Cyber Security News

A significant supply chain security breach has emerged with the discovery of Shai-Hulud 2.0, a sophisticated malware that has compromised over 30,000 GitHub repositories since its emergence on November 24, 2025. This worm-like malware represents a growing threat to the developer ecosystem, specifically targeting the NPM package manager and spreading across multiple platforms including Maven […]

The post Shai-Hulud 2.0 Malware Attack Compromised 30,000 Repositories and Stolen 500 GitHub Usernames and Tokens appeared first on Cyber Security News.

The open-source software supply chain recently encountered a deceptive threat in the form of evm-units, a malicious Rust crate published by the author ablerust. Masquerading as a standard utility for verifying Ethereum Virtual Machine (EVM) versions, the package accumulated thousands of downloads before it was removed. While the library appeared to perform legitimate version checks, […]

The post Malicious Rust Evm-Units Mimic as EVM Version Silently Executes OS-specific Payloads appeared first on Cyber Security News.

On Thanksgiving eve, a sophisticated threat actor known as Storm-0900 launched a high-volume phishing campaign targeting users across the United States. Microsoft Threat Intelligence security analysts detected and blocked this coordinated attack consisting of tens of thousands of emails designed to deceive recipients during the holiday period. The campaign employed two primary social engineering themes […]

The post Storm-0900 Hackers Leveraging Parking Ticket and Medical Test Themes in Massive Phishing Attack appeared first on Cyber Security News.

CISA has added two critical Android Framework vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling active exploitation in the wild. The vulnerabilities affect the Android OS and pose significant risks to millions of mobile devices worldwide. CISA added the vulnerabilities to its KEV catalog on December 2, 2025, requiring federal agencies and critical infrastructure operators […]

The post CISA Warns of Android 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.

MuddyWater, an Iran-aligned cyberespionage group also known as Mango Sandstorm, has launched a new, highly targeted campaign against critical infrastructure in Israel and Egypt. Active from September 2024 through March 2025, the group zeroed in on diverse sectors including engineering, utilities, local government, and technology. This operation marks a distinct evolution in their operational maturity, […]

The post MuddyWater Attacks Critical Infrastructure With Custom Malware and Improved Tactics appeared first on Cyber Security News.

Microsoft has officially confirmed a critical issue affecting enterprise and managed environments running Windows 11 versions 24H2 and 25H2. The bug, first triggered by cumulative updates released in July 2025, causes widespread failures in essential UI components, rendering the desktop unusable for many users. According to an updated support document released on December 2, 2025, […]

The post Microsoft Confirms Windows 11 25H2 UI Features Broken Along With 24H2 Following Update appeared first on Cyber Security News.

A new and dangerous phishing campaign is targeting organizations with a deceptive “Executive Award” theme that combines social engineering with advanced malware delivery. This two-stage attack first tricks users into sharing their login credentials through a fake HTML form, then deploys the Stealerium information stealer to compromise affected systems. The campaign represents a growing trend […]

The post Beware of the New ‘Executive Award’ Campaign That Uses ClickFix to Deliver Stealerium Malware appeared first on Cyber Security News.

A critical security flaw in the popular “King Addons for Elementor” WordPress plugin has left thousands of websites at risk of complete takeover, security researchers have warned. The vulnerability, tracked as CVE-2025-8489, allows unauthenticated attackers to register new accounts with full administrator rights by abusing an insecure registration function in the plugin. King Addons for […]

The post Critical Elementor Plugin Vulnerability Let Attackers Takeover WordPress Site Admin Control appeared first on Cyber Security News.

A critical Stored XSS vulnerability in Angular’s template compiler (CVE-2025-66412) allows attackers to execute arbitrary code by weaponizing SVG animation attributes. Bypassing Angular’s built-in security sanitization mechanisms and affecting applications using versions below 19.2.17, 20.3.15, or 21.0.2. The Angular template compiler includes an incomplete security schema that fails to classify and sanitize URL-holding attributes and […]

The post Angular Platform Vulnerability Allows Malicious Code Execution Via Weaponized SVG Animation Files appeared first on Cyber Security News.

A critical warning regarding a severe authentication vulnerability affecting Iskra’s iHUB and iHUB Lite intelligent metering gateways used in energy infrastructure worldwide. The flaw, tracked as CVE-2025-13510, carries a CVSS v4 severity score of 9.3, indicating an exploit that requires minimal technical complexity for attackers. The vulnerability stems from the absence of an authentication mechanism […]

The post CISA Warns of Iskra iHUB Vulnerability Allowing Remote Device Reconfiguration appeared first on Cyber Security News.

A concerning development has emerged within the cybercriminal ecosystem as threat actors continue distributing K.G.B RAT, a remote access trojan bundled with advanced detection evasion capabilities. According to recent reports, this tool combination surfaced on underground forums and has caught the attention of security researchers worldwide. The malware package includes not only the K.G.B RAT […]

The post Threat Actors Allegedly Promoting Fully Undetectable K.G.B RAT on Hacker Forums appeared first on Cyber Security News.

Two sophisticated Linux rootkits are posing increasingly serious threats to network security by exploiting eBPF technology to hide their presence from traditional detection systems. BPFDoor and Symbiote, both originating from 2021, represent a dangerous class of malware that combines advanced kernel-level access with powerful evasion capabilities. In 2025 alone, security researchers detected 151 new samples […]

The post BPFDoor and Symbiote Rootkits Attacking Linux Systems Exploiting eBPF Filters appeared first on Cyber Security News.

Matanbuchus represents a significant threat in the cybercriminal landscape as a dangerous malware downloader written in C++. Since 2020, this tool has been sold as Malware-as-a-Service, allowing threat actors to rent access and deploy it against targeted organizations. In July 2025, security researchers discovered version 3.0 operating in real-world attacks, marking a notable evolution in […]

The post Threat Actors Leveraging Matanbuchus Malicious Downloader to Ransomware and Establish Persistence appeared first on Cyber Security News.

Dashcams have become essential devices for drivers worldwide, serving as reliable witnesses in case of accidents or roadside disputes. However, a team of Singaporean cybersecurity researchers has uncovered a disturbing reality: these seemingly harmless devices can be hijacked within seconds and turned into powerful surveillance tools. The findings, presented at the Security Analyst Summit 2025, […]

The post Hackers can Hijack Your Dash Cams in Seconds and Weaponize it for Future Attacks appeared first on Cyber Security News.

Insider threats remain one of the most challenging security problems that organizations face today. These threats typically do not show obvious warning signs at first. Instead, they reveal themselves through small, unusual activities that often blend into normal daily operations. Many companies struggle to identify these early indicators because they occur within legitimate user accounts […]

The post Nisos Details Earlier Signs of Insider Detection via Authentication and Access Controls appeared first on Cyber Security News.

Ukraine-linked hackers are stepping up cyberattacks against Russian aerospace and wider defence-related companies, using new custom malware to steal designs, schedules, and internal emails. The campaign targets both prime contractors and smaller suppliers, aiming to map production chains and expose weak points in Russia’s war industry. The tools used in this campaign are simple, but […]

The post Ukraine Hackers Attacking Russian Aerospace Companies and Other Defence-Related Sectors appeared first on Cyber Security News.

Hackers are turning to Evilginx, a powerful adversary-in-the-middle tool, to get around multi-factor authentication and take over cloud accounts. The framework acts as a reverse proxy between the victim and real single sign-on pages, so the login screen looks and behaves just like the real thing. To the user, the fake site feels normal, with […]

The post Hackers Leverage Evilginx to Undermine MFA Security Mimicking Legitimate SSO Sites appeared first on Cyber Security News.

A new type of phishing attack that combines two different phishing kits: Salty2FA and Tycoon2FA. This marks a significant change in the Phishing-as-a-Service (PhaaS) landscape. While phishing kits typically maintain unique signatures in their code and delivery mechanisms, recent campaigns targeting enterprise users have begun deploying payloads that combine elements from both frameworks. This convergence […]

The post Salty2FA and Tycoon2FA Phishing Kits Attacking Enterprise Users to Steal Login Credentials appeared first on Cyber Security News.

Cybercriminals targeting Brazilian users have aggressively escalated their tactics, launching a highly sophisticated campaign dubbed “Water Saci.” This new wave of attacks weaponizes WhatsApp Web, a platform implicitly trusted by millions, to deliver banking trojans and steal sensitive financial data. By compromising user accounts, the attackers send convincing messages to trusted contacts, creating a rapid, […]

The post Water Saci Hackers Leveraging AI Tools to Attack WhatsApp Web Users appeared first on Cyber Security News.

A collaborative investigation by Mauro Eldritch of BCA LTD, ANYRUN, and NorthScan has provided unprecedented visibility into how North Korean threat actors from the Lazarus Group recruit and operate against Western companies. Researchers documented the complete attack cycle in real-time, capturing live footage of attackers using compromised systems. This breakthrough reveals the human side of […]

The post Researchers Expose Lazarus Recruitment Pipeline Live on Camera Through Honeypot Operation appeared first on Cyber Security News.