Cyber Security News

Two critical vulnerabilities have been identified in widely used software: CrushFTP and Next.js. CrushFTP, a file transfer solution, contains a vulnerability allowing unauthorized access through standard web ports, bypassing security measures.  Additionally, Next.js, a popular React framework, suffers from CVE-2025-29927, which enables attackers to circumvent authorization checks in middleware.  Both vulnerabilities pose significant risks, potentially […]

The post CrushFTP HTTPS Port Vulnerability Leads to Unauthorized Access appeared first on Cyber Security News.

In mid-March 2025, cybersecurity researchers uncovered “Operation ForumTroll,” targeting Russian media outlets and educational institutions. Victims are infected by clicking phishing links disguised as invitations to the “Primakov Readings” forum, requiring no further interaction for the sophisticated malware to deploy on vulnerable systems. The campaign exploits a critical zero-day vulnerability (CVE-2025-2783) in Chrome that bypasses […]

The post Operation ForumTroll – APT Hackers Exploit Google Chrome Zero-Day To Bypass Sandbox Protections appeared first on Cyber Security News.

CYFOX has uncovered significant vulnerabilities in smart TVs that could potentially disrupt entire enterprise networks. This discovery was made possible by their groundbreaking OmniSec vCISO platform, the first GenAI-powered autonomous security and compliance agent. During the implementation of OmniSec, CYFOX identified critical security flaws within smart TVs. Joseph Tal, CEO of CYFOX, emphasized the significance […]

The post Your Smart TV May Bring Down the Entire Network appeared first on Cyber Security News.

Cary, NC, March 24th, 2025, CyberNewsWire INE Security, a global provider of cybersecurity training and certification, today announced its initiative to spotlight the increasing cyber threats targeting healthcare institutions. In recognition of National Physicians Week 2025, the company is drawing attention to new industry data showing a sharp rise in cyberattacks on hospitals and clinics—incidents that […]

The post Cyber Guardians: INE Security Champions Cybersecurity Training During National Physicians Week 2025 appeared first on Cyber Security News.

A sophisticated phishing campaign targeting Google account credentials through fake Semrush advertisements has emerged, posing a significant threat to digital marketers and SEO professionals. Cybercriminals have deployed numerous malicious advertisements that appear legitimate in Google search results, leveraging Semrush’s growing popularity in the SEO industry to lure unsuspecting victims. These fraudulent ads redirect users to […]

The post Hackers Using Fake Semrush Ads to Steal Google Accounts Login Credentials appeared first on Cyber Security News.

A highly targeted phishing campaign is currently exploiting Pocket Card users through elaborately crafted emails that appear to originate from the legitimate financial service provider. The campaign, active since early March 2025, has already compromised an estimated 3,000 accounts, resulting in unauthorized transactions and credential theft. The malicious actors behind this attack employ convincing Pocket […]

The post Pocket Card Users Under Attack Via Sophisticated Phishing Campaign appeared first on Cyber Security News.

INTERPOL led a multi-national law enforcement operation dubbed “Operation Red Card,” which has resulted in the arrest of over 300 suspected cyber criminals.  Operation Red Card, conducted from November 2024 to February 2025, targeted cross-border criminal syndicates responsible for mobile banking fraud, investment scams, and messaging app exploitation. The operation involved law enforcement agencies from […]

The post Operation Red Card – 300+ Cyber Criminals Arrested Linking to Multiple Hacking Activities appeared first on Cyber Security News.

A novel attack vector combining browser cache exploitation and DLL proxying has emerged as a significant threat to organizations using Microsoft Teams and OneDrive. Dubbed Browser Cache Smuggling, this technique allows attackers to bypass traditional security defenses by leveraging browsers’ caching mechanisms to deliver malware disguised as benign files. Modern browsers cache static files (e.g., images, […]

The post Hackers Could Drop Teams Malware via Browser’s Cache Smuggling appeared first on Cyber Security News.

A groundbreaking security tool has emerged in the ongoing battle against sophisticated Linux malware. A new Rust-based kernel module designed specifically for detecting rootkits has been released, offering enhanced capabilities to identify these particularly elusive threats. The module represents a significant advancement in Linux security tooling, addressing the critical need for modern detection mechanisms against […]

The post New Linux Kernel Rust Module Unveiled to Detect Rootkits appeared first on Cyber Security News.

Clio has emerged as a revolutionary real-time logging solution developed by cybersecurity engineers at CyberLock Technologies in the evolving landscape of cybersecurity tools. Launched in January 2025, this sophisticated tool addresses critical gaps in traditional logging frameworks by providing comprehensive visibility into system events while maintaining strong security protocols. Clio’s architecture is specifically designed to […]

The post Clio – Real-Time Logging Tool With Locking, User Authentication, and Audit Trails appeared first on Cyber Security News.

The Federal Communications Commission (FCC) has launched a sweeping investigation into nine Chinese technology and telecommunications companies that were previously placed on its Covered List, aiming to determine if these firms are evading U.S. restrictions.  FCC Chairman Brendan Carr announced on March 21, 2025, that the agency has sent Letters of Inquiry and at least […]

The post FCC Conducting Investigation into Chinese Entities Placed on the Government’s Prohibited List appeared first on Cyber Security News.

A critical vulnerability in GamiPress, a popular WordPress plugin used for gamification and rewards systems on websites.  The high-impact flaw, categorized as CVE-2024-13496 with a CVSS 3.1 score of 7.5, allowed unauthenticated attackers to inject malicious SQL queries that could potentially compromise entire WordPress installations.  The vulnerability, which affected all GamiPress versions up to 7.3.1, […]

The post WordPress Plug-in Vulnerability Let Hackers Inject Malicious SQL Queries appeared first on Cyber Security News.

A critical vulnerability in WP Ghost, a popular WordPress security plugin with over 200,000 active installations.  The high-severity flaw, tracked as CVE-2025-26909 with a CVSS score of 9.6, allows unauthenticated attackers to exploit a Local File Inclusion (LFI) vulnerability that can lead to Remote Code Execution (RCE).  Website administrators are strongly advised to update immediately […]

The post WordPress Plugin Vulnerability Exposes 200k+ Sites to Code Execution Attacks appeared first on Cyber Security News.

Cloudflare has launched AI Labyrinth, an innovative tool designed to combat unauthorized web-scraping bots by redirecting them into an endless maze of AI-generated content.  Introduced on March 19, 2025, this free, opt-in feature marks a significant shift in bot mitigation strategies, leveraging generative AI as a defensive weapon against unauthorized data collection. Unlike traditional methods […]

The post Cloudflare Unveils AI Labyrinth a New Approach to Exhaust AI Crawlers and Other Bots appeared first on Cyber Security News.

Cybercriminals are leveraging Gamma AI, a platform for creating presentations, websites, and documents, to build sophisticated and difficult-to-detect phishing page redirectors. These malicious actors are exploiting Gamma’s advanced capabilities to host phishing redirect pages directly on the legitimate domain, gamma.app, raising concerns about the misuse of AI-powered tools in cyberattacks. The phishing scheme begins with […]

The post Hackers Exploit Gamma AI to Create Sophisticated Microsoft Themed Phishing Redirectors appeared first on Cyber Security News.

The security of video data transmitted through satellite communications has become increasingly vulnerable to information leakage, theft, and data distortion with the rapid proliferation of low-Earth orbit (LEO) satellite constellations. These security risks not only endanger device functionality and user privacy but may also pose potential risks to national security, making efficient encryption technology a […]

The post Securing Satellite Communications by Encrypting Videos on Satellite Payloads appeared first on Cyber Security News.

Tech giant Apple is once again in the legal spotlight as a class-action lawsuit filed in U.S. District Court in San Jose accuses the company of false advertising and unfair competition related to its highly touted Apple Intelligence features. The suit, lodged on Wednesday, March 19, 2025, claims that Apple misled consumers by promoting artificial […]

The post Apple Faces Federal Lawsuit Over Delayed Apple Intelligence Features appeared first on Cyber Security News.

Caido, the innovative security testing tool positioning itself as a compelling alternative to Burp Suite, has just rolled out its latest update, version 0.47.0. This release introduces a slew of exciting features, a revamped user experience, and critical bug fixes, further solidifying its place in the toolkit of security researchers and penetration testers. One of […]

The post Caido v0.47.0 Released – Burp Suite Alternative Web Pentesting Tool Brings New Features appeared first on Cyber Security News.

A recent study has revealed that rooted devices are over 3.5 times more likely to be targeted by mobile malware, underscoring the risks they bring to organizations. Rooting and jailbreaking, once popular methods for customizing mobile devices, are now primarily used by power users. While manufacturers have introduced more customization options and tighter security protocols […]

The post Rooted (Jailbroken) Mobile Devices 3.5 Times More Vulnerable to Cyber Attacks appeared first on Cyber Security News.

Researchers have detected active exploitation attempts targeting two critical vulnerabilities in Cisco’s Smart Licensing Utility that were patched approximately six months ago.  Threat actors leverage these flaws, which could potentially grant unauthorized access to sensitive licensing data and administrative functions. The attacks target two critical vulnerabilities in Cisco Smart Licensing Utility that were disclosed in […]

The post Hackers Exploiting Multiple Cisco Smart Licensing Utility Vulnerabilities appeared first on Cyber Security News.