Cyber Security News

A sophisticated backdoor malware targeting Internet of Things devices has surfaced, employing advanced communication techniques to maintain persistent access to compromised systems. The PolarEdge backdoor, first detected in January 2025, represents a significant evolution in IoT-focused threats, utilizing a custom TLS server implementation and proprietary binary protocol for command and control operations. The malware initially […]

The post PolarEdge With Custom TLS Server Uses Custom Binary Protocol for C2 Communication appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated phishing campaign that weaponizes the NPM ecosystem through an unprecedented attack vector. Unlike traditional malicious package installations, this operation leverages the trusted unpkg.com CDN to deliver phishing scripts directly through browsers, targeting enterprise employees across 135+ organizations primarily in Europe’s industrial, technology, and energy sectors. The campaign, discovered in […]

The post New Cyberattack Leverages NPM Ecosystem to Infect Developers While Installing Packages appeared first on Cyber Security News.

Cybercriminals have developed a sophisticated phishing campaign targeting Colombian users through fake judicial notifications, deploying a complex multi-stage malware delivery system that culminates in AsyncRAT infection. The campaign demonstrates an alarming evolution in social engineering tactics, leveraging legitimate-looking governmental communications to bypass traditional security measures and successfully compromise unsuspecting victims. The attack campaign employs carefully […]

The post Hackers Leverage Judicial Notifications to Deploy Info-Stealer Malware appeared first on Cyber Security News.

Fortinet has issued an urgent advisory revealing a critical weakness in its FortiPAM and FortiSwitch Manager products that could allow attackers to sidestep authentication entirely through brute-force methods. Tracked as CVE-2025-49201, the flaw stems from a weak authentication mechanism in the Web Application Delivery (WAD) and Graphical User Interface (GUI) components, classified under CWE-1390. With […]

The post FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process appeared first on Cyber Security News.

Fortinet disclosed a high-severity vulnerability in its FortiOS operating system on October 14, 2025, that could enable local authenticated attackers to execute arbitrary system commands. Tracked as CVE-2025-58325, the flaw stems from an incorrect provision of specified functionality (CWE-684) in the CLI component, potentially leading to privilege escalation. With a CVSS v3.1 score of 7.8 […]

The post FortiOS CLI Command Bypass Vulnerability Let Attacker Execute System Commands appeared first on Cyber Security News.

Microsoft rolled out its October 2025 Patch Tuesday updates, addressing a staggering 172 vulnerabilities across its ecosystem, including four zero-day flaws, of which two are actively exploited in the wild. This monthly security bulletin underscores the relentless pace of threat evolution, with critical remote code execution bugs in Office apps and elevation of privilege issues […]

The post Microsoft October 2025 Patch Tuesday – 4 Zero-days and 172 Vulnerabilities Patched appeared first on Cyber Security News.

Microsoft officially ended support for Windows 10, marking the close of a decade-long era for one of the most popular operating systems in history. This means that as of today, the company will no longer deliver free security updates, feature enhancements, or technical assistance for the OS, leaving millions of devices potentially exposed to emerging […]

The post Support for Windows 10 Ends Today Leaving Users Vulnerable to Cyberattacks appeared first on Cyber Security News.

In recent weeks, a sophisticated phishing campaign has emerged, targeting corporate and consumer accounts by impersonating both OpenAI and Sora-branded login portals. Attackers distribute emails crafted to appear as legitimate service notifications, warning recipients of account suspension or unusual activity. These messages include links directing victims to counterfeit login pages that closely replicate the original […]

The post Hackers Mimic as OpenAI and Sora Services to Steal Login Credentials appeared first on Cyber Security News.

Hackers can exploit vulnerabilities in signed UEFI shells to bypass Secure Boot protections on over 200,000 Framework laptops and desktops. According to Eclypsium, these vulnerabilities expose fundamental flaws in how modern systems trust boot components, potentially enabling persistent malware infections that evade detection. Disclosed recently to Framework, the issues stem from legitimate diagnostic tools that, […]

The post UEFI Shell Vulnerabilities Could Allow Hackers to Bypass Secure Boot on 200,000+ Laptops appeared first on Cyber Security News.

Torrance, United States, October 14th, 2025, CyberNewsWire Criminal IP at Booth J30 | Sands Expo Singapore | October 21 – 23, 2025 Criminal IP, a global cybersecurity company, announced its participation in GovWare 2025, Asia’s largest cybersecurity conference, which will be held at the Sands Expo in Singapore from October 21 to 23. At the […]

The post Criminal IP to Showcase ASM and CTI Innovations at GovWare 2025 in Singapore appeared first on Cyber Security News.

Ivanti has disclosed 13 vulnerabilities in its Endpoint Manager (EPM) software, including two high-severity flaws that could enable remote code execution and privilege escalation, urging customers to apply mitigations while patches remain in development. The announcement comes amid growing scrutiny of enterprise management tools, as attackers increasingly target them for supply chain compromises. Although no […]

The post Ivanti Patches 13 Vulnerabilities in Endpoint Manager Allowing Remote Code Execution appeared first on Cyber Security News.

A critical vulnerability in the widely used Sudo utility has come under scrutiny following the public release of a proof-of-concept exploit, raising alarms for Linux system administrators worldwide. CVE-2025-32463 targets the chroot feature in Sudo versions 1.9.14 through 1.9.17, enabling local attackers to escalate privileges to root level with minimal effort. Discovered by security researcher […]

The post New PoC Exploit Released for Sudo Chroot Privilege Escalation Vulnerability appeared first on Cyber Security News.

Elastic has disclosed a critical vulnerability in its Elastic Cloud Enterprise (ECE) platform that allows administrators with malicious intent to execute arbitrary commands and exfiltrate sensitive data. Tracked as CVE-2025-37729 under advisory ESA-2025-21, the flaw stems from improper neutralization of special elements in the Jinjava template engine. This issue affects multiple versions of ECE, potentially […]

The post Elastic Cloud Enterprise Vulnerability Let Attackers Execute Malicious Commands appeared first on Cyber Security News.

A new evolution is underway in the Russian cybercrime ecosystem: market operators and threat actors are rapidly shifting from selling compromised Remote Desktop Protocol (RDP) access to trading malware stealer logs for unauthorized system entry. This transition marks a significant change in both tactics and impact within the underground forums, affecting organizations and individuals worldwide. […]

The post Russian Cybercrime Market Hub Transferring from RDP Access to Malware Stealer Logs to Access appeared first on Cyber Security News.

A sophisticated campaign targeting macOS users has emerged through spoofed Homebrew installer websites that deliver malicious payloads alongside legitimate package manager installations. The attack exploits the widespread trust users place in the popular Homebrew package manager by creating pixel-perfect replicas of the official brew[.]sh installation page, complete with deceptive clipboard manipulation techniques. Security researchers have […]

The post Hackers Attacking macOS Users With Spoofed Homebrew Websites to Inject Malicious Payloads appeared first on Cyber Security News.

A newly identified pro-Russian hacktivist group has successfully infiltrated operational technology and industrial control systems belonging to critical infrastructure organizations, employing sophisticated techniques to steal login credentials and disrupt vital services. The threat actor, known as TwoNet, represents an emerging class of hacktivists who have expanded beyond traditional distributed denial-of-service attacks to target human-machine interfaces […]

The post Pro-Russian Hacktivist Attacking OT/ICS Devices to Steal Login Credentials appeared first on Cyber Security News.

OpenAI’s newly launched Guardrails framework, designed to enhance AI safety by detecting harmful behaviors, has been swiftly compromised by researchers using basic prompt injection methods. Released on October 6, 2025, the framework employs large language models (LLMs) to judge inputs and outputs for risks like jailbreaks and prompt injections, but experts from HiddenLayer demonstrated that […]

The post Hackers Can Bypass OpenAI Guardrails Using a Simple Prompt Injection Technique appeared first on Cyber Security News.

A critical vulnerability in Axis Communications’ Autodesk Revit plugin has exposed Azure Storage Account credentials, creating significant security risks for customers and potentially enabling supply chain attacks targeting the architecture and engineering industry. The vulnerability stems from hardcoded credentials embedded within signed Dynamic Link Libraries (DLLs) distributed to customers through the plugin’s Microsoft Installer (MSI) […]

The post Axis Communications Vulnerability Exposes Azure Storage Account Credentials appeared first on Cyber Security News.

The cybersecurity landscape witnessed a concerning development as threat actors discovered a novel attack vector targeting Microsoft Edge’s Internet Explorer mode functionality. This sophisticated campaign emerged in August 2025, exploiting the inherent security weaknesses of legacy browser technology to compromise unsuspecting users’ devices. The attack represents a significant evolution in threat actor tactics, demonstrating their […]

The post Hackers Leveraging Microsoft Edge Internet Explorer Mode to Gain Access to Users’ Devices appeared first on Cyber Security News.

North Korean state-sponsored threat actors have intensified their supply chain attacks against software developers through a sophisticated campaign dubbed “Contagious Interview,” deploying 338 malicious npm packages that have accumulated over 50,000 downloads. The operation represents a dramatic escalation in the weaponization of the npm registry, targeting Web3, cryptocurrency, and blockchain developers through elaborate social engineering […]

The post North Korean Hackers Attacking Developers with 338 Malicious npm Packages appeared first on Cyber Security News.