Cyber Security News

Bitdefender has disclosed two critical vulnerabilities affecting its BOX v1 device that could allow network-adjacent attackers to execute Man-in-the-Middle (MITM) attacks, potentially leading to remote code execution.  The vulnerabilities, assigned CVE-2024-13872 and CVE-2024-13871, both received a CVSS score of 9.4, indicating severe security risks for affected devices.  These security flaws impact a product that Bitdefender […]

The post Bitdefender Warns of Multiple Vulnerabilities That Let Attackers Execute MITM Attack appeared first on Cyber Security News.

As Artificial Intelligence (AI)-powered cyber threats surge, INE Security, a global leader in cybersecurity training and certification, is launching a new initiative to help organizations rethink cybersecurity training and workforce development. The company warns that AI is reshaping both the threat landscape and the skills required for cybersecurity professionals. While AI offers significant advantages in […]

The post INE Security Alert: Using AI-Driven Cybersecurity Training to Counter Emerging Threats appeared first on Cyber Security News.

A sophisticated malware campaign targeting mobile users in South Korea has been uncovered, with clear links to North Korean threat actors. The malicious application, masquerading as a “Document Viewing Authentication App” (문서열람 인증 앱). This malicious app was identified through VirusTotal on January 21, 2025, and has been actively stealing sensitive information from compromised devices. […]

The post Beware of North Korean Hackers DocSwap Malware Disguised As Security Document Viewer appeared first on Cyber Security News.

The cybersecurity landscape has witnessed a concerning development as the threat actor group known as Blind Eagle (also tracked as APT-C-36) has launched a sophisticated campaign targeting organizations primarily in South America with a novel attack vector. The group, known for its persistent targeting of Colombian entities, has expanded its tactical repertoire to include weaponized […]

The post Blind Eagle Attacking Organizations With Weaponized .url Files To Extract User Hash appeared first on Cyber Security News.

A critical vulnerability in the widely used FreeType font rendering library has been discovered and is reportedly being exploited in the wild, posing a serious security threat to millions of devices across multiple platforms. Security researchers have identified the flaw, tracked as CVE-2025-27363, which carries a high severity CVSS score of 8.1 and affects FreeType […]

The post Meta Warns of FreeType Vulnerability Exploited in Wild to Execute Arbitrary Code appeared first on Cyber Security News.

A severe vulnerability in Tenda AC7 Routers running firmware version V15.03.06.44 allows malicious actors to execute arbitrary code and gain root shell access.  The flaw originates from a stack overflow vulnerability in the router’s formSetFirewallCfg function. Attackers can use a specially crafted HTTP request to completely compromise affected devices.  This discovery highlights ongoing security challenges […]

The post Tenda AC7 Routers Vulnerability Let Attackers Gain Root Shell With Malicious Payload appeared first on Cyber Security News.

A disturbing trend of sophisticated attacks recently detected by researchers specifically designed to evade multi-factor authentication (MFA) protections. These advanced techniques, which exploit vulnerabilities in authentication workflows rather than the authentication factors themselves, have enabled attackers to gain unauthorized access to protected accounts despite MFA being enabled. The attacks represent a significant evolution in threat […]

The post Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account appeared first on Cyber Security News.

Microsoft’s March 2025 Patch Tuesday addresses 57 vulnerabilities, including six zero-day vulnerabilities that are currently being exploited. The security update includes fixes for Windows, Microsoft Office, Azure, and other components. The March patch tuesday update included fixes for: In addition to the zero-day flaws, this Patch Tuesday includes fixes for: Zero-Day Vulnerabilities A zero-day vulnerability […]

The post Microsoft March 2025 Patch Tuesday: Fixes for 57 Vulnerabilities & 6 Actively Exploited Zero-Days appeared first on Cyber Security News.

A coordinated surge in Server-Side Request Forgery (SSRF) exploitation has been detected across multiple widely used platforms, affecting organizations worldwide. Security monitoring reveals approximately 400 unique IP addresses actively targeting multiple SSRF-related CVEs simultaneously, indicating a sophisticated and potentially dangerous campaign. The exploitation surge began on March 9, 2025, with attackers showing a pattern of […]

The post 400+ IPs Actively Exploiting Multiple SSRF Vulnerabilities In The Wild appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding an actively exploited vulnerability in Microsoft Windows Management Console (MMC), tracked as CVE-2025-26633.  This improper neutralization flaw (CWE-707) enables remote attackers to execute arbitrary code over a network, posing significant risks to unpatched systems.  While its association with ransomware campaigns remains unconfirmed, […]

The post CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild appeared first on Cyber Security News.

A sophisticated backdoor malware called “Squidoor” being deployed by suspected Chinese threat actors against organizations across South America and Southeast Asia. The malware, designed for exceptional stealth, offers attackers multiple methods to maintain persistent access to compromised networks while evading detection from advanced security systems. Initial access is gained primarily through exploiting vulnerabilities in Internet […]

The post Chinese Hackers New Malware Dubbed ‘Squidoor’ Attacking Global Organizations appeared first on Cyber Security News.

Apple has released emergency security updates addressing a critical zero-day vulnerability in its WebKit browser engine, identified as CVE-2025-24201, which has been actively exploited in targeted attacks. The flaw, described as an out-of-bounds write issue, could enable attackers to craft malicious web content capable of breaking out of the Web Content sandbox, potentially leading to […]

The post Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks appeared first on Cyber Security News.

A threat actor operating under the alias “Rey” has allegedly compromised the internal systems of Jaguar Land Rover (JLR), one of the United Kingdom’s most prominent automotive manufacturers, and leaked approximately 700 internal documents containing sensitive technical and operational data.  The breach, first announced on a dark web forum frequented by cybersecurity researchers and malicious […]

The post Jaguar Land Rover Allegedly Hacked – Threat Actor Leaked 700 Internal Documents appeared first on Cyber Security News.

Microsoft Threat Intelligence has discovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects and executes when developers build these projects. This is the first known XCSSET variant since 2022, featuring enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies designed to steal sensitive information from macOS users. The […]

The post New XCSSET Malware Attacking macOS Users With Enhanced Obfuscation appeared first on Cyber Security News.

A sophisticated malware campaign leveraging artificial intelligence to create deceptive GitHub repositories has been observed distributing SmartLoader payloads that ultimately deploy Lumma Stealer, a dangerous information-stealing malware.  This operation exploits GitHub’s trusted reputation to bypass security defenses, targeting users seeking gaming mods, cracked software, and cryptocurrency tools through AI-generated documentation and strategically obfuscated scripts. GitHub […]

The post Beware! AI-Assisted Fake GitHub Repositories Steal Sensitive Data Including Login Credentials appeared first on Cyber Security News.

Google has issued an urgent advisory to owners of Chromecast 2nd Generation (2015) and Chromecast Audio devices, warning against factory resets as a global outage linked to an expired security certificate renders these devices inoperable.  The company confirmed that it is developing a fix for the authentication failure caused by the March 9, 2025, expiration […]

The post Google Warned Chromecast Owners Not to Hit Factory Reset appeared first on Cyber Security News.

Google has rolled out a critical security update for its Chrome browser, addressing multiple high-severity vulnerabilities that could enable arbitrary code execution and sandbox escapes.  The Stable Channel Update 134.0.6998.88/.89 for Windows and Mac, and 134.0.6998.88 for Linux, released on March 10, 2025, includes patches for five security flaws, three of which are rated as […]

The post Chrome Security Update – Patch for Multiple High-Severity Vulnerabilities appeared first on Cyber Security News.

A sophisticated cybercriminal group known as EncryptHub has successfully compromised approximately 600 organizations through a multi-stage malware campaign. The threat actor exploited operational security mistakes, inadvertently exposing critical elements of their infrastructure, which allowed researchers to map their tactics with unprecedented depth. EncryptHub’s campaign employs several layers of PowerShell scripts to gather system data, exfiltrate […]

The post EncryptHub A Multi-Stage Malware Compromised 600 Organizations appeared first on Cyber Security News.

A sophisticated malware toolkit known as Ragnar Loader has been identified as a critical component in targeted ransomware attacks. The loader, also known as Sardonic Backdoor, serves as the primary infiltration mechanism for the Monstrous Mantis ransomware group, formerly known as Ragnar Locker, which has been attacking organizations since its emergence in 2020. Security researchers […]

The post Ragnar Loader Employed By Multiple Ransomware Groups To Evade Detection appeared first on Cyber Security News.

Passwordless authentication tools are revolutionizing digital security by eliminating the reliance on traditional passwords. Instead, they use advanced technologies such as biometrics (fingerprints, facial recognition), hardware tokens, or one-time passcodes to verify user identities. This approach significantly enhances security by mitigating risks like phishing, credential theft, and brute-force attacks, which are common vulnerabilities of password-based […]

The post Top 11 Passwordless Authentication Tools – 2025 appeared first on Cyber Security News.