Cyber Security News

Microsoft has released RIFT (Rust Identification and Function Tagging), a groundbreaking open-source tool designed to help cybersecurity analysts identify and analyze malware concealed within Rust binaries.  The cybersecurity community has witnessed a significant shift toward Rust-based malware development over the past five years. Notable examples include the BlackCat ransomware in December 2021, followed by Hive […]

The post RIFT – Microsoft’s New Open-Source Tool to Analyze Malware in Rust Binaries appeared first on Cyber Security News.

Over 2,100 vulnerable Citrix NetScaler servers remain exposed to active exploitation, despite patches being available for critical vulnerabilities that allow attackers to bypass authentication mechanisms and steal session tokens. Cybersecurity firm ReliaQuest has issued warnings about active exploitation of two critical vulnerabilities affecting Citrix NetScaler ADC and NetScaler Gateway systems. The vulnerabilities, tracked as CVE-2025-5777 […]

The post 2100+ Citrix Servers Vulnerable to Actively Exploited Bypass Authentication Vulnerability appeared first on Cyber Security News.

A sophisticated new phishing campaign has emerged, leveraging obsolete Windows file formats and advanced evasion techniques to distribute the notorious Remcos Remote Access Trojan. The attack chain employs DBatLoader as its primary delivery mechanism, utilizing a combination of User Account Control bypass methods, obfuscated scripts, and Living Off the Land Binaries abuse to establish persistent […]

The post Hackers Use .PIF Files and UAC Bypass to Drop Remcos Malware on Windows appeared first on Cyber Security News.

Langflow, the popular Python framework for rapid AI prototyping, is under siege after researchers disclosed CVE-2025-3248, a flaw in the /api/v1/validate/code endpoint that lets unauthenticated attackers execute arbitrary Python with a single crafted POST request. Within hours of the public proof-of-concept, threat actors began mass-scanning Shodan and FOFA for servers running versions prior to 1.3.0, […]

The post Hackers Exploiting Critical Langflow Vulnerability to Deploy Flodrix Botnet and Take System Control appeared first on Cyber Security News.

Every security practitioner knows that employees are the weakest link in an organization, butthis is no longer the case. SquareX’s research reveals that Browser AI Agents are more likely tofall prey to cyberattacks than employees, making them the new weakest link that enterprisesecurity teams need to look out for. Browser AI Agents are software applications […]

The post SquareX Reveals That Employees Are No Longer The Weakest Link, Browser AI Agents Are appeared first on Cyber Security News.

Cybercriminals have launched a sophisticated campaign exploiting Facebook’s advertising platform to distribute malware and steal cryptocurrency wallet credentials, targeting users worldwide through deceptive Pi Network-themed advertisements. The malicious operation, which began on June 24, 2025, coincides with the Pi2Day celebration and has already deployed over 140 ad variations to maximize its reach across multiple continents. […]

The post Threat Actors Weaponizing Facebook Ads to Deliver Malware and Stealing Wallet Passwords appeared first on Cyber Security News.

Germany’s data protection authorities have escalated their scrutiny of Chinese artificial intelligence applications, with Berlin’s data protection commissioner Meike Kamp formally requesting Apple and Google to review and potentially remove DeepSeek from their respective app stores. The move, announced on June 27, 2025, represents a significant regulatory challenge for the popular AI chatbot that has […]

The post Germany Urges Apple, Google to Block Chinese AI App DeepSeek Over Privacy Rules appeared first on Cyber Security News.

Glasgow City Council has issued an urgent warning to residents about a sophisticated parking fine scam that has emerged amid ongoing cybersecurity concerns affecting the city’s digital infrastructure. The fraudulent scheme targets motorists through text messages and emails claiming they owe parking fines, with criminals leveraging the current security incident to add credibility to their […]

The post Glasgow City Warns of Parking Fine Scam as Cyber Security Incident Continues appeared first on Cyber Security News.

Managed Security Service Providers (MSSPs) are specialized companies that deliver outsourced cybersecurity services to protect businesses from evolving cyber threats. These providers offer a range of services, including 24/7 threat monitoring, incident response, vulnerability management, and compliance support. MSSPs help organizations enhance their security posture by leveraging advanced tools like AI-driven analytics, endpoint protection, and […]

The post 25 Best Managed Security Service Providers (MSSP) In 2025 appeared first on Cyber Security News.

Mozilla has released Firefox 140, addressing multiple critical security vulnerabilities, including a high-impact use-after-free vulnerability that could lead to code execution.  The update patches twelve distinct security flaws ranging from memory safety issues to platform-specific vulnerabilities affecting both desktop and mobile versions of the browser. Summary1. Firefox 140 addresses CVE-2025-6424, a high severity use-after-free bug […]

The post Firefox 140 Released With Fix for Code Execution Vulnerability – Update Now appeared first on Cyber Security News.

A significant security vulnerability has been identified in Realtek’s RTL8762E SDK v1.4.0 that allows attackers to exploit the Bluetooth Low Energy (BLE) Secure Connections pairing process to launch denial-of-service attacks.  The vulnerability, discovered in the RTL8762EKF-EVB development platform, stems from improper validation of protocol state transitions during the pairing sequence. The flaw enables malicious actors […]

The post Realtek Vulnerability Let Attackers Trigger DoS Attack via Bluetooth Secure Connections Pairing Process appeared first on Cyber Security News.

Security researchers at ANY.RUN have uncovered a new malware campaign delivering the BRAODO Stealer, which relies on public GitHub repositories to host and stage its payloads. This campaign employs multiple evasion techniques and scripting layers to complicate detection and analysis, making it harder for traditional security tools to catch.  What We Know About BRAODO Stealer  […]

The post New BRAODO Stealer Campaign Abuses GitHub To Host Payloads And Evade Detection  appeared first on Cyber Security News.

French authorities have dismantled a major cybercrime operation, arresting five hackers who operated BreachForum, one of the world’s largest marketplaces for stolen data, in coordinated raids across France. French police initially suspected the cybercriminals operating BreachForum were Russian or hiding in Russian-speaking territories. However, investigations revealed that four French hackers in their twenties were arrested […]

The post Five Hackers Behind Notorious Data Selling Platform BreachForums Arrested appeared first on Cyber Security News.

Cybersecurity researchers have discovered a groundbreaking new malware strain that represents the first documented attempt to weaponize prompt injection attacks against AI-powered security analysis tools. The malware, dubbed “Skynet” by its creators, was anonymously uploaded to VirusTotal in early June 2025 from the Netherlands, marking a significant evolution in adversarial tactics targeting artificial intelligence systems […]

The post New Malware Spotted in The Wild Using Prompt Injection to Manipulate AI Models Processing Sample appeared first on Cyber Security News.

A sophisticated Android phishing campaign has emerged across India, exploiting the cultural significance of wedding invitations to distribute malicious software. The attack, dubbed “Wedding Invitation,” leverages the ubiquitous nature of digital communication platforms to target unsuspecting mobile users through carefully crafted social engineering tactics. The malware campaign operates through popular messaging platforms including WhatsApp and […]

The post Beware of Weaponized Wedding Invite Scams That Deploys SpyMax RAT on Android Devices appeared first on Cyber Security News.

A comprehensive security research investigation has unveiled eight critical vulnerabilities affecting 742 printer and multifunction device models across four major manufacturers. The discovery, stemming from a zero-day research project conducted by cybersecurity firm Rapid7, exposes severe security flaws in Brother Industries’ printer ecosystem that extend beyond the manufacturer’s own devices to impact models from FUJIFILM […]

The post Multiple Brother Devices Vulnerabilities Open Devices for Hacking appeared first on Cyber Security News.

The cybersecurity landscape across Africa has reached a critical juncture, with cybercrime now accounting for more than 30 percent of all reported crimes in Western and Eastern Africa, according to INTERPOL’s newly released 2025 Africa Cyberthreat Assessment Report. This alarming statistic represents a dramatic shift in the continent’s threat landscape, where two-thirds of African member […]

The post INTERPOL Warns of Sharp Rise in Cyber Attacks Targeting Western and Eastern Africa appeared first on Cyber Security News.

North Korean threat actors have launched a sophisticated supply chain attack campaign, embedding 35 malicious npm packages across 24 compromised accounts to target software developers through an elaborate recruitment deception. The campaign, identified as an extension of the ongoing “Contagious Interview” operation, represents a significant escalation in state-sponsored cyber espionage tactics targeting the open-source software […]

The post North Korean Hackers as Recruiters Attacking Developers With 35 New Malicious npm Packages appeared first on Cyber Security News.

A critical memory overflow vulnerability in NetScaler ADC and Gateway products could enable denial-of-service attacks. Exploits of this vulnerability have already been observed in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS v4.0 base score of 9.2, classifying it as critical severity. This memory overflow flaw stems from improper restriction of operations within […]

The post New ‘CitrixBleed2’ NetScaler ADC and Gateway Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.

Google Cloud has transferred its groundbreaking Agent2Agent (A2A) protocol to the Linux Foundation, marking a pivotal moment in artificial intelligence interoperability.  The announcement, made at Open Source Summit North America on June 23, 2025, establishes a new collaborative framework for AI agents to communicate securely across diverse platforms and systems.  This strategic move positions the […]

The post Google Cloud Donates A2A Protocol to Linux Foundation Enables Secure, Intelligent Communication appeared first on Cyber Security News.