Cyber Security News

Dell Technologies has disclosed a critical security vulnerability in its Data Lakehouse platform that could allow remote attackers to escalate privileges and compromise system integrity. The flaw, tracked as CVE-2025-46608, affects all versions before 1.6.0.0 and has been assigned a CVSS score of 9.1, placing it in the critical severity category. The security flaw stems from an improper […]

The post Critical Dell Data Lakehouse Vulnerability Let Remote Attacker Escalate Privileges appeared first on Cyber Security News.

Businesses today are dealing with faster, stealthier email threats that look routine yet unleash aggressively malicious scripts the moment a user engages. This is especially true when the lure arrives as an attachment that resembles a harmless image file.  The perception gap is exactly what attackers exploit with SVG phishing, whereby what appears to be […]

The post How Attackers Turn SVG Files Into Phishing Lures appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) has released a warning about a serious vulnerability affecting WatchGuard Firebox security appliances. This flaw, tracked as CVE-2025-9242, potentially allows remote attackers to take control of affected systems. The security issue involves an out-of-bounds write in the device’s operating system, specifically the OS iked process. This means a […]

The post CISA Warns WatchGuard Firebox Out-of-Bounds Write Vulnerability Exploited Attacks appeared first on Cyber Security News.

A vulnerability in OpenAI’s advanced video generation model, Sora 2, that enables the extraction of its hidden system prompt through audio transcripts, raising concerns about the security of multimodal AI systems. This vulnerability, detailed in a blog post by AI security firm Mindgard, demonstrates how creative prompting across text, images, video, and audio can bypass […]

The post OpenAI Sora 2 Vulnerability Exposes System Prompts via Audio Transcripts appeared first on Cyber Security News.

Microsoft has released security updates to fix a serious vulnerability in SQL Server that allows attackers to gain higher system privileges. The flaw, tracked as CVE-2025-59499, was disclosed on November 11, 2025, and affects multiple versions including SQL Server 2016, 2017, 2019, and 2022. This vulnerability stems from improper handling of special characters in SQL […]

The post Microsoft SQL Server Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding federal agencies. Failing to properly patch Cisco Adaptive Security Appliances (ASA) and Firepower Threat Defense (FTD) devices against actively exploited vulnerabilities. Under Emergency Directive 25-03, CISA has identified two severe CVEs posing unacceptable risks to federal information systems: CVE-2025-20333, which enables remote […]

The post CISA Warns of Federal Agencies Not Fully Patching Actively Exploited Cisco ASA or Firepower Devices appeared first on Cyber Security News.

A new phishing campaign is targeting iPhone owners who have lost their devices, exploiting their hope of recovery to steal Apple ID credentials. The National Cyber Security Centre (NCSC) has received multiple reports of cases where victims received text messages claiming their lost or stolen iPhones had been found abroad, sometimes months after the devices […]

The post New Phishing Attack Targeting iPhone Owners Who’ve Lost Their Devices appeared first on Cyber Security News.

A Chinese national has been sentenced to over 11 years in prison following one of the most significant cryptocurrency fraud investigations in history. Zhimin Qian, 47, received an 11-year and eight-month sentence for possessing and transferring criminal property under the Proceeds of Crime Act 2002. The case marks the culmination of a seven-year investigation by […]

The post Chinese National Jailed for Laundering Over £5 Billion by Defrauding Over 128,000 Victims appeared first on Cyber Security News.

A vulnerability has been discovered in Lite XL, a lightweight text editor, that could allow attackers to execute arbitrary code on affected systems. Carnegie Mellon University experts identified CVE-2025-12120, which affects Lite XL versions 2.1.8 and earlier. The flaw exists in how Lite XL handles project configuration files. How the Vulnerability Works When users open […]

The post Lite XL Text editor Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

Recognition we believe underscores global customer trust and proven product excellence for security teams evaluating NDR solutions. ThreatBook, a global leader in threat intelligence-based cybersecurity solutions, today announced that for its Threat Detection Platform (TDP), it has been recognized as a Strong Performer in the 2025 Gartner Peer Insights Voice of the Customer for Network Detection and Response […]

The post ThreatBook Peer-Recognized as a Strong Performer in the 2025 Gartner® Peer Insights™ Voice of the Customer for Network Detection and Response — for the Third Consecutive Year appeared first on Cyber Security News.

A large phishing campaign has been targeting travelers worldwide, using more than 4,300 fake domains to steal payment card information. The operation focuses on people planning vacations or about to check into hotels by sending fake booking confirmation emails that appear to come from trusted travel companies. The attackers have created a network of websites […]

The post Massive Phishing Attack Impersonate as Travel Brands Attacking Users with 4,300 Malicious Domains appeared first on Cyber Security News.

Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway products. Tracked as CVE-2025-12101, the flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijacking, data theft, or unauthorized actions. The vulnerability carries a moderate CVSSv4 score of 5.9, highlighting its […]

The post Citrix NetScaler ADC and Gateway Vulnerability Enables Cross-Site Scripting Attacks appeared first on Cyber Security News.

Cybersecurity leaders now face an impossible equation: you need intelligence that’s comprehensive enough to protect your organisation, fresh enough to stop emerging threats, and manageable enough that your team doesn’t drown in false positives. Most solutions force you to choose. Some prove you don’t have to.  The Intelligence Paradox: Too Much and Never Enough  Every CISO knows the struggle. Deploy too few threat feeds, […]

The post Why your Business Need Live Threat Intel from 15k SOCs appeared first on Cyber Security News.

A sophisticated backdoor malware campaign has emerged targeting Windows users through a weaponized version of SteamCleaner, a legitimate open-source utility designed to clean junk files from the Steam gaming platform. The malware establishes persistent access to compromised systems by deploying malicious Node.js scripts that maintain continuous communication with command-and-control servers, enabling attackers to execute arbitrary […]

The post Beware of Malicious Steam Cleanup Tool Attack Windows Machines to Deploy Backdoor Malware appeared first on Cyber Security News.

Apache OpenOffice has released version 4.1.16, addressing seven critical security vulnerabilities that enable unauthorized remote document loading and memory corruption attacks. These flaws represent a significant security risk to users of the popular open-source office suite. The most severe vulnerabilities involve unauthorized remote content loading without user prompts or warnings. Attackers can exploit these weaknesses to load […]

The post Multiple Apache OpenOffice Vulnerabilities Leads to Memory Corruption and Unauthorized Content Loading appeared first on Cyber Security News.

Microsoft has disclosed two critical security vulnerabilities in GitHub Copilot and Visual Studio that could allow attackers to bypass essential security features. Both vulnerabilities were released on November 11, 2025, and have been assigned an Important severity rating. Path Traversal Vulnerability in Visual Studio The first vulnerability, tracked as CVE-2025-62449, stems from improper limitations in pathname […]

The post GitHub Copilot and Visual Studio Vulnerabilities Allow Attacker to Bypass Security Feature appeared first on Cyber Security News.

An advanced hacking group is actively exploiting zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix systems. These attacks, spotted in real-world operations, allow hackers to deploy custom webshells and gain deep access to corporate networks. The findings highlight how attackers are targeting key systems that manage user logins and network controls, putting businesses […]

The post Hackers Actively Exploiting Cisco and Citrix 0-Days in the Wild to Deploy Webshell appeared first on Cyber Security News.

The advanced persistent threat group APT-C-08, also known as Manlinghua or BITTER, has launched a sophisticated campaign targeting government organizations across South Asia by exploiting a critical directory traversal vulnerability in WinRAR. Security researchers have identified the group’s first operational use of CVE-2025-6218, a flaw affecting WinRAR versions 7.11 and earlier that allows attackers to […]

The post APT-C-08 Hackers Exploiting WinRAR Vulnerability to Attack Government Organizations appeared first on Cyber Security News.

A sophisticated phishing campaign has emerged, targeting organizations across Central and Eastern Europe by impersonating legitimate global brands to deceive users into surrendering their login credentials. The attack utilizes self-contained HTML files delivered as email attachments, eliminating the need for external server hosting or suspicious URLs that traditional security systems typically detect. Once opened, these […]

The post New Phishing Attack Leverages Popular Brands to Harvest Login Credentials appeared first on Cyber Security News.

Microsoft has confirmed it is investigating a significant issue affecting Microsoft Teams for Education, which is particularly impacting users’ ability to access critical features such as assignments and grades. The problem, which initially appeared limited to administrators in Europe, has since expanded to affect all users with educational accounts worldwide potentially. The outage stems from […]

The post Microsoft Investigating Teams Issue that Disables Users from Opening Apps appeared first on Cyber Security News.