Cyber Security News

Apple has released iOS 18.4.1 and iPadOS 18.4.1 to address two critical zero-day vulnerabilities that were actively exploited in highly targeted, sophisticated attacks against specific individuals iPhone. The vulnerabilities, identified in the CoreAudio and RPAC components, could allow attackers to execute arbitrary code or bypass security protections on affected devices. 2 Zero Vulnerabilities Under Active […]

The post 2 Apple Iphone Zero-Day Vulnerabilities Actively Exploited in Extremely Sophisticated Attacks appeared first on Cyber Security News.

Cybercriminals have launched a sophisticated malware campaign leveraging fake PDF-to-DOCX converter websites that mimic the popular legitimate service PDFCandy. The malicious websites, including domains such as candyxpdf[.]com and candyconverterpdf[.]com, deploy an elaborate social engineering tactic designed to harvest sensitive information from unsuspecting users seeking to convert document formats. When users attempt to convert documents on […]

The post Beware of Online PDF Converters That Tricks Users to Install Password Stealing Malware appeared first on Cyber Security News.

Researchers have uncovered the true identity of servers hosting one of the most notorious ransomware operations active today. The Medusa Ransomware Group, which has operated with relative anonymity through Tor hidden services, has had its cover blown through a sophisticated exploitation of vulnerabilities in their own infrastructure. This exposure represents a rare instance where cybercriminal […]

The post Researchers Deanonymized Medusa Ransomware Group’s Onion Site appeared first on Cyber Security News.

Atlassian, the company behind Jira, a leading project management and issue-tracking platform, is grappling with a significant service disruption that has left users unable to load certain Dashboard widgets. The outage, affecting Jira Work Management, Jira Service Management, and Jira Product Discovery, began on April 16, 2025, and has caused widespread frustration among teams relying […]

The post Jira Down – Atlassian Jira Outage Disrupts Dashboard Access for Users Globally appeared first on Cyber Security News.

Cybersecurity experts have identified a sophisticated ransomware threat known as Interlock, which has been quietly expanding its operations since its first appearance in September 2024. This malware employs an elaborate multi-stage attack chain, beginning with the compromise of legitimate websites that deliver fake browser updates to unsuspecting users. Companies impacted by Interlock span various sectors […]

The post Interlock Ransomware Employs Multi-Stage Attack Via Legitimate Websites to Deliver Malicious Browser Updates appeared first on Cyber Security News.

Critical Windows Task Scheduler involving schtasks.exe binary, which could enable malicious actors to execute commands with SYSTEM-level privileges, bypassing User Account Control (UAC) prompts and erasing audit logs. These flaws significantly elevate the threat landscape for Windows environments, posing risks of privilege escalation, stealthy system manipulation, and data exfiltration. At the heart of the issue […]

The post New Windows Task Scheduler Vulnerabilities Allows Command Execution as Admin User appeared first on Cyber Security News.

Some threats don’t kick down the door; they slip in, stay quiet, and wait.  These days, attackers are playing the long game, using evasion techniques to hide in plain sight, delay detection, and make it harder for security teams to figure out what actually happened.  Let’s break down three of the most common tactics we’re […]

The post 3 Malware Tactics Used To Evade Detection By Corporate Security: See Examples  appeared first on Cyber Security News.

The Chief Information Security Officer (CISO) role has fundamentally transformed today’s digital-first world. Once viewed primarily as technical guardians of the organizational perimeter, CISOs are now expected to be strategic partners who drive business value. As cyber threats become more sophisticated and regulations more demanding, organizations can no longer afford to treat cybersecurity as a […]

The post Why Modern CISOs Must Be Business Translators, Not Just Technologists appeared first on Cyber Security News.

In the digital age, the security of digital identities has become a defining challenge for organizations worldwide. As businesses embrace cloud computing, remote work, and interconnected ecosystems, digital identities representing users, devices, and applications have become prime targets for cybercriminals. In 2024, identity-based attacks such as phishing, credential stuffing, and privilege escalation are among the […]

The post Securing Digital Identities – Best Practices for CISOs appeared first on Cyber Security News.

Social engineering remains one of the most persistent threats to organizational security because it targets human psychology rather than technological vulnerabilities. Unlike conventional cyber threats that exploit technical weaknesses, social engineering manipulates the fundamental psychological traits that make us human. Understanding these psychological dimensions is critical for security leaders to implement better technical controls and […]

The post The Psychology of Social Engineering – What Security Leaders Should Know appeared first on Cyber Security News.

Google has issued an urgent security update for its Chrome browser after two critical vulnerabilities were discovered. These vulnerabilities could allow attackers to steal sensitive data and gain unauthorized access to users’ systems. The flaws, identified as CVE-2025-3619 and CVE-2025-3620, affect Chrome versions prior to 135.0.7049.95/.96 for Windows and Mac and 135.0.7049.95 for Linux. The […]

The post Critical Chrome Vulnerability Let Attackers Steal Data & Gain Unauthorized Access appeared first on Cyber Security News.

A letter from MITRE, dated April 15, 2025, has leaked online claimed to be revealed from a reliable source that the organization’s contract to support the Common Vulnerabilities and Exposures (CVE) program is due to expire today, April 16, 2025, potentially threatening the stability of a critical cybersecurity resource. The letter, addressed to CVE Board […]

The post MITRE’s Support for CVE Program Set to Expire! – Internal Letter Leaked Online, “MITRE Confirmed” appeared first on Cyber Security News.

Microsoft 365 administrators faced significant challenges today as an ongoing outage prevented access to the Microsoft 365 Admin Center and the Exchange Admin Center (EAC). The issue, reported by the official Microsoft 365 Status account on X (@MSFT365Status) and is actively investigating the cause. The outage has left admins unable to perform critical tasks such […]

The post Microsoft 365 Outage – Admins are Unable to Access the Microsoft 365 Admin Center appeared first on Cyber Security News.

In the rapidly evolving digital landscape of 2025, cybersecurity has reached an inflection point that has prompted an unprecedented reassessment among security professionals. According to recent industry analysis, 78% of security leaders are completely rethinking their cyber strategies a striking statistic that reflects the profound changes in both the threat landscape and defense capabilities. This […]

The post Why 78% of Security Leaders Are Rethinking Their Entire Cyber Strategy in 2025 appeared first on Cyber Security News.

For many years, ransomware has been associated with online extortion, causing businesses to become immobilized as they attempt to recover encrypted data. With cybersecurity teams preparing for these direct attacks, organizations have become accustomed to the risk of frozen systems and locked databases. However, a new and much more pernicious threat is showing up that […]

The post Data Poisoning: The Next Evolution of Ransomware That No One is Ready For appeared first on Cyber Security News.

Linux cyber threats are less widespread than Windows ones yet it can make them even more dangerous. Underestimated and under-anticipated, they stab endpoints and networks in the back, bringing operational disruption and financial loss. It’s true that individual desktop users are less targeted by Linux-specific malware, than that tailored for Windows systems. Although they still […]

The post How and Why Threat Hunting Teams Investigate Linux Malware Attacks appeared first on Cyber Security News.

A sophisticated Chinese spyware suite dubbed “PasivRobber” that targets macOS devices, with particular focus on harvesting data from communication applications popular among Chinese users.  The multi-binary malware package demonstrates advanced technical capabilities for data exfiltration and persistence. On March 13, 2025, security researchers identified a suspicious mach-O file named “wsus” on VirusTotal, which led to […]

The post New PasivRobber Malware Steals Data From macOS Systems and Applications appeared first on Cyber Security News.

An interconnected digital landscape differentiates the current era from previous ones, as using the internet for various personal and professional purposes was uncommon then. While this phenomenon has eased multiple tasks for people of different demographics, it has also resulted in an increase and evolution of cybersecurity threats. Modern-day hackers often try to scam netizens […]

The post Spotting Phishing Attacks with Image Verification Techniques appeared first on Cyber Security News.

A seemingly empty folder appearing on Windows systems after recent security updates has raised concerns among users, but Microsoft confirms it’s an intentional security measure that should remain untouched.  The directory, typically located at C:\inetpub, serves as a crucial component in mitigating a recently patched vulnerability, even for users who don’t run web server software. […]

The post Microsoft Asks Windows 11 Users Not to Delete Mysterious “inetpub” Folder appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated multi-stage attack chain utilizing JScript to deliver dangerous malware payloads. The attack, which employs a complex obfuscation technique, ultimately delivers either XWorm or Rhadamanthys malware depending on the victim’s geographic location. This loader operates through a meticulously crafted execution flow that begins with JScript, transitions to PowerShell, and culminates […]

The post Malicious JScript Loader Jailbreaked to Uncover Xworm Payload Execution Flow appeared first on Cyber Security News.