Cyber Security News

Researchers have uncovered a sophisticated phishing campaign originating in Russia that deploys the Phantom information-stealing malware via malicious ISO files. The attack, dubbed “Operation MoneyMount-ISO,” targets finance and accounting departments explicitly using fake payment confirmation emails to trick victims into executing the payload. The campaign primarily focuses on finance, accounting, treasury, and payment departments in […]

The post New Phantom Stealer Campaign Hits Windows Machines Through ISO Mounting appeared first on Cyber Security News.

Apple patches two WebKit zero-day flaws actively exploited in sophisticated attacks targeting specific iPhone users running iOS versions prior to 26.​ The iOS 26.2 and iPadOS 26.2 updates, released December 12, 2025, address CVE-2025-43529 and CVE-2025-14174 in WebKit. CVE-2025-43529 involves a use-after-free vulnerability enabling arbitrary code execution via malicious web content, discovered by Google Threat […]

The post Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users appeared first on Cyber Security News.

Kali Linux 2025.4, released with substantial desktop environment improvements, full Wayland support across virtual machines, and three powerful new hacking tools, including the much-anticipated Wifipumpkin3.​ Released on December 12, 2025, this update focuses on modernizing the user experience while maintaining Kali’s position as the premier penetration testing platform. The release brings GNOME 49, KDE Plasma […]

The post Kali Linux 2025.4 Released With 3 New Hacking Tools and Wifipumpkin3 appeared first on Cyber Security News.

Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple security vendors reported scanning activity and suspected exploitation attempts, and CISA has since added the flaw to its Known Exploited Vulnerabilities […]

The post Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide appeared first on Cyber Security News.

JSCEAL has emerged as a serious threat to Windows users, specifically targeting those who work with cryptocurrency applications and valuable accounts. First reported by Check Point Research in July 2025, this information stealing malware has quietly grown stronger, introducing advanced techniques designed to avoid detection by security tools. A new wave of attacks starting in […]

The post New JSCEAL Infostealer Malware Attacking Windows Systems to Steal Login Credentials appeared first on Cyber Security News.

When users encounter a phishing email, the danger extends far beyond the initial click. A typical phishing attack begins when someone is deceived into entering their login credentials on a fake website. However, this is merely the starting point. Once cybercriminals obtain the stolen information, it immediately becomes valuable merchandise in the underground market. The […]

The post New Research Details on What Happens to Data Stolen in a Phishing Attack appeared first on Cyber Security News.

Security researchers have successfully extracted firmware from a budget smartwatch by bringing back a 20-year-old attack method originally used to steal data from network devices. The technique, known as “Blinkenlights,” was adapted to work with modern TFT screens instead of traditional LED indicators. Quarkslab analysts purchased a cheap smartwatch for approximately €12 from a local […]

The post Researchers Revive 2000s ‘Blinkenlights’ Technique to Dump Smartwatch Firmware via Screen Pixels appeared first on Cyber Security News.

A sophisticated phishing campaign has emerged that successfully bypasses multi-factor authentication, protecting Microsoft 365 and Okta users, representing a serious threat to organizations relying on these platforms for identity management. The campaign, discovered in early December 2025, demonstrates advanced knowledge of authentication flows. This campaign targets companies across multiple industries through carefully crafted phishing emails […]

The post New AiTM Attack Campaign That Bypasses MFA Targeting Microsoft 365 and Okta Users appeared first on Cyber Security News.

The cybersecurity landscape of 2025 has been marked by an unprecedented surge in vulnerability exploitation, with threat actors leveraging critical flaws across enterprise software, cloud infrastructure, and industrial systems. This comprehensive analysis examines the twenty most dangerous exploited vulnerabilities of the year, highlighting their technical details, exploitation methods, and the urgent need for organizations to […]

The post Top 20 Most Exploited Vulnerabilities of 2025: A Comprehensive Analysis appeared first on Cyber Security News.

CyberVolk, a pro-Russia hacktivist group, has reemerged with a new ransomware platform called VolkLocker following a period of dormancy in 2025. The group, first documented in late 2024 for conducting attacks aligned with Russian government interests, initially went silent due to Telegram enforcement actions. However, the group returned in August with a sophisticated Ransomware-as-a-Service offering […]

The post CyberVolk Hackers Group With New VolkLocker Payloads Attacks both Linux and Windows Systems appeared first on Cyber Security News.

A sophisticated new phishing attack technique called “ConsentFix” that combines OAuth consent phishing with ClickFix-style prompts to compromise Microsoft accounts without requiring passwords or multi-factor authentication. The attack leverages the Azure CLI app to gain unauthorized access to victim accounts. The ConsentFix attack operates entirely within the browser context, making it difficult for traditional security […]

The post New ConsentFix Attack Let Attackers Hijack Microsoft Accounts by Leveraging Azure CLI appeared first on Cyber Security News.

A sophisticated new Windows backdoor named NANOREMOTE emerged in October 2025, presenting a significant threat to enterprise environments by leveraging legitimate cloud infrastructure for malicious purposes. This fully-featured malware utilizes the Google Drive API as its primary Command-and-Control (C2) channel, allowing threat actors to blend their malicious traffic seamlessly with normal network activity. By abusing […]

The post NANOREMOTE Malware Leverages Google Drive API for Command-and-Control (C2) to Attack Windows Systems appeared first on Cyber Security News.

A sophisticated phishing tool called BlackForce has emerged as a serious threat to organizations worldwide. First observed in August 2025, this professional-grade kit allows criminals to steal login information and bypass multi-factor authentication using advanced Man-in-the-Browser techniques. The tool is actively being sold on Telegram forums for between 200 to 300 euros, making it accessible […]

The post New BlackForce Phishing Kit Lets Attackers Steal Credentials Using MitB Attacks and Bypass MFA appeared first on Cyber Security News.

A new threat is targeting movie lovers who search for the latest films online. Cybercriminals are now using the popularity of Leonardo DiCaprio’s new film, One Battle After Another, to spread the dangerous Agent Tesla malware. What appears to be a simple movie download actually contains a series of hidden PowerShell scripts that install a […]

The post Beware of Fake Leonardo DiCaprio Movie Torrent File Drops Agent Tesla Malware appeared first on Cyber Security News.

MITRE has unveiled its 2025 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses list, highlighting the root causes behind 39,080 Common Vulnerability and Exposure (CVE™) records this year. These prevalent flaws, which are often simple to detect and exploit, enable attackers to seize system control, pilfer sensitive data, or cripple applications. Developers, security […]

The post MITRE Releases Top 25 Most Dangerous Software Weaknesses of 2025 appeared first on Cyber Security News.

A Hamas‑affiliated threat group known as Ashen Lepus, also tracked as WIRTE, has launched a new espionage campaign against governmental and diplomatic entities across the Middle East. The group uses realistic Arabic‑language diplomatic lures that reference regional politics and security talks to trick officials into opening weaponized documents. Once a target interacts with the lure, […]

The post Ashen Lepus Hacker Group Attacks Eastern Diplomatic Entities With New AshTag Malware appeared first on Cyber Security News.

A critical denial-of-service vulnerability has been discovered in Apache Struts 2, affecting multiple versions of the popular web application framework. The vulnerability, identified as CVE-2025-64775, exploits a file leak in multipart request processing that can cause disk exhaustion and server crashes. Organizations running affected versions should prioritize patching immediately to prevent potential service disruptions. The […]

The post Apache Struts 2 DoS Vulnerability Let Attackers Crash Server appeared first on Cyber Security News.

Two critical privilege escalation flaws were disclosed in the Windows Remote Access Connection Manager on December 9, 2025. The vulnerabilities, tracked as CVE-2025-62472 and CVE-2025-62474, allow authorized attackers with low-level privileges to gain SYSTEM-level access on affected systems. CVE-2025-62472 stems from the use of uninitialized resources in the Remote Access Connection Manager. Enabling privilege escalation […]

The post Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges appeared first on Cyber Security News.

An urgent warning about a critical security flaw in OSGeo GeoServer, a widely used open-source geographic data-sharing server. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that threat actors are actively leveraging this zero-day flaw in attacks targeting both public and private sectors. The newly disclosed vulnerability, tracked as CVE-2025-58360, […]

The post CISA Warns of OSGeo GeoServer 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Less than a week after addressing a critical Remote Code Execution (RCE) vulnerability, the React team has disclosed three additional security flaws affecting React Server Components (RSC). Security researchers discovered these new issues while attempting to bypass the mitigations for the previous “React2Shell” exploit. While the original RCE patch remains effective, the newly discovered vulnerabilities […]

The post New Vulnerabilities in React Server Components Allow DoS Attacks and Source Code Leaks appeared first on Cyber Security News.