Steal Cargo Freight appeared first on Cyber Security News.

A critical remote code execution vulnerability affecting XWiki’s SolrSearch component has become the target of widespread exploitation attempts, prompting cybersecurity authorities to add it to their watchlist. The flaw allows attackers with minimal guest privileges to execute arbitrary commands on vulnerable systems, posing a significant security risk to organizations using this open-source enterprise wiki platform. […]

The post Hackers Actively Scanning Internet to Exploit XWiki Remote Code Execution Vulnerability appeared first on Cyber Security News.

Google has issued a critical security alert for Android devices, highlighting a severe zero-click vulnerability in the system’s core components that could allow attackers to execute malicious code remotely without any user interaction. Disclosed in the November 2025 Android Security Bulletin, this flaw affects multiple versions of the Android Open Source Project (AOSP) and underscores […]

The post Critical Android 0-Click Vulnerability in System Component Allows Remote Code Execution Attacks appeared first on Cyber Security News.

An ongoing malicious advertising campaign is weaponizing legitimate software downloads to deploy OysterLoader malware, previously identified as Broomstick and CleanUpLoader. This sophisticated initial access tool enables cybercriminals to establish footholds in corporate networks, ultimately serving as a delivery mechanism for the notorious Rhysida ransomware gang. The Rhysida ransomware operation has targeted enterprises since emerging from […]

The post Weaponized Putty and Teams Ads Deliver Malware Allowing Hackers to Access Network appeared first on Cyber Security News.

AMD has disclosed a critical vulnerability affecting its Zen 5 processor lineup that compromises the reliability of random number generation, a fundamental security feature in modern computing. The flaw, tracked as CVE-2025-62626, impacts the RDSEED instruction used by systems to generate cryptographically secure random numbers essential for encryption, authentication, and other security operations. The vulnerability […]

The post AMD Zen 5 Processors RDSEED Vulnerability Breaks Integrity With Randomness appeared first on Cyber Security News.

The Open VSX Registry and the Eclipse Foundation have completed their investigation into a significant security incident involving exposed developer tokens and malicious extensions. The comprehensive response reveals how the platform is strengthening defenses across the entire VS Code extension ecosystem following the breach. The security incident began when researchers at Wiz identified multiple extension […]

The post Open VSX Registry Addresses Leaked Tokens and Malicious Extensions in Wake of Security Scare appeared first on Cyber Security News.

Cybersecurity researchers and firewall monitoring services have detected a dramatic surge in reconnaissance activity targeting Windows Server Update Services (WSUS) infrastructure. Network sensors collected from security organizations, including data from Shadowserver, show a significant increase in scans directed at TCP ports 8530 and 8531 over the past week. While some scanning activity appears connected to […]

The post Hackers Actively Scanning for TCP Port 8530/8531 Linked to WSUS Vulnerability CVE-2025-59287 appeared first on Cyber Security News.