Cyber Security News

Threat actors launched a coordinated brute-force campaign against enterprise VPN gateways, hammering Palo Alto Networks GlobalProtect portals and Cisco SSL VPN endpoints with millions of automated login attempts in mid-December 2025. GreyNoise intelligence revealed the attacks stemmed from centralized infrastructure hosted by Germany’s 3xK GmbH, using scripted credential stuffing rather than zero-day exploits. The operation […]

The post Hackers Actively Attacking Cisco and Palo Alto Networks VPN Gateways to Gain Login Access appeared first on Cyber Security News.

Thousands of users in Japan and China faced widespread access and sign-in disruptions to Microsoft 365 and Copilot services early Thursday, stemming from a critical routing issue in the company’s infrastructure. Microsoft’s admin center status page confirmed the outage began around 12:00 AM UTC (8:00 AM JST / 8:00 AM CST), affecting a portion of […]

The post Microsoft 365 Services Including Teams, Outlook and Copilot Outage Hits Users in Japan and China appeared first on Cyber Security News.

The North Korean state-linked threat group Kimsuky has expanded its attack methods by distributing a dangerous mobile malware through weaponized QR codes, targeting users through sophisticated phishing sites that imitate package delivery services. Security researchers discovered the malicious campaign in September 2025, when victims received smishing messages with links that redirected them to fake delivery […]

The post Kimsuky Hackers Attacking Users via Weaponized QR Code to Deliver Malicious Mobile App appeared first on Cyber Security News.

Operation ForumTrol, an advanced persistent threat group, has launched a new targeted phishing campaign against Russian political scientists and researchers. This sophisticated operation continues the group’s pattern of cyberattacks that began in March 2025 with the exploitation of CVE-2025-2783, a zero-day vulnerability in Google Chrome. The threat group previously deployed rare malware like the LeetAgent […]

The post Operation ForumTrol Known for Exploiting Chrome 0-Day Attacking Users With New Phishing Campaign appeared first on Cyber Security News.

Every extra minute spent guessing during triage puts your SOC at risk. When it’s unclear what a file does, whether it’s malicious, or how urgent it is, real threats slip through while time is wasted on noise.  Fast triage depends on removing uncertainty early, so decisions are based on evidence, not guesswork or incomplete signals.  Here are five practical […]

The post 5 SOC Analyst Tips for Super-Fast Triage  appeared first on Cyber Security News.

Modern vehicles are increasingly defined by their connectivity, transforming them into sophisticated IoT devices on wheels. While this digital evolution enhances the driving experience, it introduces severe security risks. A hypothetical scenario where a car dashboard is remotely hijacked to run video games like Doom has become a frightening reality. This vulnerability stems from the […]

The post Hackers Could Take Control of Car Dashboard by Hacking Its Modem appeared first on Cyber Security News.

Microsoft has confirmed a critical out-of-bounds vulnerability in the Desktop Window Manager (DWM) that allows local attackers to escalate privileges to SYSTEM on affected Windows systems. The vulnerability, identified as CVE-2025-55681, resides in the dwmcore.dll component and impacts Windows 10, Windows 11, and related server editions worldwide. Product Affected Versions Windows 10 All versions Windows 11 […]

The post Microsoft Desktop Windows Manager Out-Of-Bounds Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

Microsoft has confirmed that its December 2025 Windows security update (KB5071546, OS Build 19045.6691) is causing Message Queuing (MSMQ) failures, leading to widespread IIS site crashes. First reported on December 12 and last updated December 16, the problem manifests under load, particularly in clustered setups, disrupting critical messaging workflows. Affected users report MSMQ queues going […]

The post Microsoft Asks IT Admins to Contact for Fix Related to Windows IIS Failure Issues appeared first on Cyber Security News.

In a sophisticated cyberespionage campaign, the BlindEagle threat actor has once again targeted Colombian government institutions. This latest operation specifically zeroed in on an agency under the Ministry of Commerce, Industry, and Tourism, leveraging a highly effective strategy to bypass standard email security protocols. By compromising an internal email account within the target organization, the […]

The post BlindEagle Hackers Attacking Organization to Abuse Trust and Bypass Email Security Controls appeared first on Cyber Security News.

A significant discovery in threat intelligence reveals that APT-C-35, commonly known as DoNot, continues to maintain an active infrastructure footprint across the internet. Security researchers have identified new infrastructure clusters linked to this India-based threat group, which has long been recognized as a state-sponsored actor with espionage capabilities targeting critical regions in South Asia. APT-C-35 […]

The post APT-C-35 Infrastructure Activity Leveraged Using Apache HTTP Response Indicators appeared first on Cyber Security News.

A Russian state-sponsored hacking group has been targeting network edge devices in Western critical infrastructure since 2021, with operations intensifying throughout 2025. The campaign, linked to Russia’s Main Intelligence Directorate (GRU) and the notorious Sandworm group, represents a major shift in tactics. Instead of focusing on exploiting zero-day vulnerabilities, the hackers now target misconfigured customer […]

The post Russian Hackers Attacking Network Edge Devices in Western Critical Infrastructure appeared first on Cyber Security News.

The integration of Large Language Models (LLMs) into ransomware operations marks a pivotal shift in the cybercrime landscape, functioning as a potent operational accelerator rather than a fundamental revolution. This technology dramatically lowers barriers to entry, enabling even low-skill actors to assemble functional tools and sophisticated Ransomware-as-a-Service (RaaS) infrastructure. Consequently, the ecosystem is splintering; the […]

The post LLMs are Accelerating the Ransomware Operations with Functional Tools and RaaS appeared first on Cyber Security News.

A new class of internet-based attacks is turning solar power infrastructure into a high‑risk target, allowing hackers to disrupt energy production in minutes using nothing more than open ports and free tools. Modern solar farms rely on networked operational technology, including SCADA controllers and string monitoring boxes, many of which still speak Modbus, a legacy […]

The post Hackers Can Manipulate Internet-Based Solar Panel Systems to Execute Attacks in Minutes appeared first on Cyber Security News.

Microsoft has released comprehensive mitigations for a critical vulnerability dubbed React2Shell (CVE-2025-55182), which poses severe risks to React Server Components and Next.js environments. With a maximum CVSS score of 10.0, this pre-authentication remote code execution flaw allows threat actors to compromise servers through a single malicious HTTP request. Exploitation attempts were first detected on December […]

The post Microsoft Details Mitigations Against React2Shell RCE Vulnerability in React Server Components appeared first on Cyber Security News.

Frankfurt am Main, Germany, December 16th, 2025, CyberNewsWire Link11, a European provider of web infrastructure security solutions, has released new insights outlining five key cybersecurity developments expected to influence how organizations across Europe prepare for and respond to threats in 2026. The findings are based on analysis of current threat activity, industry research, and insights […]

The post Link11 Identifies Five Cybersecurity Trends Set to Shape European Defense Strategies in 2026 appeared first on Cyber Security News.

Attackers evolve faster than most organizations can update their defenses. That’s why 2026 will be defined not by whether incidents happen but by how efficiently and proactively SOCs can detect and contain them.  Yet even the most mature security teams are held back by a few systemic bottlenecks: invisible efficiency killers that drain time, inflate costs, and open the […]

The post Top 3 SOC Bottlenecks and How to Solve Them   appeared first on Cyber Security News.

CISA has issued an urgent warning regarding a critical zero-day vulnerability in Apple WebKit that is currently being actively exploited in attacks. CISA has added CVE-2025-43529 to its catalog of vulnerabilities requiring immediate attention, setting a strict deadline for organizations to implement protective measures. What Is the WebKit Vulnerability? The vulnerability, identified as a use-after-free flaw in […]

The post CISA Warns of Apple WebKit Vulnerability 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Threat actors have been actively exploiting a critical path-traversal vulnerability in Fortinet’s FortiWeb web application firewall since early October 2025, allowing unauthenticated attackers to create rogue administrator accounts and gain full control of exposed devices. Researchers at watchTowr Labs first detailed the flaw on November 13, 2025, revealing a chain of path traversal and authentication bypass issues […]

The post Fortinet FortiWeb Vulnerability (CVE-2025-64446) Exploited in the Wild for Full Admin Takeover appeared first on Cyber Security News.

A new local privilege escalation vulnerability in Microsoft’s Windows Admin Center (WAC), affecting versions up to 2.4.2.1 and environments running WAC 2411 and earlier. Tracked as CVE-2025-64669, the flaw stems from insecure directory permissions on the folder C:\ProgramData\WindowsAdminCenter, which is writable by standard users yet used by services running with elevated privileges. Because Windows Admin […]

The post Windows Admin Center Vulnerability (CVE-2025-64669) Let Attackers Escalate Privileges appeared first on Cyber Security News.

NoName057(16), also known as 05716nnm or NoName05716, has emerged as a significant threat targeting NATO member states and European organizations. The group, which originated as a covert project within Russia’s Centre for the Study and Network Monitoring of the Youth Environment, has been actively conducting distributed denial-of-service attacks since March 2022. Operating with support from […]

The post NoName057(16) Hackers Using DDoSia DDoS Tool to Attack Organizations in NATO appeared first on Cyber Security News.