Cyber Security News

The advanced persistent threat group APT-C-08, also known as Manlinghua or BITTER, has launched a sophisticated campaign targeting government organizations across South Asia by exploiting a critical directory traversal vulnerability in WinRAR. Security researchers have identified the group’s first operational use of CVE-2025-6218, a flaw affecting WinRAR versions 7.11 and earlier that allows attackers to […]

The post APT-C-08 Hackers Exploiting WinRAR Vulnerability to Attack Government Organizations appeared first on Cyber Security News.

A sophisticated phishing campaign has emerged, targeting organizations across Central and Eastern Europe by impersonating legitimate global brands to deceive users into surrendering their login credentials. The attack utilizes self-contained HTML files delivered as email attachments, eliminating the need for external server hosting or suspicious URLs that traditional security systems typically detect. Once opened, these […]

The post New Phishing Attack Leverages Popular Brands to Harvest Login Credentials appeared first on Cyber Security News.

Microsoft has confirmed it is investigating a significant issue affecting Microsoft Teams for Education, which is particularly impacting users’ ability to access critical features such as assignments and grades. The problem, which initially appeared limited to administrators in Europe, has since expanded to affect all users with educational accounts worldwide potentially. The outage stems from […]

The post Microsoft Investigating Teams Issue that Disables Users from Opening Apps appeared first on Cyber Security News.

Threat actors continue to evolve their techniques for bypassing macOS security controls, shifting away from traditional attack vectors that Apple has systematically patched. Following Apple’s removal of the “right-click and open” Gatekeeper override in August 2024, attackers have identified and weaponized a new delivery mechanism using compiled AppleScript files with deceptive naming conventions. These .scpt […]

The post Hackers Weaponize AppleScript to Creatively Deliver macOS Malware Mimic as Zoom/Teams Updates appeared first on Cyber Security News.

Tor Browser 15.0.1 is now available for download, bringing essential security patches and bug fixes to users across all platforms. The latest release includes critical security updates from Firefox 140.5.0esr, addressing multiple vulnerabilities that could impact browser security and user privacy. The update upgrades the Tor Browser to Firefox 140.5.0esr and includes critical security fixes […]

The post Tor Browser 15.0.1 Released With Fix for Multiple Security Vulnerabilities appeared first on Cyber Security News.

Authentication coercion represents a sophisticated and evolving threat targeting Windows and Active Directory environments across organizations globally. This attack method exploits the fundamental communication mechanisms embedded within every Windows operating system, manipulating machines into automatically transmitting sensitive credentials to attacker-controlled infrastructure. The emergence of this threat vector reflects a significant shift in how threat actors […]

The post Authentication Coercion Attack Tricks Windows Machines into Revealing Credentials to Attack-controlled Servers appeared first on Cyber Security News.

A Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s ChatGPT. The flaw, lurking in the Custom GPT “Actions” feature, allowed attackers to trick the system into accessing internal cloud metadata, potentially exposing sensitive Azure credentials. The bug, discovered by Open Security during casual experimentation, highlights the risks of user-controlled URL handling in AI tools. SSRF vulnerabilities […]

The post ChatGPT Hacked Using Custom GPTs Exploiting SSRF Vulnerability to Expose Secrets appeared first on Cyber Security News.

A newly identified Android remote access trojan (RAT) dubbed KomeX has surfaced on underground hacker forums, generating widespread concern within the cybersecurity community. Marketed by a threat actor under the alias “Gendirector,” KomeX is built atop the infamous BTMOB RAT codebase and presents a formidable arsenal of spying and device control features. Recognized for its […]

The post New KomeX Android RAT Advertised on Hacker Forums with Multiple Subscription Options appeared first on Cyber Security News.

A large-scale phishing campaign has emerged, exploiting Meta’s Business Suite to compromise credentials across thousands of small and medium-sized businesses worldwide. Check Point security researchers identified approximately 40,000 phishing emails distributed to more than 5,000 customers, primarily targeting industries including automotive, education, real estate, hospitality, and finance across the U.S., Europe, Canada, and Australia. The […]

The post New Phishing Attack Targeting Meta Business Suite Users to Steal Login Credentials appeared first on Cyber Security News.

Microsoft has disclosed a significant vulnerability in Windows Remote Desktop Services (RDS) that could allow authorized attackers to escalate their privileges on affected systems. Tracked as CVE-2025-60703, the flaw stems from an untrusted pointer dereference, a classic memory safety issue that has plagued software for years, and carries an “Important” severity rating from the company. The […]

The post Windows Remote Desktop Services Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

In the fast-paced world of “vibecoding,” where developers use AI to build applications rapidly, a new open-source tool is stepping up to tackle security risks. SecureVibes, created by developer Anshuman Bhartiya, leverages Anthropic’s Claude AI through a multi-agent system to detect vulnerabilities in codebases automatically. Released in October 2025, this Python-based scanner aims to make […]

The post SecureVibes – AI Tool Scans for Vulnerabilities in 11 Languages with Claude AI Agents appeared first on Cyber Security News.

Google has released Chrome version 142.0.7444.162/.163 to address a high-severity security vulnerability in the V8 JavaScript engine. The stable channel update is now rolling out across Windows, Mac, and Linux platforms over the coming days and weeks. The security fix addresses CVE-2025-13042, classified as a “High” severity vulnerability involving an inappropriate implementation in V8, Chrome’s core […]

The post Chrome Patches High-severity Implementation Vulnerability in V8 JavaScript engine appeared first on Cyber Security News.

Ferocious Kitten has emerged as a significant cyber-espionage threat targeting Persian-speaking individuals within Iran since at least 2015. The Iranian-linked advanced persistent threat group operates with a highly focused objective, utilizing politically themed decoy documents to manipulate victims into executing weaponized files. Over the years, the group developed a sophisticated custom implant known as MarkiRAT, […]

The post Ferocious Kitten APT Deploying MarkiRAT to Capture Keystroke and Clipboard Logging appeared first on Cyber Security News.

A sophisticated phishing campaign is targeting Microsoft 365 users worldwide through a newly discovered tool called Quantum Route Redirect. This advanced automation platform transforms complex phishing operations into simple one-click attacks that evade traditional security measures. The campaign has already affected victims across 90 countries, with the United States accounting for 76% of the targets. […]

The post New Quantum Route Redirect Tool Lets Attackers Launch One-Click Phishing Attacks on Microsoft 365 Users appeared first on Cyber Security News.

A new wave of security alert-themed phishing emails has recently surfaced, causing concern within both enterprise and personal email environments. These malicious emails cleverly impersonate official security notifications, often appearing to come from the victim’s own domain. Their main objective is to instill panic by warning users about “blocked messages” and prompt recipients to take […]

The post Beware of Security Alert-Themed Malicious Emails that Steal Your Email Logins appeared first on Cyber Security News.

Microsoft rolled out its November 2025 Patch Tuesday security updates today, addressing 63 vulnerabilities across its product and service ecosystem. Among these, one zero-day flaw has already been exploited in the wild, underscoring the urgency for organizations and users to apply patches promptly to mitigate potential threats. The updates cover Windows, Office, Azure, Visual Studio, […]

The post Microsoft November 2025 Patch Tuesday – 63 Vulnerabilities, Including 1 Zero-Day Fixed appeared first on Cyber Security News.

To grow a successful MSP business, you need the right technology stack, but the real question is: how do you choose the right tools? While some solutions are well-known and widely used, others are less obvious yet equally important.  Read this blog post for an overview of what makes up an MSP’s technology stack, the […]

The post Best MSP Software: The Essential Tech Stack  appeared first on Cyber Security News.

Mozilla has rolled out Firefox 145, addressing a series of high-severity vulnerabilities that could allow attackers to execute arbitrary code on users’ systems. Announced on November 11, 2025, the release patches flaws primarily in the browser’s graphics, JavaScript, and DOM components, urging immediate upgrades to mitigate risks from potential exploits. The update tackles 15 CVEs, […]

The post Firefox Releases Security Update to Fix Multiple Vulnerabilities Allowing Arbitrary Code Execution appeared first on Cyber Security News.

Security researchers from CyberProof have discovered significant connections between two advanced banking trojans targeting Brazilian users and financial institutions. The Maverick banking malware, identified through suspicious file downloads via WhatsApp, shares remarkable similarities with the earlier reported Coyote malware campaign. Both threats employ sophisticated infection chains and demonstrate nearly identical behavioral patterns. The discovery emerged […]

The post Researchers Uncover the Strong Links Between Maverick and Coyote Banking Malwares appeared first on Cyber Security News.

VanHelsing has emerged as a sophisticated ransomware-as-a-service operation that fundamentally changes the threat landscape for organizations worldwide. First observed on March 7, 2025, this multi-platform locker represents a significant escalation in ransomware deployment strategies by providing affiliates with a streamlined service model. The operation requires a $5,000 deposit from new affiliates and rewards them with […]

The post New VanHelsing Ransomware RaaS Model Attacking Windows, Linux, BSD, ARM, and ESXi Systems appeared first on Cyber Security News.