Aggregator

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications. [...]

A critical zero-day vulnerability in Gogs, a widely used self-hosted Git service, is currently being exploited in the wild. Designated as CVE-2025-8110, this flaw allows authenticated users to execute a symlink bypass, leading to Remote Code Execution (RCE). As of this writing, no patch is available, and researchers estimate that over 50% of public-facing Gogs […]

The post Gogs 0-Day Vulnerability Exploited in the Wild to Hack 700+ Instances appeared first on Cyber Security News.

AI-driven attacks now automate reconnaissance, generate malware variants, and evade detection at a speed that overwhelms traditional defenses. Corelight explains how network detection and response (NDR) provides the visibility and behavioral insights SOC teams need to spot and stop these fast-moving threats. [...]

Пять событий за год — это успех. Как работает терпение (и детекторы) в современной науке.

The Information Commissioner’s Office said LastPass had “failed to implement sufficiently robust technical and security measures” to protect its data.

Nederland heeft vanaf nu de NAVO-luchtverdediging rond een logistiek knooppunt in Polen in handen. Gisteren is de taak tijdens een officiële overdracht van de Duitse naar de Nederlandse Air and Missile Defense Taskforce (AMDTF) gegaan.

Road Town, British Virgin Islands, December 11th, 2025, CyberNewsWire 1inch, the leading DeFi ecosystem, has been selected as the exclusive swap provider at launch for Ledger Multisig, deepening the collaboration between the two projects. By integrating the 1inch Swap API into its security-first multisig architecture, Ledger, the world leader in digital asset security for consumers […]

The post 1inch Named Exclusive Swap Provider at Launch for Ledger Multisig appeared first on Cyber Security News.

A dangerous new malware called DroidLock is targeting Android users, particularly in Spanish-speaking regions, through phishing websites. This threat combines ransomware tactics with remote-control capabilities, posing a severe risk to users of personal and corporate devices. Once installed, DroidLock transforms a smartphone into a hostile endpoint that attackers can manipulate at will, making it a […]

The post New DroidLock Malware Locks Android Devices and Demands a Ransom appeared first on Cyber Security News.

2024年9月，黎巴嫩发生了一起震惊世界的寻呼机爆炸事件。当时，真主党成员使用的数千台寻呼机几乎同时引爆。

Using artificial intelligence in operational technology environments could be a bumpy ride full of trust issues and security challenges.

Zimperium zLabs reveals DroidLock, a new Android malware acting like ransomware that can hijack Android devices, steal credentials via phishing, and stream your screen via VNC.

Следов вторжения через LazyHook не найдёт даже самый внимательный сканер.

Combining advanced cybersecurity solutions with local expertise for stronger protection and faster deployment. Link11, a global IT provider of advanced cybersecurity solutions, announced a strategic partnership today with Panera, a well-established Israeli distributor and integrator of cybersecurity technologies. This collaboration aims to expand Link11’s market presence in Israel, strengthen customer relationships, and improve technical capabilities.  […]

The post Driving Cyber Resilience in Israel: Link11 and Panera Launch Strategic Partnership appeared first on Link11.

Cary, North Carolina, USA, December 11th, 2025, CyberNewsWire As AI accelerates job transformation, INE supports organizations reallocating Q4 budgets to experiential, performance-driven upskilling. With 90% of organizations facing critical skills gaps (ISC2) and AI reshaping job roles across cybersecurity, cloud, and IT operations, enterprises are rapidly reallocating L&D budgets toward hands-on training that delivers measurable, […]

The post INE Highlights Enterprise Shift Toward Hands-On Training Amid Widening Skills Gaps appeared first on Cyber Security News.

A vulnerability has been found in TeamViewer DEX up to 3.3 and classified as problematic. The affected element is an unknown function of the component -Exchange-NomadClientHealth-ConfigureGeneralSetting. The manipulation leads to uncontrolled search path. This vulnerability is documented as CVE-2025-64995. The attack needs to be performed locally. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in TeamViewer DEX up to 17.0. Impacted is an unknown function of the component 1E-Nomad-SetWorkRate. Executing manipulation can lead to uncontrolled search path. This vulnerability is registered as CVE-2025-64994. The attack needs to be launched locally. No exploit is available. You should upgrade the affected component.