Cyber Security News

Ransomware operators have shifted from opportunistic malware distribution to highly targeted campaigns that exploit legitimate software for stealth and persistence. Emerging in early 2025, several ransomware families began abusing popular remote access tools—such as AnyDesk and Splashtop—to establish footholds within enterprise networks. By hijacking or silently installing these utilities, adversaries bypass security controls that traditionally […]

The post Ransomware Gangs Leverage Remote Access Tools to Gain Persistence and Evade Defenses appeared first on Cyber Security News.

A novel and alarming cybersecurity threat has emerged, turning an ordinary computer peripheral into a sophisticated eavesdropping device. Researchers have detailed a new technique, dubbed the “Mic-E-Mouse” attack, which allows threat actors to exfiltrate sensitive data by exploiting the high-performance optical sensors found in many modern computer mice. This method can covertly capture and reconstruct […]

The post New Mic-E-Mouse Attack Let Hackers Exfiltrate Sensitive Data by Exploiting Mouse Sensors appeared first on Cyber Security News.

In recent months, security researchers have turned their attention to Asgard Protector, a sophisticated crypter employed by cybercriminals to obfuscate and deploy malicious payloads. First advertised on underground forums in late 2023, Asgard Protector has gained traction among threat actors for its seamless integration with popular C2 platforms such as LummaC2. By wrapping infostealers and […]

The post Researchers Reversed Asgard Malware Protector to Uncover it’s Antivirus Bypass Techniques appeared first on Cyber Security News.

A widespread campaign observed exploiting a novel zero-day vulnerability in Oracle E-Business Suite (EBS) applications, now tracked as CVE-2025-61882.  First observed on August 9, 2025, this unauthenticated remote code execution (RCE) flaw is being weaponized to bypass authentication, deploy web shells, and exfiltrate sensitive data from internet-exposed EBS instances.  CrowdStrike assesses with moderate confidence that […]

The post CrowdStrike Warns of New Mass Exploitation Campaign Leveraging Oracle E-Business Suite 0-Day appeared first on Cyber Security News.

The WARMCOOKIE backdoor first surfaced in mid-2024, delivered primarily via recruiting-themed phishing campaigns that coaxed victims into executing malicious documents. Initially designed as a lightweight implant for remote command execution, its modular codebase enabled rapid adaptation to new objectives. Over the past year, targets have included enterprise networks across multiple regions, with operators exploiting malvertising […]

The post Threat Actors Behind WARMCOOKIE Malware Added New Features to It’s Arsenal appeared first on Cyber Security News.

Cisco has released advisories for a zero-day exploit chain affecting its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software, which is reportedly being used in highly targeted attacks by an unknown threat actor. According to Rapid7, the exploit chain combines two vulnerabilities, CVE-2025-20362 and CVE-2025-20333, to achieve unauthenticated remote code […]

The post Cisco ASA/FTD 0-Day Vulnerability Exploited for Authentication Bypass – PoC Released appeared first on Cyber Security News.

A sophisticated cyberattack has compromised Red Hat Consulting’s infrastructure, potentially exposing sensitive data from over 5,000 enterprise customers worldwide. The breach, executed by the extortion group Crimson Collective, has raised serious concerns about the security of critical business documentation and source code belonging to major corporations, including Vodafone, HSBC, American Express, and Walmart. Red Hat, […]

The post Red Hat Breach Exposes 5000+ High Profile Enterprise Customers at Risk appeared first on Cyber Security News.

A critical deserialization flaw in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035, has already been weaponized by the Storm-1175 group to execute the Medusa ransomware. The vulnerability affects GoAnywhere MFT versions up to 7.8.3. It resides in the License Servlet Admin Console, where a threat actor can forge a license response signature and bypass validation […]

The post GoAnywhere 0-Day RCE Vulnerability Exploited in the Wild to Deploy Medusa Ransomware appeared first on Cyber Security News.

Elastic has released a security advisory detailing a medium-severity vulnerability in the Kibana CrowdStrike Connector that could allow for the exposure of sensitive credentials. The flaw, tracked as CVE-2025-37728, affects multiple versions of Kibana and could allow a malicious user to access cached CrowdStrike credentials from other users within the same environment. The vulnerability underscores […]

The post Kibana Crowdstrike Connector Vulnerability Exposes Protected Credentials appeared first on Cyber Security News.

CISA has issued an urgent security advisory, adding Microsoft Windows privilege escalation vulnerability CVE-2021-43226 to its Known Exploited Vulnerabilities (KEV) catalog on October 6, 2025.  The vulnerability affects the Microsoft Windows Common Log File System (CLFS) Driver and poses significant security risks to enterprise environments. The CVE-2021-43226 vulnerability resides within Microsoft’s Common Log File System […]

The post CISA Warns of Windows Privilege Escalation Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A new command injection vulnerability in OpenSSH, tracked as CVE-2025-61984, has been disclosed, which could allow an attacker to achieve remote code execution on a victim’s machine. The vulnerability is a bypass of a previous fix for a similar issue (CVE-2023-51385) and exploits how the ProxyCommand feature interacts with the underlying system shell when handling […]

The post OpenSSH Vulnerability Exploited Via ProxyCommand to Execute Remote Code – PoC Released appeared first on Cyber Security News.

Oracle has issued an emergency security alert for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite after the notorious Cl0p ransomware group began extorting customers who failed to patch their systems.  The vulnerability, carrying a maximum CVSS score of 9.8, affects the Business Intelligence Publisher (BI Publisher) Integration component and enables remote code execution […]

The post Cl0p Ransomware Actively Exploiting Oracle E-Business Suite 0-Day Vulnerability in the Wild appeared first on Cyber Security News.

A 13-year-old critical remote code execution (RCE) vulnerability in Redis, dubbed RediShell, allows attackers to gain full access to the underlying host system. The flaw, tracked as CVE-2025-49844, was discovered by Wiz Research and has been assigned the highest possible CVSS severity score of 10.0, a rating reserved for the most severe security issues. The […]

The post 13-year-old Critical Redis RCE Vulnerability Let Attackers Gain Full Access to Host System appeared first on Cyber Security News.

Paris, France, October 6th, 2025, CyberNewsWire Reemo continues its mission to secure enterprise remote access and becomes the first French cybersecurity provider to protect all remote access within a single platform. Reemo announces Bastion+, a next-generation bastion solution deployable without limits. “Companies don’t need another bastion. They need a global vision that remains simple and […]

The post Reemo Unveils Bastion+: A Scalable Solution for Global Privileged Access Management appeared first on Cyber Security News.

A threat actor has claimed responsibility for a significant data breach at Huawei Technologies, a multinational technology corporation based in China. The actor is reportedly attempting to sell what they allege is the company’s internal source code and development tools on a dark web forum. The post, which appeared in early October 2025, asserts that […]

The post Threat Actors Claim Breach Of Huawei Technologies Source Code and Internal Tools appeared first on Cyber Security News.

Doctors Imaging Group, a healthcare provider based in Florida, has reported a significant data breach that exposed the sensitive personal and medical information of over 171,800 individuals. The incident, classified as a “Hacking/IT Incident,” involved unauthorized access to the organization’s network server, leading to the compromise of a wide range of highly sensitive data. According […]

The post Doctors Imaging Group Suffers Data Breach – 171800+ Users Data Exposed appeared first on Cyber Security News.

Forensic-Timeliner, a Windows forensic tool for DFIR investigators, has released version 2.2, which offers enhanced automation and improved artifact support for digital forensics and incident response operations. This high-speed processing engine consolidates CSV output from leading triage utilities into a unified timeline, empowering analysts to reconstruct event sequences and identify key indicators of compromise rapidly. […]

The post Forensic-Timeliner – Windows Forensic Tool for DFIR Investigators appeared first on Cyber Security News.

NCSC has issued an urgent warning regarding a critical zero-day flaw in Oracle E-Business Suite (EBS) that is currently being exploited in the wild.  Tracked as CVE-2025-61882, the vulnerability resides in the BI Publisher Integration component of Oracle Concurrent Processing and allows unauthenticated remote code execution.  Organisations running EBS versions 12.2.3 through 12.2.14—especially those exposed […]

The post NCSC Warns of Oracle E-Business Suite 0-Day Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.

A critical security vulnerability has been discovered in Zabbix Agent and Agent 2 for Windows that allows attackers with local system access to escalate their privileges through DLL injection attacks.  The flaw, tracked as CVE-2025-27237 with a CVSS score of 7.3 (High), affects multiple versions of the popular network monitoring solution and has prompted immediate […]

The post Zabbix Agent and Agent 2 for Windows Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

Researchers have published the full technical details and exploit code for a critical remote code execution (RCE) vulnerability in Google Chrome’s V8 JavaScript engine.  Tracked internally as a WebAssembly type canonicalization bug, the flaw stems from an improper nullability check in the CanonicalEqualityEqualValueType function introduced by commit 44171ac in Chrome M135 and above.  This regression […]

The post Google Chrome RCE Vulnerability Details Released Along with Exploit Code appeared first on Cyber Security News.