Cyber Security News

Russian-backed threat actors continue their sophisticated cyber espionage operations against Western institutions through advanced phishing tactics. Calisto, a Russia-nexus intrusion set attributed to the Russian FSB’s Center 18 for Information Security (military unit 64829), has emerged as a persistent threat targeting NATO research entities and strategic organizations. The group has expanded its attack scope to […]

The post Russian Calisto Hackers Target NATO Research Sectors with ClickFix Malicious Code appeared first on Cyber Security News.

A new sophisticated threat actor has emerged in the cybersecurity landscape, targeting critical infrastructure across the United States. The adversary, operating under the name WARP PANDA, has demonstrated remarkable technical capabilities in infiltrating VMware vCenter environments at legal, technology, and manufacturing organizations. This group’s emergence marks a significant escalation in cloud-based cyberattacks, with particular focus […]

The post China-Nexus Hackers Exploiting VMware vCenter Environments to Deploy Web Shells and Malware Implants appeared first on Cyber Security News.

Critical security updates have been released to fix two high-severity flaws in the Triton Inference Server that let attackers crash systems remotely from NVIDIA. Both flaws received a CVSS score of 7.5, indicating they are high-priority threats requiring immediate patching. The first vulnerability (CVE-2025-33211) involves improper validation of input quantity. An attacker can exploit this […]

The post NVIDIA Triton Vulnerability Let Attackers Trigger DoS Attack Using Malicious Payload appeared first on Cyber Security News.

Attackers are actively exploiting a serious vulnerability in Array Networks’ ArrayOS AG series to gain unauthorized access to enterprise networks. The flaw exists in the DesktopDirect function, a feature designed to provide remote desktop access to administrators. Security researchers have discovered that this command injection vulnerability allows attackers to execute arbitrary commands on affected systems […]

The post Hackers Actively Exploiting ArrayOS AG VPN Vulnerability to Deploy Webshells appeared first on Cyber Security News.

A major disruption swept across the internet today as Cloudflare, a critical backbone for millions of websites, reported widespread issues with its Dashboard and APIs, triggering 500 Internal Server Errors for users globally. The outage, confirmed by Cloudflare’s status page, began around 08:56 UTC and impacted management tools, automations, and integrations reliant on these services. […]

The post Cloudflare Outage Hits Internet with 500 Internal Server Error appeared first on Cyber Security News.

A dangerous new Android spyware variant called ClayRat has emerged as a significant threat to mobile device security worldwide. First identified in October by the zLabs team, this malware represents a concerning evolution in mobile threats with capabilities that allow attackers to gain near-complete control over infected devices. The spyware demonstrates sophisticated techniques to steal […]

The post ClayRat Android Malware Steals SMS Messages, Call Logs and Capture Victim Photos appeared first on Cyber Security News.

A dangerous new wave of phishing attacks is targeting Solana users by changing wallet ownership permissions rather than stealing private keys. A victim lost more than USD 3 million in a single attack, with an additional USD 2 million locked in investment platforms. What makes this attack unique is that the user’s funds remained visible […]

The post Beware of Solana Phishing Attacks That Let Hackers Initiate Unauthorized Account Transfer appeared first on Cyber Security News.

A critical command injection vulnerability in the open-source network monitoring tool Cacti allows authenticated attackers to execute arbitrary code remotely, potentially compromising the entire monitoring infrastructure. The flaw, tracked as CVE-2025-66399, affects all versions up to 1.2.28 and stems from inadequate input validation in the SNMP device configuration functionality. The vulnerability resides in the device […]

The post Cacti Command Injection Vulnerability Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.

A high-severity vulnerability has been disclosed in Splunk affecting its Enterprise and Universal Forwarder products for Windows, stemming from incorrect file permissions during installation and upgrades. The vulnerability, tracked as CVE-2025-20386 for Splunk Enterprise and CVE-2025-20387 for Universal Forwarder. Allows non-administrator users to access sensitive installation directories and their contents, creating a pathway for privilege […]

The post Splunk Enterprise Vulnerabilities Allows Privileges Escalation Via Incorrect File Permissions appeared first on Cyber Security News.

SeedSnatcher represents a significant threat to cryptocurrency users worldwide. Packaged under the seemingly innocent name “Coin” and distributed through Telegram, this Android malware has emerged as a sophisticated tool designed specifically to steal digital wallet recovery codes and execute remote commands on infected devices. The malware, registered under the package name com.pureabuladon.auxes, operates as a […]

The post SEEDSNATCHER Android Malware Attacking Users to Exfiltrate Sensitive Data and Execute Malicious Commands appeared first on Cyber Security News.

Security researchers have uncovered a sophisticated Linux malware campaign that merges Mirai-derived DDoS botnet capabilities with a stealthy fileless cryptominer, representing a significant evolution in IoT and cloud-targeted threats. The malware, dubbed V3G4 by Cyble Research Intelligence Labs, employs a multi-stage infection chain designed to compromise Linux servers and IoT devices across multiple architectures while […]

The post New Stealthy Linux Malware Combines Mirai-Derived DDoS Botnet and Fileless Cryptominer appeared first on Cyber Security News.

China-nexus threat groups are racing to weaponize the new React2Shell bug, tracked as CVE-2025-55182, only hours after its public disclosure. The flaw sits in React Server Components and lets an attacker run code on the server without logging in. Early scans show broad probing of internet-facing React and Next[.]js apps, with a focus on high-value […]

The post China-Nexus Hackers Actively Exploiting React2Shell Vulnerability (CVE-2025-55182) in the Wild appeared first on Cyber Security News.

A proof-of-concept (PoC) exploit for CVE-2025-55182, a maximum-severity remote code execution (RCE) flaw in React Server Components, surfaced publicly this week, heightening alarms for developers worldwide. Dubbed “React2Shell” by some researchers, the vulnerability carries a CVSS score of 10.0 and affects React versions 19.0.0 through 19.2.0, as well as Next.js 15.x and 16.x using App […]

The post PoC Exploit Released for Critical React, Next.js RCE Vulnerability (CVE-2025-55182) appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Canadian Centre for Cyber Security (Cyber Centre) issued a joint advisory today, warning of a sophisticated new malware campaign orchestrated by People’s Republic of China (PRC) state-sponsored cyber actors. The advisory details “BRICKSTORM,” a formidable backdoor designed to establish long-term persistence […]

The post CISA and NSA Warn of BRICKSTORM Malware Attacking VMware ESXi and Windows Environments appeared first on Cyber Security News.

A new class of prompt injection vulnerabilities, dubbed “PromptPwnd,” has been uncovered by cybersecurity firm Aikido Security. The flaws affect GitHub Actions and GitLab CI/CD pipelines that are integrated with AI agents, including Google’s Gemini CLI, Claude Code, and OpenAI Codex. The vulnerability has been confirmed to impact at least five Fortune 500 companies, with […]

The post Prompt Injection Flaw in GitHub Actions Hits Fortune 500 Firms appeared first on Cyber Security News.

Austin, TX, USA, December 4th, 2025, CyberNewsWire Phishing has surged 400% year-over-year, highlighting need for real-time visibility into identity exposures. SpyCloud, the leader in identity threat protection, today released new data showing a sharp rise in phishing attacks that disproportionately target corporate users. The company tracked a 400% year-over-year increase in successfully phished identities, with […]

The post SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware appeared first on Cyber Security News.

Clickjacking has long been considered a “dumb” attack in the cybersecurity world. Traditionally, it involves placing an invisible frame over a legitimate website to trick a user into clicking a button they didn’t intend to, like masking a “Delete Account” button with a fake “Play Video” overlay. However, a security researcher known as Lyra has […]

The post New SVG Clickjacking Attack Let Attackers Create Interactive Clickjacking Attacks appeared first on Cyber Security News.

Critical vulnerability has been added to CISA’s Known Exploited Vulnerabilities list, warning organizations about a dangerous file-upload flaw in OpenPLC ScadaBR systems. The vulnerability allows remote authenticated users to upload and execute arbitrary JSP files through the view_edit.shtm interface, creating a significant risk for industrial control system environments. OpenPLC ScadaBR File Upload Vulnerability OpenPLC ScadaBR, […]

The post CISA Warns of OpenPLC ScadaBR File Upload Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Arizona Attorney General Kris Mayes has announced a lawsuit against the popular Chinese e-commerce retailer Temu, accusing the company of stealing vast amounts of customer data. The lawsuit, filed Tuesday, positions Arizona alongside several other states taking legal action against Temu and its parent company, PDD Holdings Inc. Mayes stated that Temu’s application deceives customers […]

The post Arizona Attorney General Suses Chinese E-commerce Retailer Temu Over Data Theft Claims appeared first on Cyber Security News.

Lazarus Group’s Famous Chollima unit has been caught “live on camera” running its remote IT worker scheme, after researchers funneled its operatives into fake laptops that were actually long‑running sandbox environments under full surveillance. The investigation exposes in unprecedented detail how North Korean operators use identity theft, rented identities, and off‑the‑shelf tools to embed themselves […]

The post Lazarus Group’s IT Workers Scheme Hacker Group Caught Live On Camera appeared first on Cyber Security News.