Cyber Security News

A detailed security guide released by Splunk to help cybersecurity teams detect and prevent ransomware attacks targeting ESXi infrastructure before they can cause catastrophic damage.  The guide comes as a response to increasing threats against VMware’s ESXi hypervisor systems, which have become prime targets for cybercriminals due to their centralized nature and often inadequate monitoring.  […]

The post Splunk Release Guide for Defenders to Detect Suspicious Activity Before ESXi Ransomware Attack appeared first on Cyber Security News.

A critical security vulnerability has been discovered in the popular “Database for Contact Form 7, WPforms, Elementor forms” WordPress plugin, potentially exposing over 70,000 websites to remote code execution attacks.  The vulnerability, tracked as CVE-2025-7384 with a maximum CVSS score of 9.8, affects all versions up to and including 1.4.3 and was publicly disclosed on […]

The post Critical WordPress Plugin Vulnerability Exposes 70,000+ Sites to RCE Attacks appeared first on Cyber Security News.

CISA has issued urgent warnings regarding two critical security vulnerabilities in N-able N-Central remote monitoring and management (RMM) software that threat actors are actively exploiting.  The vulnerabilities, identified as CVE-2025-8875 and CVE-2025-8876, pose significant risks to organizations using this widely-deployed IT management platform. Key Takeaways1. Two critical N-able N-Central vulnerabilities were actively exploited for remote […]

The post CISA Warns of N-able N-Central Deserialization and Injection Vulnerability Exploited in Attacks appeared first on Cyber Security News.

The notorious ShinyHunters cybercriminal group has emerged from a year-long hiatus with a sophisticated new wave of attacks targeting Salesforce platforms across major organizations, including high-profile victims like Google. This resurgence marks a significant tactical evolution for the financially motivated threat actors, who have traditionally focused on database exploitation and credential theft rather than the […]

The post ShinyHunters Possibly Collaborates With Scattered Spider in Salesforce Attack Campaigns appeared first on Cyber Security News.

Artificial intelligence coding assistants, designed to boost developer productivity, are inadvertently causing massive system destruction.  Researchers report a significant spike in what they term “AI-induced destruction” incidents, where helpful AI tools become accidental weapons against the very systems they’re meant to improve. Key Takeaways1. AI assistants accidentally destroy systems when given vague commands with excessive […]

The post “AI-Induced Destruction” – New Attack Vector Where Helpful Tools Become Accidental Weapons appeared first on Cyber Security News.

The cybersecurity landscape experienced an unprecedented escalation in digital threats during the first half of 2025, with Web Distributed Denial of Service (DDoS) attacks surging by 39% compared to the second half of 2024. The second quarter alone witnessed a staggering 54% quarter-over-quarter spike in attack activity, marking the highest levels on record and signaling […]

The post Web DDoS, App Exploitation Attacks Saw a Huge Surge in First Half of 2025 appeared first on Cyber Security News.

Out-of-bounds read and write vulnerabilities represent critical security vulnerabilities that occur when software accesses memory locations beyond the allocated boundaries of data structures such as arrays, buffers, or other memory regions. These vulnerabilities can lead to information disclosure, system crashes, and in severe cases, arbitrary code execution that allows attackers to gain unauthorized control over […]

The post What Is Out-of-Bounds Read and Write Vulnerability? appeared first on Cyber Security News.

A sophisticated cybercriminal organization known as VexTrio has been orchestrating a massive fraud empire through deceptive CAPTCHA robots and malicious applications distributed across Google Play and the App Store. This criminal network, operating for over 15 years, has successfully infiltrated legitimate app stores with fraudulent software that has collectively garnered over one million downloads, while […]

The post VexTrio Hackers Attacking Users via Fake CAPTCHA Robots and Malicious Apps into Google Play and App Store appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency has added this vulnerability to its Known Exploited Vulnerabilities catalog, with a due date of September 2, 2025, for federal agencies to apply mitigations. WinRAR has released version 7.13 to address a critical security vulnerability that has been actively exploited by cybercriminals, marking another significant security incident for […]

The post CISA Added WinRaR Zero-Day (CVE-2025-8088) Vulnerability That is Actively Exploited In the Wild appeared first on Cyber Security News.

Microsoft is officially removing Windows PowerShell 2.0 from its operating systems, marking the end of an era for the legacy scripting component that has been deprecated since 2017. The removal affects Windows 11 version 24H2 starting August 2025 and Windows Server 2025 beginning September 2025, with Windows Insider preview builds already reflecting this change as […]

The post Microsoft Removes PowerShell 2.0 From Windows To Clean Up Legacy Code appeared first on Cyber Security News.

A sophisticated new threat actor group dubbed “Curly COMrades” has emerged as a significant cybersecurity concern, conducting targeted espionage campaigns against critical organizations in countries experiencing substantial geopolitical shifts. The group has been actively pursuing long-term network access and credential theft operations since mid-2024, with a particular focus on judicial and government bodies in Georgia, […]

The post New ‘Curly COMrades’ APT Hackers Attacking Targeting Critical Organizations in Countries appeared first on Cyber Security News.

A critical security vulnerability discovered in popular Android rooting frameworks could allow malicious applications to completely compromise rooted devices, giving attackers full system control without user knowledge. The vulnerability, first identified in KernelSU version 0.5.7, demonstrates how seemingly robust authentication mechanisms can be circumvented through clever exploitation techniques. Rooting frameworks like KernelSU, APatch, SKRoot, and […]

The post Hackers Could Gain Full Control of Your Rooted Android Devices by Exploiting One Vulnerability appeared first on Cyber Security News.

Microsoft released critical security updates, addressing three serious vulnerabilities in Microsoft Office that could allow attackers to execute remote code on affected systems.  The vulnerabilities, tracked as CVE-2025-53731, CVE-2025-53740, and CVE-2025-53730, affect multiple versions of Microsoft Office and pose significant security risks to organizations and individual users worldwide. Key Takeaways1. Critical Office flaws enable code […]

The post Microsoft Office Vulnerabilities Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.

If you think phishing is just clicking a bad link and landing on a fake login page, Tycoon2FA will prove you wrong. This new wave of phishing-as-a-service isn’t playing the old game anymore; it’s running a 7-stage obstacle course built to wear down both humans and machines. It’s already slipping past trusted security tools. If […]

The post New Multi-Stage Tycoon2FA Phishing Attack Now Beats Top Security Systems appeared first on Cyber Security News.

A critical authentication bypass vulnerability in FortiWeb allows unauthenticated remote attackers to impersonate any existing user on affected systems.  The vulnerability, tracked as CVE-2025-52970 with a CVSS score of 7.7, affects multiple FortiWeb versions and stems from improper parameter handling in the cookie parsing mechanism. Key Takeaways1. CVE-2025-52970 lets attackers bypass authentication to log in […]

The post FortiWeb Authentication Bypass Vulnerability Let Attackers Log in As Any Existing User appeared first on Cyber Security News.

The cybersecurity community continues to grapple with the lingering effects of the XZ Utils backdoor, a sophisticated supply chain attack that shook the industry in March 2024. What began as a carefully orchestrated two-year campaign by the pseudonymous developer ‘Jia Tan’ has evolved into a persistent threat that extends far beyond its initial discovery. The […]

The post Several Docker Images Contain Infamous XZ Backdoor Planted for More Than a Year appeared first on Cyber Security News.

A sophisticated new ransomware family called Charon has emerged in the cybersecurity landscape, targeting organizations in the Middle East’s public sector and aviation industry with advanced persistent threat (APT) techniques typically reserved for nation-state actors. The ransomware campaign represents a concerning evolution in cybercriminal operations, combining stealth, precision, and destructive capabilities to maximize impact on […]

The post New Charon Ransomware Employs DLL Sideloading, and Anti-EDR Capabilities to Attack Organizations appeared first on Cyber Security News.

Microsoft released security patches addressing a significant vulnerability in Windows Remote Desktop Services that could allow unauthorized attackers to launch denial of service attacks over network connections.  The vulnerability, designated as CVE-2025-53722, affects multiple Windows versions spanning from legacy systems to the latest Windows Server 2025 and Windows 11 24H2 releases. Key Takeaways1. Critical Windows […]

The post Windows Remote Desktop Services Vulnerability Let Attacker Deny Services Over Network appeared first on Cyber Security News.

A sophisticated cybercriminal operation disguised as a Ukrainian Web3 development team has been targeting job seekers through weaponized NPM packages, security researchers warn. The attack leverages fake interview processes to trick unsuspecting candidates into downloading and executing malicious code that steals cryptocurrency wallets, browser data, and sensitive personal information. The campaign centers around a seemingly […]

The post Ukrainian Web3team Weaponizing NPM Package to Attack Job Seekers and Steal Sensitive Data appeared first on Cyber Security News.

MCP (Model Control Plane) Server is a centralized platform that orchestrates, manages, and secures the lifecycle of AI models deployed across an organization’s infrastructure. By providing integration, management, and real-time monitoring of models, MCP servers enable enterprises to defend against sophisticated, AI-powered cyberattacks. This article explores MCP server integration and usage, its core workings, the […]

The post What is MCP Server – How it is Powering AI-Driven Cyber Defense appeared first on Cyber Security News.