Cyber Security News

Washington, DC, February 4th, 2026, CyberNewsWire MomentProof, Inc., a provider of AI-resilient digital asset certification and verification technology, today announced the successful deployment of MomentProof Enterprise for AXA, enabling cryptographically authentic, tamper-proof digital assets for insurance claims processing. MomentProof’s patented technology certifies images, video, voice recordings, and associated metadata at the moment of capture, ensuring […]

The post MomentProof Deploys Patented Digital Asset Protection appeared first on Cyber Security News.

The developers of Notepad++ disclosed a critical security breach on February 2, 2026, affecting their update infrastructure. The popular text editor, widely used by developers worldwide, became the target of a sophisticated supply chain attack that remained undetected for several months. According to the official statement, attackers gained unauthorized access through a hosting provider-level incident […]

The post Supply Chain Attack Abused Notepad++ Update Infrastructure to Deliver Targeted Malware appeared first on Cyber Security News.

A sophisticated malware campaign has surfaced where threat actors are distributing the ValleyRAT backdoor disguised as a legitimate installer for the popular messaging application, LINE. This targeted attack primarily focuses on Chinese-speaking users, leveraging a deceptive executable to infiltrate systems and compromise sensitive login credentials. The malware employs a complex loading chain involving shellcode execution […]

The post ValleyRAT Mimic as LINE Installer Attacking Users to Steal Login Details appeared first on Cyber Security News.

Enterprise security teams are facing a sophisticated new challenge as cybercriminals increasingly exploit trusted cloud platforms to launch phishing attacks. Instead of relying on suspicious newly registered domains, threat actors now host their malicious infrastructure on legitimate services like Microsoft Azure Blob Storage, Google Firebase, and AWS CloudFront. This strategic shift allows attackers to hide […]

The post Threat Actors Abuse Microsoft & Google Platforms to Attack Enterprise Users appeared first on Cyber Security News.

A critical GitLab vulnerability has been added to the Known Exploited Vulnerabilities (KEV) catalog. Threat actors are actively exploiting a server-side request forgery (SSRF) flaw in GitLab Community and Enterprise editions. The vulnerability, tracked as CVE-2021-39935, poses significant risks to organizations using affected versions of GitLab. The SSRF vulnerability allows unauthorized external attackers to perform […]

The post CISA Warns of GitLab Community and Enterprise Editions SSRF Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Threat actors leveraging artificial intelligence tools have compressed the cloud attack lifecycle from hours to mere minutes, according to new findings from the Sysdig Threat Research Team (TRT). In a November 2025 incident, adversaries escalated from initial credential theft to full administrative privileges in less than 10 minutes by using large language models (LLMs) to […]

The post Hackers Using AI to Get AWS Admin Access Within 10 Minutes appeared first on Cyber Security News.

Microsoft has resolved an outage affecting inline images in Microsoft Teams chats, restoring normal functionality for millions of enterprise users worldwide. The incident, tracked under incident ID TM1226769 in the Microsoft 365 admin center, caused delays or complete failures in loading and retrieving embedded images within chat threads. The issue surfaced recently, impacting Teams users […]

The post Microsoft Investigating Teams Chat Image Retrieval Issue Affecting Enterprise Users appeared first on Cyber Security News.

Most internet users trust their routers to direct traffic correctly, never suspecting that the very signposts of the web could be manipulated. A sophisticated “shadow” network has been silently hijacking home internet connections by compromising vulnerable routers and altering their DNS configurations. Instead of using a legitimate Service Provider’s servers, these infected devices send all […]

The post Shadow DNS Hacking Routers Internet Traffic Through Compromised Routers appeared first on Cyber Security News.

Alisa Viejo, United States, February 4th, 2026, CyberNewsWire One Identity, a leader in unified identity security, today announced the appointment of Gihan Munasinghe as Chief Technology Officer. Munasinghe brings more than 15 years of experience leading global engineering organizations and delivering large-scale, customer-centric software platforms. In this role, he will lead the engineering organization and set […]

The post One Identity Appoints Gihan Munasinghe as Chief Technology Officer appeared first on Cyber Security News.

Active Directory serves as the foundation of enterprise authentication systems, making it a prime target for sophisticated threat actors. The NTDS.dit database file, which stores encrypted password hashes and critical domain configurations, has become one of the most sought-after assets in corporate networks. When adversaries successfully obtain this file, they gain unrestricted access to an […]

The post Hackers Exfiltrating NTDS.dit File to Gain Full Active Directory Access appeared first on Cyber Security News.

Two months following the disclosure of CVE-2025-55182, exploitation activity targeting React Server Components has evolved from broad scanning into consolidated, high-volume attack campaigns. According to telemetry from GreyNoise collected between January 26 and February 2, 2026, threat actors are actively leveraging this critical vulnerability to deploy cryptominers and establish persistent remote access. While the total […]

The post Hackers Exploiting React Server Components Vulnerability in the Wild to Deploy Malicious Payloads appeared first on Cyber Security News.

GlassWorm has emerged as a serious threat to developers using the Open VSX Registry, where popular VSX extensions were silently turned into delivery vehicles for malware. Threat actors compromised a trusted publisher account and pushed poisoned updates that looked like routine releases but actually carried a staged loader. These extensions, which had more than 22,000 […]

The post GlassWorm Infiltrated VSX Extensions with More than 22,000 Downloads to Attack Developers appeared first on Cyber Security News.

Infostealer campaigns that once focused mainly on Windows are now expanding aggressively to macOS, using Python and trusted platforms to reach new victims. Recent attacks show a clear shift: threat actors are abusing online ads, fake apps, and familiar tools to quietly steal credentials, session cookies, and cryptocurrency data from Mac users. Cross‑platform Python stealers […]

The post Infostealer Campaigns Expand to macOS as Attackers Abuse Python and Trusted Platforms appeared first on Cyber Security News.

Cybercriminals are launching a dangerous phishing campaign that tricks users into giving away their login credentials by impersonating Dropbox. This attack uses a multi-stage approach to bypass email security checks and content scanners. The threat actors exploit trusted cloud platforms and harmless-looking PDF files to create a deception chain that leads victims to a fake […]

The post Beware of Fake Dropbox Phishing Attack that Harvest Login Credentials appeared first on Cyber Security News.

Threat actors are actively exploiting a critical remote code execution vulnerability in React Native’s Metro Development Server to deliver advanced malware payloads across Windows and Linux systems. VulnCheck’s Canary honeypot network first detected operational exploitation of CVE-2025-11953 dubbed “Metro4Shell” on December 21, 2025, with continued attacks observed in January 2026, yet the vulnerability remains largely […]

The post Hackers Exploiting React Native’s Metro Server in the Wild to Attack Developers appeared first on Cyber Security News.

Security updates addressing critical cross-site scripting (XSS) vulnerabilities in Foxit PDF Editor Cloud that could allow attackers to execute arbitrary JavaScript code in users’ browsers. The vulnerabilities were discovered in the application’s File Attachments list and Layers panel, where insufficient input validation and improper output encoding create pathways for malicious code execution. Two related cross-site […]

The post Foxit PDF Editor Vulnerabilities Let Attackers Execute Arbitrary JavaScript appeared first on Cyber Security News.

There is a comforting illusion in cybersecurity leadership: when things get noisy, you add more people. More analysts. More shifts. More headcount. It feels decisive. It looks responsible. It even photographs well for internal reports.  But SOC inefficiency is rarely a staffing problem. It is a signal problem.  When More People Don’t Mean Better Security  Across industries, security […]

The post Stronger Incident Prevention Takes Just One CISO Decision  appeared first on Cyber Security News.

A sophisticated phishing campaign targeting macOS users has emerged, using fake compliance emails as a delivery mechanism for advanced malware. Chainbase Lab recently detected this campaign, which impersonates legitimate audit and compliance notifications to deceive users. The attack chain combines social engineering with multi-stage fileless payloads designed to steal credentials and establish persistent remote access […]

The post Beware of New Compliance Emails Weaponizing Word/PDF Files to Steal Sensitive Data appeared first on Cyber Security News.

A new variant of the PDFly malware has emerged with advanced techniques that challenge traditional analysis methods. The malware uses a modified PyInstaller executable that prevents standard extraction tools from working properly. This makes it difficult for security teams to examine the code and understand how the threat operates. The modified version changes key identifiers […]

The post PDFly Variant Uses Custom PyInstaller Modification, Forcing Analysts to Reverse-Engineer Decryption appeared first on Cyber Security News.

French authorities raided the Paris headquarters of Elon Musk’s social media platform X today, escalating a year-old cybercrime probe into alleged algorithmic manipulation and illicit content distribution. The operation, led by the Paris prosecutor’s cybercrime unit alongside France’s national cybercrime police and Europol, marks a significant intensification of scrutiny on X’s data practices and moderation […]

The post French Authorities Raid X Office Following Cybercrime Allegations appeared first on Cyber Security News.