Cyber Security News

Two critical security vulnerabilities discovered in the popular GIMP image editing software have been disclosed. These vulnerabilities allow remote attackers to execute arbitrary code on affected systems.  The vulnerabilities, identified as CVE-2025-2760 and CVE-2025-2761, were publicly disclosed on April 7th, 2025, and affect GIMP installations prior to version 3.0.0.  Both flaws require user interaction, specifically […]

The post GIMP Image Editor Vulnerability Let Remote Attackers Arbitrary Code appeared first on Cyber Security News.

Security researchers have unveiled significant vulnerabilities in .NET desktop applications that utilize CefSharp, a popular framework for embedding Chromium browsers within desktop applications, exposing millions of enterprise applications to potential remote code execution attacks. CefSharp, a lightweight .NET wrapper around the Chromium Embedded Framework, has emerged as a cornerstone technology for enterprises developing hybrid desktop […]

The post CefSharp Enumeration Tool Reveals Security Vulnerabilities in .NET Desktop Apps appeared first on Cyber Security News.

The Gujarat Anti-Terrorism Squad (ATS) has arrested an 18-year-old and a minor for orchestrating over 50 coordinated cyberattacks on Indian government websites during the recent military ‘Operation Sindoor’.  The main accused, Jasim Shahnawaz Ansari from Nadiad in Gujarat’s Kheda district, allegedly led multiple Distributed Denial-of-Service (DDoS) attacks targeting critical infrastructure websites while posting anti-national content […]

The post Gujarat Teen Behind 50+ Cyberattacks During ‘Operation Sindoor’ Arrested appeared first on Cyber Security News.

In a sophisticated cybersecurity attack uncovered this week, Russian threat actors have been observed exploiting multiple cloud service providers to deliver the notorious Lumma Stealer malware. The campaign utilizes legitimate cloud infrastructure—including Oracle Cloud Infrastructure (OCI), Scaleway Object Storage, and Tigris—to host malicious content that targets privileged users across various organizations. Security experts warn this […]

The post Russian Hackers Leverage Oracle Cloud Infrastructure to Scaleway Object Storage appeared first on Cyber Security News.

Halo Security, a leading provider of attack surface management and penetration testing services, today announced it has successfully achieved SOC 2 Type 1 compliance following a comprehensive audit by Insight Assurance. This certification validates that Halo Security’s security controls and practices are properly designed and implemented to meet the SOC 2 trust principles. “Security isn’t a destination; it’s […]

The post Halo Security Achieves SOC 2 Type 1 Compliance, Validating Security Controls for Its Attack Surface Management Platform appeared first on Cyber Security News.

A critical security vulnerability has been discovered in Netwrix Password Secure, an enterprise password management solution, allowing authenticated attackers to execute arbitrary code on victim machines. The vulnerability, identified as CVE-2025-26817, affects all versions of Netwrix Password Secure up to version 9.2.2, exposing organizations that haven’t updated to the latest release. The flaw resides in […]

The post Netwrix Password Manager Vulnerability Allows Authenticated Remote Code Execution appeared first on Cyber Security News.

Cisco disclosed a security vulnerability (CVE-2025-20255) affecting its Webex Meetings service that could allow remote attackers to manipulate cached HTTP responses.  The vulnerability, assigned a CVSS score of 4.3 (Medium severity), stems from improper handling of malicious HTTP requests in the client join services component.  Security researcher Matthew B. Johnson (d3d) is credited with discovering […]

The post Cisco Webex Meetings Vulnerability Let Attackers Manipulate HTTP Responses appeared first on Cyber Security News.

A sophisticated cyber threat group designated as UAT-6382 has been actively exploiting a critical zero-day vulnerability in Cityworks, a popular asset management system used by local governments across the United States. The vulnerability, tracked as CVE-2025-0994, allows remote code execution and has been under active exploitation since January 2025. The attackers have demonstrated a particular […]

The post UAT-638 Hackers Exploit Cityworks Zero-Day to Attack IIS Servers With VSHell Malware appeared first on Cyber Security News.

INE Security, a global leader in Cybersecurity training and certifications, has announced a strategic partnership with Abadnet Institute for Training, a Riyadh-based leader in specialized Information Technology, Cybersecurity, and Networking training. The collaboration leverages INE Security’s internationally recognized cybersecurity training content and Abadnet’s established presence in the Saudi Arabian market to deliver comprehensive cybersecurity education programs across the […]

The post INE Security Partners with Abadnet Institute for Cybersecurity Training Programs in Saudi Arabia appeared first on Cyber Security News.

GitLab has released critical security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with several high-risk flaws enabling denial-of-service (DoS) attacks.  The coordinated release of versions 18.0.1, 17.11.3, and 17.10.7 comes as the DevOps platform confronts multiple attack vectors that could destabilize systems through resource exhaustion, authentication bypasses, and […]

The post Multiple GitLab Vulnerabilities Let Attackers Trigger DoS Attacks appeared first on Cyber Security News.

Significant vulnerabilities were uncovered in Versa Concerto, a widely deployed SD-WAN orchestration platform used by major enterprises and government entities.  The flaws include authentication bypass vulnerabilities that can be chained to achieve remote code execution and complete system compromise.  Despite responsible disclosure efforts beginning in February 2025, these critical issues remain unpatched, leaving organizations vulnerable […]

The post Versa Concerto 0-Day Authentication Bypass Vulnerability Allows Remote Code Execution appeared first on Cyber Security News.

The U.S. National Institute of Standards and Technology (NIST) has unveiled a groundbreaking security metric designed to estimate which software vulnerabilities have likely been exploited, even if organizations don’t yet know it.  Published on May 19, 2025, as NIST CSWP 41, the “Likely Exploited Vulnerabilities: A Proposed Metric for Vulnerability Exploitation Probability” paper by Peter […]

The post NIST Proposes Security Metric to Determine Likely Exploited Vulnerabilities appeared first on Cyber Security News.

Serviceaide, Inc. announced a significant data security breach affecting approximately 480,000 Catholic Health patients.  The incident, which occurred due to an improperly secured Elasticsearch database, exposed sensitive patient information for nearly seven weeks between September and November 2024.  Though no direct evidence of data theft has been confirmed, the company cannot rule out unauthorized access […]

The post Serviceaide Cyber Attack Exposes 480,000 Catholic Health Patients’ Data appeared first on Cyber Security News.

In 2025, Android users will face an increasingly sophisticated malware landscape, with evolving threats that leverage artificial intelligence, advanced evasion techniques, and new attack vectors. Despite efforts to bolster security, research indicates that malware continues to pose significant risks to the over 3 billion Android devices worldwide. The Current Malware Landscape Research suggests Android malware […]

The post Android Security Guide – Safeguarding Against Malware in 2025 appeared first on Cyber Security News.

A critical vulnerability in SAP enterprise software, CVE-2025-31324, has been exploited by the Russian Ransomware-as-a-Service (RaaS) group Qilin nearly three weeks before its public disclosure, according to a recent investigation. The vulnerability, which received the highest possible CVSS score of 10.0, affects SAP NetWeaver Visual Composer, a component widely deployed in enterprise environments globally. The […]

The post Qilin Exploited SAP 0-Day Vulnerability Weeks Before its Public Disclosure appeared first on Cyber Security News.

Multiple high-severity vulnerabilities affecting VMware Cloud Foundation could allow malicious actors to access sensitive data and perform unauthorized actions. The vulnerabilities, assigned CVE IDs CVE-2025-41229, CVE-2025-41230, and CVE-2025-41231 with CVSS base scores ranging from 7.3 to 8.2, posing significant risks to organizations using affected versions of VMware Cloud Foundation.  Directory Traversal Vulnerability Exposes Internal Services […]

The post VMware Cloud Foundation Vulnerability Let Attackers Access Sensitive Data appeared first on Cyber Security News.

A critical security vulnerability discovered in the popular Motors WordPress theme has exposed approximately 22,000 websites to significant risk.  Security researchers have identified a privilege escalation vulnerability that allows unauthenticated attackers to take over administrative accounts, potentially compromising the entire website.  This vulnerability (CVE-2025-4322) carries a critical CVSS score of 9.8 and affects all versions […]

The post WordPress Plugin Vulnerability Exposes 22,000 Sites to Cyber Attacks appeared first on Cyber Security News.

Microsoft is introducing artificial intelligence capabilities directly into Windows 11’s File Explorer, allowing users to manipulate files without opening dedicated applications.  Announced in Windows 11 Insider Preview Build 26200.5603 (KB5058488) released to the Dev Channel on May 19, 2025, this integration represents a significant advancement in Microsoft’s AI strategy for its flagship operating system. AI […]

The post Microsoft to Integrate AI With Windows 11 File Explorer appeared first on Cyber Security News.

In an age where smartphones contain our most sensitive information, phishing attacks targeting iPhone users have surged dramatically. According to recent reports, phishing messages have increased by 202% in the second half of 2024, with credential-based phishing attacks skyrocketing by an alarming 703% during the same period. Understanding how to protect your iPhone has never […]

The post iPhone Security 101 – Protecting Your Device from Phishing Scams appeared first on Cyber Security News.

A sophisticated malware campaign leveraging search engine optimization (SEO) poisoning on Microsoft Bing has emerged, delivering the notorious Bumblebee malware to unsuspecting users. The campaign, identified in May 2025, specifically targets users searching for specialized software tools, demonstrating a concerning evolution in malware distribution tactics that exploits trusted search engine results. Bumblebee, a downloader malware […]

The post Threat Actors Deliver Bumblebee Malware Poisoning Bing SEO appeared first on Cyber Security News.