Cyber Security News

The Cybersecuritynews researcher team uncovered a sophisticated social engineering campaign that is exploiting the public’s need for free internet access, using deceptive Wi-Fi portals to trick users into downloading and executing PowerShell-based malware. Dubbed the “Clickfix” attack, this method turns a user’s own browser actions against them to compromise their system under the guise of […]

The post New Clickfix Attack Promises “Free WiFi” But Delivers Powershell-Based Malware appeared first on Cyber Security News.

A new kernel address leak vulnerability has been discovered in the latest versions of Windows 11 (24H2) and Windows Server 2022 (24H2). The flaw, identified as CVE-2025-53136, was ironically introduced by a Microsoft patch intended to fix a separate vulnerability, CVE-2024-43511. According to Crowdfense, the new bug undermines recent security enhancements in Windows, providing a […]

The post Microsoft Patch for Old Flaw Reveals New Kernel Address Leak Vulnerability in Windows 11/Server 2022 24H2 appeared first on Cyber Security News.

A new, sophisticated malware campaign has been uncovered that leverages Microsoft’s Azure Functions for its command-and-control (C2) infrastructure, a novel technique that complicates detection and takedown efforts. According to the Dmpdump report, the malware, first identified from a file uploaded to VirusTotal on August 28, 2025, from Malaysia, employs a multi-stage infection process involving DLL […]

The post New Malware Using Azure Functions For Hosting Command And Control Infrastructure appeared first on Cyber Security News.

To ensure the security of sensitive internet data, it takes more than encryption; it requires clear principles, careful design, and evidential support. Naman Jain is a Senior Software Development Engineer and a leading practitioner in secure systems for fintech and digital payments. At Amazon, he has led the architecture of an enterprise tokenization and sensitive […]

The post Business speed, lasting security: Conversation with Amazon’s Senior Software Development Engineer Naman Jain appeared first on Cyber Security News.

Cyber attackers constantly refine their evasion methods. That’s what makes threats, including phishing, increasingly hard to detect and investigate. Kits like Tycoon 2FA regularly evolve with new tricks added to their arsenal. They slip past defenses and compromise companies, demonstrating great adaptivity in modern cyber threats.  Let’s review three key evasion techniques of Tycoon 2FA […]

The post PhishKit Evasion Tactics: What You Need to Pay Attention to Right Now  appeared first on Cyber Security News.

A novel speculative execution attack named VMSCAPE allows a malicious virtual machine (VM) to breach its security boundaries and steal sensitive data, like cryptographic keys, directly from its host system. The vulnerability, identified as CVE-2025-40300, affects a wide range of modern processors, including all current generations of AMD Zen (1 through 5) and Intel’s Coffee […]

The post New VMScape Spectre-BTI Attack Exploits Isolation Gaps in AMD and Intel CPUs appeared first on Cyber Security News.

In early May 2025, security teams began observing a sudden rise in post-exploitation activity leveraging an open-source command-and-control framework known as AdaptixC2. Originally developed to assist penetration testers, this framework offers a range of capabilities—file system manipulation, process enumeration, and covert channel tunneling—that have now been adopted by malicious actors. The framework’s modular design and […]

The post Threat Actors Leveraging Open-Source AdaptixC2 in Real-World Attacks appeared first on Cyber Security News.

In early March 2025, security teams first observed an unprecedented L7 DDoS botnet targeting web applications across multiple sectors. The botnet, rapidly expanding from an initial 1.33 million compromised devices, employed HTTP GET floods to exhaust server resources and circumvent traditional rate limiting. By mid-May, the threat escalated as the botnet grew to 4.6 million […]

The post L7 DDoS Botnet Hijacked 5.76M Devices to Launch Massive Attacks appeared first on Cyber Security News.

The Salesloft Drift data breaches of August 2025 stand as one of the most significant supply chain attacks in SaaS history, demonstrating how a single compromised integration can cascade into widespread organizational exposure. This sophisticated campaign, staged by the threat actor UNC6395, exploited OAuth token vulnerabilities to access sensitive data from over 700 organizations, including […]

The post Lessons from Salesforce/Salesloft Drift Data Breaches – Detailed Case Study appeared first on Cyber Security News.

Four Kenyan filmmakers became victims of sophisticated surveillance when FlexiSPY spyware was covertly installed on their devices while in police custody, according to forensic analysis conducted by the University of Toronto’s Citizen Lab. The incident occurred on or around May 21, 2025, after authorities seized the devices during arrests connected to allegations surrounding the BBC […]

The post Kenyan Filmmakers Installed With FlexiSPY Spyware That Monitors Messages and Social Media appeared first on Cyber Security News.

A previously unknown advanced persistent threat (APT) group has unleashed a new fileless malware framework, dubbed EggStreme, in a highly targeted espionage campaign against strategic organizations. Emerging in early 2024, EggStreme exploits the legitimate Windows Mail executable (WinMail[.]exe) to sideload a malicious library, allowing attackers to achieve in-memory code execution without writing decrypted payloads to […]

The post New EggStreme Malware With Fileless Capabilities Leverages DLL Sideloading to Execute Payloads appeared first on Cyber Security News.

In early May 2025, cybersecurity researchers began tracking a novel Remote Access Trojan (RAT) targeting Chinese-speaking users via phishing sites hosted on GitHub Pages. Masked as legitimate installers for popular applications, the initial ZIP archives contained malicious executables engineered to bypass sandbox and virtual machine defenses. Once executed, the first-stage shellcode performs time stability analysis […]

The post kkRAT Employs Network Communication Protocol to Steal Clipboard Contents appeared first on Cyber Security News.

Cornwell Quality Tools has disclosed a significant data breach that compromised the sensitive information of nearly 104,000 individuals. The incident involved unauthorized access to the company’s network, resulting in the exposure of both personally identifiable information (PII) and protected health information (PHI). According to the company’s report, the security incident was first identified on or […]

The post Cornwell Quality Tools Data Breach – 100,000 Users Data Was Compromised appeared first on Cyber Security News.

In recent months, cybersecurity researchers have observed a surge in malicious domain registrations linked to an emerging e-crime group known as PoisonSeed. First identified in April 2025, this actor has focused its efforts on impersonating legitimate cloud-based email platforms, most notably SendGrid, to harvest enterprise credentials. By embedding fake Cloudflare CAPTCHA interstitials and Ray ID […]

The post PoisonSeed Threat Actor Registering New Domains in Attempt to Compromise Enterprise Credentials appeared first on Cyber Security News.

U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to investigate Microsoft for what he terms “gross cybersecurity negligence,” accusing the tech giant of knowingly shipping its Windows operating system with a dangerously outdated form of encryption that has enabled devastating ransomware attacks on U.S. critical infrastructure, including major healthcare systems. In […]

The post Senator Calls for FTC Investigation into Microsoft’s Use of Outdated RC4 Encryption and Kerberoasting Vulnerabilities appeared first on Cyber Security News.

FastNetMon today announced that it detected a record-scale distributed denial-of-service (DDoS) attack targeting the website of a leading DDoS scrubbing vendor in Western Europe. The attack reached 1.5 billion packets per second (1.5 Gpps) — one of the largest packet-rate floods publicly disclosed. The malicious traffic was primarily a UDP flood launched from compromised customer-premises equipment (CPE), including IoT devices and […]

The post 1.5 Billion Packets Per Second DDoS Attack Detected with FastNetMon appeared first on Cyber Security News.

FastNetMon, a prominent provider of DDoS detection solutions, announced this week that it had identified and helped mitigate a record-breaking distributed denial-of-service (DDoS) attack. The assault targeted a major DDoS scrubbing vendor located in Western Europe, pushing packet-forwarding rates to an astonishing 1.5 billion packets per second (1.5 Gpps). This incident stands as one of […]

The post DDoS Mitigation Provider targeted In 1.5 Gpps 1.5 Billion Packets per Second DDoS Attack appeared first on Cyber Security News.

The Australian Cyber Security Centre (ACSC) has issued a critical alert regarding a severe access control vulnerability in SonicWall products that is being actively exploited in attacks. The flaw, tracked as CVE-2024-40766, affects multiple generations of SonicWall firewalls and carries a critical CVSS score of 9.3, highlighting the significant risk it poses to organizations. The […]

The post ACSC Warns Of Sonicwall Access Control Vulnerability Actively Exploited In Attacks appeared first on Cyber Security News.

The U.S. District Court for the Eastern District of New York has unsealed a superseding indictment against a Ukrainian national, charging him with his alleged role as an administrator in the LockerGoga, MegaCortex, and Nefilim ransomware operations. The schemes reportedly extorted over 250 companies in the United States and hundreds more across the globe, causing […]

The post Authorities Arrested Admins Of “LockerGoga,” “MegaCortex,” And “Nefilim” Ransomware Gangs appeared first on Cyber Security News.

A remote code execution vulnerability has been discovered in the Cursor AI Code Editor, enabling a malicious code repository to run code on a user’s machine upon opening automatically. The research team at Oasis Security uncovered the flaw, which bypasses typical user consent prompts by exploiting a default configuration setting in the popular editor. According […]

The post Cursor AI Code Editor RCE Vulnerability Enables “autorun” of Malicious on your Machine appeared first on Cyber Security News.