Cyber Security News

A critical remote code execution vulnerability in SAP NetWeaver Visual Composer (CVE-2025-31324) is being actively exploited by a Chinese threat actor to compromise enterprise systems worldwide. The vulnerability allows attackers to achieve remote code execution by uploading malicious web shells through the vulnerable /developmentserver/metadatauploader endpoint. Exploitation has been observed primarily targeting manufacturing environments, where compromised […]

The post Chinese Hackers Exploit SAP RCE Vulnerability to Upload Supershell Backdoors appeared first on Cyber Security News.

Cybersecurity experts have uncovered a sophisticated attack campaign targeting IT administrators through search engine optimization (SEO) poisoning tactics. Threat actors are leveraging advanced SEO techniques to push malicious versions of commonly used administrative tools to the top of search engine results, creating a dangerous trap for unsuspecting IT professionals. When administrators search for legitimate tools, […]

The post Hackers Attacking IT Admins by Poisoning SEO to Move Malware on Top of Search Results appeared first on Cyber Security News.

A seemingly innocent Python package has been unmasked as a sophisticated remote access trojan (RAT) targeting the Discord developer community. On March 21, 2022, a package named ‘discordpydebug’ appeared on the Python Package Index (PyPI) under the innocuous description “Discord py error logger.” While presenting itself as a helpful debugging utility for developers working with […]

The post Malicious Python Package Mimic as Attacking Discord Developers With Malicious Remote Commands appeared first on Cyber Security News.

A new ransomware strain dubbed “Mamona” that operates entirely offline and leverages a clever attack strategy that abuses the Windows ping command. Unlike traditional ransomware that communicates with remote servers, Mamona works completely offline, making it particularly difficult to detect with conventional network monitoring tools. “This strain highlights a rising trend: ransomware that trades complexity […]

The post New Mamona Ransomware Attack Windows Machines by Abusing Ping Commands appeared first on Cyber Security News.

A sophisticated supply chain attack targeting the popular npm package ‘rand-user-agent’ was discovered on May 5, 2025. The compromise affects a legitimate JavaScript library used to generate randomized user-agent strings for web scraping operations, inserting malicious code that establishes remote access capabilities on infected systems. Security researchers detected suspicious code in version 1.0.110 of the […]

The post New Supply Chain Attack Targets Legitimate npm Package with 45,000 Weekly Downloads appeared first on Cyber Security News.

Native apps are built compatible with a platform or operating system, such as iOS or Android. While unrestricted access to all device functionalities (camera, GPS, and push notifications) makes native apps attractive for users, it also poses significant risks. Cyber attacks increased by 30% between January 2023 and 2024 and amount to 13 attacks per […]

The post 5 Must-Have Security Features for Native Apps appeared first on Cyber Security News.

Cybersecurity experts have identified an escalating campaign by the notorious hacker collective Scattered Spider, which continues to evolve its sophisticated attack methods in 2025. The group, active since at least 2022, has shifted focus to target business services including Klaviyo, HubSpot, and Pure Storage, posing significant threats to organizations relying on these platforms. Using advanced […]

The post Scattered Spider Malware Targeting Klaviyo, HubSpot, and Pure Storage Services appeared first on Cyber Security News.

Cybercriminals have developed sophisticated vishing techniques that leverage multimedia file formats to bypass security systems and target unsuspecting victims. These new attack vectors, observed in early 2025, represent an evolution in social engineering tactics where threat actors exploit commonly trusted file formats to deliver fraudulent messages prompting victims to make phone calls to fake customer […]

The post Threat Actors Using Multimedia Systems Via Stealthy Vishing Attack appeared first on Cyber Security News.

Threat actors increasingly leverage Windows Remote Management (WinRM) to move stealthily within Active Directory (AD) environments, evading traditional detection mechanisms while escalating privileges and deploying malicious payloads.  WinRM, Microsoft’s implementation of the WS-Management protocol, is a core component of Windows systems. It enables administrators to execute remote commands, manage configurations, and run PowerShell scripts across […]

The post Hackers Using Windows Remote Management to Stealthily Navigate Active Directory Network appeared first on Cyber Security News.

As organizations increasingly adopt hybrid work models, Chief Information Security Officers (CISOs) face new and complex challenges. The traditional boundaries of enterprise security have dissolved, and sensitive data now flows across home offices, cloud platforms, and corporate networks. This shift has forced CISOs to rethink their approach, beyond simply defending a fixed perimeter to orchestrating […]

The post How CISOs Can Successfully Lead Security Transformation in Hybrid Work Environments appeared first on Cyber Security News.

In today’s hyperconnected business environment, building a resilient cyber defense is crucial. Cyber threats have evolved into persistent and sophisticated challenges that jeopardize organizational stability. Chief Information Security Officers (CISOs) now operate at the frontline of an invisible war, where attackers continuously adapt their methods while defenders must anticipate threats before they materialize. Building resilient […]

The post Building a Resilient Cyber Defense – CISO Strategies Unveiled appeared first on Cyber Security News.

In today’s digital era, Chief Information Security Officers (CISOs) are under immense pressure to protect their organizations from increasingly sophisticated cyber threats. The threat landscape is dynamic, with adversaries constantly evolving their tactics and exploiting new vulnerabilities. Traditional reactive security methods are no longer sufficient. To stay ahead, CISOs must embrace a proactive approach-anticipating risks […]

The post How CISOs Can Leverage Threat Intelligence to Stay Proactive appeared first on Cyber Security News.

The rapid proliferation of IoT devices from smart manufacturing sensors to healthcare wearables—has transformed organizational operations and expanded risk landscapes, making Securing IoT for CISOs a growing priority. For Chief Information Security Officers (CISOs), this evolution demands a recalibration of traditional security strategies. IoT ecosystems introduce unique vulnerabilities: heterogeneous device architectures, fragmented communication protocols, and […]

The post The CISO’s Role in Securing IoT in a Connected World appeared first on Cyber Security News.

Zero Trust implementation is essential in today’s rapidly evolving digital landscape, as traditional perimeter-based security can no longer defend against sophisticated cyber threats. The rise in remote work, cloud adoption, and interconnected systems has expanded the attack surface, making it imperative for security leaders to rethink their approach. Enter Zero Trust: a security framework built […]

The post Zero Trust Implementation – A CISO’s Essential Resource Guide appeared first on Cyber Security News.

In today’s rapidly evolving cyber threat landscape, organizations are increasingly challenged by the sophistication and frequency of attacks targeting their digital assets. Traditional security tools, while foundational, are often insufficient for detecting and responding to advanced threats that can move laterally across networks, exploit cloud environments, and evade signature-based defenses. This gap in security effectiveness […]

The post Improving Threat Detection: The Role Of MDR And XDR In Your Security Operations appeared first on Cyber Security News.

In today’s interconnected business environment, organizations face growing cybersecurity risks, with insider threats emerging as one of the most significant challenges. Unlike external attacks, insider threats originate from employees, contractors, or partners with legitimate access to company systems and data. Recent reports indicate that over 83% of organizations experienced at least one insider attack, with […]

The post Mitigating Insider Threats – A CISO’s Comprehensive Guide appeared first on Cyber Security News.

Over the past decade, the role of the Chief Information Security Officer (CISO) has evolved significantly from focusing on compliance to building resilience amid a rapidly shifting threat landscape Once seen as the gatekeeper of compliance and the enforcer of technical controls, the CISO now finds themselves at the heart of business strategy and risk […]

The post From Compliance to Resilience – Redefining the CISO’s Mission appeared first on Cyber Security News.

As organizations accelerate their digital transformation journeys, the cloud has become the backbone of modern business operations. This shift brings unprecedented flexibility and scale but introduces new complexities and risks that CISOs must navigate. The traditional security perimeter has dissolved, replaced by a dynamic environment where data, applications, and users are distributed across multiple platforms […]

The post Cloud Security Essentials – CISO Resource Toolkit appeared first on Cyber Security News.

In the modern digital era, the Chief Information Security Officer (CISO) stands at the forefront of organizational defense, responsible for navigating a landscape where cyber threats are not only increasing in frequency and sophistication but are also accompanied by a rapidly evolving regulatory environment. The CISO’s role now extends far beyond traditional IT security, encompassing […]

The post The CISO’s Role In Ensuring Compliance Amid Evolving Cyber Threats appeared first on Cyber Security News.

A sophisticated malware variant masquerading as a legitimate WordPress security plugin has been identified, capable of providing attackers with persistent access to compromised websites. The malicious code appears in the file system under innocuous names such as ‘WP-antymalwary-bot.php’ or ‘wp-performance-booster.php’, creating a facade of legitimacy while harboring dangerous capabilities including remote code execution, administrator access […]

The post New WordPress Malware as Anti-Malware Plugin Take Full Control of Website appeared first on Cyber Security News.