Cyber Security News

A dangerous new Android spyware variant called ClayRat has emerged as a significant threat to mobile device security worldwide. First identified in October by the zLabs team, this malware represents a concerning evolution in mobile threats with capabilities that allow attackers to gain near-complete control over infected devices. The spyware demonstrates sophisticated techniques to steal […]

The post ClayRat Android Malware Steals SMS Messages, Call Logs and Capture Victim Photos appeared first on Cyber Security News.

A dangerous new wave of phishing attacks is targeting Solana users by changing wallet ownership permissions rather than stealing private keys. A victim lost more than USD 3 million in a single attack, with an additional USD 2 million locked in investment platforms. What makes this attack unique is that the user’s funds remained visible […]

The post Beware of Solana Phishing Attacks That Let Hackers Initiate Unauthorized Account Transfer appeared first on Cyber Security News.

A critical command injection vulnerability in the open-source network monitoring tool Cacti allows authenticated attackers to execute arbitrary code remotely, potentially compromising the entire monitoring infrastructure. The flaw, tracked as CVE-2025-66399, affects all versions up to 1.2.28 and stems from inadequate input validation in the SNMP device configuration functionality. The vulnerability resides in the device […]

The post Cacti Command Injection Vulnerability Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.

A high-severity vulnerability has been disclosed in Splunk affecting its Enterprise and Universal Forwarder products for Windows, stemming from incorrect file permissions during installation and upgrades. The vulnerability, tracked as CVE-2025-20386 for Splunk Enterprise and CVE-2025-20387 for Universal Forwarder. Allows non-administrator users to access sensitive installation directories and their contents, creating a pathway for privilege […]

The post Splunk Enterprise Vulnerabilities Allows Privileges Escalation Via Incorrect File Permissions appeared first on Cyber Security News.

SeedSnatcher represents a significant threat to cryptocurrency users worldwide. Packaged under the seemingly innocent name “Coin” and distributed through Telegram, this Android malware has emerged as a sophisticated tool designed specifically to steal digital wallet recovery codes and execute remote commands on infected devices. The malware, registered under the package name com.pureabuladon.auxes, operates as a […]

The post SEEDSNATCHER Android Malware Attacking Users to Exfiltrate Sensitive Data and Execute Malicious Commands appeared first on Cyber Security News.

Security researchers have uncovered a sophisticated Linux malware campaign that merges Mirai-derived DDoS botnet capabilities with a stealthy fileless cryptominer, representing a significant evolution in IoT and cloud-targeted threats. The malware, dubbed V3G4 by Cyble Research Intelligence Labs, employs a multi-stage infection chain designed to compromise Linux servers and IoT devices across multiple architectures while […]

The post New Stealthy Linux Malware Combines Mirai-Derived DDoS Botnet and Fileless Cryptominer appeared first on Cyber Security News.

China-nexus threat groups are racing to weaponize the new React2Shell bug, tracked as CVE-2025-55182, only hours after its public disclosure. The flaw sits in React Server Components and lets an attacker run code on the server without logging in. Early scans show broad probing of internet-facing React and Next[.]js apps, with a focus on high-value […]

The post China-Nexus Hackers Actively Exploiting React2Shell Vulnerability (CVE-2025-55182) in the Wild appeared first on Cyber Security News.

A proof-of-concept (PoC) exploit for CVE-2025-55182, a maximum-severity remote code execution (RCE) flaw in React Server Components, surfaced publicly this week, heightening alarms for developers worldwide. Dubbed “React2Shell” by some researchers, the vulnerability carries a CVSS score of 10.0 and affects React versions 19.0.0 through 19.2.0, as well as Next.js 15.x and 16.x using App […]

The post PoC Exploit Released for Critical React, Next.js RCE Vulnerability (CVE-2025-55182) appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Canadian Centre for Cyber Security (Cyber Centre) issued a joint advisory today, warning of a sophisticated new malware campaign orchestrated by People’s Republic of China (PRC) state-sponsored cyber actors. The advisory details “BRICKSTORM,” a formidable backdoor designed to establish long-term persistence […]

The post CISA and NSA Warn of BRICKSTORM Malware Attacking VMware ESXi and Windows Environments appeared first on Cyber Security News.

A new class of prompt injection vulnerabilities, dubbed “PromptPwnd,” has been uncovered by cybersecurity firm Aikido Security. The flaws affect GitHub Actions and GitLab CI/CD pipelines that are integrated with AI agents, including Google’s Gemini CLI, Claude Code, and OpenAI Codex. The vulnerability has been confirmed to impact at least five Fortune 500 companies, with […]

The post Prompt Injection Flaw in GitHub Actions Hits Fortune 500 Firms appeared first on Cyber Security News.

Austin, TX, USA, December 4th, 2025, CyberNewsWire Phishing has surged 400% year-over-year, highlighting need for real-time visibility into identity exposures. SpyCloud, the leader in identity threat protection, today released new data showing a sharp rise in phishing attacks that disproportionately target corporate users. The company tracked a 400% year-over-year increase in successfully phished identities, with […]

The post SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware appeared first on Cyber Security News.

Clickjacking has long been considered a “dumb” attack in the cybersecurity world. Traditionally, it involves placing an invisible frame over a legitimate website to trick a user into clicking a button they didn’t intend to, like masking a “Delete Account” button with a fake “Play Video” overlay. However, a security researcher known as Lyra has […]

The post New SVG Clickjacking Attack Let Attackers Create Interactive Clickjacking Attacks appeared first on Cyber Security News.

Critical vulnerability has been added to CISA’s Known Exploited Vulnerabilities list, warning organizations about a dangerous file-upload flaw in OpenPLC ScadaBR systems. The vulnerability allows remote authenticated users to upload and execute arbitrary JSP files through the view_edit.shtm interface, creating a significant risk for industrial control system environments. OpenPLC ScadaBR File Upload Vulnerability OpenPLC ScadaBR, […]

The post CISA Warns of OpenPLC ScadaBR File Upload Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Arizona Attorney General Kris Mayes has announced a lawsuit against the popular Chinese e-commerce retailer Temu, accusing the company of stealing vast amounts of customer data. The lawsuit, filed Tuesday, positions Arizona alongside several other states taking legal action against Temu and its parent company, PDD Holdings Inc. Mayes stated that Temu’s application deceives customers […]

The post Arizona Attorney General Suses Chinese E-commerce Retailer Temu Over Data Theft Claims appeared first on Cyber Security News.

Lazarus Group’s Famous Chollima unit has been caught “live on camera” running its remote IT worker scheme, after researchers funneled its operatives into fake laptops that were actually long‑running sandbox environments under full surveillance. The investigation exposes in unprecedented detail how North Korean operators use identity theft, rented identities, and off‑the‑shelf tools to embed themselves […]

The post Lazarus Group’s IT Workers Scheme Hacker Group Caught Live On Camera appeared first on Cyber Security News.

Cybercriminals have discovered a clever way to slip malware onto job seekers’ computers by disguising malicious files as legitimate recruitment documents. A new campaign called ValleyRAT targets people actively searching for employment through email messages containing fake job offers and company materials. The attack spreads through compressed archive files with names designed to seem professional, […]

The post Threat Actors Leveraging Foxit PDF Reader to Gain System Control and Steal Sensitive Data appeared first on Cyber Security News.

A comprehensive phishing operation began targeting Indian companies in November 2025 by impersonating the Income Tax Department of India. The campaign employed remarkably authentic government communication templates, bilingual messaging in Hindi and English, and legal references to sections of the Income Tax Act to create a sense of legitimacy and urgency. The emails warned recipients […]

The post New Phishing Attack Mimic as Income Tax Department of India Delivers AsyncRAT appeared first on Cyber Security News.

Multiple critical zero‑day vulnerabilities in PickleScan, a popular open‑source tool used to scan machine learning models for malicious code. PickleScan is widely used in the AI world, including by Hugging Face, to check PyTorch models saved with Python’s pickle format. Pickle is flexible but dangerous, because loading a pickle file can run arbitrary Python code. That means a model […]

The post PickleScan 0-Day Vulnerabilities Enable Arbitrary Code Execution via Malicious PyTorch Models appeared first on Cyber Security News.

A sophisticated phishing toolkit known as Evilginx is empowering attackers to execute advanced attacker-in-the-middle (AiTM) campaigns with alarming success. These attacks are engineered to steal temporary session cookies, allowing threat actors to sidestep the critical security layer provided by multi-factor authentication (MFA). A concerning surge in this method has been observed, with a notable impact […]

The post Hackers Using Evilginx to Steal Session Cookies and Bypass Multi-Factor Authentication Tokens appeared first on Cyber Security News.

A new information stealer called Sryxen has emerged in the underground malware market, targeting Windows systems with advanced techniques to harvest browser credentials and sensitive data. Sold as Malware-as-a-Service, this C++ based threat demonstrates how modern stealers are adapting to overcome browser security improvements, particularly Google Chrome’s recently implemented App-Bound Encryption protection. Sryxen operates as […]

The post New ‘Sryxen’ Stealer Bypasses Chrome Encryption via Headless Browser Technique appeared first on Cyber Security News.