Cyber Security News

A proof-of-concept (PoC) exploit has been released for a critical vulnerability in Microsoft’s Windows Server Update Services (WSUS), enabling unauthenticated attackers to execute remote code with SYSTEM privileges on affected servers. Dubbed CVE-2025-59287 and assigned a CVSS v3.1 score of 9.8, the flaw stems from unsafe deserialization of untrusted data in WSUS’s AuthorizationCookie handling. Disclosed […]

The post PoC Exploit Released for Windows Server Update Services Remote Code Execution Vulnerability appeared first on Cyber Security News.

A new tool called DefenderWrite exploits whitelisted Windows programs to bypass protections and write arbitrary files into antivirus executable folders, potentially enabling malware persistence and evasion. Developed by cybersecurity expert Two Seven One Three, the tool demonstrates a novel technique for penetration testers and red teams to drop payloads in highly protected locations without needing […]

The post New DefenderWrite Tool Let Attackers Inject Malicious DLLs into AV Executable Folders appeared first on Cyber Security News.

A high-severity vulnerability in the Pluggable Authentication Modules (PAM) framework was assigned the identifier CVE-2025-8941. This vulnerability stems from the heart of Linux operating systems, enabling attackers with local access to exploit symlink attacks and race conditions for full root privilege escalation. Root access, the ideal of control in Unix-like environments, could open doors to […]

The post PoC Exploit Released for Linux-PAM Vulnerability Allowing Root Privilege Escalation appeared first on Cyber Security News.

WatchGuard has disclosed a critical out-of-bounds write vulnerability in its Fireware OS, enabling remote unauthenticated attackers to execute arbitrary code via IKEv2 VPN connections. Designated CVE-2025-9242 under advisory WGSA-2025-00015, the flaw carries a CVSS 4.0 score of 9.3, highlighting its potential for high-impact exploitation on Firebox appliances. Published on September 17, 2025, and updated two […]

The post WatchGuard VPN Vulnerability Let Remote Attacker Execute Arbitrary Code appeared first on Cyber Security News.

Volkswagen Group has issued a statement addressing claims by the ransomware group 8Base, which alleges it has stolen and leaked sensitive data from the automaker. The German carmaker maintains that its core IT infrastructure remains unaffected; however, the company’s vague response leaves questions about the full scope of the incident and raises concerns about a […]

The post Volkswagen Allegedly Hit by Ransomware Attack as 8Base Claims Sensitive Data Theft appeared first on Cyber Security News.

Microsoft’s latest security update has rendered USB keyboards and mice inoperable within the Windows Recovery Environment (WinRE). Released on October 14, 2025, as KB5066835 for OS Build 26100.6899, the patch affects Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025. The glitch emerged shortly after installation, leaving users unable to navigate recovery […]

The post Windows 11 24H2/25H2 Update Blocks Mouse and Keyboard in Recovery Mode appeared first on Cyber Security News.

Envoy Air, a wholly owned subsidiary of American Airlines, has confirmed it fell victim to a hacking campaign exploiting vulnerabilities in Oracle’s E-Business Suite (EBS). The breach, first highlighted by the notorious Clop ransomware group, underscores the growing risks facing enterprise software in the aviation sector. Clop, known for high-profile extortion schemes like the MOVEit […]

The post American Airlines Subsidiary Envoy Compromised in Oracle Hacking Campaign appeared first on Cyber Security News.

Threat actors are leveraging Microsoft Azure Blob Storage to craft highly convincing phishing sites that mimic legitimate Office 365 login portals, putting Microsoft 365 users at severe risk of credential theft. This method exploits trusted Microsoft infrastructure, making the attacks harder to spot as the fraudulent pages appear secured by official SSL certificates issued by […]

The post New Phishing Attack Leverages Azure Blob Storage to Impersonate Microsoft appeared first on Cyber Security News.

A proof-of-concept exploit for two critical vulnerabilities in the popular file archiver 7-Zip, potentially allowing attackers to execute arbitrary code remotely through malicious ZIP files. The flaws, tracked as CVE-2025-11001 and CVE-2025-11002, were disclosed by the Zero Day Initiative (ZDI) on October 7, 2025, and stem from improper handling of symbolic links during ZIP extraction […]

The post PoC Exploit for 7-Zip Vulnerabilities that Allows Remote Code Execution appeared first on Cyber Security News.

An international law enforcement operation has dismantled a large-scale cybercrime-as-a-service network responsible for fueling thousands of online fraud cases across Europe. The operation, known as SIMCARTEL, took place on 10 October 2025 in Latvia and resulted in five arrests, the seizure of key infrastructure, and the disruption of a sophisticated online criminal marketplace. During coordinated […]

The post Authorities Dismantle Cybercrime-as-a-Service Platform, Seize 40,000 Active SIM Cards appeared first on Cyber Security News.

A newly disclosed Server-Side Request Forgery (SSRF) flaw in Zimbra Collaboration Suite has raised major security concerns, prompting administrators to patch systems immediately. The issue, identified in the chat proxy configuration component, could allow attackers to gain unauthorized access to internal resources and sensitive user data. According to Zimbra’s latest advisory, this critical SSRF vulnerability […]

The post Critical Zimbra SSRF Vulnerability Let Attackers Access Sensitive Data appeared first on Cyber Security News.

Microsoft’s October 2025 cumulative update for Windows 11 has disrupted localhost functionality, preventing developers and users from accessing local web applications and services via 127.0.0.1. The issue, tied to update KB5066835 released on October 14, affects builds like 26100.6899 and has sparked widespread complaints on forums, including Microsoft’s support pages, Stack Overflow, and Server Fault. […]

The post Microsoft Windows 11 October Update Breaks Localhost (127.0.0.1) Connections appeared first on Cyber Security News.

Cybercriminals are exploiting TikTok’s massive user base to distribute sophisticated malware campaigns that promise free software activation but deliver dangerous payloads instead. The attack leverages social engineering tactics reminiscent of the ClickFix technique, where unsuspecting users are tricked into executing malicious PowerShell commands on their systems. Victims encounter TikTok videos offering free activation of popular […]

The post Hackers Using TikTok Videos to Deploy Self-Compiling Malware That Leverages PowerShell for Execution appeared first on Cyber Security News.

Cybercriminals associated with the North Korean threat group WaterPlum, also known as Famous Chollima or PurpleBravo, have escalated their activities with a sophisticated new malware strain called OtterCandy. This cross-platform RAT and information stealer represents a dangerous evolution in the group’s capabilities, combining features from previously observed malware families RATatouille and OtterCookie to create a […]

The post Threat Actors Leveraging ClickFake Interview Attack to Deploy OtterCandy Malware appeared first on Cyber Security News.

Security teams around the world are grappling with a new breed of cyber threats that leverage advanced automation to identify software weaknesses and craft malicious payloads at unprecedented speed. Over the past year, adversaries have integrated machine-driven workflows into their operations, enabling opportunistic criminals and well-funded groups alike to discover zero-days and assemble malware with […]

The post Hackers Using AI to Automate Vulnerability Discovery and Malware Generation – Microsoft Report appeared first on Cyber Security News.

A new campaign has emerged that weaponizes Microsoft’s familiar branding to lure unsuspecting users into a sophisticated tech support scam. Victims receive a seemingly legitimate email, complete with Microsoft’s official logo, claiming there is an important financial transaction or security alert requiring immediate attention. The message prompts recipients to click a link under the guise […]

The post New Tech Support Scam with Microsoft’s Logo Tricks Users to Steal Login Credentials appeared first on Cyber Security News.

A vulnerability in Microsoft’s newly implemented Rust-based kernel component for the Graphics Device Interface (GDI) in Windows. This flaw, which could trigger a system-wide crash via a Blue Screen of Death (BSOD), highlights the challenges of integrating memory-safe languages into critical OS components. Although Microsoft classified it as moderate severity, the issue underscores potential risks […]

The post Windows Rust Kernel GDI Vulnerability Leads to Crash and Blue Screen of Death Error appeared first on Cyber Security News.

Russia’s APT28 has resurfaced in mid-2025 with a sophisticated spear-phishing campaign that weaponizes Office documents to deploy two novel payloads: BeardShell, a C-based backdoor leveraging IceDrive as a command-and-control channel, and Covenant’s HTTP Grunt Stager, which communicates via the Koofr cloud API. These malicious documents are distributed through private Signal chats, exploiting the application’s lack […]

The post APT28 With Weaponized Office Documents Delivers BeardShell and Covenant Modules appeared first on Cyber Security News.

ConnectWise released a critical security update for its Automate platform on October 16, 2025. The patch, version 2025.9, addresses serious flaws in agent communications that could let attackers intercept sensitive data or push malicious software updates. These vulnerabilities primarily affect on-premises installations, where misconfigurations might expose systems to network-based exploits. The issues stem from environments […]

The post Critical ConnectWise Vulnerabilities Allow Attackers To Inject Malicious Updates appeared first on Cyber Security News.

A sophisticated rootkit targeting GNU/Linux systems has emerged, leveraging advanced eBPF (extended Berkeley Packet Filter) technology to conceal malicious activities and evade traditional monitoring tools. The threat, known as LinkPro, was discovered during a digital forensic investigation of a compromised AWS-hosted infrastructure, where it functioned as a stealthy backdoor with capabilities ranging from process hiding […]

The post LinkPro Rootkit Attacking GNU/Linux Systems Using eBPF Module to Hide Malicious Activities appeared first on Cyber Security News.