Cyber Security News

Microsoft has patched a significant use-after-free vulnerability in its Brokering File System (BFS) driver, tracked as CVE-2025-29970. The flaw enables local attackers to escalate privileges on Windows systems running isolated or sandboxed applications, making it a notable concern for enterprise security. The vulnerability exists in bfs.sys, a minifilter driver developed alongside Windows AppContainer and AppSilo, […]

The post Microsoft Brokering File System Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

Nissan Motor Corporation has publicly confirmed a significant data breach stemming from unauthorized access to Red Hat servers. Managed by a third-party contractor responsible for developing a customer management system. The incident exposed personal information for approximately 21,000 Nissan Fukuoka Sales Co., Ltd. customers. Red Hat, the contracted service provider, detected the unauthorized server access […]

The post Nissan Confirms Data Breach Following Unauthorized Access to Red Hat Servers appeared first on Cyber Security News.

The campaign is run by the SideWinder advanced persistent threat group and aims to plant a silent Windows backdoor on victim machines. Once active, the malware can steal files, capture data and give remote control to the attacker. Each attack starts with a tax-themed email that urges the victim to review an inspection document. The […]

The post SideWinder APT Hackers Attacking Indian Entities by Masquerading as the Income Tax Department of India appeared first on Cyber Security News.

A significant security vulnerability has emerged affecting motherboards from Gigabyte, MSI, ASRock, and ASUS. Riot Games analysts and researchers identified a critical flaw during their ongoing investigation into gaming system security. The vulnerability, termed “Sleeping Bouncer,” exploits a weakness in the pre-boot protection mechanisms that are supposed to safeguard computer hardware during system initialization. The […]

The post Sleeping Bouncer Vulnerability Impacts Motherboards from Gigabyte, MSI, ASRock and ASUS appeared first on Cyber Security News.

Docker has announced a significant shift in its container security strategy, making its Docker Hardened Images (DHI) freely available to all developers. Previously a commercial-only offering, DHI provides a set of secure, minimal, and production-ready container images. By releasing these under an Apache 2.0 license, Docker aims to combat the rising tide of software supply chain attacks, which […]

The post Docker Open Sources Production-Ready Hardened Images for Free appeared first on Cyber Security News.

The threat actor group known as Arcane Werewolf, also tracked as Mythic Likho, has refreshed its attack capabilities by deploying a new version of its custom malware called Loki 2.1. During October and November 2025, researchers observed this group launching campaigns specifically targeting Russian manufacturing companies. The group continues to refine its tactics, showing a […]

The post Arcane Werewolf Hacker Group Added Loki 2.1 Malware Toolkit to their Arsenal appeared first on Cyber Security News.

A sophisticated new Android malware family called Wonderland has emerged as a significant threat to users in Uzbekistan and the broader Central Asia region. The malware, which specializes in stealing SMS messages and intercepting one-time passwords, represents a major escalation in mobile threats targeting financial systems. First discovered in October 2025, this advanced stealer demonstrates […]

The post New Wonderland Android Malware with Bidirectional SMS-Stealing Capabilities Stealing OTPs appeared first on Cyber Security News.

Cybercriminals are increasingly weaponizing legitimate Microsoft infrastructure to bypass security filters and trick users into falling for Telephone-Oriented Attack Delivery (TOAD) scams. By abusing the default .onmicrosoft.com When domains are assigned to Azure tenants, attackers send malicious invites that appear to originate from trusted Microsoft addresses. The attack vector is deceptively simple yet highly effective. […]

The post Hackers Exploiting .onmicrosoft.com Domains to Launch TOAD Scam Attack appeared first on Cyber Security News.

A newly discovered attack technique has exposed a critical weakness in artificial intelligence code assistants by weaponizing their built-in safety features. The attack, known as Lies-in-the-Loop, manipulates the trust users place in approval dialogs that are designed to prevent harmful operations from running without explicit permission. The vulnerability targets Human-in-the-Loop controls, which act as a […]

The post Lies-in-the-Loop Attack Turns AI Safety Dialogs into Remote Code Execution Attack appeared first on Cyber Security News.

Security researchers at the National Institute of Standards and Technology (NIST) have uncovered critical security flaws in the Exim mail server. That could allow remote attackers to take complete control of vulnerable systems. The vulnerabilities affect Exim version 4.99 when configured with SQLite hints database support, exposing thousands of mail servers to potential compromise. Two […]

The post Multiple Exim Server Vulnerabilities Let Attackers Seize Control of the Server appeared first on Cyber Security News.

Threat actors are now targeting Microsoft 365 accounts using a growing attack method known as OAuth device code phishing. This technique takes advantage of the OAuth 2.0 device authorization flow, a legitimate Microsoft feature designed for devices with limited input options. Attackers trick users into entering codes on authentic Microsoft login pages, which grants them […]

The post Hackers Using Phishing Tools to Access M365 Accounts via OAuth Device Code appeared first on Cyber Security News.

The Shadowserver Foundation identified approximately 125,000 WatchGuard Firebox firewall devices worldwide at risk due to a critical vulnerability actively exploited. The flaw, tracked as CVE-2025-14733, enables unauthenticated remote attackers to execute arbitrary code on unpatched devices with minimal effort.​ The vulnerability stems from an out-of-bounds write flaw in the WatchGuard Fireware OS IKEv2 VPN key […]

The post 125,000 IPs WatchGuard Firebox Devices Exposed to Internet Vulnerable to 0-day RCE Attacks appeared first on Cyber Security News.

Microsoft is set to enhance the security integration between Microsoft Teams and Microsoft Defender for Office 365 with a new feature rolling out next month. According to a new notification in the Microsoft 365 Message Center (MC1200058), security administrators will soon be able to manage blocked external users in Teams directly through the Tenant Allow/Block […]

The post Now Admins Can Block External Users in Microsoft Teams From Defender Portal appeared first on Cyber Security News.

Cyber criminals are changing their tactics by recruiting insiders within organizations instead of relying on traditional attack methods like brute force or social engineering. Recent findings show that employees in banks, telecom companies, and technology firms are being approached through darknet forums to sell access to corporate networks, user devices, and cloud systems. The payouts […]

The post Threat Actors are Hiring Insiders in Banks, Telecoms, and Tech from $3,000 to $15,000 for Access or Data appeared first on Cyber Security News.

A new and ominous player has emerged in the rapidly expanding landscape of “Shadow AI.” Researchers at Resecurity have identified DIG AI, an uncensored artificial intelligence tool hosted on the darknet that is empowering threat actors to automate cyberattacks, generate illicit content, and bypass the safety guardrails of traditional AI models. First detected on September […]

The post DIG AI – Darknet AI Tool Enabling Threat Actors to Launch Sophisticated Attacks appeared first on Cyber Security News.

The U.S. Department of Justice (DOJ) has charged 54 individuals in a sweeping crackdown on a transnational cyber-physical attack network. The indictments, announced by U.S. Attorney Lesley A. Woods, allege a massive conspiracy involving “ATM jackpotting” to fund Tren de Aragua (TdA), a designated Foreign Terrorist Organization. The coordinated operation targeted a sophisticated criminal ring […]

The post U.S. DOJ Charged 54 in Connection With ATM Hacking Attack by Deploying Ploutus Malware appeared first on Cyber Security News.

In a week that revealed the flaws in digital trust, cybersecurity headlines were filled with high-profile breaches, zero-day exploits, and bold nation-state espionage. Attackers claimed to have swiped usernames, emails, and encrypted passwords from over 1.2 million accounts, underscoring the persistent risks of adult platforms as lucrative targets for credential stuffing and phishing campaigns. As […]

The post Cybersecurity Weekly Recap – PornHub Breach, Cisco 0-Day, Amazon Detains DPRK IT Worker, and more appeared first on Cyber Security News.

Security researchers have identified at least 120 Cisco Secure Email Gateway and Cisco Secure Email and Web Manager devices vulnerable to a critical zero-day flaw that attackers are actively exploiting in the wild. The vulnerability, tracked as CVE-2025-20393, currently has no available patch, leaving organizations exposed to potential compromise. According to threat intelligence from Shadowserver […]

The post 100+ Cisco Secure Email Devices Exposed to Zero‑Day Exploited in the Wild appeared first on Cyber Security News.

GitHub has announced the general availability of Claude Opus 4.5, Anthropic’s advanced AI model, across its Copilot platform. This integration enhances AI capabilities for developers using GitHub’s code assistance tools. The Claude Opus 4.5 model is now accessible to users with Copilot Enterprise, Copilot Business, Copilot Pro, and Copilot Pro+ subscriptions. Developers can leverage this […]

The post Claude Opus 4.5 Now Integrated with GitHub Copilot appeared first on Cyber Security News.

Microsoft has begun deploying Baseline Security Mode across Microsoft 365 tenants, a new dashboard in the M365 Admin Center that centralizes recommended security configurations for Office, SharePoint, Exchange, Teams, and Entra. Announced at Ignite 2025, this opt-in feature helps administrators quickly assess vulnerabilities, run impact reports, and apply risk-based hardening without immediate user disruptions. As […]

The post Microsoft Rolls Out Baseline Security Mode for Office, SharePoint, Exchange, Teams, and Entra appeared first on Cyber Security News.