Cyber Security News

Over 25,000 Fortinet devices worldwide with FortiCloud Single Sign-On (SSO) enabled, leaving them potentially exposed to remote attacks. The finding stems from enhanced device fingerprinting in a new Device Identification report, which scanned global IP addresses and flagged these systems as openly advertising their SSO configuration. FortiCloud SSO streamlines authentication for Fortinet’s ecosystem, including firewalls, […]

The post 25,000+ FortiCloud SSO-Enabled Devices Exposed to Remote Attacks appeared first on Cyber Security News.

Torrance, United States / California, December 19th, 2025, CyberNewsWire Criminal IP (criminalip.io), the AI-powered threat intelligence and attack surface monitoring platform developed by AI SPERA, is now officially integrated into Palo Alto Networks’ Cortex XSOAR. The integration embeds real-time external threat context, exposure intelligence, and automated multi-stage scanning directly into Cortex XSOAR’s orchestration engine, giving security […]

The post Criminal IP and Palo Alto Networks Cortex XSOAR integrate to bring AI-driven exposure intelligence to automated incident response appeared first on Cyber Security News.

A new credential-harvesting campaign has been discovered targeting users of UKR.NET, a popular Ukrainian webmail and news platform. The attacks are linked to BlueDelta, a Russian state-sponsored hacker group also known as APT28, Fancy Bear, and Forest Blizzard. This group has been running operations for over ten years, focusing on stealing login credentials from government […]

The post BlueDelta Hackers Attacking Users of Widely Used Ukrainian Webmail and News Service appeared first on Cyber Security News.

Apache Logging Services has disclosed a critical security vulnerability in Log4j Core that exposes applications to potential interception of log data. The flaw resides in the Socket Appender component. It affects versions 2.0-beta9 through 2.25.2, creating a man-in-the-middle attack vector for malicious actors. The Socket Appender in affected Log4j versions fails to verify the TLS […]

The post Apache Log4j Vulnerability Allow Attackers to Intercept Sensitive Log Data appeared first on Cyber Security News.

Three major ransomware groups have joined forces to create what cybersecurity experts are calling one of the most concerning developments in the criminal underground. On September 15, 2025, the ransomware group DragonForce announced the formation of an alliance between DragonForce, Qilin, and LockBit through a post on a Russian underground forum. This coalition represents a […]

The post New Research Uncovers the Alliance Between Qilin, DragonForce and LockBit appeared first on Cyber Security News.

The Cloud Atlas advanced persistent threat group has continued its sophisticated campaign targeting organizations across Eastern Europe and Central Asia during the first half of 2025, leveraging outdated Microsoft Office vulnerabilities to deliver multiple backdoor implants. This campaign reveals a coordinated effort to establish persistent access and extract sensitive data from high-value targets. Cloud Atlas, […]

The post Cloud Atlas Hacker Group Exploiting Office Vulnerabilities to Execute Malicious Code appeared first on Cyber Security News.

Iranian state-sponsored threat actors, commonly tracked as “Prince of Persia,” have resurfaced with a sophisticated cyberespionage campaign targeting global critical infrastructure and private networks. Active since the early 2000s, this group recently deployed updated malware variants to infiltrate organizational systems and exfiltrate sensitive intelligence. Their latest operations demonstrate a significant evolution in technical proficiency, utilizing […]

The post Iranian Nation-State APT Targeting Networks and Critical Infrastructure Organizations appeared first on Cyber Security News.

Scripted Sparrow is a newly identified Business Email Compromise (BEC) group operating across three continents. Their operations are vast, leveraging significant automation to generate and distribute attack messages on a global scale. The group primarily targets organizations by masquerading as executive coaching or leadership training consultancies to deceive unsuspecting employees. The attack typically begins with […]

The post Scripted Sparrow Uses Automation to Generate and Send their Attack Messages appeared first on Cyber Security News.

An active phishing campaign is currently targeting HubSpot users through a sophisticated combination of social engineering and infrastructure compromise. The attack leverages business email compromise tactics, paired with website hijacking, to deliver credential-stealing malware to unsuspecting marketing professionals and business teams that rely on the platform. The campaign begins with carefully crafted phishing emails that […]

The post Hackers Targeting HubSpot Users in Targeted Phishing Attack appeared first on Cyber Security News.

The University of Sydney has confirmed a significant data breach affecting thousands of current and former staff members, as well as students and alums. In a message to the university community, Vice-President (Operations) Nicole Gower revealed that suspicious activity was detected in an online IT code library last week. While this digital storage space was […]

The post University of Sydney Hacked – Students and Staff Data Exposed appeared first on Cyber Security News.

A sophisticated cyberespionage campaign targeting governmental entities in Southeast Asia and Japan has unveiled a new China-aligned threat actor dubbed LongNosedGoblin. Active since at least September 2023, this advanced persistent threat (APT) group distinguishes itself by leveraging a diverse toolset of custom C#/.NET malware families. Their operations primarily focus on intelligence gathering, employing stealthy techniques […]

The post China-Aligned APT Hackers Exploit Windows Group Policy to Deploy Malware appeared first on Cyber Security News.

A slight delay in keystrokes from a supposed U.S.-based IT worker alerted Amazon to a North Korean infiltrator accessing a corporate laptop. The commands should have zipped from the worker’s machine to Amazon’s Seattle headquarters in under 100 milliseconds. Instead, they trickled in after more than 110 milliseconds, a subtle clue screaming “half a world […]

The post Amazon Catches North Korean IT Worker by Tracking Tiny 110ms Keystroke Delays appeared first on Cyber Security News.

Cary, North Carolina, USA, December 18th, 2025, CyberNewsWire Growth in Egypt, UAE, and Kingdom of Saudi Arabia Fueled by Demand for Expert-Led, Hands-On Training to Meet National Digital Transformation Goals INE Security, a global leader in specialized cybersecurity and IT training, today announced continued significant expansion across the Middle East and Asia, capitalizing on major […]

The post INE Security Expands Across Middle East and Asia to Accelerate Cybersecurity Upskillin appeared first on Cyber Security News.

OpenAI has unveiled GPT-5.2-Codex, a cutting-edge model optimized for agentic coding and enhanced cybersecurity tasks. The release highlights breakthroughs in handling complex software engineering and vulnerability detection. GPT-5.2-Codex tops SWE-Bench Pro with 56.4% accuracy, outperforming GPT-5.2 at 55.6% and GPT-5.1 at 50.8%. On Terminal-Bench 2.0, it scores 64.0%, surpassing prior versions like GPT-5.2’s 62.2%. These […]

The post OpenAI GPT-5.2-Codex Supercharges Agentic Coding and Vulnerability Detection appeared first on Cyber Security News.

A newly identified botnet malware family, dubbed “Udados,” has emerged as a significant threat to the Technology and Telecommunications sectors, orchestrating high-volume HTTP flood Distributed Denial-of-Service (DDoS) attacks. According to ANY.RUN sandbox analysis, the botnet leverages infected hosts to execute sustained denial-of-service campaigns designed to disrupt business continuity by overwhelming target servers with legitimate-looking traffic.​ […]

The post New Udados Botnet Launches Massive HTTP Flood DDoS Attacks Targeting Tech Sector appeared first on Cyber Security News.

CISA has added a new ASUS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling urgent risk for affected users and organizations. The flaw, tracked as CVE-2025-59374, affects ASUS Live Update, a utility commonly used to deliver firmware and software updates to ASUS devices. According to the advisory, specific ASUS Live Update clients were distributed with embedded malicious […]

The post CISA Adds ASUS Embedded Malicious Code Vulnerability to KEV List Following Active Exploitation appeared first on Cyber Security News.

A critical security alert warns customers about a severe vulnerability in HPE OneView Software that could allow remote attackers to execute arbitrary code without authentication. The flaw, tracked as CVE-2025-37164, carries a CVSS severity score of 10.0, indicating maximum critical risk. Attribute Details CVE ID CVE-2025-37164 Product HPE OneView Software Vulnerability Type Remote Code Execution […]

The post HPE OneView Software Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

A critical security advisory addressing multiple severe vulnerabilities in Cisco Unified Contact Center Express (Unified CCX). That could allow unauthenticated remote attackers to execute arbitrary commands and compromise affected systems. The vulnerabilities were disclosed on November 5, 2025, with the advisory updated on November 13, 2025. Two distinct vulnerabilities have been identified in the Java […]

The post Cisco Unified Contact Center Express Vulnerabilities Enables Remote Code Execution Attacks appeared first on Cyber Security News.

Microsoft has officially acknowledged a disruptive bug in its latest Windows updates, confirming that the November 2025 non-security preview update KB5070311 (OS builds 26200.7309 and 26100.7309) and subsequent patches are causing RemoteApp connection failures in Azure Virtual Desktop (AVD) environments. The issue primarily affects enterprise users running Windows 11 versions 24H2 and 25H2, as well […]

The post Microsoft Confirms Recent Windows 11 24H2/25H2 and Server 2025 Update Breaks RemoteApp Connections appeared first on Cyber Security News.

RansomHouse has emerged as a significant threat in the ransomware landscape, operated by a group tracked as Jolly Scorpius. This ransomware-as-a-service platform combines data theft with encryption, creating a dual pressure point that forces victims into difficult decisions. Since December 2021, the group has targeted at least 123 organizations across critical sectors, resulting in major […]

The post RansomHouse RaaS Service Upgraded with Double Extortion Strategy that Steals and Encrypt Data appeared first on Cyber Security News.