Cyber Security News

Windows Subsystem for Linux 2 (WSL2) is meant to give developers a fast Linux environment on Windows. Now attackers are turning that benefit into a hiding place. By running tools and payloads inside the WSL2 virtual machine, they can operate out of sight of many traditional Windows security controls. The result is a quiet but […]

The post Attackers are Using WSL2 as a Stealthy Hideout Inside Windows Systems appeared first on Cyber Security News.

A seemingly simple phone call became the gateway to a sophisticated attack that diverted employee paychecks without any malware or network breach. An organization discovered this fraud when workers reported missing salary deposits. The attacker had modified direct-deposit information to funnel payments into accounts under their control. This incident reveals a troubling trend where threat […]

The post Attackers Redirected Employee Paychecks Without Breaching a Single System appeared first on Cyber Security News.

A new spear-phishing campaign known as Operation Poseidon has emerged, exploiting Google’s advertising infrastructure to distribute EndRAT malware while evading traditional security measures. he attack leverages legitimate ad click tracking domains to disguise malicious URLs, making them appear as trustworthy advertising traffic. This technique effectively bypasses email security filters and reduces user suspicion during the […]

The post New Spear-Phishing Attack Abusing Google Ads to Deliver EndRAT Malware appeared first on Cyber Security News.

A critical zero-day vulnerability in Cloudflare’s Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers through a certificate validation path. Security researchers from FearsOff discovered that requests targeting the /.well-known/acme-challenge/ directory could reach origins even when customer-configured WAF rules explicitly blocked all other traffic. The Automatic Certificate Management […]

The post Cloudflare Zero-Day Vulnerability Enables Any Host Access Bypassing Protections appeared first on Cyber Security News.

Malicious file converter applications distributed through deceptive advertisements are infecting thousands of systems with persistent remote access trojans (RATs). These seemingly legitimate productivity tools perform their advertised functions while secretly installing backdoors that give attackers continuous access to victim computers. Nextron Systems found that the infection chain typically begins with malicious Google advertisements placed on […]

The post Free Converter Apps that Convert your Clean System to Infected in Seconds appeared first on Cyber Security News.

Ukrainian and German law enforcement have disrupted a Russian‑affiliated hacker group that has been carrying out high‑impact ransomware attacks against organizations worldwide, causing losses estimated in the hundreds of millions of euros. According to Ukraine’s Cyber Police and the Main Investigation Department of the National Police, working under the guidance of the Cyber Department of […]

The post Ukraine Police Exposed Russian Hacker Group Specializes in Ransomware Attack appeared first on Cyber Security News.

A significant security vulnerability has been discovered in Livewire Filemanager, a widely used file management component embedded in Laravel web applications. Tracked as CVE-2025-14894 and assigned vulnerability note VU#650657, the flaw enables unauthenticated attackers to execute arbitrary code on vulnerable servers. The vulnerability stems from improper file validation in the LivewireFilemanagerComponent.php component. The tool fails […]

The post Livewire Filemanager Vulnerability Exposes Web Applications to RCE Attacks appeared first on Cyber Security News.

Approximately 750,000 Canadian investors were affected by a sophisticated phishing attack first disclosed in August 2025. The self-regulatory organization announced the full extent of the breach on January 14, 2026. After completing a comprehensive forensic investigation spanning over 9,000 hours of examination. The unauthorized access resulted from a targeted phishing campaign that compromised sensitive investor […]

The post CIRO Confirms Data Breach – 750,000 Canadian Investors Have been Impacted appeared first on Cyber Security News.

Five coordinated malicious Chrome extensions have emerged as a sophisticated threat to enterprise security, targeting widely-used human resources and financial platforms used by thousands of organizations worldwide. These extensions operate in concert to steal authentication tokens, disable security controls, and enable complete account takeover through session hijacking. The campaign affects Workday, NetSuite, and SuccessFactors—critical systems […]

The post 5 Malicious Chrome Extensions Attacking Enterprise HR and ERP Platforms for Complete Takeover appeared first on Cyber Security News.

PDFSIDER is a newly exposed backdoor that gives attackers long term control of Windows systems while slipping past many antivirus and endpoint detection and response tools. It uses trusted software and strong encryption to hide its presence, letting intruders run commands, study the network, and move deeper inside targeted environments. The campaign behind PDFSIDER relies […]

The post PDFSIDER Malware Actively Used by Threat Actors to Bypass Antivirus and EDR Systems appeared first on Cyber Security News.

A recent investigation into a deceptive push-notification network shows how a simple DNS mistake can open a window into criminal infrastructure. The campaign abused browser notifications to flood Android users with fake security alerts, gambling lures, and adult offers. Random-looking domains and hidden hosting tried to hide the operator while keeping the flow of clicks […]

The post Researchers Gained Access to Hacker Domain Server Using Name Server Delegation appeared first on Cyber Security News.

A critical vulnerability in Windows SMB client authentication that enables attackers to compromise Active Directory environments through NTLM reflection exploitation. Classified as an improper access control vulnerability, this vulnerability allows authorized attackers to escalate privileges via carefully orchestrated authentication relay attacks over network connections. Seven months after the June 2025 security patch release, research reveals […]

The post Windows SMB Client Vulnerability Enables Attacker to Own Active Directory appeared first on Cyber Security News.

Cybersecurity researchers have discovered a sophisticated malware campaign using an unusual but effective tactic: deliberately crashing users’ browsers. The threat, named CrashFix, operates through a malicious Chrome extension disguised as the legitimate ad blocker NexShield. When users search for privacy tools online, malicious advertisements direct them to download what appears to be a trustworthy extension […]

The post CrashFix – Hackers Using Malicious Extensions to Display Fake Browser Warnings appeared first on Cyber Security News.

Security researchers have uncovered significant vulnerabilities in the firmware of Xiaomi’s popular Redmi Buds series, specifically affecting models ranging from the Redmi Buds 3 Pro up to the latest Redmi Buds 6 Pro. The discovery highlights critical flaws in the Bluetooth implementation of these devices, allowing attackers to access sensitive information or force the devices […]

The post Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes appeared first on Cyber Security News.

Cybercriminals have distributed 17 malicious browser extensions across Chrome, Firefox, and Edge platforms, collectively downloading over 840,000 times and compromising user security for years. The GhostPoster campaign, which emerged as early as 2020, used deceptive extension names like “Google Translate in Right Click,” “Youtube Download,” and “Ads Block Ultimate” to appear legitimate while quietly stealing […]

The post 17 New Malicious Chrome GhostPoster Extensions with 840,000+ Installs Steals User Data appeared first on Cyber Security News.

A critical flaw in Windows Kerberos authentication that significantly expands the attack surface for credential relay attacks in Active Directory environments. By abusing how Windows clients handle DNS CNAME responses during Kerberos service ticket requests, attackers can coerce systems into requesting tickets for attacker-controlled services, bypassing traditional protections. The Attack Vector The vulnerability centers on […]

The post New Kerberos Relay Attack Uses DNS CNAME to Bypass Mitigations – PoC Released appeared first on Cyber Security News.

A critical vulnerability in ServiceNow’s Virtual Agent API and the Now Assist AI Agents application has been discovered, allowing unauthenticated attackers to impersonate any user and execute privileged AI agents remotely. Security researcher Aaron Costello from AppOmni disclosed the flaw, tracked as CVE-2025-12420, which combines a hardcoded platform-wide secret with insecure account-linking logic to bypass […]

The post BodySnatcher – New Vulnerability Allows Attacker to Impersonate Any ServiceNow User appeared first on Cyber Security News.

Microsoft has released an out-of-band emergency update to resolve a critical issue affecting Remote Desktop connections on Windows client devices. The problem emerged immediately following the installation of the January 2026 security update, identified as KB5074109. Administrators and users reported widespread credential prompt failures when attempting to sign in via the Windows App, significantly disrupting […]

The post Microsoft January 2026 Security Update Causes Credential Prompt Failures in Remote Desktop Connections appeared first on Cyber Security News.

Google-owned Mandiant has publicly released a comprehensive dataset of Net-NTLMv1 rainbow tables, marking a significant escalation in demonstrating the security risks of legacy authentication protocols. The release underscores an urgent message: organizations must immediately migrate away from Net-NTLMv1, a deprecated protocol that has been cryptographically broken since 1999 and widely known to be insecure since […]

The post Mandiant Releases Rainbow Tables Enabling NTLMv1 Admin Password Hacking appeared first on Cyber Security News.

Let’s Encrypt, a key provider of free TLS certificates, has rolled out short-lived and IP address-based certificates for general use. These new options became available starting in early 2026, addressing long-standing issues in certificate security. Short-lived certificates last just 160 hours, about six and a half days, while IP-based ones tie directly to IP addresses […]

The post Let’s Encrypt has made 6-day IP-based TLS certificates Generally Available appeared first on Cyber Security News.