Cyber Security News

Critical vulnerability has been added to CISA’s Known Exploited Vulnerabilities list, warning organizations about a dangerous file-upload flaw in OpenPLC ScadaBR systems. The vulnerability allows remote authenticated users to upload and execute arbitrary JSP files through the view_edit.shtm interface, creating a significant risk for industrial control system environments. OpenPLC ScadaBR File Upload Vulnerability OpenPLC ScadaBR, […]

The post CISA Warns of OpenPLC ScadaBR File Upload Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Arizona Attorney General Kris Mayes has announced a lawsuit against the popular Chinese e-commerce retailer Temu, accusing the company of stealing vast amounts of customer data. The lawsuit, filed Tuesday, positions Arizona alongside several other states taking legal action against Temu and its parent company, PDD Holdings Inc. Mayes stated that Temu’s application deceives customers […]

The post Arizona Attorney General Suses Chinese E-commerce Retailer Temu Over Data Theft Claims appeared first on Cyber Security News.

Lazarus Group’s Famous Chollima unit has been caught “live on camera” running its remote IT worker scheme, after researchers funneled its operatives into fake laptops that were actually long‑running sandbox environments under full surveillance. The investigation exposes in unprecedented detail how North Korean operators use identity theft, rented identities, and off‑the‑shelf tools to embed themselves […]

The post Lazarus Group’s IT Workers Scheme Hacker Group Caught Live On Camera appeared first on Cyber Security News.

Cybercriminals have discovered a clever way to slip malware onto job seekers’ computers by disguising malicious files as legitimate recruitment documents. A new campaign called ValleyRAT targets people actively searching for employment through email messages containing fake job offers and company materials. The attack spreads through compressed archive files with names designed to seem professional, […]

The post Threat Actors Leveraging Foxit PDF Reader to Gain System Control and Steal Sensitive Data appeared first on Cyber Security News.

A comprehensive phishing operation began targeting Indian companies in November 2025 by impersonating the Income Tax Department of India. The campaign employed remarkably authentic government communication templates, bilingual messaging in Hindi and English, and legal references to sections of the Income Tax Act to create a sense of legitimacy and urgency. The emails warned recipients […]

The post New Phishing Attack Mimic as Income Tax Department of India Delivers AsyncRAT appeared first on Cyber Security News.

Multiple critical zero‑day vulnerabilities in PickleScan, a popular open‑source tool used to scan machine learning models for malicious code. PickleScan is widely used in the AI world, including by Hugging Face, to check PyTorch models saved with Python’s pickle format. Pickle is flexible but dangerous, because loading a pickle file can run arbitrary Python code. That means a model […]

The post PickleScan 0-Day Vulnerabilities Enable Arbitrary Code Execution via Malicious PyTorch Models appeared first on Cyber Security News.

A sophisticated phishing toolkit known as Evilginx is empowering attackers to execute advanced attacker-in-the-middle (AiTM) campaigns with alarming success. These attacks are engineered to steal temporary session cookies, allowing threat actors to sidestep the critical security layer provided by multi-factor authentication (MFA). A concerning surge in this method has been observed, with a notable impact […]

The post Hackers Using Evilginx to Steal Session Cookies and Bypass Multi-Factor Authentication Tokens appeared first on Cyber Security News.

A new information stealer called Sryxen has emerged in the underground malware market, targeting Windows systems with advanced techniques to harvest browser credentials and sensitive data. Sold as Malware-as-a-Service, this C++ based threat demonstrates how modern stealers are adapting to overcome browser security improvements, particularly Google Chrome’s recently implemented App-Bound Encryption protection. Sryxen operates as […]

The post New ‘Sryxen’ Stealer Bypasses Chrome Encryption via Headless Browser Technique appeared first on Cyber Security News.

Legitimate administrative tools are increasingly becoming the weapon of choice for sophisticated threat actors aiming to blend in with normal network activity. A recent campaign has highlighted this dangerous trend, where attackers are weaponizing Velociraptor, a widely respected Digital Forensics and Incident Response (DFIR) tool. By deploying this software, adversaries effectively establish stealthy Command and […]

The post Hackers Leverage Velociraptor DFIR Tool for Stealthy C2 & Ransomware Delivery appeared first on Cyber Security News.

A critical remote code execution vulnerability in the Sneeit Framework WordPress plugin has come under active exploitation by threat actors, posing an immediate risk to thousands of websites worldwide. The vulnerability, tracked as CVE-2025-6389 with a CVSS score of 9.8, exists in versions 8.3 and earlier of the plugin, which maintains approximately 1,700 active installations […]

The post Hackers Actively Exploiting Worpress Plugin Vulnerability to Execute Remote Code appeared first on Cyber Security News.

A critical security vulnerability has been discovered in Vim for Windows that could allow attackers to execute malicious code on users’ computers. The vulnerability, identified as CVE-2025-66476, affects Vim versions before 9.1.1947 and has been rated high severity, with a CVSS score of 7.8. The flaw lies in how Vim searches for external programs on […]

The post Vim for Windows Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

A critical HTTP request smuggling vulnerability in Akamai’s edge server infrastructure has been successfully fixed. The vulnerability, identified as CVE-2025-66373, stemmed from improper processing of HTTP requests containing invalid chunk-encoded bodies, potentially exposing thousands of customers to sophisticated attacks. Understanding HTTP Chunked Transfer Encoding HTTP chunked transfer encoding is an HTTP/1.1 standard that breaks message […]

The post Akamai Patches HTTP Request Smuggling Vulnerability in Edge Servers appeared first on Cyber Security News.

Kohler’s $600 smart toilet camera system, marketed with promises of “end-to-end encryption,” does not actually implement the security standard as commonly understood in the cybersecurity industry, raising significant privacy concerns for users uploading intimate health data to the company’s servers. The Dekoda device, launched in October, attaches to toilet rims and uses cameras to capture […]

The post Kohler’s Encrypted Smart Toilet Camera is not Actually end-to-end Encrypted appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency released five critical Industrial Control Systems advisories on December 2, 2025, addressing significant security threats across industrial environments. These advisories cover vulnerabilities and active exploits affecting systems used in manufacturing, power generation, and medical device operations worldwide. The timing of this release highlights growing concerns about the targeted nature […]

The post CISA Releases Five ICS Advisories Covering Vulnerabilities, and Exploits Surrounding ICS appeared first on Cyber Security News.

A new security assessment tool has been released to help researchers and administrators identify React Server Components (RSC) endpoints potentially exposed to CVE-2025-55182. Developed as a lightweight by Pentester with the alias Fatguru, a non-intrusive Python script, the scanner offers a method for “Surface Detection” that avoids the pitfalls of aggressive proof-of-concept (PoC) exploits, which […]

The post New Scanner Tool for Detecting Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182) appeared first on Cyber Security News.

A new security report reveals a troubling reality about the state of online phishing operations. Recent research has uncovered over 42,000 validated URLs and domains actively serving phishing kits, command-and-control infrastructure, and malicious payload delivery systems. The scale and sophistication of these operations represent a significant departure from traditional phishing attempts. Rather than simple misspelled […]

The post New Report Warns of 68% Of Actively Serving Phishing Kits Protected by CloudFlare appeared first on Cyber Security News.

India has implemented a mandatory SIM-binding requirement for messaging applications, including WhatsApp, Telegram, Signal, Snapchat, and others. The Department of Telecommunications issued a directive on November 28 requiring all app-based communication services to ensure that users maintain an active SIM card in their devices to access messaging features. Under the new rules, messaging platforms must […]

The post India’s New SIM-Binding Rule for WhatsApp, Signal, Telegram and Other Messaging Platforms appeared first on Cyber Security News.

A critical security vulnerability has been discovered in Industrial Video & Control’s Longwatch video surveillance system, allowing attackers to execute malicious code with elevated privileges remotely. The flaw, tracked as CVE-2025-13658, affects Longwatch versions 6.309 through 6.334 and has received a severe CVSS v4 score of 9.3. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued […]

The post Longwatch RCE Vulnerability Let Attackers Execute Remote Code With Elevated Privileges appeared first on Cyber Security News.

A new feature in Anthropic’s Claude AI, known as Claude Skills, has been identified as a potential vector for ransomware attacks. This feature, designed to extend the AI’s capabilities through custom code modules, can be manipulated to deploy malware like the MedusaLocker ransomware without the user’s explicit awareness. The seemingly legitimate appearance of these Skills […]

The post Hackers Can Weaponize Claude Skills to Execute MedusaLocker Ransomware Attack appeared first on Cyber Security News.

The decentralized finance sector witnessed a devastating breach targeting Yearn Finance’s yETH pool, resulting in the theft of approximately $9 million on November 30, 2025. The attacker executed a highly sophisticated exploit, minting an astronomical 235 septillion yETH tokens while depositing a mere 16 wei—an amount worth less than a fraction of a cent. This […]

The post Hackers Exploit Critical Yearn Finance’s yETH Pool Vulnerability to Steal $9 Million in Ethereum appeared first on Cyber Security News.