Cyber Security News

Zoom has disclosed a critical vulnerability affecting multiple Windows-based clients, potentially allowing attackers to escalate privileges and compromise user systems. Designated as CVE-2025-49457 under bulletin ZSB-25030, this flaw carries a CVSS score of 9.6, classifying it as critical due to its high impact on confidentiality, integrity, and availability. The vulnerability stems from an untrusted search […]

The post Critical Zoom Clients for Windows Vulnerability Lets Attackers Escalate Privileges appeared first on Cyber Security News.

An unprecedented surge in brute-force attacks targeting Fortinet SSL VPN infrastructure, with over 780 unique IP addresses participating in coordinated assault campaigns.  The August 3rd attack represents the highest single-day volume recorded on GreyNoise’s Fortinet SSL VPN Bruteforcer tag in recent months, raising concerns about potential zero-day vulnerabilities and sophisticated threat actor operations. Key Takeaways1. […]

The post Hackers Attacking Fortinet SSL VPN Under Attack From 780 unique IPs appeared first on Cyber Security News.

Ivanti has released critical security updates addressing multiple high and medium-severity vulnerabilities across its Connect Secure, Policy Secure, and Zero Trust Access (ZTA) gateway products.  The vulnerabilities, identified through internal discovery and responsible disclosure programs, could enable remote attackers to trigger denial-of-service (DoS) attacks without authentication, though no active exploitation has been detected at the […]

The post Ivanti Connect Secure, Policy Secure and ZTA Vulnerabilities Let Attackers Trigger DoS Attack appeared first on Cyber Security News.

Four Ghanaian nationals orchestrating an international cybercrime operation that defrauded victims of over $100 million through sophisticated romance scams and business email compromise attacks have been extradited to the United States. The criminal organization, led by Isaac Oduro Boateng, Inusah Ahmed, Derrick van Yeboah, and Patrick Kwame Asare, employed advanced social engineering techniques to target […]

The post Hackers Behind $100 Million Romance Scams and Other Frauds Extradited to US appeared first on Cyber Security News.

A critical remote code execution vulnerability in Erlang/OTP’s SSH daemon has been actively exploited in the wild, with cybercriminals targeting operational technology networks across multiple industries. CVE-2025-32433, carrying the maximum CVSS score of 10.0, allows unauthenticated attackers to execute arbitrary commands on vulnerable systems by sending specially crafted SSH connection protocol messages to open SSH […]

The post Erlang/OTP SSH RCE Vulnerability Exploited in the Wild to Attack Across OT Networks appeared first on Cyber Security News.

UAC‑0099, a sophisticated threat actor group that has been active since at least 2022, continues to pose a significant cybersecurity threat through its evolving cyber-espionage campaigns targeting Ukrainian government agencies, military organizations, and defense-industrial entities. The group has demonstrated remarkable adaptability across three major operational phases spanning 2023 to 2025, systematically refining its toolkit while […]

The post UAC‑0099 Tactics, Techniques, Procedures and Attack Methods Unveiled appeared first on Cyber Security News.

Meta has introduced a groundbreaking feature that fundamentally transforms Instagram from a traditional photo-sharing platform into a comprehensive real-time location broadcasting system. The new “Map” functionality represents a significant architectural shift in social media design, enabling users to continuously transmit their whereabouts to selected contacts whenever they launch the application. Unlike conventional posting mechanisms where […]

The post Meta’s New Feature Transforms Instagram to a New Real-Time Location Broadcaster appeared first on Cyber Security News.

A sophisticated Visual Basic Script (VBS) malware dubbed “Silent Watcher” has emerged as a persistent threat targeting Windows systems, demonstrating advanced data exfiltration capabilities through Discord webhooks. This stealer, part of the Cmimai malware family, represents a concerning evolution in information-stealing tactics that leverage legitimate communication platforms to bypass traditional security measures. The malware operates […]

The post Silent Watcher Attacking Windows Systems and Exfiltrate Data Using Discord Webhook appeared first on Cyber Security News.

CastleLoader, a sophisticated malware loader that emerged in early 2025, has successfully compromised 469 devices out of 1,634 infection attempts since May 2025, achieving an alarming 28.7% infection rate. This versatile threat has primarily targeted U.S. government entities through advanced phishing campaigns that exploit user trust in legitimate platforms and services. The malware employs two […]

The post CastleLoader Malware Infected Over 400+ Devices Using Cloudflare-Themed ClickFix Phishing Attack appeared first on Cyber Security News.

In early August 2025, cybersecurity teams in Türkiye observed a new, highly evasive Java‐based loader that slipped past every public sandbox, antivirus solution, and even enterprise EDR/XDR platforms. This threat—codenamed SoupDealer—surfaced as a phishing campaign distributing a three‐stage loader via files such as TEKLIFALINACAKURUNLER.jar. Deployed through targeted spearphishing, the initial .jar file only unpacks its […]

The post SoupDealer Malware Bypasses Every Sandbox, AV’s and EDR/XDR in Real-World Incidents appeared first on Cyber Security News.

In recent weeks, a flurry of sponsored listings promising preorders for Tesla’s anticipated Optimus robots began appearing at the top of Google search results. These advertisements directed unsuspecting users to counterfeit microsites mimicking Tesla’s design, purporting to accept $250 “non-refundable” deposits for early access to the robotics platform. What seemed at first glance to be […]

The post Hackers Poison Google Paid Ads With Fake Tesla Websites to Deliver Malware appeared first on Cyber Security News.

A critical vulnerability was uncovered that transforms ordinary Linux-powered webcams into weaponized BadUSB attack tools, enabling remote hackers to inject malicious keystrokes and compromise target systems without detection.  The research, presented at DEF CON 2025, demonstrates the first known case where attackers can remotely weaponize USB devices already connected to computers, marking a significant evolution […]

The post Hackers Weaponized Linux Webcams as Attack Tools to Inject Keystrokes and Launch Attacks appeared first on Cyber Security News.

The cybersecurity landscape faces an unprecedented threat as artificial intelligence coding assistants inadvertently transform into reconnaissance tools for malicious actors. A recent investigation reveals how developers’ interactions with AI tools like Claude CLI and GitHub Copilot are creating comprehensive attack blueprints that eliminate the traditional barriers to sophisticated cyber intrusions. Modern AI coding assistants store […]

The post AI Coding Assistant Creating a Perfect Blueprints for Attackers appeared first on Cyber Security News.

In recent months, security researchers have observed a novel phishing campaign targeting macOS users under the guise of a CAPTCHA verification process. This attack, dubbed “ClickFix,” leverages a blend of social engineering and operating system detection to coax victims into executing malicious commands directly in their terminals. By mimicking legitimate Cloudflare-style checks, the malware avoids […]

The post ClickFix Malware Attacks macOS Users to Steal Login Credentials appeared first on Cyber Security News.

ClickFix has emerged as one of the most dangerous and rapidly growing cybersecurity threats of 2025, representing a sophisticated evolution in social engineering attacks. This deceptive technique has surged by an unprecedented 517% in the first half of 2025, becoming the second most common attack vector after phishing and accounting for nearly 8% of all […]

The post What is ClickFix Attack – How Hackers are Using it to Attack User Device With Malware appeared first on Cyber Security News.

Cary, United States, August 11th, 2025, CyberNewsWire Hands-on cybersecurity and IT training leader recognized for innovation in practical, work-ready education INE has been selected for Training Industry’s 2025 Top 20 Online Learning Library Companies list, recognizing the company’s leadership in cybersecurity training, cybersecurity certifications, and IT training that emphasizes hands-on, practical learning experiences. Training Industry evaluated […]

The post INE Named to Training Industry’s 2025 Top 20 Online Learning Library List appeared first on Cyber Security News.

A critical zero-day vulnerability has been identified in WinRAR that cybercriminals are actively exploiting through sophisticated phishing campaigns to distribute RomCom malware.  The flaw, designated as CVE-2025-8088, represents a significant security threat with a CVSS v3.1 score of 8.4, enabling attackers to execute arbitrary code on victims’ systems through malicious archive files. Key Takeaways1. WinRAR […]

The post WinRAR 0-Day in Phishing Attacks to Deploy RomCom Malware appeared first on Cyber Security News.

Researchers have compromised OpenAI’s latest GPT-5 model using sophisticated echo chamber and storytelling attack vectors, revealing critical vulnerabilities in the company’s most advanced AI system.  The breakthrough demonstrates how adversarial prompt engineering can bypass even the most robust safety mechanisms, raising serious concerns about enterprise deployment readiness and the effectiveness of current AI alignment strategies. […]

The post GPT-5 Jailbreaked With Echo Chamber and Storytelling Attacks appeared first on Cyber Security News.

A newly disclosed security vulnerability in the popular 7-Zip file compression software has raised significant concerns in the cybersecurity community. CVE-2025-55188, discovered and reported by security researcher Landon on August 9, 2025, allows attackers to perform arbitrary file writes during archive extraction, potentially leading to code execution on vulnerable systems. The vulnerability affects all versions […]

The post 7-Zip Arbitrary File Write Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

LAS VEGAS — At the DEF CON 33 security conference, researchers Yair and Shahak Morag of SafeBreach Labs unveiled a new class of denial-of-service (DoS) attacks, dubbed the “Win-DoS Epidemic.” The duo presented their findings, which include four new Windows DoS vulnerabilities and one zero-click distributed denial-of-service (DDoS) flaw. The discovered flaws, all of which […]

The post New ‘Win-DoS’ Zero-Click Vulnerabilities Turns Windows Server/Endpoint, Domain Controllers Into DDoS Botnet appeared first on Cyber Security News.