Cyber Security News

The exponential growth of government data requests to technology giants has transformed Silicon Valley into the backbone of modern surveillance infrastructure. Between 2014 and 2024, Apple, Google, and Meta collectively disclosed data from 3.16 million user accounts to U.S. authorities, representing a 530–675% surge in compliance rates. This escalation correlates with the explosive growth of […]

The post Google, Meta and Apple Fuel the World’s Largest Surveillance Machine appeared first on Cyber Security News.

Researchers from Splunk have identified a sophisticated malware campaign targeting over 4,000 Internet Service Providers (ISPs) primarily located on the West Coast of the United States and in China. The campaign, which originated from Eastern Europe, uses a combination of credential brute force attacks and stealthy malware to establish persistent access while mining cryptocurrency and […]

The post Hackers Attacking 4000+ ISPs With New Malware for Remote Access appeared first on Cyber Security News.

A critical information disclosure vulnerability in Docusnap, a widely used IT inventory management solution, allows attackers to decrypt sensitive system data collected from Windows hosts.  Designated as CVE-2025-26849, the flaw stems from the use of a static encryption key to protect inventory files, rendering the encryption effectively useless.  These files, intended to securely catalog installed […]

The post Docusnap for Windows Vulnerability Let Attackers Access Sensitive Data appeared first on Cyber Security News.

A newly identified variant of the Android Remote Access Tool (RAT), AndroRAT, has emerged as a critical cybersecurity threat, leveraging sophisticated techniques to steal device unlock patterns, PINs, and passcodes.  The malware, first documented in 2012 as an open-source university project, has evolved into a weaponized tool capable of bypassing Android security mechanisms up to […]

The post New Android RAT Dubbed “AndroRAT” Attacking to Steal Pattern, PIN & Passcodes appeared first on Cyber Security News.

VMware has issued a critical security advisory (VMSA-2025-0004) warning of active exploitation of three vulnerabilities in its ESXi, Workstation, and Fusion products. These flaws, CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, allow attackers to execute malicious code, escalate privileges, and leak sensitive memory data. The most severe vulnerability, CVE-2025-22224, carries a CVSSv3 score of 9.3 and enables hypervisor-level […]

The post VMware ESXi Vulnerabilities Exploited in Wild to Execute Malicious Code appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding CVE-2018-8639, a privilege escalation vulnerability in the Microsoft Windows Win32k component, which threat actors are actively exploiting to execute arbitrary code in kernel mode.  Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, this flaw underscores systemic risks in unpatched systems and the persistent […]

The post CISA Warns of Windows Win32k Vulnerability Exploited to Run Arbitrary code appeared first on Cyber Security News.

Google has issued an urgent security alert for CVE-2024-43093 and CVE-2024-50302, two critical Android vulnerabilities actively exploited in coordinated attacks targeting devices running Android 12 through 15.  Patched in the March 2025 Android Security Bulletin (security patch level 2025-03-05), these flaws enable attackers to bypass lock screens, escalate privileges, and execute remote code.  Forensic evidence […]

The post Google Warns of Two Critical Android Vulnerabilities Under Attack – Update Now! appeared first on Cyber Security News.

Several sophisticated multi-stage malware campaigns were revealed by recent findings from Palo Alto Networks’ Unit 42 have employing advanced encryption techniques to evade detection. Threat actors are increasingly using the Advanced Encryption Standard (AES) in combination with code virtualization to protect malicious payloads, creating a complex chain of obfuscation that challenges traditional security measures. These […]

The post Threat Actors Leveraging AES Cryptography For Payload Protection appeared first on Cyber Security News.

A critical zero-day vulnerability in BigAntSoft’s BigAnt Server (CVE-2025-0364) allows unauthenticated attackers to execute arbitrary code on affected systems through a chain of SaaS registration abuses and PHP file uploads.  The flaw, discovered by VulnCheck researchers during an analysis of a misrated CVSS score for CVE-2024-54761, impacts all versions ≤5.6.06 of the Windows-based enterprise chat […]

The post BigAnt Server 0-day Vulnerability Let Attackers Execute Malicious Code Via File Uploads appeared first on Cyber Security News.

Google is advancing its email privacy arsenal with the development of Shielded Email, a feature designed to generate disposable email aliases for users signing up for apps and services.  First uncovered in a Google Play Services v24.45.33 APK teardown by Android Authority, this tool aims to combat spam and protect primary Gmail addresses from exposure.  […]

The post Google’s New Email Shield Feature Let Users Hide Email From Apps appeared first on Cyber Security News.

A sophisticated phishing campaign in which threat actors are utilizing a multi-stage attack chain that combines social engineering tactics with modified open-source tools to compromise Windows systems. The campaign, active as of March 2025, employs the ClickFix technique to deceive users into executing malicious code. It ultimately deploys a customized version of the Havoc command-and-control […]

The post Hackers Using ClickFix Tactic to Attack Windows Machine & Gain Full Control of System appeared first on Cyber Security News.

Cybersecurity firm Silent Push have confirmed recently that North Korean IT workers continue to utilize Astrill VPN services to hide their true IP addresses when seeking employment with international companies. This finding, originally reported by Google’s Mandiant in September 2024, shows the ongoing efforts by North Korean threat actors to circumvent detection while conducting malicious […]

The post North Korean IT Workers Using Astrill VPN To Hide Their IPs appeared first on Cyber Security News.

Security researchers have uncovered three critical vulnerabilities in Extreme Networks’ IQ Engine (HiveOS) that collectively enable authenticated attackers to escalate privileges, decrypt passwords, and execute arbitrary commands on affected systems.  The flaws—tracked as CVE-2025-27229, CVE-2025-27228, and CVE-2025-27227—were disclosed through coordinated efforts led by Lukas Schauer of Bonn-Rhein-Sieg University of Applied Sciences, prompting Extreme Networks to […]

The post HiveOS Vulnerabilities Let Attackers Execute Arbitrary Commands appeared first on Cyber Security News.

The cybersecurity landscape of 2024 witnessed an unprecedented increase in mass internet exploitation, driven by attackers’ ability to automate vulnerability exploits within hours of disclosure.  GreyNoise’s 2025 Mass Internet Exploitation Report reveals a systematic industrialization of cyberattacks, with threat actors leveraging both cutting-edge and decades-old vulnerabilities to compromise systems at scale.  From ransomware campaigns to […]

The post Attackers Automating Vulnerability Exploits with Few Hours of Disclosure appeared first on Cyber Security News.

The United States has paused offensive cyber operations against Russia under an order from Defense Secretary Pete Hegseth, causing debates over geopolitical strategy and domestic cybersecurity priorities.  While U.S. Cyber Command—a Unified Combatant Command overseeing military cyber operations—adheres to the directive, the Cybersecurity and Infrastructure Security Agency (CISA) insists its defensive posture remains unchanged.  The […]

The post U.S. Halts Cyber Operations Targeting Russia appeared first on Cyber Security News.

Unit 42, the threat intelligence team at Palo Alto Networks, has identified a sophisticated threat actor group named JavaGhost that has evolved from website defacement to executing persistent phishing campaigns using compromised AWS environments. The group, active since at least 2022, exploits overly permissive Amazon Identity and Access Management (IAM) permissions to leverage victims’ Simple […]

The post JavaGhost Leveraging Amazon IAM Permissions To Trigger Phishing Attack appeared first on Cyber Security News.

A critical security vulnerability (CVE-2022-46337) in Apache Derby, an open-source relational database implemented entirely in Java, has exposed systems to authentication bypass attacks via LDAP injection.  The flaw, rated with a CVSS score of 9.1, enables attackers to craft malicious usernames that circumvent LDAP authentication checks, potentially granting unauthorized access to sensitive data and database […]

The post Apache Derby Vulnerability Let Attackers Bypass Authentication with LDAP Injection  appeared first on Cyber Security News.

MediaTek has issued urgent security advisories warning of multiple high-severity vulnerabilities in its system-on-chip (SoC) architectures, including flaws that enable local privilege escalation (LPE) and remote code execution (RCE).  The March 2025 Product Security Bulletin highlights three high severity vulnerabilities CVE-2025-20644, CVE-2025-20645, and CVE-2025-20646—affecting modem firmware, cryptographic key management, and Wi-Fi subsystems.  These vulnerabilities impact […]

The post MediaTek Warns of Multiple Vulnerabilities that let Attackers Escalate Privileges appeared first on Cyber Security News.

A newly disclosed edge case in Substack’s custom domain implementation allows threat actors to hijack inactive subdomains, potentially enabling content spoofing, phishing campaigns, and brand impersonation.  The researcher identified 1,426 vulnerable domains – representing 8% of all Substack-associated custom domains – that remain exposed due to misconfigured DNS records, including 11 wildcard domains that exponentially […]

The post New Vulnerability in Substack let Attackers Take Over Subdomains appeared first on Cyber Security News.

Dynamic malware analysis tools are critical for detecting and understanding modern cyber threats. These tools execute suspicious software in isolated environments to monitor its behavior, such as file modifications, network activity, or registry changes. Below is a list of the top 10 dynamic malware analysis tools, with insights into their features, benefits, and limitations. Tools […]

The post Top 10 Best Dynamic Malware Analysis Tools in 2025 appeared first on Cyber Security News.