Cyber Security News

As organizations accelerate their digital transformation journeys, the Chief Information Security Officer (CISO) role has never been more pivotal or complex. The cybersecurity landscape of 2025 is shaped by rapid advancements in artificial intelligence, increasingly sophisticated cyber threats, and a regulatory environment that demands both agility and accountability. CISOs are now expected to be visionaries, […]

The post Navigating the Future of Cybersecurity Leadership – A CISO’s Roadmap for 2025 appeared first on Cyber Security News.

In today’s hyper-connected world, cyber threats are evolving quickly, challenging security leaders to rethink their approach. Traditional reactive security where action is taken only after an incident occurs has proven insufficient against sophisticated attackers who leverage automation, artificial intelligence, and social engineering. Organizations can no longer afford to respond to breaches simply; they must anticipate […]

The post From Reactive to Predictive – The Next Frontier for Security Leaders appeared first on Cyber Security News.

Small and medium-sized businesses (SMBs) are increasingly falling victim to cyberattacks that specifically target network edge devices, according to recent findings. These critical devices—including firewalls, virtual private network appliances, and other remote access systems—have become the initial point of compromise in over a quarter of confirmed business breaches, with the actual number likely much higher. […]

The post Hackers Attacking Network Edge Devices to Compromise SMB Organizations appeared first on Cyber Security News.

A sophisticated malware campaign is utilizing fake CAPTCHA verification pages to distribute Lumma Stealer, an advanced information-stealing malware that has gained significant traction in underground markets since its 2022 debut.  As of March 2025, this malware-as-a-service (MaaS) operation maintains over a thousand active subscribers, with subscription prices starting at $250. The Fake CAPTCHA Attack Kaspersky […]

The post Lumma Stealer Exploits Fake CAPTCHA Pages to Harvest Sensitive Data appeared first on Cyber Security News.

A prominent certificate authority (SSL.com) has disclosed a significant security vulnerability in its domain validation system that could allow attackers to obtain fraudulent SSL certificates for domains they don’t own.  The flaw was reported by David Zhao, a senior researcher from the CitadelCore Cyber Security Team, who demonstrated how the system could be manipulated to […]

The post Hacker Tricked SSL.com To Get Certificate Issued for Alibaba Cloud Domain appeared first on Cyber Security News.

Threat actors are increasingly exploiting mavinject.exe, a legitimate Microsoft utility, to bypass security controls and compromise systems.  This sophisticated attack technique allows hackers to hide malicious activity behind trusted Windows processes. Mavinject.exe is the Microsoft Application Virtualization Injector, designed to inject code into external processes as part of Microsoft’s App-V environment.  Included by default since […]

The post Hackers Leverage Windows MS Utility Tool to Inject Malicious DLL Payload appeared first on Cyber Security News.

Cybersecurity researchers have recently uncovered a sophisticated new variant of the notorious Lumma InfoStealer malware, featuring advanced code flow obfuscation techniques designed to evade detection by security solutions. This latest iteration represents a significant evolution in the malware’s capabilities, with threat actors implementing multiple layers of obfuscation to conceal the malicious code’s true purpose and […]

The post Researchers Uncovered Latest Version of Lumma InfoStealer with Code Flow Obfuscation appeared first on Cyber Security News.

A critical security vulnerability in Samsung’s One UI system has been discovered, exposing millions of users’ sensitive information through the clipboard functionality.  Security researchers have identified that Samsung devices running Android 9 or later store all clipboard content—including passwords, banking details, and personal messages in plain text indefinitely with no automatic deletion mechanism. Clipboard Data […]

The post Samsung One UI Security Flaw Exposes Users Data in Plain Text With No Expiration! appeared first on Cyber Security News.

A critical vulnerability in WinZip that enables attackers to bypass Windows’ Mark-of-the-Web (MotW) security feature, potentially allowing malicious code to execute without warning on victims’ computers. This serious security flaw, tracked as CVE-2025-33028, affects WinZip installations up to version 29.0 and has received a high severity CVSS score of 7.8. Mark-of-the-Web is a Windows security […]

The post WinZip MotW Bypass Vulnerability Let Hackers Execute Malicious Code Silently appeared first on Cyber Security News.

Microsoft has released its second progress report on the Secure Future Initiative (SFI), described as the largest cybersecurity engineering project in the company’s history. Led by Charlie Bell, Executive Vice President of Microsoft Security, the initiative has mobilized the equivalent of 34,000 engineers working full-time for 11 months to bolster security for Microsoft, its customers, […]

The post “Microsoft’s Secure Future Initiative” Biggest Cybersecurity Project in Its History appeared first on Cyber Security News.

Microsoft has acknowledged a recent issue that triggered widespread alerts in its Entra ID Protection system, flagging user accounts as high risk due to supposed credential leaks on the dark web. The alerts have been attributed to a combination of an internal token logging error and the rollout of a new security feature called MACE […]

The post Microsoft Addresses Entra ID Token Logging Issue, Alerts to Protect Users appeared first on Cyber Security News.

In 2025, digital forensics stands at the intersection of rapid technological innovation, increasingly sophisticated cyber threats, and the ever-expanding volume of digital data. The role of the Chief Security Officer (CSO) has never been more critical in leading effective digital investigations. As organizations rely more on cloud computing, mobile devices, and interconnected systems, the complexity […]

The post Digital Forensics In 2025: How CSOs Can Lead Effective Investigations appeared first on Cyber Security News.

Web-based attacks remain one of the most persistent threats to modern organizations, targeting everything from web applications and APIs to user email inboxes. Security Orchestration, Automation, and Response (SOAR) platforms have emerged as essential tools for automating the detection, investigation, and response to these threats. The power of SOAR lies in its ability to standardize […]

The post Building SOAR Playbooks To Respond To Common Web-Based Attacks appeared first on Cyber Security News.

In today’s cybersecurity landscape, organizations face increasingly sophisticated attacks from adversaries ranging from opportunistic hackers to state-sponsored threat actors. With a significant percentage of organizations having experienced an exploit or breach, security leaders must adopt proactive approaches to identify vulnerabilities and detect hidden threats. Penetration testing and threat hunting represent two complementary strategies that, when […]

The post Penetration Testing And Threat Hunting: Key Practices For Security Leaders appeared first on Cyber Security News.

Cybersecurity researchers have documented an alarming surge in infostealer malware distribution through phishing channels, with weekly delivery volume increasing by 84% in 2024 compared to the previous year. According to recently released data, this upward trend shows no signs of slowing, with early 2025 figures suggesting an even more dramatic 180% increase in weekly volume […]

The post Attack Via Infostealers Increased by 84% Via Phishing Emails Per Week appeared first on Cyber Security News.

In a concerning evolution of cyber infiltration tactics, North Korean IT workers have begun deploying sophisticated real-time deepfake technology during remote job interviews to secure positions within organizations worldwide. This advanced technique allows threat actors to present convincing synthetic identities during video interviews, enabling them to bypass traditional identity verification processes and infiltrate companies for […]

The post North Korean IT Workers Using Real-time Deepfake to Infiltrate Organizations via Remote Job appeared first on Cyber Security News.

Cybersecurity experts have identified a sophisticated new phishing technique that exploits the SVG (Scalable Vector Graphics) file format to deliver malicious HTML content to unsuspecting victims. This emerging threat, first observed at the beginning of 2025, represents a notable evolution in phishing tactics as attackers leverage the dual nature of SVG files to bypass security […]

The post New Phishing Attack Appending Weaponized HTML Files Inside SVG Files appeared first on Cyber Security News.

In the modern enterprise, cybersecurity is no longer just a technical concern it is a boardroom priority. The frequency and impact of cyber incidents have escalated, placing organizational resilience, regulatory compliance, and business reputation at risk. Board members, however, often lack the technical fluency to interpret traditional cybersecurity reports, which can lead to miscommunication, underinvestment, […]

The post Protecting Against Insider Threats – Strategies for CISOs appeared first on Cyber Security News.

In today’s digital-first business environment, cyber threats are not just an IT problem they’re a core business risk. Board members are increasingly expected to oversee cybersecurity strategy, but they often lack the technical background to interpret traditional security reports. This disconnect can lead to misaligned priorities, insufficient investment, and a false sense of security. For […]

The post Cybersecurity Metrics That Matter for Board-Level Reporting appeared first on Cyber Security News.

The cybersecurity landscape faces a mounting threat as the Akira ransomware group intensifies operations, marking a significant evolution since its emergence in March 2023. This sophisticated threat actor specializes in leveraging compromised credentials to access vulnerable VPN services lacking multi-factor authentication, predominantly exploiting known Cisco vulnerabilities. Once inside a network, Akira deploys an arsenal of […]

The post Akira Ransomware Using Compromised Credentials and Public Tools in New Wave of Cyberattacks appeared first on Cyber Security News.