Cyber Security News

A critical vulnerability in the USB-audio driver, which could lead to out-of-bounds memory reads, has been addressed by a recent patch to the Linux kernel, authored by Takashi Iwai of SUSE. The USB-audio driver in the Linux kernel has an out-of-bounds access vulnerability that possibly enables an attacker with physical access to the system to […]

The post Linux USB Audio Driver Vulnerability Let Attackers Execute Arbitrary Code Via Malicious USB Device appeared first on Cyber Security News.

VMware has released critical security updates to address 47 vulnerabilities across multiple VMware Tanzu Greenplum products, including 29 issues in VMware Tanzu Greenplum Backup and Restore and 18 bugs in various components of VMware Tanzu Greenplum.  The security advisories, published on April 7, 2025, include patches for vulnerabilities with CVSS scores as high as 9.8, […]

The post VMware Patches Multiple 47 Vulnerabilities VMware Tanzu Greenplum Backup & Components appeared first on Cyber Security News.

Microsoft has disclosed a significant security vulnerability in Active Directory Domain Services that could allow attackers to elevate their privileges to the system level, potentially gaining complete control over affected systems.  The vulnerability tracked as CVE-2025-29810, was patched as part of Microsoft’s April 2025 Patch Tuesday security update cycle.  Security researchers classify the flaw as […]

The post Windows Active Directory Domain Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

A sophisticated ransomware strain known as Hellcat has emerged as a formidable threat in the cybersecurity landscape since its first appearance in mid-2024. The malware has rapidly evolved its capabilities, specifically targeting critical sectors including government agencies, educational institutions, and energy infrastructure. This group doesn’t merely encrypt data; they weaponize psychological tactics and exploit previously […]

The post Hellcat Ransomware Updated It’s Arsenal to Attack Government, Education, and Energy Sectors appeared first on Cyber Security News.

Adobe has released a comprehensive set of security updates addressing multiple vulnerabilities across twelve of its products.  The patches, all released on April 8, 2025, aim to resolve critical, important, and moderate security flaws that could potentially expose users to various cyber threats, including arbitrary code execution, privilege escalation, and application denial-of-service attacks. Significant Vulnerabilities […]

The post Adobe Security Update – Patch for Multiple Vulnerabilities Across Products appeared first on Cyber Security News.

Microsoft has confirmed a global outage affecting the Exchange Admin Center (EAC), leaving administrators unable to access critical management tools. The issue, which has been designated as a critical service incident under ID EX1051697, is causing widespread disruptions across organizations relying on Exchange Online. Administrators attempting to log in to the EAC are encountering an […]

The post Microsoft Exchange Admin Center Down Globally appeared first on Cyber Security News.

Cybercriminals have devised sophisticated methods to exploit Near Field Communication (NFC) technology via popular mobile payment platforms. These attackers are now leveraging Apple Pay and Google Wallet to conduct unauthorized transactions after obtaining victims’ card credentials through phishing operations. The scheme involves linking stolen payment card information to fraudulent mobile wallet accounts, allowing criminals to […]

The post Hackers Hiding NFC Carders Behind Apple Pay and Google Wallet appeared first on Cyber Security News.

A plugin designed to patch security vulnerabilities in older versions of Shopware has itself been found vulnerable to SQL injection attacks. The flaw, discovered in Shopware Security Plugin 6 version 2.0.10, affects Shopware installations below versions 6.5.8.13 and 6.6.5.1, potentially allowing attackers to compromise database systems with read and write permissions. The vulnerability arises from […]

The post Shopware Security Plugin Exposes Systems to SQL Injection Attacks appeared first on Cyber Security News.

Cybercriminals have devised a sophisticated scheme exploiting SourceForge, a popular software hosting platform, to distribute malicious software disguised as legitimate office applications. The attack leverages the platform’s feature that automatically assigns sourceforge.io domains to projects, creating convincing facades for malware distribution campaigns that primarily target Russian-speaking users. The attackers created a project called “officepackage” on […]

The post Attackers Exploits SourceForge Software Hosting Platform to Deliver Malware appeared first on Cyber Security News.

Microsoft has released a patch for a critical Windows Kerberos vulnerability (CVE-2025-29809) that allows attackers to bypass security features and potentially access sensitive authentication credentials.  The flaw, addressed in the April 2025 Patch Tuesday updates, continues a troubling trend of Kerberos-related vulnerabilities that have plagued Windows systems in recent years. The security flaw, classified as […]

The post Windows Kerberos Vulnerability Let Attackers Bypass Security Feature & Access Credentials appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Microsoft Windows vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.  The flaw in the Windows Common Log File System (CLFS) driver, tracked as CVE-2025-29824, is being actively exploited in targeted ransomware attacks.  Organizations are required to patch this vulnerability by April 29, 2025, […]

The post CISA Warns of Microsoft Windows CLFS Vulnerability Exploited in Wild appeared first on Cyber Security News.

A critical security vulnerability discovered in pgAdmin 4, the most widely used management tool for PostgreSQL databases, is allowing attackers to execute arbitrary code on affected systems.  Security researchers have disclosed details of CVE-2025-2945, a severe Remote Code Execution (RCE) vulnerability with a CVSS score of 9.9, indicating the highest level of severity. The vulnerability […]

The post Critical pgAdmin Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

The US Cybersecurity and Infrastructure Security Agency (CISA) has officially released Version 2.0.0 of the NICE Workforce Framework for Cybersecurity, marking a significant update to this nationally focused resource.  Released on March 5, 2025, this major update introduces substantial changes aimed at enhancing the framework’s utility across public, private, and academic sectors. The NICE (National […]

The post CISA Releases NICE Workforce Framework Version 2.0.0 Released – What’s New appeared first on Cyber Security News.

A critical security vulnerability has been discovered in Bitdefender GravityZone Console that could allow remote attackers to execute arbitrary commands on affected systems.  The flaw tracked as CVE-2025-2244 has a CVSS score of 9.5. It stems from an insecure PHP deserialization issue that poses significant risks to enterprise security infrastructures relying on this widely used […]

The post Bitdefender GravityZone Console PHP Vulnerability Let Attackers Execute Arbitrary Commands appeared first on Cyber Security News.

Communication is the key in all areas, and the cyber world is no different. To communicate in the cyber world, you must learn the language used here: programming languages. This will help you command the machines to act according to you.  In cybersecurity, programming languages allow you to write code to automate a process, which […]

The post Top 10 Programming Languages For Cyber Security – 2025 appeared first on Cyber Security News.

Kubernetes container scanners are essential tools for ensuring the security of containerized applications and Kubernetes clusters. These scanners analyze vulnerabilities, misconfigurations, and compliance issues within container images, Kubernetes manifests, and runtime environments. Popular tools like Kube Bench focus on compliance by auditing Kubernetes clusters against CIS benchmarks, while Checkov excels at scanning Infrastructure-as-Code (IaC) configurations […]

The post 10 Best Kubernetes Container Scanners In 2025 appeared first on Cyber Security News.

Welcome to this week’s Cybersecurity Newsletter, providing you with the latest updates and essential insights from the rapidly evolving field of cybersecurity. Keeping updated is essential in the rapidly changing digital landscape of today. We aim to equip you with relevant insights to enable you to skillfully address the challenges presented by this ever-evolving domain. […]

The post Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches appeared first on Cyber Security News.

Ransomware file decryptor tools are essential for recovering data encrypted by malicious software without paying ransoms. These tools help victims regain access to their files by using decryption keys or algorithms to unlock the encrypted data. The No More Ransom project is a collaborative effort that offers a wide range of decryptors for over 100 […]

The post 10 Best Ransomware File Decryptor Tools – 2025 appeared first on Cyber Security News.

Microsoft Outlook will enforce stricter authentication requirements for high-volume senders, impacting domains that send over 5,000 emails daily. These changes, which will take effect on May 5, 2025, aim to enhance inbox protection and maintain trust in digital communication. Outlook’s updated policy will mandate compliance with SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and […]

The post Microsoft Strengthens Outlook’s Email Ecosystem to Protect Inboxes appeared first on Cyber Security News.

A sophisticated new cyberattack chain dubbed “KongTuke” has been uncovered by cybersecurity researchers, targeting unsuspecting internet users through compromised legitimate websites. Detailed in a report by Bradley Duncan of Palo Alto Networks’ Unit 42 team, this attack leverages malicious scripts and fake CAPTCHA pages to hijack victims’ clipboards and potentially install unidentified malware. The findings […]

The post “Clipboard Hijacking” A Fake CAPTCHA Leverage Pastejacking Script Via Hacked Sites To Steal Clipboard Data appeared first on Cyber Security News.