Cyber Security News

A critical security vulnerability, tracked as CVE-2025-14847, that could allow attackers to extract uninitialized heap memory from database servers without authentication. The flaw resides in MongoDB’s zlib compression implementation and affects multiple versions of the database platform.​ The vulnerability enables client-side exploitation of the MongoDB Server’s zlib implementation. Potentially exposing sensitive data stored in uninitialized heap […]

The post Critical MongoDB Vulnerability Exposes Sensitive Data via Zlib Compression appeared first on Cyber Security News.

The year 2025 represents a pivotal moment in cybersecurity, showcasing a remarkable evolution in zero-click exploitation techniques that significantly challenges our understanding of digital security. Unlike traditional attacks that require user interaction, such on clicking a malicious link or downloading an infected file, zero-click exploits operate in the shadows, silently compromising devices without any victim […]

The post One Year Of Zero-Click Exploits: What 2025 Taught Us About Modern Malware appeared first on Cyber Security News.

A new malware campaign has surfaced that uses GitHub repositories to spread the WebRAT malware by disguising it as proof-of-concept exploits and gaming utilities. The malware targets users searching for game cheats, pirated software, and application patches, particularly for popular titles like Rust, Counter-Strike, and Roblox. Attackers distribute WebRAT through multiple channels, including GitHub repositories, […]

The post WebRAT Malware via GitHub Repositories Claim as Proof-of-concept Exploits to Attack Users appeared first on Cyber Security News.

Romania’s National Administration “Apele Române” (Romanian Waters) disclosed a severe ransomware attack on December 20, 2025. That compromised approximately 1,000 IT systems across the agency and 10 of its 11 regional water basin administrations. The incident affected critical infrastructure responsible for managing the country’s water resources and hydrotechnical operations. However, operational technologies remained secure throughout […]

The post Ransomware Attack on Romanian Waters Authority – 1,000+ IT Systems Compromised appeared first on Cyber Security News.

Law enforcement agencies across 19 African nations have achieved a landmark victory against cybercrime. Arresting 574 suspects and dismantling six ransomware variants during Operation Sentinel, a month-long coordinated crackdown that concluded on November 27. The operation, which ran from October 27 to November 27, targeted three escalating threats: business email compromise (BEC), digital extortion, and […]

The post Interpol Taken Down 6 Ransomware Variants and Arrested 500+ Suspects appeared first on Cyber Security News.

A massive credential-theft campaign dubbed PCPcat compromised 59,128 Next.js servers in under 48 hours. The operation exploits critical vulnerabilities CVE-2025-29927 and CVE-2025-66478, achieving a 64.6% success rate across 91,505 scanned targets. PCPCat scanners, distributed via react.py malware, probe public Next.js deployments for remote code execution flaws. Attackers use prototype pollution in JSON payloads to inject […]

The post Operation PCPcat Hacked 59,000+ Next.js/React Servers Within 48 Hours appeared first on Cyber Security News.

Microsoft is strengthening the security posture of enterprise collaboration by automatically enabling critical messaging safety features in Microsoft Teams. According to a new administrative update, the company will switch several protective settings to “On” by default starting January 12, 2026, affecting tenants who rely on standard configurations. The initiative represents a shift toward “secure-by-default” principles, […]

The post Microsoft Teams to Enforce Messaging Safety Defaults Starting January 2026 appeared first on Cyber Security News.

HardBit ransomware continues to evolve as a serious threat to organizations worldwide. The latest version, HardBit 4.0, emerged as an upgraded variant of a strain that has been active since 2022, bringing with it more advanced features and enhanced techniques to avoid detection. This newest iteration represents a significant step forward in the ransomware’s ability […]

The post HardBit 4.0 Ransomware Actors Attack Open RDP and SMB Services to Persist Access appeared first on Cyber Security News.

Cybercriminals have increasingly weaponized the Income Tax Return (ITR) filing season to orchestrate sophisticated phishing campaigns targeting Indian businesses. By exploiting public anxiety surrounding tax compliance and refund timelines, attackers have crafted high-fidelity lures that mimic official government communications. The latest wave of these attacks involves a meticulously designed infection chain that begins with a […]

The post Indian Income Tax-Themed Attacking Businesses with a Multi-Stage Infection Chain appeared first on Cyber Security News.

University of Phoenix, one of the largest for-profit educational institutions in the United States, disclosed a significant data breach affecting approximately 3.5 million individuals on December 22, 2025. The breach resulted from an external system compromise via unauthorized access, exposing sensitive personal information of current students, former attendees, and staff members. The breach was discovered on […]

The post University of Phoenix Data Breach – 3.5 Million+ Individuals Affected appeared first on Cyber Security News.

A critical remote code execution vulnerability has been discovered in n8n, the open-source workflow automation platform, exposing over 103,000 potentially vulnerable instances worldwide. Tracked as CVE-2025-68613 with a maximum CVSS severity score of 9.9. The vulnerability exists within n8n’s workflow expression evaluation system. The flaw allows authenticated attackers to execute arbitrary code with full process […]

The post Critical n8n Automation Platform Vulnerability Enables RCE Attacks – 103,000+ Instances Exposed appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated campaign where threat actors impersonate writers from major Korean broadcasting networks to distribute malicious documents. The operation, tracked as Operation Artemis, represents a notable evolution in social engineering tactics by leveraging trusted media personalities to establish credibility with potential victims before delivering harmful payloads. The campaign demonstrates a multi-stage […]

The post Threat Actors Poses as Korean TV Programs’ Writer to Trick Victims and Install Malware appeared first on Cyber Security News.

A comprehensive analysis of CVE-2025-50165, a critical Windows vulnerability affecting the Windows Imaging Component (WIC). That could potentially enable remote code execution through specially crafted JPEG files. However, their findings suggest the real-world exploitation risk is significantly lower than initially feared. The Vulnerability Details The flaw stems from dereferencing an uninitialized function pointer during the […]

The post Windows Imaging Component Vulnerability Can Lead to RCE Attacks Under Complex Attack Scenarios appeared first on Cyber Security News.

A new version of MacSync Stealer malware is targeting macOS users through digitally signed and notarized applications, marking a major shift in how this threat is delivered. Unlike older versions that required users to paste commands into Terminal, this updated variant operates silently in the background. The malware comes disguised as a legitimate installer, distributed […]

The post New MacSync Stealer Malware Attacking macOS Users Using Digitally Signed Apps appeared first on Cyber Security News.

Security researchers have released a Proof-of-Concept (PoC) exploit for a critical vulnerability in HPE OneView, a popular IT infrastructure management platform. The flaw, tracked as CVE-2025-37164, carries a maximum CVSS score of 10.0, indicating immediate danger to enterprise environments. The vulnerability allows remote attackers to execute malicious code on affected systems without needing a password or any […]

The post PoC Exploit Released HPE OneView Vulnerability that Enables Remote Code Execution appeared first on Cyber Security News.

A new tool named GhostLocker has been released, demonstrating a novel technique to neutralize Endpoint Detection and Response (EDR) systems by weaponizing the native Windows AppLocker feature. Developed by security researcher zero2504, the tool highlights a fundamental architectural vulnerability in modern EDR solutions: their reliance on userland components for analysis and reporting.​ Unlike traditional EDR […]

The post New GhostLocker Tool that Uses Windows AppLocker to Neutralize and Control EDR appeared first on Cyber Security News.

Two fake Chrome extensions named “Phantom Shuttle” are deceiving thousands of users by posing as legitimate VPN services while secretly intercepting their web traffic and stealing sensitive login information. These malicious extensions, active since 2017, have been distributed to over 2,180 users through the Chrome Web Store, where they continue to operate undetected. The threat […]

The post Malicious Chrome Extensions as VPN Intercept User Traffic to Steal Credentials appeared first on Cyber Security News.

BlindEagle, a South American threat group, has launched a sophisticated campaign against Colombian government agencies, demonstrating an alarming evolution in attack techniques. In early September 2025, the group targeted a government agency under the Ministry of Commerce, Industry and Tourism (MCIT) using coordinated phishing emails and multi-stage malware delivery. This attack represents a significant escalation […]

The post BlindEagle Hackers Attacking Government Agencies with Powershell Scripts appeared first on Cyber Security News.

A proof-of-concept (PoC) exploit has been publicly released for CVE-2025-38352, a race condition vulnerability affecting the Linux kernel’s POSIX CPU timer implementation. The flaw enables attackers to trigger use-after-free conditions in kernel memory, potentially leading to privilege escalation and system compromise. CVE-2025-38352 is a race condition that occurs in the kernel’s handle_posix_cpu_timers() function, which processes timer signals […]

The post PoC Exploit Released for Use-After-Free Vulnerability in Linux Kernel’s POSIX CPU Timers Implementation appeared first on Cyber Security News.

Microsoft has patched a significant use-after-free vulnerability in its Brokering File System (BFS) driver, tracked as CVE-2025-29970. The flaw enables local attackers to escalate privileges on Windows systems running isolated or sandboxed applications, making it a notable concern for enterprise security. The vulnerability exists in bfs.sys, a minifilter driver developed alongside Windows AppContainer and AppSilo, […]

The post Microsoft Brokering File System Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.