Cyber Security News

Critical flaw in Citrix NetScaler devices echoes infamous 2023 security breach that crippled major organizations worldwide. The new critical vulnerability in Citrix NetScaler devices has security experts warning of potential widespread exploitation, drawing alarming parallels to the devastating “CitrixBleed” attacks that plagued organizations in 2023. The vulnerability, tracked as CVE-2025-5777 and dubbed “CitrixBleed 2,” allows […]

The post “CitrixBleed 2” Vulnerability PoC Released – Warns of Potential Widespread Exploitation appeared first on Cyber Security News.

Russian Federal Security Service (FSB) officers have detained two hackers in Siberia who conducted cyberattacks on critical infrastructure facilities under direct orders from Ukrainian intelligence services. The simultaneous arrests in the Kemerovo and Tomsk regions exposed a sophisticated cyber espionage network targeting Russia’s governmental, industrial, and financial information systems. The primary suspect, a 36-year-old resident […]

The post Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure appeared first on Cyber Security News.

Cybercriminals are exploiting the economic uncertainty and remote work trends to orchestrate sophisticated employment fraud schemes, with victims losing over $264 million in 2024 alone according to FBI reports. These malicious campaigns, known as “task scams,” represent a rapidly evolving threat landscape where fraudsters weaponize legitimate job-seeking behavior to extract cryptocurrency payments from unsuspecting victims […]

The post Threat Actors Turning Job Offers Into Traps, Over $264 Million Lost in 2024 Alone appeared first on Cyber Security News.

Instagram has adopted an unprecedented approach to web security by implementing daily rotation of TLS certificates that maintain validity periods of just one week, according to a recent technical analysis.  This practice represents a significant departure from industry standards, where certificates typically remain valid for 90 days or longer, suggesting a strategic shift toward enhanced […]

The post Instagram Started Using 1-Week Validity TLS Certificates and Changes Them Daily appeared first on Cyber Security News.

A significant security vulnerability has been discovered in Lenovo’s preloaded Windows operating systems, where a writable file in the Windows directory enables attackers to bypass Microsoft’s AppLocker security framework.  The issue affects all variants of Lenovo machines running default Windows installations and poses serious implications for enterprise security environments. The vulnerability centers around the MFGSTAT.zip […]

The post Writable File in Lenovo’s Windows Directory Enables a Stealthy AppLocker Bypass appeared first on Cyber Security News.

A sophisticated phishing campaign targeting UK citizens has emerged, masquerading as official communications from the Department for Work and Pensions (DWP) to steal sensitive financial information. The campaign, which has been active since late May 2025, represents a significant escalation in social engineering attacks against British residents, exploiting concerns about government benefits and seasonal allowances. […]

The post New Phishing Attack Impersonates as DWP Attacking Users to Steal Credit Card Data appeared first on Cyber Security News.

XWorm has emerged as one of the most versatile and actively distributed remote access trojans in the current threat landscape, establishing itself as a formidable tool in cybercriminals’ arsenals. This sophisticated malware has evolved far beyond traditional RAT capabilities, incorporating advanced features including keylogging, remote desktop access, data exfiltration, and command execution that make it […]

The post XWorm – The Most Active RAT Uses New Stagers and Loaders to Bypass Defenses appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a concerning development as malicious actors began exploiting SHELLTER, a commercial anti-virus and endpoint detection response (EDR) evasion framework, to deploy sophisticated malware payloads. Originally designed for legitimate penetration testing operations, this framework has been weaponized by cybercriminals since late April 2025, marking a significant escalation in evasion capabilities available to […]

The post Threat Actors Abused AV – EDR Evasion Framework In-The-Wild to Deploy Malware Payloads appeared first on Cyber Security News.

The cybercriminal group known as Scattered Spider has significantly evolved its attack methodologies, demonstrating alarming sophistication in exploiting legitimate administrative tools to maintain persistent access to compromised networks. Also tracked under aliases including UNC3944, Scatter Swine, and Muddled Libra, this financially motivated threat actor has been actively targeting large enterprises since May 2022, with particular […]

The post Scattered Spider Upgraded Their Tactics to Abuse Legitimate Tools to Evade Detection and Maintain Persistence appeared first on Cyber Security News.

Cybercriminals have increasingly turned to legitimate software installation frameworks as vehicles for malware distribution, with Inno Setup emerging as a preferred tool for threat actors seeking to bypass security measures. This legitimate Windows installer framework, originally designed to simplify software deployment, has become a sophisticated delivery mechanism for information-stealing malware campaigns that target browser credentials […]

The post Hackers Exploit Legitimate Inno Setup Installer to Use as a Malware Delivery Vehicle appeared first on Cyber Security News.

A new wave of cyberattacks is targeting organizations that inadvertently expose Java Debug Wire Protocol (JDWP) servers to the internet, with attackers leveraging this overlooked entry point to deploy sophisticated cryptomining malware. JDWP, a standard feature in the Java platform, is designed to facilitate remote debugging by allowing developers to inspect live applications. However, when […]

The post Hackers Exploiting Java Debug Wire Protocol Servers in Wild to Deploy Cryptomining Payload appeared first on Cyber Security News.

Key Takeaways1. Next.js versions 15.1.0-15.1.8 have a cache poisoning bug causing DoS attacks through blank page delivery.2. Needs affected Next.js version + ISR with cache revalidation + SSR with CDN caching 204 responses.3. Race condition allows HTTP 204 responses to be cached for static pages, serving empty content to all users.4. Update to Next.js 15.1.8+ […]

The post Next.js Cache Poisoning Vulnerability Let Attackers Trigger DoS Condition appeared first on Cyber Security News.

A critical security vulnerability has been discovered in HIKVISION’s applyCT component, part of the HikCentral Integrated Security Management Platform, that allows attackers to execute arbitrary code remotely without authentication.  Assigned CVE-2025-34067 with a maximum CVSS score of 10.0, this vulnerability stems from the platform’s use of a vulnerable version of the Fastjson library, exposing millions […]

The post Critical HIKVISION applyCT Vulnerability Exposes Devices to Code Execution Attacks appeared first on Cyber Security News.

Critical security vulnerabilities have been discovered in PHP that could allow attackers to execute SQL injection attacks and cause denial of service (DoS) conditions.  Two distinct vulnerabilities, assigned CVE-2025-1735 and CVE-2025-6491, affect multiple PHP versions and require immediate patching.  Key Takeaways1. CVE-2025-1735 (PostgreSQL) and CVE-2025-6491 (SOAP) affect versions below 8.1.33, 8.2.29, 8.3.23, and 8.4.10.2. PostgreSQL […]

The post Multiple PHP Vulnerabilities Allow SQL Injection & DoS Attacks – Update Now appeared first on Cyber Security News.

A sophisticated mobile ad fraud operation dubbed “IconAds” has infiltrated Android devices worldwide through 352 malicious applications distributed via Google Play Store, generating up to 1.2 billion fraudulent bid requests daily at its peak. The scheme represents a significant evolution in mobile advertising fraud, employing advanced obfuscation techniques to hide malicious apps from users while […]

The post Massive Android Ad Fraud ‘IconAds’ Leverages Google Play to Attack Phone Users appeared first on Cyber Security News.

A sophisticated technique to bypass Content Security Policy (CSP) protections using a combination of HTML injection and browser cache manipulation.  The method exploits the interaction between nonce-based CSP implementations and browser caching mechanisms, specifically targeting the back/forward cache (bfcache) and disk cache systems.  Key Takeaways1. Researchers exploit browser caching to bypass Content Security Policy protections.2. […]

The post New Sophisticated Attack Bypasses Content Security Policy Using HTML-Injection Technique appeared first on Cyber Security News.

Microsoft is currently investigating a significant service disruption affecting Microsoft Forms, leaving numerous users unable to access the popular online survey and quiz platform. The issue, identified as incident FM1109073, began on July 4, 2025, at 12:42 PM GMT+5:30 and has been classified as a service degradation affecting global users. The outage is preventing users […]

The post Microsoft Investigating Forms Service Issue Not Accessible for Users appeared first on Cyber Security News.

A new credential-stealing malware dubbed “123 | Stealer” has surfaced on underground cybercrime forums, being marketed by threat actor “koneko” for $120 per month.  This malware-as-a-service (MaaS) offering represents the latest evolution in information stealer technology, combining sophisticated data exfiltration capabilities with a user-friendly administrative interface. Key Takeaways1. "123 | Stealer" marketed for $120/month by […]

The post New “123 | Stealer” Advertised on Underground Hacking Forums for $120 Per Month appeared first on Cyber Security News.

A sophisticated social engineering campaign has emerged targeting unsuspecting users through fraudulent Cloudflare verification screens, representing a new evolution in malware distribution tactics. This attack method leverages the trusted appearance of legitimate web security services to deceive victims into executing malicious code on their systems, exploiting inherent trust in established security providers. The malware campaign […]

The post Hackers use Fake Cloudflare Verification Screen to Trick Users into Executing Malware appeared first on Cyber Security News.

A dramatic surge in password spray attacks targeting enterprise infrastructure, with Cisco ASA VPN systems experiencing an unprecedented 399% increase in attacks during Q1 2025, while Microsoft 365 authentication services saw a 21% rise in similar attacks. The alarming statistics reveal a fundamental shift in threat actor tactics, as cybercriminals increasingly pivot from cloud service […]

The post Massive Spike in Password Attacks Targeting Cisco ASA VPN Followed by Microsoft 365 appeared first on Cyber Security News.