Cyber Security News

Google Threat Intelligence Group (GTIG) has issued a warning regarding the widespread exploitation of a critical security flaw in React Server Components. Known as React2Shell (CVE-2025-55182), this vulnerability allows attackers to take control of servers remotely without needing a password. Since the vulnerability was disclosed on December 3, 2025, Google has observed multiple distinct hacker groups […]

The post Google Warns Multiple Hacker Groups Are Exploiting React2Shell to Spread Malware appeared first on Cyber Security News.

BC Security has announced the release of Empire 6.3.0, the latest iteration of the widely used post-exploitation and adversary emulation framework. This update reinforces Empire’s position as a premier tool for Red Teams and penetration testers, offering a flexible, modular server architecture written in Python 3 along with extensive agent support. Unified Architecture and Expanded Agent […]

The post Empire 6.3.0 Launches With New Features for Red Teams and Penetration Testers appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability in Google Chromium’s ANGLE graphics engine to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-14174, the flaw allows remote attackers to trigger out-of-bounds memory access via a malicious HTML page, potentially leading to arbitrary code execution in browsers. Discovered and […]

The post CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Threat actors are increasingly abandoning traditional languages like C and C++ in favor of modern alternatives such as Golang, Rust, and Nim. This strategic shift enables developers to compile malicious code for both Linux and Windows with minimal modifications. Among the emerging threats in this landscape is “Luca Stealer,” a Rust-based information stealer that has […]

The post Rust-Based Luca Stealer Spreads Across Linux and Windows Systems appeared first on Cyber Security News.

Researchers have uncovered a sophisticated phishing campaign originating in Russia that deploys the Phantom information-stealing malware via malicious ISO files. The attack, dubbed “Operation MoneyMount-ISO,” targets finance and accounting departments explicitly using fake payment confirmation emails to trick victims into executing the payload. The campaign primarily focuses on finance, accounting, treasury, and payment departments in […]

The post New Phantom Stealer Campaign Hits Windows Machines Through ISO Mounting appeared first on Cyber Security News.

Apple patches two WebKit zero-day flaws actively exploited in sophisticated attacks targeting specific iPhone users running iOS versions prior to 26.​ The iOS 26.2 and iPadOS 26.2 updates, released December 12, 2025, address CVE-2025-43529 and CVE-2025-14174 in WebKit. CVE-2025-43529 involves a use-after-free vulnerability enabling arbitrary code execution via malicious web content, discovered by Google Threat […]

The post Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users appeared first on Cyber Security News.

Kali Linux 2025.4, released with substantial desktop environment improvements, full Wayland support across virtual machines, and three powerful new hacking tools, including the much-anticipated Wifipumpkin3.​ Released on December 12, 2025, this update focuses on modernizing the user experience while maintaining Kali’s position as the premier penetration testing platform. The release brings GNOME 49, KDE Plasma […]

The post Kali Linux 2025.4 Released With 3 New Hacking Tools and Wifipumpkin3 appeared first on Cyber Security News.

Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple security vendors reported scanning activity and suspected exploitation attempts, and CISA has since added the flaw to its Known Exploited Vulnerabilities […]

The post Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide appeared first on Cyber Security News.

JSCEAL has emerged as a serious threat to Windows users, specifically targeting those who work with cryptocurrency applications and valuable accounts. First reported by Check Point Research in July 2025, this information stealing malware has quietly grown stronger, introducing advanced techniques designed to avoid detection by security tools. A new wave of attacks starting in […]

The post New JSCEAL Infostealer Malware Attacking Windows Systems to Steal Login Credentials appeared first on Cyber Security News.

When users encounter a phishing email, the danger extends far beyond the initial click. A typical phishing attack begins when someone is deceived into entering their login credentials on a fake website. However, this is merely the starting point. Once cybercriminals obtain the stolen information, it immediately becomes valuable merchandise in the underground market. The […]

The post New Research Details on What Happens to Data Stolen in a Phishing Attack appeared first on Cyber Security News.

Security researchers have successfully extracted firmware from a budget smartwatch by bringing back a 20-year-old attack method originally used to steal data from network devices. The technique, known as “Blinkenlights,” was adapted to work with modern TFT screens instead of traditional LED indicators. Quarkslab analysts purchased a cheap smartwatch for approximately €12 from a local […]

The post Researchers Revive 2000s ‘Blinkenlights’ Technique to Dump Smartwatch Firmware via Screen Pixels appeared first on Cyber Security News.

A sophisticated phishing campaign has emerged that successfully bypasses multi-factor authentication, protecting Microsoft 365 and Okta users, representing a serious threat to organizations relying on these platforms for identity management. The campaign, discovered in early December 2025, demonstrates advanced knowledge of authentication flows. This campaign targets companies across multiple industries through carefully crafted phishing emails […]

The post New AiTM Attack Campaign That Bypasses MFA Targeting Microsoft 365 and Okta Users appeared first on Cyber Security News.

The cybersecurity landscape of 2025 has been marked by an unprecedented surge in vulnerability exploitation, with threat actors leveraging critical flaws across enterprise software, cloud infrastructure, and industrial systems. This comprehensive analysis examines the twenty most dangerous exploited vulnerabilities of the year, highlighting their technical details, exploitation methods, and the urgent need for organizations to […]

The post Top 20 Most Exploited Vulnerabilities of 2025: A Comprehensive Analysis appeared first on Cyber Security News.

CyberVolk, a pro-Russia hacktivist group, has reemerged with a new ransomware platform called VolkLocker following a period of dormancy in 2025. The group, first documented in late 2024 for conducting attacks aligned with Russian government interests, initially went silent due to Telegram enforcement actions. However, the group returned in August with a sophisticated Ransomware-as-a-Service offering […]

The post CyberVolk Hackers Group With New VolkLocker Payloads Attacks both Linux and Windows Systems appeared first on Cyber Security News.

A sophisticated new phishing attack technique called “ConsentFix” that combines OAuth consent phishing with ClickFix-style prompts to compromise Microsoft accounts without requiring passwords or multi-factor authentication. The attack leverages the Azure CLI app to gain unauthorized access to victim accounts. The ConsentFix attack operates entirely within the browser context, making it difficult for traditional security […]

The post New ConsentFix Attack Let Attackers Hijack Microsoft Accounts by Leveraging Azure CLI appeared first on Cyber Security News.

A sophisticated new Windows backdoor named NANOREMOTE emerged in October 2025, presenting a significant threat to enterprise environments by leveraging legitimate cloud infrastructure for malicious purposes. This fully-featured malware utilizes the Google Drive API as its primary Command-and-Control (C2) channel, allowing threat actors to blend their malicious traffic seamlessly with normal network activity. By abusing […]

The post NANOREMOTE Malware Leverages Google Drive API for Command-and-Control (C2) to Attack Windows Systems appeared first on Cyber Security News.

A sophisticated phishing tool called BlackForce has emerged as a serious threat to organizations worldwide. First observed in August 2025, this professional-grade kit allows criminals to steal login information and bypass multi-factor authentication using advanced Man-in-the-Browser techniques. The tool is actively being sold on Telegram forums for between 200 to 300 euros, making it accessible […]

The post New BlackForce Phishing Kit Lets Attackers Steal Credentials Using MitB Attacks and Bypass MFA appeared first on Cyber Security News.

A new threat is targeting movie lovers who search for the latest films online. Cybercriminals are now using the popularity of Leonardo DiCaprio’s new film, One Battle After Another, to spread the dangerous Agent Tesla malware. What appears to be a simple movie download actually contains a series of hidden PowerShell scripts that install a […]

The post Beware of Fake Leonardo DiCaprio Movie Torrent File Drops Agent Tesla Malware appeared first on Cyber Security News.

MITRE has unveiled its 2025 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses list, highlighting the root causes behind 39,080 Common Vulnerability and Exposure (CVE™) records this year. These prevalent flaws, which are often simple to detect and exploit, enable attackers to seize system control, pilfer sensitive data, or cripple applications. Developers, security […]

The post MITRE Releases Top 25 Most Dangerous Software Weaknesses of 2025 appeared first on Cyber Security News.

A Hamas‑affiliated threat group known as Ashen Lepus, also tracked as WIRTE, has launched a new espionage campaign against governmental and diplomatic entities across the Middle East. The group uses realistic Arabic‑language diplomatic lures that reference regional politics and security talks to trick officials into opening weaponized documents. Once a target interacts with the lure, […]

The post Ashen Lepus Hacker Group Attacks Eastern Diplomatic Entities With New AshTag Malware appeared first on Cyber Security News.