Cyber Security News

A critical security vulnerability has been discovered in the Apache bRPC framework that could allow remote attackers to crash servers by sending specially crafted JSON data. The flaw, tracked as CVE-2025-59789, affects all versions of Apache bRPC before 1.15.0 across all platforms. The vulnerability exists in the json2pb component of Apache bRPC, which converts JSON data to Protocol […]

The post Critical Apache bRPC Framework Vulnerability Let Attackers Crash the Server appeared first on Cyber Security News.

Linus Torvalds has officially announced the release of Linux kernel 6.18 on November 30, 2025, marking another significant milestone in the open-source operating system’s development. The new kernel version brings numerous improvements across hardware support, driver updates, and file system enhancements. The Linux 6.18 release includes extensive bug fixes and driver improvements that were finalized […]

The post Linux 6.18 Released With Enhanced Hardware Support, Updated Drivers and File Systems appeared first on Cyber Security News.

Microsoft has confirmed a bizarre user interface bug affecting Windows 11 version 24H2 devices that renders the password sign-in icon invisible on the lock screen. The issue, stemming from the August 2025 non-security preview update (KB5064081) and persisting in subsequent cumulative updates, has left many users confused when switching between authentication methods.​ The glitch impacts […]

The post Windows 11 24H2 Update Hides the Password Icon in the Sign-in Options on the Lock Screen appeared first on Cyber Security News.

A Proof-of-Concept (PoC) exploit code has been released for a critical remote code execution (RCE) vulnerability in Microsoft Outlook, identified as CVE-2024-21413. Dubbed “MonikerLink,” this flaw allows attackers to bypass Outlook’s security mechanisms, specifically the “Protected View,” to execute malicious code or steal credentials. The release of this PoC highlights the continued risk posed by […]

The post PoC Exploit Released for Critical Outlook 0-Click Remote Code Execution Vulnerability appeared first on Cyber Security News.

A threat actor known as “zestix” has claimed responsibility for a significant data breach affecting Mercedes-Benz USA (MBUSA), allegedly exfiltrating 18.3 GB of sensitive legal and customer information. The threat actor posted the dataset for sale on a dark web forum, pricing the complete archive at $5,000. According to the listing, the breach exposes a […]

The post Hackers Allegedly Claim Breach of Mercedes-Benz USA Legal and Customer Data appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) has officially updated its Known Exploited Vulnerabilities (KEV) catalog to include a critical flaw in OpenPLC ScadaBR, confirming that threat actors are actively weaponizing it in the wild. The security defect, identified as CVE-2021-26829, is a Cross-Site Scripting (XSS) vulnerability rooted in the system_settings.shtm component of ScadaBR. While […]

The post CISA Warns of OpenPLC ScadaBR cross-site scripting vulnerability Exploited in Attacks appeared first on Cyber Security News.

A sophisticated new Android malware family dubbed “Albiriox” has emerged on the cybercrime landscape, offering advanced remote access capabilities as a Malware-as-a-Service (MaaS). Identified by researchers at Cleafy, the malware is designed to execute On-Device Fraud (ODF) by granting attackers full control over infected devices, allowing them to bypass security measures and drain financial accounts. […]

The post New Albiriox Malware Attacking Android Users to Take Complete Control of their Device appeared first on Cyber Security News.

A new, highly sophisticated malware campaign has been identified targeting remote workers and organizations through a fake Google Meet landing page. Hosted on the deceptive domain gogl-meet[.]com, this attack leverages the “ClickFix” social engineering technique to bypass traditional browser security controls and deliver a Remote Access Trojan (RAT) directly to the victim’s system. The attack […]

The post Beware of Weaponized Google Meet Page uses ClickFix Technique to Deliver Malicious Payload appeared first on Cyber Security News.

The French Football Federation (FFF) has confirmed a significant cybersecurity incident resulting in the theft of personal data belonging to members and licensees. The federation revealed that cybercriminals had infiltrated the centralized administrative software used by football clubs across the country to manage memberships and daily operations. According to the disclosure, the breach was not […]

The post French Football Federation Reports Data Breach – Hackers Access Club Software Admin Controls appeared first on Cyber Security News.

The 2025 holiday season has unleashed an unprecedented wave of cyber threats, with attackers deploying industrialized infrastructure to exploit the global surge in online commerce. This year’s threat landscape is characterized by a calculated expansion of deceptive digital assets, where criminals leverage automated tools to scale their operations across multiple merchant categories. The primary vector […]

The post Hackers Registered 18,000 Holiday-Themed Domains Targeting ‘Christmas,’ ‘Black Friday,’ and ‘Flash Sale’ appeared first on Cyber Security News.

The Handala hacker group has launched a targeted campaign against Israeli high-tech and aerospace professionals, marking a concerning shift in geopolitically motivated cyber operations. The group recently published a list of individuals working in these critical sectors, accompanied by hostile descriptions that falsely label them as criminals. This campaign represents a significant escalation from traditional […]

The post Handala Hacker Group Attacking Israeli High-Tech and Aerospace Professionals appeared first on Cyber Security News.

The company has agreed to pay a $1.5 million fine to settle a Federal Communications Commission investigation into a data breach that exposed personal information from over 237,000 customers. Reuters reports that the FCC announced the settlement on Monday, ending an investigation into how the company’s vendor mishandled customer data. The breach occurred at Financial […]

The post Comcast to Pay a $1.5 Million Fine to Settle an FCC Investigation Linked to Vendor Data Breach appeared first on Cyber Security News.

Polish authorities have arrested a Russian citizen suspected of conducting unauthorized cyberattacks against the computer networks of local organizations. The arrest marks a significant development in the country’s efforts to combat cybercrime targeting Polish and European businesses. On November 16, 2025, officers from the Central Bureau for Combating Cybercrime, operating under the Krakow District Prosecutor’s […]

The post Poland Arrested Suspected Russian Citizen Hacking for Local Organizations Computer Networks appeared first on Cyber Security News.

Microsoft has announced a significant security upgrade to its Microsoft Entra ID authentication process, as part of the company’s broader Secure Future Initiative. Microsoft is updating its Content Security Policy (CSP) to block the execution of external scripts during user sign-ins. This proactive measure is designed to shield organizations from evolving cyber threats, specifically cross-site […]

The post Microsoft to Block External Scripts  in Entra ID Logins to Enhance Protections appeared first on Cyber Security News.

Three West London councils are struggling with significant disruption to IT systems and phone lines after a cyberattack on a shared services provider, which officials are publicly describing only as an “IT incident”. The Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council (WCC), and Hammersmith and Fulham Council have all been affected. According […]

The post London Councils’ IT Systems Impacted by CyberAttack, Including Phone Lines appeared first on Cyber Security News.

The Shai Hulud 2.0 worm, first detected on November 24, 2025, has compromised nearly 1,200 organizations, including major banks, government bodies, and Fortune 500 technology firms. While initial reports described it as a simple npm supply chain attack that flooded GitHub with spam repositories, new analysis reveals a far more sophisticated operation. Entro Security researchers […]

The post Shai Hulud 2.0 Compromises 1,200+ Organizations, Exposing Critical Runtime Secrets appeared first on Cyber Security News.

A sophisticated, complex new cyber offensive has emerged from the “Scattered Lapsus$ Hunters,” a threat collective that has aggressively shifted toward exploiting supply-chain vulnerabilities. This latest campaign targets Zendesk, a critical customer support platform, effectively turning a trusted business tool into a launchpad for corporate spying. The attackers have successfully registered over 40 typosquatted domains, […]

The post Scattered Lapsus$ Hunters Registered 40+ Domains Mimicking Zendesk Environments appeared first on Cyber Security News.

Hidden vulnerabilities in legacy code often create unseen risks for modern development environments. One such issue recently surfaced within the Python ecosystem, where outdated bootstrap scripts associated with the zc.buildout tool expose users to domain takeover attacks. These scripts, designed to automate the installation of package dependencies, contain hardcoded references to external domains that are […]

The post Vulnerable Codes in Legacy Python Packages Enables Attacks on Python Package Index Via Domain Compromise appeared first on Cyber Security News.

Digital calendars have become indispensable tools for managing personal and professional schedules. Users frequently subscribe to external calendars for public holidays, sports schedules, or community events to keep their agendas up to date. While these subscriptions offer convenience, they create a persistent connection between a user’s device and an external server. If the domain hosting […]

The post Over 390 Abandoned iCalendar Sync Domains Could Expose ~4 Million Devices to Security Risks appeared first on Cyber Security News.

Alisa Viejo, CA, USA, November 27th, 2025, CyberNewsWire Gartner has recognized One Identity as a Visionary in the 2025 Gartner Magic Quadrant for Privileged Access Management (PAM).  In a rapidly transforming market, innovation and demonstrated performance continue to shape expectations. The placement as a Visionary reflects what the company observes across its customer and partner ecosystem, […]

The post One Identity Safeguard Named a Visionary in the 2025 Gartner Magic Quadrant for PAM appeared first on Cyber Security News.