Cyber Security News

A security advisory addressing a significant privilege-escalation vulnerability affecting its Mobile VPN with an IPSec client for Windows. The flaw, identified as WGSA-2026-00002, allows local attackers to execute arbitrary commands with SYSTEM-level privileges, potentially granting them unrestricted access to the host machine. This vulnerability affects the underlying software technology from NCP Engineering that WatchGuard uses […]

The post WatchGuard VPN Client for Windows Vulnerability Enables Command Execution With SYSTEM Privileges appeared first on Cyber Security News.

A critical remote code execution (RCE) vulnerability in n8n, the popular workflow automation platform. This flaw allows authenticated attackers to execute arbitrary system commands on the host server by leveraging weaponized workflows. The vulnerability represents a significant regression and expansion of the previously identified CVE-2025-68613, highlighting persistent risks in the platform’s expression evaluation engine. The […]

The post Critical n8n Vulnerability Enables System Command Execution Via Weaponized Workflows appeared first on Cyber Security News.

A major upgrade has been announced to enhance capabilities for cybersecurity defenders and threat hunters in the Windows ecosystem. With the release of Windows 11 Insider Preview Build 26300.7733 (KB5074178) to the Dev Channel. The company is integrating the popular System Monitor (Sysmon) tool directly into the operating system. Previously available only as a standalone […]

The post Microsoft to Add Sysmon Threat Detection Feature Natively to Windows 11 appeared first on Cyber Security News.

A high-severity security advisory has been issued for a critical vulnerability in Meeting Management software. This vulnerability allows authenticated remote attackers to upload harmful files and gain complete control over the affected system. The security flaw, identified as CVE-2026-20098, carries a high severity rating because it enables “root” access, the highest level of administrative permission on […]

The post Cisco Meeting Management Vulnerability Let Remote Attacker Upload Arbitrary Files appeared first on Cyber Security News.

A sophisticated phishing campaign targeting Canadian citizens has emerged, using fake traffic ticket payment portals to steal personal and financial information. The attackers employ SEO poisoning techniques to manipulate search engine results, ensuring their fraudulent websites appear legitimate when users search for provincial traffic ticket payment options. These malicious portals convincingly impersonate official government websites […]

The post Beware of Fake Traffic Ticket Portals that Harvest Your PII and Credit Card Data appeared first on Cyber Security News.

Threat actors are actively leveraging compromised SonicWall SSLVPN credentials to breach networks and deploy a sophisticated “EDR killer” that can blind endpoint security solutions. In a campaign analyzed by Huntress in early February 2026, attackers utilized valid VPN accounts to gain initial access before executing a Bring Your Own Vulnerable Driver (BYOVD) attack using a […]

The post Hackers Exploit SonicWall SSLVPN Credentials to Deploy EDR Killer and Bypass Security appeared first on Cyber Security News.

The cybersecurity landscape has darkened with the sophisticated evolution of the KongTuke campaign. Active since mid-2025, this threat actor group has continuously refined its techniques to bypass conventional enterprise security filters. Their primary weapon remains the “ClickFix” strategy, a social engineering vector that deceives unsuspecting users into manually fixing simulated website errors. In these attacks, […]

The post Attackers Using DNS TXT Records in ClickFix Script to Execute Powershell Commands appeared first on Cyber Security News.

A sophisticated cyber-espionage group known as Amaranth-Dragon has launched a series of highly targeted attacks against government and law enforcement agencies across Southeast Asia. Active throughout 2025, these campaigns have demonstrated a keen interest in geopolitical intelligence, often timing their operations to coincide with significant local political events. The threat actors have focused their efforts […]

The post Amaranth-Dragon Exploiting WinRAR Vulnerability to Gain Persistent to Victim Systems appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently confirmed that ransomware groups are actively exploiting CVE-2025-22225, a high-severity VMware ESXi sandbox escape vulnerability. This flaw, patched by Broadcom in March 2025, enables attackers to escape virtual machine isolation and deploy ransomware across hypervisors. CVE-2025-22225 is an arbitrary write vulnerability in VMware ESXi, rated Important […]

The post CISA Warns of VMware ESXi 0-day Vulnerability Exploited in Ransomware Attacks appeared first on Cyber Security News.

TP-Link has released urgent firmware updates for its Archer BE230 Wi-Fi 7 routers to address multiple high-severity security flaws. These vulnerabilities could allow authenticated attackers to execute arbitrary operating system (OS) commands, effectively granting them complete administrative control over the device. The vulnerabilities affect the Archer BE230 v1.2 model running firmware versions before 1.2.4 Build […]

The post Multiple TP-Link OS Command Injection Vulnerabilities Let Attackers Gain Admin Control of the Device appeared first on Cyber Security News.

The SystemBC malware family, a persistent threat first documented in 2019, has evolved into a massive botnet infrastructure controlling over 10,000 hijacked devices globally. Functioning primarily as a SOCKS5 proxy and a backdoor, this malware enables threat actors to mask their malicious traffic and maintain long-term access to compromised networks. By converting infected systems into […]

The post SystemBC Botnet Hijacked 10,000 Devices Worldwide to Use for DDoS Attacks appeared first on Cyber Security News.

A sophisticated custom loader named PhantomVAI has emerged in global phishing campaigns, delivering various stealers and remote access trojans (RATs) to compromised systems. This malware loader operates by masquerading as legitimate software and employing process hollowing techniques to inject malicious payloads into Windows processes. Security researchers across multiple organizations have documented this threat under different […]

The post PhantomVAI Custom Loader Uses RunPE Utility to Attack Users appeared first on Cyber Security News.

The Interlock ransomware group has emerged as a distinct threat in the cybersecurity landscape, particularly targeting the education sector in the United States and United Kingdom. Unlike many contemporary ransomware operations that function under a Ransomware-as-a-Service (RaaS) model, Interlock operates as a smaller, dedicated team. These operators develop and manage their own proprietary malware to […]

The post Interlock Ransomware Actors New Tool Exploiting Gaming Anti-Cheat Driver 0-Day to Disable EDR and AV appeared first on Cyber Security News.

False negatives are becoming the most expensive “quiet” failure in SOCs. In 2026, AI-generated phishing and multi-stage malware chains are built to look clean on the outside, behave normally at first, and only reveal intent after real interaction. The result is brutal for security leaders: real attacks get labeled “benign,” “low risk,” or “no verdict,” and the […]

The post False Negatives Are a New SOC Headache. Here’s the Fast Way to Fix It  appeared first on Cyber Security News.

Washington, DC, February 4th, 2026, CyberNewsWire MomentProof, Inc., a provider of AI-resilient digital asset certification and verification technology, today announced the successful deployment of MomentProof Enterprise for AXA, enabling cryptographically authentic, tamper-proof digital assets for insurance claims processing. MomentProof’s patented technology certifies images, video, voice recordings, and associated metadata at the moment of capture, ensuring […]

The post MomentProof Deploys Patented Digital Asset Protection appeared first on Cyber Security News.

The developers of Notepad++ disclosed a critical security breach on February 2, 2026, affecting their update infrastructure. The popular text editor, widely used by developers worldwide, became the target of a sophisticated supply chain attack that remained undetected for several months. According to the official statement, attackers gained unauthorized access through a hosting provider-level incident […]

The post Supply Chain Attack Abused Notepad++ Update Infrastructure to Deliver Targeted Malware appeared first on Cyber Security News.

A sophisticated malware campaign has surfaced where threat actors are distributing the ValleyRAT backdoor disguised as a legitimate installer for the popular messaging application, LINE. This targeted attack primarily focuses on Chinese-speaking users, leveraging a deceptive executable to infiltrate systems and compromise sensitive login credentials. The malware employs a complex loading chain involving shellcode execution […]

The post ValleyRAT Mimic as LINE Installer Attacking Users to Steal Login Details appeared first on Cyber Security News.

Enterprise security teams are facing a sophisticated new challenge as cybercriminals increasingly exploit trusted cloud platforms to launch phishing attacks. Instead of relying on suspicious newly registered domains, threat actors now host their malicious infrastructure on legitimate services like Microsoft Azure Blob Storage, Google Firebase, and AWS CloudFront. This strategic shift allows attackers to hide […]

The post Threat Actors Abuse Microsoft & Google Platforms to Attack Enterprise Users appeared first on Cyber Security News.

A critical GitLab vulnerability has been added to the Known Exploited Vulnerabilities (KEV) catalog. Threat actors are actively exploiting a server-side request forgery (SSRF) flaw in GitLab Community and Enterprise editions. The vulnerability, tracked as CVE-2021-39935, poses significant risks to organizations using affected versions of GitLab. The SSRF vulnerability allows unauthorized external attackers to perform […]

The post CISA Warns of GitLab Community and Enterprise Editions SSRF Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Threat actors leveraging artificial intelligence tools have compressed the cloud attack lifecycle from hours to mere minutes, according to new findings from the Sysdig Threat Research Team (TRT). In a November 2025 incident, adversaries escalated from initial credential theft to full administrative privileges in less than 10 minutes by using large language models (LLMs) to […]

The post Hackers Using AI to Get AWS Admin Access Within 10 Minutes appeared first on Cyber Security News.