Cyber Security News

Moxa has issued a critical security advisory regarding CVE-2023-38408, a severe vulnerability in OpenSSH affecting multiple Ethernet switch models. The flaw, with a CVSS 3.1 score of 9.8, allows unauthenticated remote attackers to execute arbitrary code on vulnerable devices without requiring user interaction. CVE-2023-38408 stems from an unreliable search path in the PKCS#11 feature of […]

The post Critical OpenSSH Vulnerability Exposes Moxa Ethernet Switches to Remote Code Execution appeared first on Cyber Security News.

A sophisticated Android banking threat has emerged in the threat landscape, posing serious risks to mobile users across certain regions. The malware, known as deVixor, represents a significant evolution in Android-based attacks, combining financial data theft, device control, and extortion within a single platform. Since October 2025, security researchers have identified over 700 samples of […]

The post Android Banking Malware deVixor Actively Targeting Users with Ransomware Capabilities appeared first on Cyber Security News.

A significant security incident has emerged in Apex Legends, where attackers gained the ability to remotely control player inputs during active gameplay. The incident came to light when Respawn Entertainment disclosed the vulnerability through their official social media channels on January 10, 2026. This represents a notable breach in the competitive gaming environment, allowing malicious […]

The post Hackers Hijacked Apex Legends Game to Control the Inputs of Another Player Remotely appeared first on Cyber Security News.

Overcoming these five challenges commonly faced by SOC teams means taking a quantum leap in performance.   The catalyst for this shift is simple: high quality threat intelligence, an essential component for modern security experts.  With accurate, real time data on malicious indicators, organization can match, or even surpass results reported by ANY.RUN’s clients who adopted TI solutions:  High-quality threat intelligence drives such improvements by solving some of the hardest SOC challenges. Read further to see what they are and […]

The post 5 SOC Challenges You Can Eliminate with a Single Improvement  appeared first on Cyber Security News.

In today’s digital world, databases act as fortified storehouses for an organization’s crown jewels its critical data. Yet these vaults face nonstop assaults from cyber threats. As a cybersecurity defender, you stand as the ever-watchful guardian, shielding these assets from relentless foes. Success demands a strategic blueprint for every database under your purview. This guide […]

The post Top 10 Best Practices for Cybersecurity Professionals to Secure Your Database appeared first on Cyber Security News.

In today’s escalating threat landscape, spotting and patching open vulnerabilities ranks as a top priority for security teams. Pinpointing weaponized, high-risk CVEs exploited by threat actors and ransomware amid thousands of disclosures proves essential. Qualys researchers recently highlighted the top 20 most exploited vulnerabilities, noting hackers’ heavy focus on Microsoft products. Several from this list […]

The post Top 20 Most Exploited Vulnerabilities: Microsoft Products Draw Hackers appeared first on Cyber Security News.

DevOps refers to a collection of processes and technologies used in software development and IT operations that reduce the system development life cycle and enable continuous delivery. However, when time and resources are limited, security measures tend to be minimized. Utilizing DevOps technologies created with security in mind is vital to this strategy. Maintaining the […]

The post 10 Best DevOps Tools to Shift Your Security in 2026 appeared first on Cyber Security News.

Introduction : Security management across multiple Software-as-a-Service (SaaS) clouds can present challenges, primarily stemming from the heightened prevalence of malware and ransomware attacks. In the present landscape, organizations encounter many challenges with Software-as-a-Service (SaaS). One of the main challenges businesses face is the absence of standardized configuration practices, which leads to the need to handle […]

The post Top 10 Best SaaS Security Tools – 2026 appeared first on Cyber Security News.

Introduction : Insider Risk refers to the potential harm or negative impact that can arise from any illicit or unauthorized activity carried out by an individual within an organization who has legitimate access to sensitive data, systems, or resources, can be mitigated with Best Insider Risk Management Platforms. Such insider threat activities may include theft, […]

The post Top 10 Best Insider Risk Management Platforms – 2026 appeared first on Cyber Security News.

A unified identity security platform consolidates management of user rights, privileged access, authentication, verification, analytics, and compliance transforming fragmented processes into a streamlined operation. This reins in identity sprawl, a leading cybersecurity gap, while erasing vulnerabilities, ramping up efficiency, and pushing governance across your entire enterprise. Overseeing people and permissions is inherently tricky, but a […]

The post Best Unified Network Security Solutions for Small Businesses appeared first on Cyber Security News.

Marketers play an essential role in today’s market by bridging the gap between the consumer and the organization or product. In the process of becoming the bridge, marketers often handle and are responsible for a lot of valuable information. And to safeguard those assets, any marketer must take security-related measures to address the assets adequately. […]

The post Best Security Solutions for Marketers – 2026 appeared first on Cyber Security News.

Network security for Software as a Service (SaaS) requires a combination of rules, procedures, and technologies to ensure the confidentiality, integrity, and availability of SaaS-provided data and services. As-a-Service Security (SaaS) refers to a cloud-based methodology for delivering security services over the Internet, specifically in the context of network security. Businesses increasingly use security services […]

The post Best Network Security Vendors for SaaS – 2026 appeared first on Cyber Security News.

Attackers have successfully infiltrated n8n’s community node ecosystem using a malicious npm package disguised as a legitimate Google Ads integration tool. The attack reveals a critical vulnerability in how workflow automation platforms handle third-party integrations and user credentials. The malicious package, named n8n-nodes-hfgjf-irtuinvcm-lasdqewriit, tricked developers into entering their Google Ads OAuth credentials through a seemingly […]

The post Hackers Infiltrated n8n’s Community Node Ecosystem With a Weaponized npm Package appeared first on Cyber Security News.

A stealthy flaw in Telegram’s mobile clients that lets attackers unmask users’ real IP addresses with a single click, even those hiding behind proxies. Dubbed a “one-click IP leak,” the vulnerability turns seemingly innocuous username links into potent tracking weapons. The issue hinges on Telegram’s automatic proxy validation mechanism. When users encounter a disguised proxy […]

The post Telegram Exposes Real Users IP Addresses, Bypassing Proxies on Android and iOS in 1-click appeared first on Cyber Security News.

InvisibleJS, a new open-source tool that conceals JavaScript code using invisible zero-width Unicode characters, raises alarms about potential misuse in malware campaigns. InvisibleJS, hosted on GitHub by developer With alias oscarmine, employs steganography to embed source code into seemingly blank files. The process converts JavaScript into binary strings, mapping 0s to Zero Width Space (U+200B) […]

The post InvisibleJS Tool Hides Executable ES Modules in Empty Files Using Zero-Width Steganography appeared first on Cyber Security News.

VirusTotal has released YARA-X version 1.11.0, introducing an important new feature designed to improve rule reliability and reduce false negatives in malware detection. The latest update introduces hash-function warnings that help security researchers catch common mistakes when writing YARA detection rules. YARA-X is a malware detection engine widely used by cybersecurity professionals to identify malicious files. […]

The post YARA-X 1.11.0 Released With a New Hash Function Warnings appeared first on Cyber Security News.

Google announced Monday it’s integrating its Gemini AI model into Gmail, introducing features that transform the email service into a proactive personal assistant for its 3 billion users. The company is launching AI Overviews, a feature that synthesizes long email threads into concise summaries of key points. Users can also ask their inbox natural-language questions, such […]

The post Google is Integrating Gemini AI with Gmail to Transform it into a Proactive Personal Assistant appeared first on Cyber Security News.

Threat actor HawkSec claims to be auctioning a Discord dataset comprising 78,541,207 files. The collection, organized into messages, voice sessions, actions, and servers, stems from an abandoned OSINT/CSINT project spanning several months. HawkSec promoted the dataset in their Discord server, titled “Hello Hawks Community,” announcing availability for purchase via designated channels. Files purportedly cover public […]

The post Threat actors Allegedly Claim Discord Dataset Containing 78,541,207 Files appeared first on Cyber Security News.

A critical XML external entity (XXE) injection vulnerability has been discovered in Apache Struts 2, potentially exposing millions of applications to data theft and server compromise. The vulnerability, tracked as CVE-2025-68493, affects multiple versions of the widely used framework and requires immediate action from developers and system administrators. Vulnerability Overview The security flaw exists in the […]

The post Critical Apache Struts 2 Vulnerability Allow Attackers to Steal Sensitive Data appeared first on Cyber Security News.

The cybersecurity landscape is experiencing a major shift in how attackers operate. Threat actors have moved away from traditional hunting methods like phishing emails and cold outreach. Instead, they are now creating sophisticated traps designed to make high-value targets walk directly into their schemes. This new approach, called “inbound” social engineering, is currently focusing on […]

The post Web3 Developer Environments Targeted by Social Engineering Campaign Leveraging Fake Interview Software appeared first on Cyber Security News.