Cyber Security News

A sophisticated technique that allows attackers to execute malicious code directly in memory is gaining traction, posing a significant challenge to modern Endpoint Detection and Response (EDR) solutions. This method, which involves an in-memory Portable Executable (PE) loader, enables a threat actor to run an executable within an already trusted process, effectively bypassing security checks […]

The post Hackers Can Bypass EDR by Downloading a Malicious File as an In-Memory PE Loader appeared first on Cyber Security News.

In recent weeks, cybersecurity teams have observed a surge in malicious GitHub repositories masquerading as legitimate security and financial software. Threat actors have crafted convincing forks of projects bearing names like Malwarebytes, LastPass, Citibank, and SentinelOne, populated with trojanized installers and scripts that deliver stealthy malware payloads. These repositories exploit the trust developers place in […]

The post Weaponized Malwarebytes, LastPass, Citibank, SentinelOne, and Others on GitHub Deliver Malware appeared first on Cyber Security News.

A severe security vulnerability in OnePlus OxygenOS has been discovered that allows any installed application to read SMS and MMS messages without requesting permission or notifying users.  The flaw, designated CVE-2025-10184, affects multiple OnePlus devices running OxygenOS versions 12 through 15, potentially compromising SMS-based multi-factor authentication (MFA) systems and exposing sensitive personal communications to unauthorized […]

The post OnePlus OxygenOS Vulnerability Allows Any App to Read SMS Data Without Permission appeared first on Cyber Security News.

A critical vulnerability in the Salesforce CLI installer (sf-x64.exe) enables attackers to achieve arbitrary code execution, privilege escalation, and SYSTEM-level access on Windows systems.  Tracked as CVE-2025-9844, the flaw stems from improper handling of executable file paths by the installer, allowing malicious files to be executed in place of legitimate binaries when the software is […]

The post Salesforce CLI Installer Vulnerability Let Attackers Execute Code and Gain SYSTEM-Level Access appeared first on Cyber Security News.

Libraesva has issued an emergency patch for a significant command injection vulnerability in its Email Security Gateway (ESG) after confirming state-sponsored hackers exploited it. The flaw, identified as CVE-2025-59689, allowed attackers to execute arbitrary commands by sending a malicious email with a specially crafted compressed attachment. The company responded by deploying an automated fix to […]

The post Hackers Exploiting Libraesva Email Security Gateway Vulnerability to Inject Malicious Commands appeared first on Cyber Security News.

A sophisticated cybercrime campaign has emerged that transforms legitimate AWS infrastructure into weaponized attack platforms through an innovative combination of containerization and distributed denial-of-service capabilities. The ShadowV2 botnet represents a significant evolution in cyber threats, leveraging exposed Docker daemons on Amazon Web Services EC2 instances to establish persistent footholds for large-scale DDoS operations. This campaign […]

The post ShadowV2 Botnet Exploits Docker Containers on AWS to Turn Thems as Infected System for DDoS Attack appeared first on Cyber Security News.

A sophisticated new malware family dubbed YiBackdoor has emerged in the cybersecurity landscape, posing a significant threat to organizations worldwide. First observed in June 2025, this malicious software represents a concerning evolution in backdoor technology, featuring advanced capabilities that enable threat actors to execute arbitrary commands, capture screenshots, collect sensitive system information, and deploy additional […]

The post New YiBackdoor Allows Attackers to Execute Arbitrary Commands and Exfiltrate Sensitive Data from Hacked Systems appeared first on Cyber Security News.

Cybersecurity professionals are facing an unprecedented acceleration in threat actor capabilities as the average breakout time—the period from initial access to lateral movement—has plummeted to a mere 18 minutes during the June-August 2025 reporting period. This alarming statistic represents a dramatic reduction from previous timeframes, with the fastest recorded incident clocking in at just six […]

The post Threat Actors Breaking to Enterprise Infrastructure Within 18 Minutes From Initial Access appeared first on Cyber Security News.

A sophisticated malware campaign has emerged in the npm ecosystem, utilizing an innovative steganographic technique to conceal malicious code within QR codes. The malicious package, identified as “fezbox,” presents itself as a legitimate JavaScript/TypeScript utility library while secretly executing password-stealing operations through a cleverly disguised QR code payload. This attack represents a significant evolution in […]

The post New Malware in npm Package Steals Browser Passwords Using Steganographic QR Code appeared first on Cyber Security News.

Zloader, a sophisticated Zeus-based modular trojan that first emerged in 2015, has undergone a significant transformation from its original banking-focused operations to become a dangerous entry point for ransomware attacks in corporate environments. Originally designed to facilitate financial fraud, this malware family has evolved into a powerful tool for initial access brokers who specialize in […]

The post Zloader Malware Repurposed to Act as Entry Point Into Corporate Environments to Deploy Ransomware appeared first on Cyber Security News.

A sophisticated malware campaign has emerged that leverages fake online speed test applications to deploy obfuscated JavaScript payloads on Windows systems. These malicious utilities masquerade as legitimate network speed testing tools, manual readers, PDF utilities, and various search frontends to deceive unsuspecting users into installing dangerous code that operates covertly in the background. The attack […]

The post Beware of Fake Online Speedtest Application With Obfuscated JS Codes appeared first on Cyber Security News.

Defy Security, a leading provider of cybersecurity solutions and services, today announced the appointment of Gary Warzala to its Board of Directors. Warzala is a highly regarded cybersecurity executive with more than 20 years of leadership experience, having served as Chief Information Security Officer (CISO) at Visa Inc., PNC Bank, Fifth Third Bank, Aon Corporation, […]

The post Defy Security Appoints Esteemed Cybersecurity Leader Gary Warzala to Its Board of Directors appeared first on Cyber Security News.

Alex sighed at his third energy drink of the night shift, watching another batch of security alerts flood his SIEM dashboard. As a Level 2 threat analyst at a mid-sized financial firm, he was drowning in false positives and spending precious hours manually investigating each suspicious hash, IP address, and domain.   Then everything changed during […]

The post Want to Validate Alerts Faster? Use Free Threat Intel from 15K SOCs  appeared first on Cyber Security News.

The Iranian threat actor known as Nimbus Manticore has intensified its campaign targeting defense manufacturing, telecommunications, and aviation sectors across Western Europe with sophisticated new malware variants. This mature advanced persistent threat group, also tracked as UNC1549 and Smoke Sandstorm, has evolved its tactics to include previously undocumented techniques for evading detection and maintaining persistence […]

The post Nimbus Manticore Attacking Defense and Telecom Sectors With New Malware appeared first on Cyber Security News.

Cybercriminals have embraced a new deceptive technique that transforms seemingly harmless vector graphics into dangerous malware delivery systems. A recent campaign targeting Latin America demonstrates how attackers are exploiting oversized SVG files containing embedded malicious payloads to distribute AsyncRAT, a potent remote access trojan capable of comprehensive system compromise. The campaign begins with carefully crafted […]

The post Hackers Weaponizing SVG Files to Stealthily Deliver Malicious Payloads appeared first on Cyber Security News.

Jaguar Land Rover (JLR), the United Kingdom’s largest automotive manufacturer, has announced an additional delay in resuming production at its factories following a significant cyber-attack that occurred earlier this month. The company has extended its current production pause until Wednesday, October 1, 2025, as it continues to manage the fallout from the security incident and […]

The post Tata-Owned Jaguar Land Rover Delays Factory Reopening Following Major Cyber Attack appeared first on Cyber Security News.

SonicWall has issued an urgent firmware update, version 10.2.2.2-92sv, for its Secure Mobile Access (SMA) 100 series appliances to detect and remove known rootkit malware. The advisory, SNWLID-2025-0015, published on September 22, 2025, strongly recommends that all users of SMA 210, 410, and 500v devices apply the update immediately to protect against persistent threats. This […]

The post SonicWall Releases Urgent Update to Remove Rootkit Malware ‘OVERSTEP’ from SMA Devices appeared first on Cyber Security News.

In recent months, a sophisticated campaign has emerged in which state-linked threat actors are leveraging fake job offers to ensnare unsuspecting job seekers and deliver advanced malware. These attackers craft convincing phishing emails that direct victims to look-alike career portals, impersonating leading aerospace and defense firms. The lure often begins with a personalized outreach on […]

The post Threat Actors with Fake Job Lures Attacking Job Seekers to Deploy Advanced Malware appeared first on Cyber Security News.

The U.S. Secret Service has dismantled a massive, sophisticated network of electronic devices in the New York tristate area, thwarting what it described as an “imminent threat” to senior U.S. government officials and the agency’s protective operations. The operation led to the seizure of over 300 SIM servers and 100,000 SIM cards that could have […]

The post U.S. Secret Service Dismantles 300 SIM Servers and 100,000 SIM Cards Disabling Cell Phone Towers appeared first on Cyber Security News.

Austin, Texas, USA, September 23rd, 2025, CyberNewsWire New SpyCloud 2025 Identity Threat Report reveals dangerous disconnect between perceived security readiness and operational reality. SpyCloud, the leader in identity threat protection, today released the 2025 SpyCloud Identity Threat Report, revealing that while 86% of security leaders report confidence in their ability to prevent identity-based attacks, 85% […]

The post SpyCloud Report: 2/3 Orgs Extremely Concerned About Identity Attacks Yet Major Blind Spots Persist appeared first on Cyber Security News.