Cyber Security News

A critical vulnerability in WinZip that enables attackers to bypass Windows’ Mark-of-the-Web (MotW) security feature, potentially allowing malicious code to execute without warning on victims’ computers. This serious security flaw, tracked as CVE-2025-33028, affects WinZip installations up to version 29.0 and has received a high severity CVSS score of 7.8. Mark-of-the-Web is a Windows security […]

The post WinZip MotW Bypass Vulnerability Let Hackers Execute Malicious Code Silently appeared first on Cyber Security News.

Microsoft has released its second progress report on the Secure Future Initiative (SFI), described as the largest cybersecurity engineering project in the company’s history. Led by Charlie Bell, Executive Vice President of Microsoft Security, the initiative has mobilized the equivalent of 34,000 engineers working full-time for 11 months to bolster security for Microsoft, its customers, […]

The post “Microsoft’s Secure Future Initiative” Biggest Cybersecurity Project in Its History appeared first on Cyber Security News.

Microsoft has acknowledged a recent issue that triggered widespread alerts in its Entra ID Protection system, flagging user accounts as high risk due to supposed credential leaks on the dark web. The alerts have been attributed to a combination of an internal token logging error and the rollout of a new security feature called MACE […]

The post Microsoft Addresses Entra ID Token Logging Issue, Alerts to Protect Users appeared first on Cyber Security News.

In 2025, digital forensics stands at the intersection of rapid technological innovation, increasingly sophisticated cyber threats, and the ever-expanding volume of digital data. The role of the Chief Security Officer (CSO) has never been more critical in leading effective digital investigations. As organizations rely more on cloud computing, mobile devices, and interconnected systems, the complexity […]

The post Digital Forensics In 2025: How CSOs Can Lead Effective Investigations appeared first on Cyber Security News.

Web-based attacks remain one of the most persistent threats to modern organizations, targeting everything from web applications and APIs to user email inboxes. Security Orchestration, Automation, and Response (SOAR) platforms have emerged as essential tools for automating the detection, investigation, and response to these threats. The power of SOAR lies in its ability to standardize […]

The post Building SOAR Playbooks To Respond To Common Web-Based Attacks appeared first on Cyber Security News.

In today’s cybersecurity landscape, organizations face increasingly sophisticated attacks from adversaries ranging from opportunistic hackers to state-sponsored threat actors. With a significant percentage of organizations having experienced an exploit or breach, security leaders must adopt proactive approaches to identify vulnerabilities and detect hidden threats. Penetration testing and threat hunting represent two complementary strategies that, when […]

The post Penetration Testing And Threat Hunting: Key Practices For Security Leaders appeared first on Cyber Security News.

Cybersecurity researchers have documented an alarming surge in infostealer malware distribution through phishing channels, with weekly delivery volume increasing by 84% in 2024 compared to the previous year. According to recently released data, this upward trend shows no signs of slowing, with early 2025 figures suggesting an even more dramatic 180% increase in weekly volume […]

The post Attack Via Infostealers Increased by 84% Via Phishing Emails Per Week appeared first on Cyber Security News.

In a concerning evolution of cyber infiltration tactics, North Korean IT workers have begun deploying sophisticated real-time deepfake technology during remote job interviews to secure positions within organizations worldwide. This advanced technique allows threat actors to present convincing synthetic identities during video interviews, enabling them to bypass traditional identity verification processes and infiltrate companies for […]

The post North Korean IT Workers Using Real-time Deepfake to Infiltrate Organizations via Remote Job appeared first on Cyber Security News.

Cybersecurity experts have identified a sophisticated new phishing technique that exploits the SVG (Scalable Vector Graphics) file format to deliver malicious HTML content to unsuspecting victims. This emerging threat, first observed at the beginning of 2025, represents a notable evolution in phishing tactics as attackers leverage the dual nature of SVG files to bypass security […]

The post New Phishing Attack Appending Weaponized HTML Files Inside SVG Files appeared first on Cyber Security News.

In the modern enterprise, cybersecurity is no longer just a technical concern it is a boardroom priority. The frequency and impact of cyber incidents have escalated, placing organizational resilience, regulatory compliance, and business reputation at risk. Board members, however, often lack the technical fluency to interpret traditional cybersecurity reports, which can lead to miscommunication, underinvestment, […]

The post Protecting Against Insider Threats – Strategies for CISOs appeared first on Cyber Security News.

In today’s digital-first business environment, cyber threats are not just an IT problem they’re a core business risk. Board members are increasingly expected to oversee cybersecurity strategy, but they often lack the technical background to interpret traditional security reports. This disconnect can lead to misaligned priorities, insufficient investment, and a false sense of security. For […]

The post Cybersecurity Metrics That Matter for Board-Level Reporting appeared first on Cyber Security News.

The cybersecurity landscape faces a mounting threat as the Akira ransomware group intensifies operations, marking a significant evolution since its emergence in March 2023. This sophisticated threat actor specializes in leveraging compromised credentials to access vulnerable VPN services lacking multi-factor authentication, predominantly exploiting known Cisco vulnerabilities. Once inside a network, Akira deploys an arsenal of […]

The post Akira Ransomware Using Compromised Credentials and Public Tools in New Wave of Cyberattacks appeared first on Cyber Security News.

In today’s interconnected business environment, digital disruptions can quickly escalate from minor technical incidents to major organizational crises. The role of Chief Information Security Officers (CISOs) has become increasingly central to business continuity planning, as organizations face sophisticated cyber threats, regulatory compliance challenges, and the need to maintain operational resilience. CISOs must now navigate complex […]

The post Business Continuity in a Digital World – CISO Perspectives appeared first on Cyber Security News.

A sophisticated new Android malware strain called “Gorilla” has emerged in the cybersecurity landscape, specifically designed to intercept SMS messages containing one-time passwords (OTPs). This malicious software operates stealthily in the background, exploiting Android’s permission system to gain access to sensitive information on infected devices. Initial analysis suggests that Gorilla primarily targets banking customers and […]

The post New Gorilla Android Malware Intercept SMS Messages to Steal OTPs appeared first on Cyber Security News.

Security researchers have identified a concerning trend in the cyber threat landscape as state-sponsored hackers from multiple countries have begun adopting a relatively new social engineering technique called “ClickFix” in their espionage operations. The technique, which emerged in early March 2024 in cybercriminal circles, has rapidly gained popularity among advanced persistent threat (APT) groups due […]

The post State Sponsored Hackers Now Widely Using ClickFix Attack Technique in Espionage Campaigns appeared first on Cyber Security News.

A federal judge has issued a preliminary injunction that significantly limits the Department of Government Efficiency’s (DOGE) access to sensitive Social Security Administration (SSA) data. The ruling, handed down yesterday, found that the government had provided DOGE with access to this private information without a sufficient legal basis. The court order requires DOGE to immediately […]

The post New Limitations Placed on DOGE’s Access to Private Social Security Information appeared first on Cyber Security News.

Ransomware is not retreating it’s evolving. Once a niche cybercrime, ransomware has become a multibillion-dollar global threat that disrupts hospitals, banks, factories, and governments. In 2025, the threat continues to grow in scope and intensity, primarily driven by the ransomware-as-a-service (RaaS) model. This “franchise” structure enables technically unskilled actors to launch complex attacks by renting […]

The post How Companies Can Safeguard Against the Next Wave of Ransomware appeared first on Cyber Security News.

Microsoft has issued an alert regarding sophisticated ransomware attacks targeting hybrid cloud environments in Q1 2025. These attacks exploit vulnerabilities at the intersection of on-premises infrastructure and cloud services, challenging organizations with hybrid configurations. In a significant shift, North Korean state actor Moonstone Sleet has deployed Qilin ransomware in targeted attacks. This marks their first […]

The post Microsoft Warns of Ransomware Exploiting Cloud Environments with New Techniques appeared first on Cyber Security News.

Microsoft has warned organizations worldwide that threat actors are ramping up their exploitation of critical vulnerabilities in on-premises Exchange Server and SharePoint Server. These attacks, observed in recent months, have enabled cybercriminals to gain persistent and privileged access to targeted environments, leading to remote code execution, lateral movement, and the exfiltration of sensitive data. While […]

The post Hackers Actively Exploiting Critical Exchange & SharePoint Server Vulnerabilities appeared first on Cyber Security News.

In the modern digital landscape, organizations are constantly challenged by an ever-increasing volume of security alerts, sophisticated cyber threats, and the ongoing shortage of skilled cybersecurity professionals. Security Orchestration, Automation, and Response (SOAR) platforms have emerged as a transformative solution to these challenges, enabling security teams to unify tools, automate repetitive processes, and respond to […]

The post How to Implementing SOAR To Reduce Incident Response Time Effectively appeared first on Cyber Security News.