Cyber Security News

CISA has issued a high-severity warning for CVE-2025-48384, a link-following vulnerability in Git that enables arbitrary file writes via misconfigured carriage return handling in configuration files.  This flaw has already seen active exploitation, underscoring the critical need for immediate mitigation. Key Takeaways1. CVE-2025-48384 lets attackers abuse CR handling in Git configs to write arbitrary files.2. […]

The post CISA Warns of Git Arbitrary File Write Vulnerability Exploited in Attacks appeared first on Cyber Security News.

AccuKnox, a leader in Zero Trust Kubernetes and cloud-native security solutions, has been issued a patent [US Patent# 12,242,629 – full PDF copy available] by the U.S. Patent and Trademark Office for the breakthrough technology in Runtime Security of Kernel-Level Events.  This innovation delivers real-time detection, prevention, and remediation of anomalous kernel activity. The patented […]

The post AccuKnox Awarded Patent for Runtime Security of Kernel Events appeared first on Cyber Security News.

Android’s open ecosystem has been both its greatest strength and a persistent security challenge. While sideloading offers developers and users unparalleled freedom, it has also become a vector for malicious actors to distribute malware masquerading as legitimate applications. Over the past year, Android Developers Blog analysts noted that malware delivered via internet-sideloaded sources outpaced Play […]

The post Google to Add New Layer of Developer Verification to Distribute Apps on Play Store appeared first on Cyber Security News.

A comprehensive analysis of the top 10 social media platforms reveals that X (formerly Twitter) stands out as the most invasive collector of user location information, gathering both precise and coarse location data across all categories listed in Apple’s App Store privacy framework.  This extensive data harvesting raises significant privacy concerns as location tracking can […]

The post X/Twitter The Most Aggressive Social Media App Collecting Users Location Information appeared first on Cyber Security News.

A malvertising campaign using sponsored results on Microsoft’s search platform delivered a weaponized PuTTY that established persistence, enabled hands-on keyboard control, and executed Kerberoasting to target Active Directory service accounts. According to an investigation published by LevelBlue’s MDR SOC and corroborated by independent research tracking Oyster/Broomstick backdoor activity tied to trojanized admin tools distributed via […]

The post Weaponized PuTTY Via Bing Ads Exploit Kerberos and Attack Active Directory Services appeared first on Cyber Security News.

Android droppers have evolved from niche installers for heavyweight banking Trojans into universal delivery frameworks, capable of deploying even rudimentary spyware or SMS stealers. Initially, droppers served banking malware families that required elevated Accessibility permissions to harvest credentials. These small applications appeared innocuous at first glance, often masquerading as utility or government apps in high-risk […]

The post Threat Actors Adapting Android Droppers Even to Deploy Simple Malware to Stay Future-Proof appeared first on Cyber Security News.

A stealthy espionage campaign emerged in early 2025 targeting diplomats and government entities in Southeast Asia and beyond. At the heart of this operation lies STATICPLUGIN, a downloader meticulously disguised as a legitimate Adobe plugin update. Victims encountered a captive portal hijack that redirected browsers to malicious domains, where an HTTPS-secured landing page prompted users […]

The post Chinese UNC6384 Hackers Leverages Valid Code Signing Certificates to Evade Detection appeared first on Cyber Security News.

CISA has issued a critical alert regarding three newly identified vulnerabilities being actively exploited by threat actors. On August 25, 2025, CISA added these high-risk Common Vulnerabilities and Exposures (CVEs) to its Known Exploited Vulnerabilities (KEV) Catalog, signaling immediate concern for federal agencies and private organizations alike. Key Takeaways1. CISA added two Citrix Session Recording […]

The post CISA Warns of Citrix RCE and Privilege Escalation Vulnerabilities Exploited in Attacks appeared first on Cyber Security News.

A massive coordinated scanning campaign targeting Microsoft Remote Desktop Protocol (RDP) services, with threat actors deploying over 30,000 unique IP addresses to probe for vulnerabilities in Microsoft RD Web Access and RDP Web Client authentication portals.  The campaign represents one of the largest coordinated RDP reconnaissance operations observed in recent years, signaling potential preparation for […]

The post Hackers Actively Scanning to Exploit Microsoft Remote Desktop Protocol Services From 30,000+ IPs appeared first on Cyber Security News.

A sophisticated campaign of cyber sabotage unfolded against Iran’s maritime communications infrastructure in late August 2025, cutting off dozens of vessels from vital satellite links and navigation aids. Rather than targeting each ship individually—a logistical nightmare across international waters—the attackers infiltrated Fanava Group, the IT provider responsible for satellite communications to Iran’s sanctioned tanker fleets. […]

The post Hackers Sabotage Iranian Ships Using Maritime Communications Terminals in Its MySQL Database appeared first on Cyber Security News.

Cybersecurity researchers have observed a surge in deceptive sites masquerading as YouTube video download services to deliver Proxyware malware in recent weeks. Victims seeking to grab videos in MP4 format are redirected through ad pages that sporadically present a download link for a seemingly legitimate utility called “WinMemoryCleaner.” Behind this innocuous facade, however, lies a […]

The post Proxyware Malware Mimic as YouTube Video Download Site Delivers Malicious Javascripts appeared first on Cyber Security News.

In recent weeks, cybersecurity investigators have uncovered a novel campaign in which hackers leverage seemingly benign potentially unwanted program (PUP) advertisements to deliver stealthy Windows malware. The lure typically begins with ads promoting free PDF tools or desktop assistants that redirect victims to spoofed download sites. Once users click through, a scheduled task silently retrieves […]

The post Hackers Using PUP Advertisements to Silently Drop Windows Malware appeared first on Cyber Security News.

In recent months, cybersecurity researchers have observed a surge in targeted campaigns by a sophisticated Chinese APT group leveraging commercial proxy and VPN services to mask their attack infrastructure. The emergence of this tactic coincides with a broader shift toward commoditized anonymization platforms that blend threat actor traffic with legitimate user activity. Initial compromise vectors […]

The post Chinese APT Hackers Using Proxy and VPN Service to Anonymize Infrastructure appeared first on Cyber Security News.

In recent months, security teams have observed the emergence of a highly versatile Android backdoor, Android.Backdoor.916.origin, masquerading as a legitimate antivirus application. Distributed via private messaging services under the guise of “GuardCB,” its icon closely mimics the emblem of the Central Bank of the Russian Federation against a shield background. Although the interface displays only […]

The post New Android Spyware Disguised as an Antivirus Attacking Business Executives appeared first on Cyber Security News.

In late June 2025, a significant operational dump from North Korea’s Kimsuky APT group surfaced on a dark-web forum, exposing virtual machine images, VPS infrastructure, customized malware and thousands of stolen credentials. This leak offers an unprecedented window into the group’s espionage toolkit, revealing how Kimsuky conducts phishing campaigns, maintains persistence and evades detection within […]

The post Kimsuky APT Data Leak – GPKI Certificates, Rootkits and Cobalt Strike Personal Uncovered appeared first on Cyber Security News.

A sophisticated Android malware campaign has resurfaced, exploiting deceptive websites that perfectly mimic legitimate Google Play Store application pages to distribute the notorious SpyNote Remote Access Trojan (RAT). This malicious operation targets unsuspecting users by creating static HTML clones of popular Android application install pages, complete with copied CSS styling and JavaScript functionality designed to […]

The post Beware of Website Mimicking Google Play Store Pages to Deliver Android Malware appeared first on Cyber Security News.

As students return to campus and online learning platforms, cybercriminals are increasingly leveraging artificial intelligence to create sophisticated scams targeting the education sector. These AI-enhanced attacks have become more convincing and harder to detect, making them particularly dangerous for students, parents, and educational institutions. The integration of machine learning algorithms, natural language processing, and deepfake […]

The post 5 Common Back-to-School Online Scams Powered Using AI and How to Avoid Them appeared first on Cyber Security News.

A novel adaptation of the ClickFix social engineering technique has been identified, leveraging invisible prompt injection to weaponize AI summarization systems in email clients, browser extensions, and productivity platforms.  By embedding malicious step-by-step instructions within hidden HTML elements—using CSS obfuscation methods such as zero-width characters, white-on-white text, tiny font sizes, and off-screen positioning—attackers can poison […]

The post Threat Actors Weaponizes AI Generated Summaries With Malicious Payload to Execute Ransomware appeared first on Cyber Security News.

A critical security vulnerability has been discovered in Zendesk’s Android SDK implementation that allows attackers to perform mass account takeovers without any user interaction.  The flaw, which earned a $3,000 bug bounty payout, stems from predictable token generation mechanisms that enable unauthorized access to all Zendesk support tickets across affected organizations. Key Takeaways1. Predictable JWT […]

The post 0-Click Zendesk Account Takeover Vulnerability Enables Access to all Zendesk Tickets appeared first on Cyber Security News.

A large-scale phishing campaign was conducted by threat actors who abused Google Classroom to distribute over 115,000 malicious emails to more than 13,500 organizations globally. The campaign uncovered by Check Point unfolded in five distinct waves between August 6 and August 12, 2025, and weaponized the trusted educational platform to bypass conventional security filters. The […]

The post Hackers Leverage Google Classroom for 115,000+ Phishing Emails Targeting 13,500+ Organizations appeared first on Cyber Security News.