Cyber Security News

A decade-old Unicode vulnerability known as BiDi Swap allows attackers to spoof URLs for sophisticated phishing attacks. By exploiting how browsers render mixed Right-to-Left (RTL) and Left-to-Right (LTR) language scripts, threat actors can craft URLs that appear legitimate but secretly redirect users to malicious sites. The BiDi Swap attack builds on prior Unicode manipulation methods […]

The post Hackers Exploit RTL/LTR Scripts and Browser Gaps to Hide Malicious URLs appeared first on Cyber Security News.

Since mid-2024, cybercriminals have leveraged a subscription-based phishing platform known as RaccoonO365 to harvest Microsoft 365 credentials at scale. Emerging as an off-the-shelf service, RaccoonO365 requires minimal technical skill, allowing threat actors to deploy convincing phishing campaigns by impersonating official Microsoft communications. These kits replicate Microsoft branding, email templates, and login portals to trick recipients […]

The post Microsoft Dismantles 300+ Websites Used to Distribute RaccoonO365 Phishing Service appeared first on Cyber Security News.

The digital advertising ecosystem has become a prime hunting ground for cybercriminals, who are increasingly exploiting advertising technology companies to distribute malware and conduct malicious campaigns. Rather than simply abusing legitimate platforms, threat actors are now operating as the platforms themselves, creating a sophisticated web of deception that leverages the inherent complexity and fragmentation of […]

The post Threat Actors Abuse Adtech Companies to Target Users With Malicious Ads appeared first on Cyber Security News.

The PureHVNC remote administration tool (RAT) has emerged as a sophisticated component of the Pure malware family, gaining prominence in mid-2025 amid an uptick in targeted intrusion campaigns. Originating from underground forums and Telegram channels, PureHVNC is marketed by its author, known as PureCoder, alongside companion tools such as PureCrypter, PureLogs, and PureMiner. Its adoption […]

The post PureHVNC RAT Developers Leverage GitHub Host Source Code appeared first on Cyber Security News.

A critical security flaw has been discovered in Greenshot, a popular open-source screenshot utility for Windows. The vulnerability allows a local attacker to execute arbitrary code within the Greenshot process, potentially enabling them to bypass security measures and carry out further attacks. A proof-of-concept (PoC) exploit has been released, demonstrating the severity of the issue. […]

The post Windows Screenshot Utility Greenshot Vulnerability Enable Malicious code execution – PoC Released appeared first on Cyber Security News.

In the face of an ever-increasing volume of security alerts, a critical shortage of skilled cybersecurity professionals, and the growing sophistication of cyber threats, Security Operations Centers (SOCs) are often overwhelmed. This is where Security Orchestration, Automation, and Response (SOAR) tools become a game-changer. A SOAR platform centralizes security alerts, orchestrates security tools to work […]

The post Top 10 Best Security Orchestration, Automation, And Response (SOAR) Tools in 2025 appeared first on Cyber Security News.

A critical vulnerability has been discovered in WatchGuard’s Firebox firewalls, which could allow a remote, unauthenticated attacker to execute arbitrary code on affected devices. The flaw, tracked as CVE-2025-9242, has been assigned a critical severity rating with a CVSS score of 9.3 out of 10. WatchGuard disclosed the issue in an advisory, WGSA-2025-00015, released on […]

The post Critical WatchGuard Vulnerability Allows Unauthenticated Attacker to Execute Arbitrary Code appeared first on Cyber Security News.

In recent weeks, cybersecurity researchers have observed the emergence of XillenStealer, a Python-based information stealer publicly hosted on GitHub and rapidly adopted by threat actors. First reported in mid-September 2025, the stealer leverages a user-friendly builder GUI to lower the bar for malicious deployment. Operators can configure exfiltration channels, such as a Telegram bot, and […]

The post Python Based XillenStealer Attacking Windows Users to Steal Sensitive Data appeared first on Cyber Security News.

Conor Brian Fitzpatrick, the 22-year-old founder of BreachForums, has been resentenced to three years in federal prison for operating one of the world’s largest cybercriminal marketplaces.  The New York resident was sentenced on September 16, 2025, for creating and administering a platform that facilitated the sale of stolen data and harbored child sexual abuse material […]

The post World’s Largest Hacking Forum BreachForums Creator Sentenced to Three Years in Prison appeared first on Cyber Security News.

A threat actor who gained initial access through a SonicWall VPN device was able to escalate their attack by finding Huntress recovery codes saved in a plaintext file on a user’s desktop. This allowed the attacker to log into the client’s security portal, where they attempted to remediate incident reports and uninstall security agents to […]

The post How a Plaintext File On Users’ Desktops Exposed Secrets Leads to Akira Ransomware Attacks appeared first on Cyber Security News.

A denial-of-service flaw in the Linux kernel’s KSMBD (SMB Direct) subsystem has raised alarms across the open-source community.  Tracked as CVE-2025-38501, the issue allows a remote, unauthenticated adversary to exhaust all available SMB connections by exploiting the kernel’s handling of half-open TCP sessions.  Key Takeaways1. CVE-2025-38501 lets attackers exhaust KSMBD connections via half-open TCP handshakes.2. […]

The post Linux Kernel’s KSMBD Subsystem Vulnerability Let Remote Attackers Exhaust Server Resources appeared first on Cyber Security News.

A large-scale supply chain attack dubbed “Shai-Halud” that infiltrated the JavaScript ecosystem via the npm registry.  In total, 477 packages, including packages from CrowdStrike, were found to contain stealthy backdoors and trojanized modules designed to siphon credentials, exfiltrate source code, and enable remote code execution (RCE) on developer machines. Key Takeaways1. Obfuscated backdoors hit 477 npm packages […]

The post Massive “Shai-Halud” Supply Chain Attack Compromised 477 NPM Packages appeared first on Cyber Security News.

American First Finance, LLC, a Dallas-based financial services firm, suffered a significant insider breach when a recently terminated employee exploited unauthorized access to its production database.  The incident, dubbed the FinWise insider breach, resulted in the exfiltration of sensitive customer records nearly 689,000 names, Social Security numbers, and other personal identifiers via direct SQL queries […]

The post FinWise Insider Breach Exposes 700K Customer Records to Former Employee appeared first on Cyber Security News.

A critical vulnerability in Windows Boot Manager, known as bitpixie, enables attackers to bypass BitLocker drive encryption and escalate local privileges on Windows systems.  The vulnerability affects boot managers from 2005 to 2022 and can still be exploited on updated systems through downgrade attacks, posing significant risks to enterprise security. Key Takeaways1. Bitpixie lets attackers bypass BitLocker […]

The post Hackers Can Exploit Bitpixie Vulnerability to Bypass BitLocker Encryption and Escalate Privileges appeared first on Cyber Security News.

Newark, New Jersey, United States, September 16th, 2025, CyberNewsWire The OpenSSL Conference 2025 will take place on October 7 – 9 in Prague. The program will bring together lawyers, regulators, developers, and entrepreneurs to discuss security and privacy in a global context. Conference starts in 3 weeks. [REGISTRATION AVAILABLE HERE]  Conference Contact Details The OpenSSL Conference team […]

The post 3 Weeks Left Until the Start of the OpenSSL Conference 2025 appeared first on Cyber Security News.

Luxury fashion company Kering has confirmed a data exfiltration incident in which threat actor Shiny Hunters accessed private customer records for Gucci, Balenciaga, and Alexander McQueen. The breach, detected in June but occurring in April, exposed personally identifiable information (PII) for an estimated 7.4 million unique email addresses. Key Takeaways1. PII and spend data of […]

The post Hackers Stolen Millions of Users Personal Data from Gucci, Balenciaga and Alexander McQueen Stores appeared first on Cyber Security News.

Las Vegas, United States, September 16th, 2025, CyberNewsWire Seraphic today announced at Fal.Con 2025 that its Secure Enterprise Browser (SEB) solution is now available for purchase in the CrowdStrike Marketplace, a one-stop destination for the world-class ecosystem of CrowdStrike-compatible security products. This availability enables customers to discover, buy, and implement Seraphic’s browser-native protection directly within […]

The post Seraphic Browser-Native Protection Now Available for Purchase on the CrowdStrike Marketplace appeared first on Cyber Security News.

Security Operations Centers (SOCs) exist under ever-increasing pressure to detect and respond to threats before they escalate. Today’s fast-moving adversaries exploit gaps in threat visibility with automation, targeted ransomware, and zero-day exploits. The result? Severe operational disruptions, financial losses, and reputational harm.  Lessons from Recent Cyber Disruptions  These recent high-impact incidents show why SOCs need […]

The post Why Real-Time Threat Intelligence Is Critical for Modern SOCs appeared first on Cyber Security News.

The KillSec ransomware strain has rapidly emerged as a formidable threat targeting healthcare IT infrastructures across Latin America and beyond. First observed in early September 2025, KillSec operators have leveraged compromised software supply chain relationships to deploy their payloads at scale. Initial indicators of compromise were detected when several Brazilian healthcare providers reported unusual network […]

The post KillSec Ransomware Attacking Healthcare Industry IT Systems appeared first on Cyber Security News.

RevengeHotels, a financially motivated threat group active since 2015, has escalated its operations against hospitality organizations by integrating large language model–generated code into its infection chain. Initially known for deploying bespoke RAT families such as RevengeRAT and NanoCoreRAT via phishing emails targeting hotel front-desk systems, the group’s latest campaigns pivot on delivering VenomRAT implants through […]

The post RevengeHotels Leveraging AI To Attack Windows Users With VenomRAT appeared first on Cyber Security News.