Cyber Security News

Threat actors leveraging artificial intelligence tools have compressed the cloud attack lifecycle from hours to mere minutes, according to new findings from the Sysdig Threat Research Team (TRT). In a November 2025 incident, adversaries escalated from initial credential theft to full administrative privileges in less than 10 minutes by using large language models (LLMs) to […]

The post Hackers Using AI to Get AWS Admin Access Within 10 Minutes appeared first on Cyber Security News.

Microsoft has resolved an outage affecting inline images in Microsoft Teams chats, restoring normal functionality for millions of enterprise users worldwide. The incident, tracked under incident ID TM1226769 in the Microsoft 365 admin center, caused delays or complete failures in loading and retrieving embedded images within chat threads. The issue surfaced recently, impacting Teams users […]

The post Microsoft Investigating Teams Chat Image Retrieval Issue Affecting Enterprise Users appeared first on Cyber Security News.

Most internet users trust their routers to direct traffic correctly, never suspecting that the very signposts of the web could be manipulated. A sophisticated “shadow” network has been silently hijacking home internet connections by compromising vulnerable routers and altering their DNS configurations. Instead of using a legitimate Service Provider’s servers, these infected devices send all […]

The post Shadow DNS Hacking Routers Internet Traffic Through Compromised Routers appeared first on Cyber Security News.

Alisa Viejo, United States, February 4th, 2026, CyberNewsWire One Identity, a leader in unified identity security, today announced the appointment of Gihan Munasinghe as Chief Technology Officer. Munasinghe brings more than 15 years of experience leading global engineering organizations and delivering large-scale, customer-centric software platforms. In this role, he will lead the engineering organization and set […]

The post One Identity Appoints Gihan Munasinghe as Chief Technology Officer appeared first on Cyber Security News.

Active Directory serves as the foundation of enterprise authentication systems, making it a prime target for sophisticated threat actors. The NTDS.dit database file, which stores encrypted password hashes and critical domain configurations, has become one of the most sought-after assets in corporate networks. When adversaries successfully obtain this file, they gain unrestricted access to an […]

The post Hackers Exfiltrating NTDS.dit File to Gain Full Active Directory Access appeared first on Cyber Security News.

Two months following the disclosure of CVE-2025-55182, exploitation activity targeting React Server Components has evolved from broad scanning into consolidated, high-volume attack campaigns. According to telemetry from GreyNoise collected between January 26 and February 2, 2026, threat actors are actively leveraging this critical vulnerability to deploy cryptominers and establish persistent remote access. While the total […]

The post Hackers Exploiting React Server Components Vulnerability in the Wild to Deploy Malicious Payloads appeared first on Cyber Security News.

GlassWorm has emerged as a serious threat to developers using the Open VSX Registry, where popular VSX extensions were silently turned into delivery vehicles for malware. Threat actors compromised a trusted publisher account and pushed poisoned updates that looked like routine releases but actually carried a staged loader. These extensions, which had more than 22,000 […]

The post GlassWorm Infiltrated VSX Extensions with More than 22,000 Downloads to Attack Developers appeared first on Cyber Security News.

Infostealer campaigns that once focused mainly on Windows are now expanding aggressively to macOS, using Python and trusted platforms to reach new victims. Recent attacks show a clear shift: threat actors are abusing online ads, fake apps, and familiar tools to quietly steal credentials, session cookies, and cryptocurrency data from Mac users. Cross‑platform Python stealers […]

The post Infostealer Campaigns Expand to macOS as Attackers Abuse Python and Trusted Platforms appeared first on Cyber Security News.

Cybercriminals are launching a dangerous phishing campaign that tricks users into giving away their login credentials by impersonating Dropbox. This attack uses a multi-stage approach to bypass email security checks and content scanners. The threat actors exploit trusted cloud platforms and harmless-looking PDF files to create a deception chain that leads victims to a fake […]

The post Beware of Fake Dropbox Phishing Attack that Harvest Login Credentials appeared first on Cyber Security News.

Threat actors are actively exploiting a critical remote code execution vulnerability in React Native’s Metro Development Server to deliver advanced malware payloads across Windows and Linux systems. VulnCheck’s Canary honeypot network first detected operational exploitation of CVE-2025-11953 dubbed “Metro4Shell” on December 21, 2025, with continued attacks observed in January 2026, yet the vulnerability remains largely […]

The post Hackers Exploiting React Native’s Metro Server in the Wild to Attack Developers appeared first on Cyber Security News.

Security updates addressing critical cross-site scripting (XSS) vulnerabilities in Foxit PDF Editor Cloud that could allow attackers to execute arbitrary JavaScript code in users’ browsers. The vulnerabilities were discovered in the application’s File Attachments list and Layers panel, where insufficient input validation and improper output encoding create pathways for malicious code execution. Two related cross-site […]

The post Foxit PDF Editor Vulnerabilities Let Attackers Execute Arbitrary JavaScript appeared first on Cyber Security News.

There is a comforting illusion in cybersecurity leadership: when things get noisy, you add more people. More analysts. More shifts. More headcount. It feels decisive. It looks responsible. It even photographs well for internal reports.  But SOC inefficiency is rarely a staffing problem. It is a signal problem.  When More People Don’t Mean Better Security  Across industries, security […]

The post Stronger Incident Prevention Takes Just One CISO Decision  appeared first on Cyber Security News.

A sophisticated phishing campaign targeting macOS users has emerged, using fake compliance emails as a delivery mechanism for advanced malware. Chainbase Lab recently detected this campaign, which impersonates legitimate audit and compliance notifications to deceive users. The attack chain combines social engineering with multi-stage fileless payloads designed to steal credentials and establish persistent remote access […]

The post Beware of New Compliance Emails Weaponizing Word/PDF Files to Steal Sensitive Data appeared first on Cyber Security News.

A new variant of the PDFly malware has emerged with advanced techniques that challenge traditional analysis methods. The malware uses a modified PyInstaller executable that prevents standard extraction tools from working properly. This makes it difficult for security teams to examine the code and understand how the threat operates. The modified version changes key identifiers […]

The post PDFly Variant Uses Custom PyInstaller Modification, Forcing Analysts to Reverse-Engineer Decryption appeared first on Cyber Security News.

French authorities raided the Paris headquarters of Elon Musk’s social media platform X today, escalating a year-old cybercrime probe into alleged algorithmic manipulation and illicit content distribution. The operation, led by the Paris prosecutor’s cybercrime unit alongside France’s national cybercrime police and Europol, marks a significant intensification of scrutiny on X’s data practices and moderation […]

The post French Authorities Raid X Office Following Cybercrime Allegations appeared first on Cyber Security News.

The transition away from NTLM (New Technology LAN Manager), a legacy authentication protocol that has existed in Windows for over three decades, is being accelerated. The company has announced a phased roadmap to reduce, restrict, and ultimately disable NTLM by default in upcoming Windows releases, marking a significant evolution in Windows authentication security. NTLM has […]

The post Microsoft to Disable NTLM by Default as a Step Towards More Secure Authentication appeared first on Cyber Security News.

A critical XML External Entity (XXE) vulnerability has been disclosed in the Syncope identity management console. The flaw could allow administrators to expose sensitive user data and compromise session security inadvertently. The vulnerability, tracked as CVE-2026-23795, affects multiple versions of the platform and requires immediate patching. The improper restriction of XML External Entity references in […]

The post Apache Syncope Vulnerability Let Attackers Hijack User Sessions appeared first on Cyber Security News.

APT28, the Russia-linked advanced persistent threat group, has launched a sophisticated campaign targeting Central and Eastern Europe using a zero-day vulnerability in Microsoft Office. The threat actors leveraged specially crafted Microsoft Rich Text Format (RTF) files to exploit the vulnerability and deliver malicious backdoors through a multi-stage infection chain. The campaign, tracked as Operation Neusploit, […]

The post APT28 Hackers Exploiting Microsoft Office 0-Day in the Wild to Deploy Malware appeared first on Cyber Security News.

A dangerous banking malware called Anatsa has been discovered spreading through the Google Play Store, reaching more than fifty thousand downloads before detection. The malicious application was cleverly hidden as a document reader, making it appear harmless to unsuspecting users searching for legitimate file management tools. This discovery highlights how cybercriminals continue to exploit official […]

The post Malicious App on The Google Play with 50K+ Downloads Deploy Anatsa Banking Malware appeared first on Cyber Security News.

A critical authenticated command execution vulnerability has been disclosed affecting multiple Hikvision Wireless Access Point (WAP) models. The flaw, tracked as CVE-2026-0709, stems from insufficient input validation in device firmware, potentially allowing attackers with valid credentials to execute arbitrary commands on affected systems. The vulnerability carries a CVSS v3.1 base score of 7.2, indicating a […]

The post Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution appeared first on Cyber Security News.