Cyber Security News

Critical security patches on December 10, 2025, addressing ten significant vulnerabilities across its Community Edition and Enterprise Edition platforms. GitLab has released updated versions 18.6.2, 18.5.4, and 18.4.6 to address multiple high-severity security issues. High-Severity Threats Identified Four vulnerabilities received high-severity ratings and require immediate remediation. The vulnerability landscape includes four high-severity flaws, five medium-severity […]

The post GitLab Patches Multiple Vulnerabilities that Allows Attackers to Trigger XSS and DoS Attack appeared first on Cyber Security News.

Patches released by Jenkins address a significant denial-of-service (DoS) vulnerability affecting millions of organizations. That rely on the popular automation server for continuous integration and deployment pipelines. A high-severity vulnerability in Jenkins versions 2.540 and earlier (LTS 2.528.2 and earlier). Enables unauthenticated attackers to trigger denial of service attacks through the HTTP-based command-line interface. Vulnerability […]

The post High-Severity Jenkins Vulnerability Allows Unauthenticated DoS via HTTP CLI appeared first on Cyber Security News.

ValleyRAT, also known as Winos or Winos4.0, has emerged as one of the most sophisticated backdoors targeting organizations worldwide. This modular malware family represents a significant threat to Windows systems, particularly Windows 11 installations running the latest security patches. The threat landscape has shifted dramatically following the public leak of the ValleyRAT builder and its […]

The post ValleyRAT Malware Uses Stealthy Driver Install to Bypass Windows 11 Protections appeared first on Cyber Security News.

The cybersecurity world faces an ironic threat as two Chinese hackers who once excelled in Cisco’s training program are now leading sophisticated attacks against the company’s devices. Yuyang and Qiu Daibing were identified as key operators behind the notorious Salt Typhoon campaign. Have leveraged their Cisco Network Academy education to orchestrate one of the most […]

The post 2 Chinese Hackers Trained in Cisco Program Now Leading Sophisticated Attacks on Cisco Devices appeared first on Cyber Security News.

A critical stored cross-site scripting vulnerability in Ivanti Endpoint Manager (“EPM”) versions 2024 SU4 and below, that could enable attackers to hijack administrator sessions without authentication. The vulnerability, identified as CVE-2025-10573, has been assigned a CVSS score of 9.6 and patched on December 9, 2025, with the release of Ivanti EPM version 2024 SU4 SR1. […]

The post Critical Ivanti EPM Vulnerability Allows Admin Session Hijacking via Stored XSS appeared first on Cyber Security News.

The Shadowserver Foundation has released alarming new data regarding the exposure of web applications to CVE-2025-55182, a critical vulnerability affecting React Server Components. Following significant improvements to their scanning methodologies, researchers have identified a massive attack surface comprising over 165,000 unique IP addresses and more than 644,000 domains hosting vulnerable code as of December 8, […]

The post Over 644,000 Domains Exposed to Critical React Server Components Vulnerability appeared first on Cyber Security News.

A sophisticated new phishing framework dubbed “Spiderman” has emerged in the cybercrime underground, dramatically lowering the barrier to entry for financial fraud. This toolkit, observed by Varonis, allows threat actors, even those with minimal technical skill, to spin up pixel-perfect replicas of legitimate banking portals in just a few clicks. The kit targets customers of […]

The post New Spiderman Phishing Kit Lets Attackers Create Malicious Bank Login Pages in Few Clicks appeared first on Cyber Security News.

Cybersecurity is about to hit a turning point in 2026. Attackers aren’t only testing AI but also building campaigns around it. Their tooling is getting faster, more adaptive, and far better at mimicking user behavior, from reconnaissance to phishing to initial access.  The Shift is Already Underway  With geopolitical tension rising and technology accelerating, SOCs are entering a period where both […]

The post What’s Next for SOC in 2026: Get the Early-Adopter Advantage  appeared first on Cyber Security News.

Threat actors are now leveraging the trust users place in AI platforms like ChatGPT and Grok to distribute the Atomic macOS Stealer (AMOS). A new campaign discovered by Huntress on December 5, 2025, reveals that attackers have moved beyond mimicking trusted brands to actively utilizing legitimate AI services to host malicious payloads.​ The infection chain […]

The post Threat Actors Weaponize ChatGPT and Grok Conversations to Deploy AMOS Stealer appeared first on Cyber Security News.

Microsoft has patched a critical remote code execution (RCE)vulnerability in Outlook that could allow attackers to execute malicious code on vulnerable systems. The flaw, tracked as CVE-2025-62562, was released on December 9, 2025, and requires immediate attention from IT administrators and end users. The vulnerability stems from a use-after-free weakness in Microsoft Office Outlook. According […]

The post Microsoft Outlook Vulnerability Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.

A novel, highly sophisticated malware strain targeting vulnerable React Server Components, signaling a significant evolution in how state-sponsored threat actors are exploiting the critical React2Shell vulnerability disclosed just days earlier. On December 5, 2025, just two days after the disclosure of the maximum-severity vulnerability CVE-2025-55182 (dubbed “React2Shell”), the Sysdig Threat Research Team (TRT) discovered a […]

The post North Korean Hackers Exploit React2Shell Vulnerability in the Wild to Deploy EtherRAT appeared first on Cyber Security News.

Fortinet has released a critical security update for its FortiSandbox analysis appliances to fix a dangerous vulnerability. If left unpatched, this flaw could allow attackers to take control of the underlying system. The vulnerability, tracked as CVE-2025-53949, was officially published on December 9, 2025. The security flaw is described as an “OS Command Injection” vulnerability. In […]

The post FortiSandbox OS command injection Vulnerability Let Attackers execute Malicious code appeared first on Cyber Security News.

Security update addressing a dangerous Windows PowerShell vulnerability that allows attackers to execute malicious code on affected systems. The vulnerability, tracked as CVE-2025-54100, was publicly disclosed on December 9, 2025, and represents a significant security risk for organizations worldwide. The flaw stems from improper neutralization of special elements in Windows PowerShell during command injection attacks. […]

The post Windows PowerShell 0-Day Vulnerability Let Attackers Execute Malicious Code appeared first on Cyber Security News.

A high-priority warning regarding a critical security flaw in WinRAR, the popular file compression tool used by millions of Windows users. The vulnerability, tracked as CVE-2025-6218, is currently being exploited by attackers to compromise systems and execute malicious code. The specific flaw is known as a “path traversal” vulnerability. In simple terms, WinRAR fails to properly […]

The post CISA Warns of WinRAR 0-Day RCE Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Fortinet has issued an urgent security advisory regarding a critical vulnerability affecting its FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager product lines. The security flaw, identified as an Improper Verification of Cryptographic Signature (CWE-347), could allow an unauthenticated attacker to bypass the FortiCloud Single Sign-On (SSO) login authentication. The vulnerability stems from the device’s failure to verify […]

The post FortiOS, FortiWeb, and FortiProxy Vulnerability Lets Attackers Bypass FortiCloud SSO Authentication appeared first on Cyber Security News.

Microsoft released its final Patch Tuesday updates of 2025 on December 9, addressing 56 security vulnerabilities across Windows, Office, Exchange Server, and other components. This patch includes three zero-day flaws: two publicly disclosed remote code execution issues and one actively exploited elevation of privilege vulnerability.​ The updates tackle two critical remote code execution vulnerabilities in […]

The post Microsoft December 2025 Patch Tuesday – 56 Vulnerabilities Fixed Including 3 Zero-days appeared first on Cyber Security News.

Makop ransomware, a strain of the Phobos malware family first spotted in 2020, continues to evolve into a significant threat to businesses worldwide. Recent analysis reveals that attackers are combining brute-force RDP attacks with sophisticated privilege escalation techniques and security bypass tools to compromise organizations. The majority of attacks, representing 55 percent of all incidents, […]

The post Makop Ransomware Exploits RDP Systems with AV Killer and Other Exploits appeared first on Cyber Security News.

A sophisticated cyber campaign is exploiting search engine optimization (SEO) to distribute a malicious installer disguised as Microsoft Teams, targeting unsuspecting organizations. This campaign, active since November 2025, uses a fake Microsoft Teams website to lure users into downloading a trojanized application, which then deploys the “ValleyRAT” malware. This malware gives attackers remote control over […]

The post Threat Actors Poisoning SEO Results to Attack Organizations With Fake Microsoft Teams Installer appeared first on Cyber Security News.

Ivanti has officially released urgent security updates for its Endpoint Manager (EPM) solution to address four distinct security flaws. The latest advisory highlights one critical vulnerability and three high-severity issues that could allow attackers to execute arbitrary code, write files on the server, or bypass security restrictions. While the company confirmed that it is not […]

The post Ivanti Security Update: Patch for Code Execution Vulnerabilities in Endpoint Manager appeared first on Cyber Security News.

The GOLD BLADE threat group has shifted from pure espionage to a hybrid model that combines data theft with targeted ransomware attacks using a custom locker called QWCrypt. This shift follows a long-running campaign tracked as STAC6565, which hit almost 40 victims between early 2024 and mid‑2025, with a strong focus on Canadian organizations and […]

The post GOLD BLADE Using Custom QWCrypt Locker that Allows Data Exfiltration and Ransomware Deployment appeared first on Cyber Security News.