Cyber Security News

Multiple critical vulnerabilities in Microsoft Office could allow attackers to execute arbitrary code on affected systems.  The vulnerabilities, tracked as CVE-2025-47162, CVE-2025-47953, CVE-2025-47164, and CVE-2025-47167, all carry a CVSS score of 8.4 out of 10 and affect numerous Office versions across Windows, Mac, and Android platforms.  Security researcher 0x140ce discovered these flaws, which exploit fundamental […]

The post Microsoft Office Vulnerabilities Let Attackers Execute Remote Code appeared first on Cyber Security News.

More than 20,000 malicious IP addresses and domains linked to information stealers have been taken down in an INTERPOL-coordinated operation against cybercriminal infrastructure. The four-month international crackdown, dubbed Operation Secure, represents one of the most significant coordinated efforts to disrupt infostealer malware networks across the Asia-Pacific region. During Operation Secure, which ran from January to […]

The post Operation Secure: 20,000 Malicious IPs and Domains Linked to 69 Malware Variants Dismantled appeared first on Cyber Security News.

The urgency stems from requirements imposed by technology partners, which necessitated an accelerated timeline for implementation across all affected products. This security initiative follows a pattern of heightened vigilance from ConnectWise throughout 2025, particularly after the company disclosed suspicious activity in May that was attributed to a sophisticated nation-state actor affecting a limited number of […]

The post ConnectWise to Rotate Code Signing Certificates for ScreenConnect, Automate and RMM appeared first on Cyber Security News.

Microsoft is set to revolutionize enterprise security monitoring with comprehensive audit logging capabilities for screen sharing and control features in Microsoft Teams, rolling out in July 2025. Microsoft announced a significant enhancement to its enterprise security toolkit with the introduction of detailed audit logs for Teams’ “Give control,” “Take control,” and screen sharing features. This […]

The post Microsoft Teams New Audit log Feature Allows Admins to Track Individuals Actions appeared first on Cyber Security News.

The proliferation of microservices architecture has fundamentally transformed how organizations build and deploy applications, offering unprecedented scalability and agility. However, this distributed approach introduces complex security challenges that traditional monolithic security models cannot adequately address. Unlike centralized security in monolithic applications, microservices require comprehensive security measures at multiple levels, including individual services, inter-service communication, and […]

The post Securing Microservices – Best Practices for Distributed Systems appeared first on Cyber Security News.

Mozilla has released Firefox 139.0.4 to address critical security vulnerabilities that could potentially cause browser crashes and compromise user security.  These high-impact vulnerabilities CVE-2025-49709 and CVE-2025-49710 exploit fundamental components of Firefox’s graphics rendering system and JavaScript engine, respectively, posing risks ranging from abrupt browser crashes to potential remote code execution. Critical Memory Corruption Vulnerability (CVE-2025-49709) […]

The post Firefox Patches Multiple Vulnerabilities That Could Lead to Browser Crash appeared first on Cyber Security News.

A critical security flaw in Salesforce OmniStudio has been discovered that allows unauthorized access to sensitive customer information stored in plain text format, potentially affecting thousands of organizations worldwide. The vulnerability exploits inadequate data encryption protocols within the platform’s digital experience management system, creating significant privacy and compliance risks for enterprise customers. The vulnerability emerged […]

The post Salesforce OmniStudio Vulnerabilities Exposes Sensitive Customer Data in Plain Text appeared first on Cyber Security News.

A critical security vulnerability in Windows Remote Desktop Services, designated as CVE-2025-32710, which allows unauthorized attackers to execute arbitrary code remotely without authentication.  Released on June 10, 2025, this vulnerability affects multiple Windows Server versions and carries a CVSS score of 8.1, indicating high severity with potential for significant system compromise.  The flaw stems from […]

The post Windows Remote Desktop Services Vulnerability Allows Remote Code Execution appeared first on Cyber Security News.

Microsoft has announced a significant productivity enhancement coming to Microsoft 365 that will allow users to open core collaboration applications in separate windows, marking a major step forward in workspace customization and multitasking capabilities. The new feature, identified under Microsoft 365 Roadmap ID 495003, will enable users to launch essential applications such as Chat, Teams, […]

The post Microsoft Teams New Update Enhances Productivity & Customization appeared first on Cyber Security News.

A significant security vulnerability in the Microsoft Outlook email client could allow attackers to execute arbitrary code remotely, even if they require local access to trigger the exploit.  The vulnerability, designated as CVE-2025-47176, was released on June 10, 2025, and carries an “Important” severity rating with a CVSS score of 7.8.  The flaw affects the […]

The post Microsoft Outlook Vulnerability Let Attackers Execute Arbitrary Code Remotely appeared first on Cyber Security News.

Google has released an important security update for Chrome Desktop, addressing two high-severity vulnerabilities that could enable attackers to execute malicious code remotely on users’ systems. The Stable channel has been updated to version 137.0.7151.103/.104 for Windows and Mac, and 137.0.7151.103 for Linux, which will roll out over the coming days and weeks. Critical Security […]

The post Multiple Chrome Vulnerabilities Allow Attackers to Execute Malicious Code Remotely appeared first on Cyber Security News.

A comprehensive new cybersecurity assessment has revealed that internet connectivity poses the most significant threat to industrial control systems (ICS) worldwide, with malicious activities targeting critical infrastructure through web-based attack vectors reaching unprecedented levels. The latest quarterly threat landscape report covering the first quarter of 2025 demonstrates that internet-based threats have consistently outpaced all other […]

The post New Report Warns of Internet is The Top Threat Source for Industrial Automation Systems appeared first on Cyber Security News.

Modern cybersecurity threats have evolved beyond traditional perimeter defenses, necessitating the adoption of proactive hunting methodologies that anticipate breach scenarios. This comprehensive guide explores advanced threat hunting strategies, technical frameworks, and practical implementation approaches that enable security professionals to identify sophisticated threats before they cause significant damage. By leveraging hypothesis-driven methodologies, advanced analytics platforms, and […]

The post Threat Hunting 101 – Proactive Cybersecurity Strategies for Experts appeared first on Cyber Security News.

A critical security vulnerability in Google’s account recovery system allowed malicious actors to obtain the phone numbers of any Google user through a sophisticated brute-force attack, according to a disclosure by a BruteCat security researcher published this week. The vulnerability, which has since been patched, exploited Google’s No-JavaScript username recovery form to bypass security protections […]

The post Google Vulnerability Let Attackers Access Any Google User Phone Number appeared first on Cyber Security News.

Ransomware operators have increasingly turned to a sophisticated new malware tool called Skitnet, also known as “Bossnet,” to enhance their post-exploitation capabilities and evade traditional security measures. First emerging on underground cybercrime forums in April 2024, this multi-stage malware has rapidly gained traction among prominent ransomware groups seeking to streamline their operations while maintaining stealth […]

The post Sophisticated Skitnet Malware Actively Adopted by Ransomware Gangs to Streamline Operations appeared first on Cyber Security News.

Chinese state-sponsored hackers launched sophisticated reconnaissance operations against cybersecurity giant SentinelOne’s infrastructure in October 2024, representing part of a broader campaign targeting over 70 organizations worldwide. The previously undisclosed attacks, detailed in a comprehensive report released by SentinelLabs on June 9, 2025, demonstrate the persistent threat that China-nexus actors pose to the very companies tasked […]

The post Chinese Hackers Attempted To Compromise SentinelOne’s Own Servers & Other High-profile Targets appeared first on Cyber Security News.

A comprehensive analysis of the Bitter espionage group has revealed eight years of sustained cyber operations employing increasingly sophisticated custom-developed malware tools designed to evade detection while conducting intelligence gathering activities. The threat actor, also known as TA397, has demonstrated remarkable persistence and evolution in their attack methodologies, progressing from basic downloaders in 2016 to […]

The post Bitter Malware Using Custom-Developed Tools To Evade Detection In Sophisticated Attacks appeared first on Cyber Security News.

Google’s latest comprehensive survey reveals a concerning surge in cybercriminal activities targeting American users, with over 60% of U.S. consumers reporting a noticeable increase in scam attempts over the past year. The technology giant’s collaboration with Morning Consult has unveiled alarming statistics showing that one-third of Americans have personally experienced data breaches, while malicious actors […]

The post Google Warns of Cybercriminals Increasingly Attacking US Users to Steal Login Credentials appeared first on Cyber Security News.

A recent campaign by Chinese state-sponsored threat actor APT41 has unveiled a novel exploitation of Google Calendar for malware command-and-control (C2) operations, marking a significant escalation in cyberespionage tactics. The group, tracked under aliases including BARIUM and Brass Typhoon, targeted Taiwanese government entities through a multi-stage attack chain combining spearphishing, image-based payload delivery, and covert […]

The post APT41 Hackers Using Google Calendar for Malware Command-and-Control To Attack Government Entities appeared first on Cyber Security News.

A sophisticated new malware campaign has emerged targeting Windows systems through an elaborate social engineering scheme involving backdoored gaming software. The Blitz malware, first identified in late 2024 and evolving through 2025, represents a concerning trend of cybercriminals exploiting gaming communities to deploy cryptocurrency mining operations. While initially designed to target general Windows systems rather […]

The post New Blitz Malware Attacking Windows Servers to Deploy Monero Miner appeared first on Cyber Security News.