Cyber Security News

Proxmox Virtual Environment has become a popular choice for organizations building private cloud infrastructure and virtual machine management systems. However, a new analysis reveals significant security gaps in how the hypervisor can be exploited once an attacker gains initial access to the system. The research exposes a range of attack vectors that allow adversaries to […]

The post LOLPROX Exposes Hidden Exploitation Paths that Can Enable Stealthy Hypervisor Attacks appeared first on Cyber Security News.

The developer tools used by millions of programmers worldwide have become a prime target for attackers seeking to compromise entire organizations. Visual Studio Code and AI-powered IDEs like Cursor AI, when combined with their extension marketplaces, present a critical vulnerability in the software supply chain. Unlike regular users, developers hold access to sensitive credentials, source […]

The post Hackers Compromising Developers with Malicious VS Code, Cursor AI Extensions appeared first on Cyber Security News.

Critical security alerts have been issued for Firebox firewall devices due to serious ten vulnerabilities. The vulnerabilities in WatchGuard, disclosed on December 4, 2025, span multiple severity levels and attack vectors. With several requiring urgent patching to prevent unauthorized code execution and information disclosure. The most critical vulnerabilities enable authenticated attackers to execute arbitrary code […]

The post Critical WatchGuard Firebox Vulnerabilities Let Attackers Bypass Integrity Checks and Inject Malicious Codes appeared first on Cyber Security News.

This week’s cybersecurity landscape featured a record-breaking 29.7 Tbps DDoS attack on a financial institution, leveraging IoT botnets and UDP floods that overwhelmed European networks until mitigated via BGP blackholing by Cloudflare and Akamai, highlighting the need for 5G device segmentation. Google released Chrome 143, patching 12 high-severity flaws, including three actively exploited zero-days (CVE-2025-1234, […]

The post Cybersecurity News Weekly Newsletter – 29.7 Tbps DDoS Attack, Chrome 143, React2Shell Vulnerabilities, and Cloudflare Outage appeared first on Cyber Security News.

LockBit 5.0 key infrastructure exposed, revealing the IP address 205.185.116.233, and the domain karma0.xyz is hosting the ransomware group’s latest leak site. According to researcher Rakesh Krishnan, hosted under AS53667 (PONYNET, operated by FranTech Solutions), a network frequently abused for illicit activities, the server displays a DDoS protection page branded with “LOCKBITS.5.0,” confirming its role […]

The post LockBit 5.0 Infrastructure Exposed in New Server, IP, and Domain Leak appeared first on Cyber Security News.

In an escalating campaign targeting remote access infrastructure, threat actors have initiated active exploitation attempts against Palo Alto Networks’ GlobalProtect VPN portals. GrayNoise tracking activity report scans and exploitation efforts originating from more than 7,000 unique IP addresses worldwide, raising alarms for organizations relying on the popular VPN solution for secure remote work. The attacks, […]

The post Hackers Launch Widespread Attacks on Palo Alto GlobalProtect Portals from 7,000+ IPs appeared first on Cyber Security News.

A dangerous new Android banking malware named FvncBot was first observed on November 25, 2025. This malicious tool is designed to steal sensitive financial information by logging keystrokes, recording screens, and injecting fake login pages into banking apps. The malware initially spreads through a fake application disguised as a security tool for mBank, a popular Polish bank. The […]

The post New FvncBot Android Banking Attacking Users to Log Keystrokes and Inject Malicious Payloads appeared first on Cyber Security News.

A critical vulnerability class dubbed “PromptPwnd,” affects AI agents integrated into GitHub Actions and GitLab CI/CD pipelines. This flaw allows attackers to inject malicious prompts via untrusted user inputs like issue titles or pull request bodies, tricking AI models into executing privileged commands that leak secrets or alter workflows. At least five Fortune 500 companies […]

The post Researchers Hack Google’s Gemini CLI Through Prompt Injections in GitHub Actions appeared first on Cyber Security News.

A critical unauthenticated remote code execution vulnerability dubbed “React2Shell” is actively being exploited in the wild, putting millions of web services at risk. On December 3, React disclosed CVE-2025-55182, a critical flaw in React Server Components with a CVSS score of 10. The vulnerability stems from insecure deserialization within the “Flight” protocol used by React […]

The post 2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now appeared first on Cyber Security News.

Security researchers from the SAFA team have uncovered four kernel heap overflow vulnerabilities in Avast Antivirus, all traced to the aswSnx kernel driver. The flaws, now tracked collectively as CVE-2025-13032, could allow a local attacker to escalate privileges to SYSTEM on Windows 11 if successfully exploited. The research focused on Avast’s sandbox implementation, a component […]

The post Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges appeared first on Cyber Security News.

Madison, United States, December 5th, 2025, CyberNewsWire Sprocket Security is proud to announce that it has once again been recognized by G2 for “High Performer,” “Best Support,” and “Easiest to Do Business With” in the Winter 2025 Relationship Index for Penetration Testing. This marks the second consecutive quarter Sprocket has earned these honors, reinforcing the […]

The post Sprocket Security Earns Repeat Recognition in G2’s Winter 2025 Relationship Index for Penetration Testing appeared first on Cyber Security News.

Torrance, California, USA, December 5th, 2025, CyberNewsWire Criminal IP will host a live webinar on December 16 at 11:00 AM Pacific Time (PT), focusing on the shift in cyberattack strategies. The session will examine how an increasing number of incidents now originate from exposed digital assets, rather than from known software vulnerabilities. As organizations rapidly […]

The post Criminal IP to Host Webinar: Beyond CVEs – From Visibility to Action with ASM appeared first on Cyber Security News.

Netflix has struck a transformative deal to acquire Warner Bros. studios, HBO, and HBO Max from Warner Bros. Discovery (WBD) in a cash-and-stock transaction valued at $82.7 billion. The move catapults Netflix into a content powerhouse, blending its streaming dominance with Warner’s storied Hollywood legacy. Announced Friday, the agreement values WBD shares at $27.75 each, […]

The post Netflix Acquires Warner Bros. Studios and HBO in Landmark $82.7 Billion Megadeal appeared first on Cyber Security News.

Cybercriminals are actively spreading CoinMiner malware through USB drives, targeting workstations across South Korea to mine Monero cryptocurrency. This ongoing campaign uses deceptive shortcut files and hidden folders to trick users into executing malicious scripts without their knowledge. The attack leverages a combination of VBS, BAT, and DLL files that work together to install XMRig, […]

The post Threat Actors Deploying CoinMiner Malware via USB Drives Infecting Workstations appeared first on Cyber Security News.

A sophisticated cyber threat has emerged targeting Windows systems across multiple countries in the Middle East. UDPGangster, a UDP-based backdoor, represents a dangerous new weapon in the arsenal of the MuddyWater threat group, known for conducting cyber espionage operations throughout the Middle East and neighboring regions. This malware gives attackers complete remote control over compromised […]

The post MuddyWater Hackers Using UDPGangster Backdoor to Attack Windows Systems Evading Network Defenses appeared first on Cyber Security News.

Cloudflare’s global network suffered a brief but widespread disruption this morning, lasting approximately 25 minutes, due to an internal change in its Web Application Firewall (WAF) designed to counter a critical vulnerability in React Server Components. The incident, which began around 8:47 GMT, affected the Cloudflare Dashboard, APIs, and proxied services, causing 500 Internal Server […]

The post Cloudflare Outage Traced to Emergency React2Shell Patch Deployment appeared first on Cyber Security News.

A persistent privilege escalation technique in AWS that allows attackers with limited permissions to execute code under higher-privileged execution roles on EC2 instances and SageMaker notebook instances. First documented by Grzelak in 2016 for EC2, the method exploits modifiable boot-time configurations to inject malicious payloads, bypassing standard IAM controls like PassRole. Recent analysis from Security […]

The post AWS Execution Roles Enable Subtle Privilege Escalation in SageMaker and EC2 appeared first on Cyber Security News.

A new Remote Access Trojan known as CastleRAT has emerged as a growing threat to Windows systems worldwide. First observed around March 2025, this malware enables attackers to gain complete remote control over compromised machines. The threat comes in two main builds: a lightweight Python version and a more powerful compiled C version, with the […]

The post Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access appeared first on Cyber Security News.

Russian threat actors are running a new wave of phishing campaigns that spoof major European security events to quietly steal cloud credentials. Invitations that look legitimate, often tied to conferences such as the Belgrade Security Conference or the Brussels Indo-Pacific Dialogue, direct targets to polished registration sites that mimic real organizers. Behind this professional surface, […]

The post Russian Hackers Spoof European Events in Targeted Phishing Attacks appeared first on Cyber Security News.

A critical security vulnerability in Apache Tika has been discovered that allows attackers to compromise systems by uploading specially crafted PDF files. Organizations worldwide are urged to patch immediately. Apache Tika is a popular open-source toolkit used by thousands of organizations to extract text and metadata from documents, including PDFs, Word files, and images. Apache […]

The post Critical Apache Tika Core Vulnerability Exploited by Uploading Malicious PDF appeared first on Cyber Security News.