Cyber Security News

A prominent certificate authority (SSL.com) has disclosed a significant security vulnerability in its domain validation system that could allow attackers to obtain fraudulent SSL certificates for domains they don’t own.  The flaw was reported by David Zhao, a senior researcher from the CitadelCore Cyber Security Team, who demonstrated how the system could be manipulated to […]

The post Hacker Tricked SSL.com To Get Certificate Issued for Alibaba Cloud Domain appeared first on Cyber Security News.

Threat actors are increasingly exploiting mavinject.exe, a legitimate Microsoft utility, to bypass security controls and compromise systems.  This sophisticated attack technique allows hackers to hide malicious activity behind trusted Windows processes. Mavinject.exe is the Microsoft Application Virtualization Injector, designed to inject code into external processes as part of Microsoft’s App-V environment.  Included by default since […]

The post Hackers Leverage Windows MS Utility Tool to Inject Malicious DLL Payload appeared first on Cyber Security News.

Cybersecurity researchers have recently uncovered a sophisticated new variant of the notorious Lumma InfoStealer malware, featuring advanced code flow obfuscation techniques designed to evade detection by security solutions. This latest iteration represents a significant evolution in the malware’s capabilities, with threat actors implementing multiple layers of obfuscation to conceal the malicious code’s true purpose and […]

The post Researchers Uncovered Latest Version of Lumma InfoStealer with Code Flow Obfuscation appeared first on Cyber Security News.

A critical security vulnerability in Samsung’s One UI system has been discovered, exposing millions of users’ sensitive information through the clipboard functionality.  Security researchers have identified that Samsung devices running Android 9 or later store all clipboard content—including passwords, banking details, and personal messages in plain text indefinitely with no automatic deletion mechanism. Clipboard Data […]

The post Samsung One UI Security Flaw Exposes Users Data in Plain Text With No Expiration! appeared first on Cyber Security News.

A critical vulnerability in WinZip that enables attackers to bypass Windows’ Mark-of-the-Web (MotW) security feature, potentially allowing malicious code to execute without warning on victims’ computers. This serious security flaw, tracked as CVE-2025-33028, affects WinZip installations up to version 29.0 and has received a high severity CVSS score of 7.8. Mark-of-the-Web is a Windows security […]

The post WinZip MotW Bypass Vulnerability Let Hackers Execute Malicious Code Silently appeared first on Cyber Security News.

Microsoft has released its second progress report on the Secure Future Initiative (SFI), described as the largest cybersecurity engineering project in the company’s history. Led by Charlie Bell, Executive Vice President of Microsoft Security, the initiative has mobilized the equivalent of 34,000 engineers working full-time for 11 months to bolster security for Microsoft, its customers, […]

The post “Microsoft’s Secure Future Initiative” Biggest Cybersecurity Project in Its History appeared first on Cyber Security News.

Microsoft has acknowledged a recent issue that triggered widespread alerts in its Entra ID Protection system, flagging user accounts as high risk due to supposed credential leaks on the dark web. The alerts have been attributed to a combination of an internal token logging error and the rollout of a new security feature called MACE […]

The post Microsoft Addresses Entra ID Token Logging Issue, Alerts to Protect Users appeared first on Cyber Security News.

In 2025, digital forensics stands at the intersection of rapid technological innovation, increasingly sophisticated cyber threats, and the ever-expanding volume of digital data. The role of the Chief Security Officer (CSO) has never been more critical in leading effective digital investigations. As organizations rely more on cloud computing, mobile devices, and interconnected systems, the complexity […]

The post Digital Forensics In 2025: How CSOs Can Lead Effective Investigations appeared first on Cyber Security News.

Web-based attacks remain one of the most persistent threats to modern organizations, targeting everything from web applications and APIs to user email inboxes. Security Orchestration, Automation, and Response (SOAR) platforms have emerged as essential tools for automating the detection, investigation, and response to these threats. The power of SOAR lies in its ability to standardize […]

The post Building SOAR Playbooks To Respond To Common Web-Based Attacks appeared first on Cyber Security News.

In today’s cybersecurity landscape, organizations face increasingly sophisticated attacks from adversaries ranging from opportunistic hackers to state-sponsored threat actors. With a significant percentage of organizations having experienced an exploit or breach, security leaders must adopt proactive approaches to identify vulnerabilities and detect hidden threats. Penetration testing and threat hunting represent two complementary strategies that, when […]

The post Penetration Testing And Threat Hunting: Key Practices For Security Leaders appeared first on Cyber Security News.

Cybersecurity researchers have documented an alarming surge in infostealer malware distribution through phishing channels, with weekly delivery volume increasing by 84% in 2024 compared to the previous year. According to recently released data, this upward trend shows no signs of slowing, with early 2025 figures suggesting an even more dramatic 180% increase in weekly volume […]

The post Attack Via Infostealers Increased by 84% Via Phishing Emails Per Week appeared first on Cyber Security News.

In a concerning evolution of cyber infiltration tactics, North Korean IT workers have begun deploying sophisticated real-time deepfake technology during remote job interviews to secure positions within organizations worldwide. This advanced technique allows threat actors to present convincing synthetic identities during video interviews, enabling them to bypass traditional identity verification processes and infiltrate companies for […]

The post North Korean IT Workers Using Real-time Deepfake to Infiltrate Organizations via Remote Job appeared first on Cyber Security News.

Cybersecurity experts have identified a sophisticated new phishing technique that exploits the SVG (Scalable Vector Graphics) file format to deliver malicious HTML content to unsuspecting victims. This emerging threat, first observed at the beginning of 2025, represents a notable evolution in phishing tactics as attackers leverage the dual nature of SVG files to bypass security […]

The post New Phishing Attack Appending Weaponized HTML Files Inside SVG Files appeared first on Cyber Security News.

In the modern enterprise, cybersecurity is no longer just a technical concern it is a boardroom priority. The frequency and impact of cyber incidents have escalated, placing organizational resilience, regulatory compliance, and business reputation at risk. Board members, however, often lack the technical fluency to interpret traditional cybersecurity reports, which can lead to miscommunication, underinvestment, […]

The post Protecting Against Insider Threats – Strategies for CISOs appeared first on Cyber Security News.

In today’s digital-first business environment, cyber threats are not just an IT problem they’re a core business risk. Board members are increasingly expected to oversee cybersecurity strategy, but they often lack the technical background to interpret traditional security reports. This disconnect can lead to misaligned priorities, insufficient investment, and a false sense of security. For […]

The post Cybersecurity Metrics That Matter for Board-Level Reporting appeared first on Cyber Security News.

The cybersecurity landscape faces a mounting threat as the Akira ransomware group intensifies operations, marking a significant evolution since its emergence in March 2023. This sophisticated threat actor specializes in leveraging compromised credentials to access vulnerable VPN services lacking multi-factor authentication, predominantly exploiting known Cisco vulnerabilities. Once inside a network, Akira deploys an arsenal of […]

The post Akira Ransomware Using Compromised Credentials and Public Tools in New Wave of Cyberattacks appeared first on Cyber Security News.

In today’s interconnected business environment, digital disruptions can quickly escalate from minor technical incidents to major organizational crises. The role of Chief Information Security Officers (CISOs) has become increasingly central to business continuity planning, as organizations face sophisticated cyber threats, regulatory compliance challenges, and the need to maintain operational resilience. CISOs must now navigate complex […]

The post Business Continuity in a Digital World – CISO Perspectives appeared first on Cyber Security News.

A sophisticated new Android malware strain called “Gorilla” has emerged in the cybersecurity landscape, specifically designed to intercept SMS messages containing one-time passwords (OTPs). This malicious software operates stealthily in the background, exploiting Android’s permission system to gain access to sensitive information on infected devices. Initial analysis suggests that Gorilla primarily targets banking customers and […]

The post New Gorilla Android Malware Intercept SMS Messages to Steal OTPs appeared first on Cyber Security News.

Security researchers have identified a concerning trend in the cyber threat landscape as state-sponsored hackers from multiple countries have begun adopting a relatively new social engineering technique called “ClickFix” in their espionage operations. The technique, which emerged in early March 2024 in cybercriminal circles, has rapidly gained popularity among advanced persistent threat (APT) groups due […]

The post State Sponsored Hackers Now Widely Using ClickFix Attack Technique in Espionage Campaigns appeared first on Cyber Security News.

A federal judge has issued a preliminary injunction that significantly limits the Department of Government Efficiency’s (DOGE) access to sensitive Social Security Administration (SSA) data. The ruling, handed down yesterday, found that the government had provided DOGE with access to this private information without a sufficient legal basis. The court order requires DOGE to immediately […]

The post New Limitations Placed on DOGE’s Access to Private Social Security Information appeared first on Cyber Security News.