Cyber Security News

A recent cybersecurity report has identified critical vulnerabilities in Palo Alto Networks firewall devices that could enable attackers to bypass Secure Boot protections, exploit firmware-level flaws, and obtain elevated privileges, allowing them to maintain persistence within the networks of targeted organizations. Eclypsium researchers have revealed findings highlighting the growing threats to security appliances tools specifically […]

The post Critical Palo Alto Firewall Vulnerabilities Let Hackers Bypass Secure Boot & Exploit Firmware appeared first on Cyber Security News.

Unit 42 researchers Bradley Duncan and Zach Diehl uncovered a malicious campaign exploiting Bing search advertisements to deliver malware through deceptive websites impersonating legitimate software pages. This alarming discovery highlights the growing trend of attackers leveraging legitimate platforms for malicious purposes. Malicious Bing Ad Campaign The researchers detected a malicious ad in Bing search results […]

The post Fake Microsoft Teams Page Drops Malware On Windows By Exploiting Bing Ads appeared first on Cyber Security News.

The cybersecurity landscape faces a growing threat with the emergence of the Tycoon 2FA phishing kit, a sophisticated Phishing-as-a-Service (PhaaS) platform designed to bypass MFA and evade detection. First identified in August 2023, Tycoon 2FA has undergone significant updates, making it one of the most formidable tools for cybercriminals targeting services like Microsoft 365 and […]

The post Tycoon 2FA Phishing Kit Using Specially Crafted Code To Evade Detection appeared first on Cyber Security News.

The development of generative AI offered both opportunities for beneficial productivity transformation and opportunities for malicious exploitation.  GhostGPT, an uncensored AI chatbot created specifically for cybercrime, is the most recent threat in this domain. GhostGPT, which researchers at Abnormal Security identified, is a new frontier in the use of artificial intelligence for illicit activities, such […]

The post GhostGPT – New AI Black Hat Tool Used by Hackers to Generative Malware & Exploits appeared first on Cyber Security News.

A critical security vulnerability, CVE-2025-0282, has been identified and exploited in the wild, affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This stack-based buffer overflow vulnerability, rated with a CVSS score of 9.0, allows unauthenticated attackers to execute arbitrary code remotely. The flaw impacts versions of Ivanti Connect Secure prior to 22.7R2.5, […]

The post 33,542 Ivanti Connect Secure Instances Exposed as Exploitation of CVE-2025-0282 Unfolds appeared first on Cyber Security News.

Researchers analyzed new versions of the Banshee macOS Stealer sample that initially evaded detection by most antivirus engines, as analysis revealed that the malware employed a unique string encryption technique.  The encryption method was identical to that used by Apple’s XProtect antivirus engine for encrypting YARA rules within its binaries. By leveraging this shared encryption […]

The post 100 Million macOS Users At Risk – New Banshee Malware Attacks Bypassing Apple’s XProtect appeared first on Cyber Security News.

Welcome to this week’s Cyber Security Newsletter, where we explore the latest advancements and important updates in the field of cybersecurity. Your engagement in this rapidly changing digital landscape is crucial, and we strive to provide you with the most relevant insights and information. This edition focuses on emerging threats and the current status of […]

The post Weekly Cybersecurity Newsletter: Cyber Attack News, Vulnerabilities & Data Breaches appeared first on Cyber Security News.

IBM disclosed a significant vulnerability in its watsonx.ai platform, potentially exposing users to cross-site scripting (XSS) attacks. The vulnerability, identified as CVE-2024-49785, affects both IBM watsonx.ai on Cloud Pak for Data and standalone IBM watsonx.ai installations. The security flaw allows authenticated users to embed arbitrary JavaScript code in the Web UI when using unauthorized, third-party […]

The post IBM watsonx.ai Vulnerability Let Attackers Embed Arbitrary JavaScript Code in Web UI appeared first on Cyber Security News.

Security researchers have successfully hacked Apple’s proprietary ACE3 USB-C controller. This chip, introduced with the iPhone 15 and iPhone 15 Pro, represents a significant leap in USB-C technology, handling power delivery and acting as a sophisticated microcontroller with access to critical internal systems. Despite Apple’s enhanced security measures, researchers employed advanced techniques to bypass its […]

The post Researchers Hacked into Apple’s New USB-C Controller appeared first on Cyber Security News.

A critical security vulnerability in Ivanti Connect Secure VPN appliances has left 2,048 instances worldwide exposed to potential exploitation, with the United States hosting the highest number of vulnerable systems. The vulnerability tracked as CVE-2025-0282, has been actively exploited since mid-December 2024. The vulnerability is a critical stack-based buffer overflow with a CVSS score of […]

The post 2,048 Ivanti VPN Instances Vulnerable to Exploited Zero-Day Attacks appeared first on Cyber Security News.

On September 21, 2024, a critical security vulnerability was identified by Google researchers in the Monkey’s Audio (APE) decoder used in Samsung’s flagship Galaxy S23 and S24 devices. Now it got fixed after 3 months since the Google Project Zero team disclosed the vulnerability with a 90-day deadline. The latest update addresses critical vulnerabilities within […]

The post Critical Samsung 0-Click Vulnerability Found in S24 and S23 Devices Got Fixed appeared first on Cyber Security News.

A sophisticated credit card skimmer malware had been found hitting WordPress checkout pages, silently injecting malicious JavaScript into database records to obtain sensitive payment details.  Attackers may utilize existing payment fields or inject a fake credit card form to steal payment information covertly and undetected. Targets WordPress Checkout Pages via Database Injection Sucuri claims that […]

The post New Skimmer Malware Hijacking WordPress Websites to Steal Credit Cards appeared first on Cyber Security News.

Samsung Mobile has announced the release of a comprehensive maintenance update as part of its monthly Security Maintenance Release (SMR) process. This latest update addresses critical vulnerabilities within the Android operating system and includes essential patches from both Google and Samsung, aimed at bolstering user security and device integrity. The January 2025 Security Maintenance Release […]

The post Samsung Patches Multiple Vulnerabilities That Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

Microsoft has resolved a persistent issue that caused classic Outlook to freeze or hang when users attempted to copy text using the Ctrl+C shortcut. The problem, which primarily affected Microsoft 365 customers using Current Channel Version 2409 (Build 18025.20096) or higher, was particularly troublesome for users of languages requiring an Input Method Editor (IME). The […]

The post Microsoft Fixes Outlook Client Freeze Issue When Copying Text Using Ctrl+C appeared first on Cyber Security News.

A cloud VPN (Virtual Private Network) provider is a company that offers VPN services through cloud technology. This can save time and resources and reduce the risk of security breaches.  These services allow users to connect to the internet securely and access resources as if on a private network, even when using public or untrusted […]

The post 10 Best Cloud VPN Providers – 2024 appeared first on Cyber Security News.

A novel type of phishing attack has been discovered, targeting both Android and iOS users. This attack combines traditional social engineering techniques with the use of Progressive Web Applications (PWAs) and WebAPKs, making it a significant threat to mobile users. The attack was first identified in November 2023, and since then, multiple cases have been […]

The post Android & iOS Users Targeted with New Phishing Attack Using PWAs & WebAPKs appeared first on Cyber Security News.

In modern business, cybersecurity is not merely a technical concern but a crucial financial safeguard. With cyber threats growing in sophistication and frequency, the financial implications of neglecting cybersecurity training are severe and multifaceted. INE Security, a global leader in cybersecurity training and certifications, is exploring how overlooking this critical aspect of organizational strategy can […]

The post INE Security Alert: The Steep Cost of Neglecting Cybersecurity Training appeared first on Cyber Security News.

A critical vulnerability has been identified in Apache DolphinScheduler, a popular open-source workflow orchestration platform. This security flaw, designated as CVE-2024-43202, allows hackers to execute remote code, posing a significant threat to affected systems. CVE-2024-43202: Remote Code Execution Vulnerability The vulnerability affects Apache DolphinScheduler versions 3.0.0 up to, but not including, 3.2.2. This security issue […]

The post Apache DolphinScheduler Vulnerability Let Hackers Execute Remote Code appeared first on Cyber Security News.

Two vulnerabilities have been discovered in BIG-IP, which are associated with Insufficient Session Fixation and Expired Pointer Dereference. These vulnerabilities have been assigned to CVE-2024-39809 and CVE-2024-39792, and the severity was given as 7.5 (High). Moreover, these vulnerabilities were affecting BIG-IP Next Central Manager and NGINX MQTT (Message Queuing Telemetry Transport). F5 has addressed these […]

The post Multiple F5 Flaws Let Attackers Login With User Session & Cause DoS Attack appeared first on Cyber Security News.

BlindEagle (APT-C-36) is a Latin American Advanced Persistent Threat group that has been active since 2018. It targets the governmental, financial, and energy sectors in Colombia, Ecuador, Chile, Panama, and other regional countries.  BlindEagle is known for employing straightforward yet impactful techniques; the group demonstrates versatility in switching between financially motivated attacks and espionage operations. […]

The post New APT Group BlindEagle Attacking Multiple Organizations Via Weaponized Emails appeared first on Cyber Security News.