Cyber Security News

The Lazarus Group’s long-running recruitment lure has resurfaced as “ClickFake Interview”, anchored on the freshly registered waventic[.]com site. Candidates progress through a slick JavaScript form that ends with a bogus webcam “driver” download, actually planting the cross-platform GolangGhost malware. Sekoia.io threat-defence researchers noted that the operators recycled the “ClickFix” web template first profiled in March […]

The post New ClickFake Interview Attack Using ClickFix Technique to Deliver GolangGhost Malware appeared first on Cyber Security News.

The rise of clandestine “travel agencies” on darknet forums has reshaped the cyber-crime landscape, morphing traditional card-skimming into a full-fledged service economy that sells half-priced flights, five-star hotels, and even yacht charters. What unsuspecting buyers see as a bargain is merely the last hop of a criminal supply chain that begins with credential theft and […]

The post Dark Web Travel Agencies Offering Cheap Travel Deals to Steal Credit Card Data appeared first on Cyber Security News.

Quality threat intelligence has traditionally been the domain of enterprise-level budgets and premium subscriptions. The kind of fresh, actionable data that transforms how SOCs operate has remained frustratingly out of reach for many organizations. Until now.  A Game-Changing Opportunity For Your Security Operations  ANY.RUN has just made an unprecedented move that will reshape how security […]

The post Exclusive! Threat Intelligence That Powers Best SOCs Worldwide Is Now Free   appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA), FBI, Department of Health and Human Services, and Multi-State Information Sharing and Analysis Center have issued an urgent joint advisory warning of escalating attacks by the Interlock ransomware group, which has been targeting businesses and critical infrastructure sectors since late September 2024. The newly emerged Interlock variant represents […]

The post CISA Warns of Interlock Ransomware With Double Extortion Tactics Attacking Windows and Linux Systems appeared first on Cyber Security News.

A threat actor known as “skart7” is allegedly offering a zero-day Local Privilege Escalation (LPE) exploit targeting Apple’s macOS operating system for sale on a prominent hacker forum.  This development represents a significant security concern for macOS users, particularly those in enterprise environments and high-value target organizations. Key Takeaways1. Threat actor "skart7" allegedly selling macOS […]

The post Threat Actors Allegedly Selling macOS 0-day LPE Exploit on Hacker Forums appeared first on Cyber Security News.

The breach of Tehran-based security contractor Amnban has ripped the cover off a multi-year espionage program that quietly burrowed into airline reservation systems across Africa, Europe, and the Middle East. Internal documents and screen-captured videos obtained by investigatory journalist Nariman Gharib reveal methodical reconnaissance of Royal Jordanian, Turkish Airlines, Wizz Air, Qatar Airways and more, […]

The post Iran’s Cyber Actors Attacking Global Airlines to Exfiltrate Sensitive Data appeared first on Cyber Security News.

Apache Jena has disclosed two significant security vulnerabilities affecting versions through 5.4.0, prompting an immediate upgrade recommendation to version 5.5.0.  Both CVE-2025-49656 and CVE-2025-50151, announced on July 21, 2025, represent important severity flaws that exploit administrative access to compromise server file system integrity.  Key Takeaways1. Apache Jena through v5.4.0 has two vulnerabilities (CVE-2025-49656, CVE-2025-50151).2. Exploit […]

The post Apache Jena Vulnerability Leads to Arbitrary File Access or Manipulation appeared first on Cyber Security News.

The UK government has announced comprehensive measures to tackle ransomware attacks, with public sector organizations and critical national infrastructure operators facing an outright ban on paying ransom demands to cyber criminals.  This landmark decision, supported by nearly three-quarters of consultation respondents, represents a strategic shift toward disrupting the lucrative business model that drives Advanced Persistent […]

The post UK Confirms Ban of Ransomware Payments to Public and Critical National Infrastructure Sectors appeared first on Cyber Security News.

A significant vulnerability in ETQ Reliance quality management software allows attackers to gain full administrative access by simply adding a single space character to a login attempt.  The flaw, tracked as CVE-2025-34143, represents one of the most unusual authentication bypass vulnerabilities discovered in enterprise software, requiring no sophisticated techniques, just typing “SYSTEM ” (with a […]

The post ETQ Reliance RCE Vulnerability Enables Full SYSTEM Access Just by Typing a Single Space appeared first on Cyber Security News.

An open-source scanning tool has been released to identify SharePoint servers vulnerable to the critical zero-day exploit CVE-2025-53770.  The newly published scanner, available on GitHub, enables organizations to rapidly assess their SharePoint infrastructure for this unauthenticated Remote Code Execution vulnerability that has been actively exploited in the wild.  Key Takeaways1. Open-source tool detects SharePoint servers […]

The post New Scanner Released to Detect SharePoint Servers Vulnerable to 0-Day Attack appeared first on Cyber Security News.

Multiple security vulnerabilities affecting Sophos firewall products, with two enabling pre-authentication remote code execution that could allow attackers to compromise systems without valid credentials.  The vulnerabilities, tracked as CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, and CVE-2024-13973, impact various configurations of Sophos Firewall versions 21.5 GA and older, with automatic hotfixes already deployed to address the most severe […]

The post Critical Sophos Firewall Vulnerabilities Enables pre-auth Remote Code Execution appeared first on Cyber Security News.

Cisco Systems has issued a critical security advisory warning of multiple remote code execution vulnerabilities in its Identity Services Engine (ISE) that are being actively exploited by attackers in the wild. The vulnerabilities, carrying the maximum CVSS severity score of 10.0, allow unauthenticated remote attackers to execute arbitrary commands with root privileges on affected systems. […]

The post Cisco Warns of Identity Services Engine RCE Vulnerability Exploited in the Wild appeared first on Cyber Security News.

The UK Government has imposed sanctions on Russian military intelligence units and 18 individuals following the exposure of a sophisticated cyber espionage campaign targeting Microsoft cloud services.  The National Cyber Security Centre (NCSC) revealed that the Russian Advanced Persistent Threat group APT 28 deployed previously unknown malware called AUTHENTIC ANTICS to steal login credentials and […]

The post UK Sanctions Russian APT 28 Hackers for Attacking Microsoft Cloud Service Login Details appeared first on Cyber Security News.

A sophisticated new ransomware threat has emerged from the cybercriminal underground, targeting organizations across multiple operating systems with advanced cross-platform capabilities. In June 2025, a ransomware actor operating under the alias “Dollar Dollar Dollar” introduced GLOBAL GROUP on the Ramp4u cybercrime forum, marketing it as a cutting-edge Ransomware-as-a-Service (RaaS) platform. The group promised affiliates scalable […]

The post GLOBAL GROUP’s Golang Ransomware Attacks Windows, Linux, and macOS Environments appeared first on Cyber Security News.

Wireshark Foundation has announced the availability of Wireshark 4.4.8, the latest maintenance release of the world’s most widely used network-protocol analyzer. Although the update does not introduce brand-new protocols, it delivers a focused package of stability improvements, expanded dissector capabilities, and quality-of-life fixes that will be immediately valuable to network engineers, security analysts, and developers. […]

The post Wireshark 4.4.8 Released With Bug Fixes and Updated Protocol Support appeared first on Cyber Security News.

Christian Dior Couture, the luxury fashion house owned by Louis Vuitton, has begun notifying customers of a major cybersecurity incident that exposed sensitive personal information of clients.  The breach, discovered in May 2025, involved unauthorized access to customer databases containing personal data including names, addresses, dates of birth, and in some cases, Social Security numbers. […]

The post Dior, a Louis Vuitton Brand, Alerts Customers Following Cyber Attack appeared first on Cyber Security News.

Thousands of organizations worldwide face active cyberattacks targeting Microsoft SharePoint servers through two critical vulnerabilities, prompting urgent government warnings and emergency patches. Microsoft confirmed over the weekend that threat actors are actively exploiting two zero-day vulnerabilities in on-premises SharePoint servers, designated CVE-2025-53770 and CVE-2025-53771. The attacks, dubbed “ToolShell” by security researchers, have compromised dozens of […]

The post Microsoft Releases Mitigations and Threat Hunting Queries for SharePoint Zero-Day appeared first on Cyber Security News.

A financially motivated threat group dubbed Greedy Sponge has been systematically targeting Mexican financial institutions and organizations since 2021 with a heavily modified version of the AllaKore remote access trojan (RAT). The campaign represents a sophisticated evolution of cybercriminal tactics, combining traditional social engineering with advanced technical capabilities designed specifically for financial fraud operations. The […]

The post Greedy Sponge Hackers Attacking Financial Institutions With Modified Version of AllaKore RAT appeared first on Cyber Security News.

A sophisticated new phishing campaign has emerged, delivering the DeerStealer malware through weaponized .LNK shortcut files that exploit legitimate Windows binaries in a technique known as “Living off the Land” (LOLBin). The malware masquerades as a legitimate PDF document named “Report.lnk” while covertly executing a complex multi-stage attack chain that leverages mshta.exe, a legitimate Microsoft […]

The post DeerStealer Malware Delivered Via Weaponized .LNK Using LOLBin Tools appeared first on Cyber Security News.

A sophisticated supply chain attack has compromised several widely-used npm packages, including eslint-config-prettier and eslint-plugin-prettier, after threat actors successfully stole maintainer authentication tokens through a targeted phishing campaign. The attack leveraged a typosquatted domain, npnjs.com, designed to mimic the legitimate npmjs.org site and harvest developer credentials through convincing phishing emails. The malicious campaign represents a […]

The post Threat Actors Hijack Popular npm Packages to Steal The Project Maintainers’ npm Tokens appeared first on Cyber Security News.