Cyber Security News

Salt Typhoon, a China-linked advanced persistent threat (APT) group active since 2019, has emerged as one of the most sophisticated cyber espionage operations targeting global critical infrastructure. Also tracked as Earth Estries, GhostEmperor, and UNC2286, the group has conducted high-impact campaigns against telecommunications providers, energy networks, and government systems across more than 80 countries. The […]

The post Salt Typhoon Using Zero-Day Exploits and DLL Sideloading Techniques to Attack Organizations appeared first on Cyber Security News.

In a move to tighten defenses against credential theft, Microsoft has rolled out a significant change to Windows File Explorer starting with security updates released on and after October 14, 2025. The update automatically disables the preview pane for files downloaded from the internet, aiming to block a sneaky vulnerability that could expose users’ NTLM […]

The post Microsoft Enhances Windows Security by Turning Off File Previews for Downloads appeared first on Cyber Security News.

Hackers have begun actively targeting a critical remote code execution flaw in Adobe’s Magento e-commerce platform, putting thousands of online stores at immediate risk just six weeks after Adobe issued an emergency patch. Known as SessionReaper and tracked as CVE-2025-54236, the vulnerability allows unauthenticated attackers to hijack customer sessions and potentially execute arbitrary code, leading […]

The post Hackers Exploiting Adobe Magento RCE Vulnerability Exploited in the Wild – 3 in 5 Stores Vulnerable appeared first on Cyber Security News.

CISA has issued a critical alert regarding a severe vulnerability in Motex LANSCOPE Endpoint Manager, a popular tool for managing IT assets across networks. Dubbed an improper verification of the source of a communication channel flaw, this issue allows attackers to execute arbitrary code simply by sending specially crafted packets. The vulnerability, tracked under CVE-2025-61932, […]

The post CISA Warns of Motex LANSCOPE Endpoint Manager Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.

Atlassian has disclosed a high-severity path traversal vulnerability in Jira Software Data Center and Server that enables authenticated attackers to arbitrarily write files to any path accessible by the Java Virtual Machine (JVM) process. This flaw, tracked as CVE-2025-22167 with a CVSS score of 8.7, affects versions from 9.12.0 through 11.0.1 and was internally discovered, […]

The post Jira Software Vulnerability Let Attacker Modify Any Filesystem Path Writable By JVM process appeared first on Cyber Security News.

The popular Impacket toolkit, a staple in penetration testing and now integrated into the Kali Linux repository, is set for a major upgrade. Maintained by Fortra’s cybersecurity team, the forthcoming release, building on version 0.12, addresses long-standing community requests with enhanced relay capabilities, protocol hardening, and new scripting tools. This update promises to streamline red […]

The post Impacket Tool in Kali Repo Upgraded With New Attack Paths and Relay Tricks appeared first on Cyber Security News.

The Department of Homeland Security (DHS) has issued the first known federal search warrant compelling OpenAI to disclose user data tied to ChatGPT prompts. The warrant, unsealed last week in Maine and reviewed by cybersecurity outlets, stems from a year-long probe into a dark web site distributing child sexual abuse material (CSAM). Federal agents, operating […]

The post DHS Asks OpenAI To Share Information on ChatGPT Prompts Used By Users appeared first on Cyber Security News.

A severe vulnerability in the async-tar Rust library and its popular forks, including the widely used tokio-tar. Dubbed TARmageddon and tracked as CVE-2025-62518, the bug carries a CVSS score of 8.1, classifying it as high severity. It allows attackers to manipulate TAR archive parsing, potentially overwriting critical files like configuration scripts and triggering remote code […]

The post TARmageddon Vulnerability In Rust Library Let Attackers Replace Config Files And Execute Remote Codes appeared first on Cyber Security News.

Oracle has disclosed multiple critical vulnerabilities in its Oracle VM VirtualBox virtualization software, potentially allowing attackers to achieve complete control over the VirtualBox environment. These flaws, detailed in the October 2025 Critical Patch Update (CPU), affect the Core component of VirtualBox versions 7.1.12 and 7.2.2, enabling high-privileged local attackers to compromise confidentiality, integrity, and availability […]

The post Multiple Oracle VM VirtualBox Vulnerabilities Enables Complete Takeover Of VirtualBox appeared first on Cyber Security News.

The Internet Systems Consortium (ISC) disclosed three high-severity vulnerabilities in BIND 9 on October 22, 2025, potentially allowing remote attackers to conduct cache poisoning attacks or cause denial-of-service (DoS) conditions on affected DNS resolvers. These flaws, tracked as CVE-2025-8677, CVE-2025-40778, and CVE-2025-40780, primarily impact recursive resolvers used by organizations for domain name resolution, leaving authoritative […]

The post Multiple BIND 9 DNS Vulnerabilities Enable Cache Poisoning and Denial of Service Attacks appeared first on Cyber Security News.

Cloud account takeover attacks have evolved into a sophisticated threat as cybercriminals and state-sponsored actors increasingly weaponize OAuth applications to establish persistent access within compromised environments. These malicious actors are exploiting the fundamental trust mechanisms of cloud authentication systems, specifically targeting Microsoft Entra ID environments where they can hijack user accounts, conduct reconnaissance, exfiltrate sensitive […]

The post Hackers Weaponizing OAuth Applications for Persistent Cloud Access Even After Password Reset appeared first on Cyber Security News.

A critical vulnerability in Smithery.ai, a popular registry for Model Context Protocol (MCP) servers. This issue could have allowed attackers to steal from over 3,000 AI servers and take API keys from thousands of users across many services. MCP powers AI apps by linking them to external tools and data, like local filesystems or remote […]

The post Critical Vulnerability in MCP Server Platform Exposes 3,000+ Servers and Thousands of API Keys appeared first on Cyber Security News.

A critical argument injection flaw in three unnamed popular AI agent platforms enables attackers to bypass human approval safeguards and achieve remote code execution (RCE) through seemingly innocuous prompts. According to Trail of Bits, these vulnerabilities exploit pre-approved system commands designed for efficiency in tasks like file searches and code analysis, highlighting a widespread design […]

The post Critical Argument Injection Vulnerability in Popular AI Agents Let Attackers Execute Remote Code appeared first on Cyber Security News.

QR codes used to be harmless, now they’re one of the sneakiest ways attackers slip past defenses. Quishing, or QR code phishing, hides malicious links inside innocent-looking images that filters can’t read.  One scan, and the victim lands on a fake login page designed to steal credentials or trigger a download; often from a mobile device completely outside your SOC’s visibility.  […]

The post SOCs Have a Quishing Problem: Here’s How to Solve It  appeared first on Cyber Security News.

A sophisticated cyberespionage campaign dubbed PassiveNeuron has resurfaced with infections targeting government, financial, and industrial organizations across Asia, Africa, and Latin America. First detected in 2024, the campaign remained dormant for six months before re-emerging in December 2024, with the latest infections observed as recently as August 2025. The threat involves deploying previously unknown advanced […]

The post New PassiveNeuron Attacking Servers of High-Profile Organizations to Implant Malware appeared first on Cyber Security News.

A sophisticated phishing kit dubbed Tykit, which impersonates Microsoft 365 login pages to harvest corporate credentials. First detected in May 2025, the kit has surged in activity during September and October, exploiting SVG files as a stealthy delivery mechanism. Unlike basic phishing lures, Tykit demonstrates maturity through consistent obfuscation techniques and multi-stage command-and-control (C2) interactions, […]

The post New Tykit Phishing Kit Mimics Microsoft 365 Login Pages to Steal Corporate Account Credentials appeared first on Cyber Security News.

Since its emergence in August 2022, Lumma Infostealer has rapidly become a cornerstone of malware-as-a-service platforms, enabling even unskilled threat actors to harvest high-value credentials. Delivered primarily via phishing sites masquerading as cracked software installers, the malicious payload is encapsulated within a Nullsoft Scriptable Install System (NSIS) package designed to evade signature-based detection. Upon execution, […]

The post Lumma Infostealer Malware Attacks Users to Steal Browser Cookies, Cryptocurrency Wallets and VPN/RDP Accounts appeared first on Cyber Security News.

GitLab has urgently released patch versions 18.5.1, 18.4.3, and 18.3.5 for its Community Edition (CE) and Enterprise Edition (EE) to address multiple critical security flaws, including several high-severity denial-of-service (DoS) vulnerabilities. These updates fix issues allowing specially crafted payloads to overwhelm systems, alongside access control and authorization bugs affecting authenticated users. The company emphasizes immediate […]

The post Multiple Gitlab Security Vulnerabilities Let Attackers Trigger DoS Condition appeared first on Cyber Security News.

When users authenticate to Microsoft cloud services, their activities generate authentication events recorded across multiple logging systems. Microsoft Entra sign-in logs and Microsoft 365 audit logs capture identical authentication events but represent this critical security data using different formats. Security analysts investigating incidents frequently encounter the UserAuthenticationMethod field in Microsoft 365 sign-in events, which displays […]

The post Decoding Microsoft 365 Audit Log Events Using Bitfield Mapping Technique – Investigation Report appeared first on Cyber Security News.

China-based threat actors have exploited the critical ToolShell vulnerability in Microsoft SharePoint servers to infiltrate networks across multiple continents, targeting government agencies and critical infrastructure in a suspected espionage campaign. This vulnerability, identified as CVE-2025-53770, enables unauthenticated remote code execution and has been actively used since its disclosure in July 2025, despite Microsoft’s rapid patching […]

The post Chinese Hackers Using ToolShell Vulnerability To Compromise Networks Of Government Agencies appeared first on Cyber Security News.