Cyber Security News

The React2Shell vulnerability (CVE-2025-55182) continues to face a relentless exploitation campaign, with threat actors launching more than 8.1 million attack sessions since its initial disclosure. According to GreyNoise Observation Grid data, daily attack volumes have stabilized at 300,000–400,000 sessions since peaking above 430,000 in late December, indicating sustained, coordinated exploitation. Scale of the Exploitation Campaign […]

The post Hackers Launched 8.1 Million Attack Sessions to React2Shell Vulnerability appeared first on Cyber Security News.

A new phishing wave is abusing fake DocuSign notifications to drop stealthy malware on Windows systems. The emails copy real DocuSign branding and urge users to review a pending agreement, pushing them toward a link that claims to host the file. Once clicked, the chain shifts from browser to a multi‑stage loader built to dodge […]

The post New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems appeared first on Cyber Security News.

Microsoft is ramping up security measures for its enterprise customers, mandating multi-factor authentication (MFA) for all users accessing the Microsoft 365 admin center. The policy takes full effect on February 9, 2026, building on a softer rollout that began in February 2025. Organizations relying on these tools must act now to avoid disruptions. This move […]

The post Microsoft Enforces Mandatory MFA for Microsoft 365 Admin Center Logins appeared first on Cyber Security News.

Critical vulnerabilities in ChatGPT allow attackers to exfiltrate sensitive data from connected services like Gmail, Outlook, and GitHub without user interaction. Dubbed ShadowLeak and ZombieAgent, these flaws exploit the AI’s Connectors and Memory features for zero-click attacks, persistence, and even propagation.​ OpenAI’s Connectors enable ChatGPT to integrate with external systems such as Gmail, Jira, GitHub, […]

The post New ChatGPT Flaws Allow Attackers to Exfiltrate Sensitive Data from Gmail, Outlook, and GitHub appeared first on Cyber Security News.

Caracas went dark just as U.S. forces moved to seize Venezuelan leader Nicolás Maduro on Saturday. The blackout did more than hide troops; it showed how malware can shape modern battles. U.S. Cyber Command and allied units are believed to have deployed a grid‑focused payload inside Venezuela’s power operator. Once triggered, the code quietly opened […]

The post Trump Signals U.S. Cyber Role in Caracas Blackout During Maduro Capture appeared first on Cyber Security News.

Microsoft has launched a native Slack-to-Teams migration tool in the Microsoft 365 admin center, simplifying the transition for organizations migrating collaboration workloads. This feature supports transferring public and private channel content directly into Teams equivalents, preserving messages and continuity.​ The tool enters public preview via Targeted Release in early December 2025, with rollout completion by […]

The post Microsoft Unveils a New Tool to Migrate from Slack to Microsoft Teams appeared first on Cyber Security News.

The security landscape faced a significant challenge just before the year’s end with the emergence of ConsentFix, an ingenious OAuth-based attack that exploits legitimate authentication flows to extract authorization codes from Microsoft Entra systems. This attack represents an evolution of the ClickFix technique, demonstrating how attackers continue to refine their methods to compromise cloud-based authentication […]

The post New OAuth-Based Attack Let Hackers Bypass Microsoft Entra Authentication Flows to Steal Keys appeared first on Cyber Security News.

A critical code injection flaw in Hewlett Packard Enterprise OneView, tracked as CVE-2025-37164, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. The vulnerability has been confirmed to be actively exploited by threat actors, triggering urgent remediation timelines for federal agencies and critical infrastructure operators. CVE-2025-37164 represents a severe security flaw in HP Enterprise […]

The post CISA Adds HP Enterprise OneView Code Injection Vulnerability to KEV Following Active Exploitation appeared first on Cyber Security News.

BlueDelta, a Russian state-sponsored threat group linked to the country’s military intelligence agency known as the GRU, has expanded its credential-stealing operations significantly throughout 2025. Between February and September, the group launched multiple phishing campaigns designed to deceive users of Microsoft Outlook Web Access, Google, and Sophos VPN services into surrendering their login information. This […]

The post BlueDelta Hackers Attacking Microsoft OWA, Google, and Sophos VPN Users to Steal Logins appeared first on Cyber Security News.

A critical unauthenticated remote code execution vulnerability discovered in n8n, the popular workflow automation platform, exposes an estimated 100,000 servers globally to complete takeover. Tracked as CVE-2026-21858 with a maximum CVSS score of 10.0, the flaw allows unauthenticated attackers to execute arbitrary system commands and achieve full host compromise without triggering any alarms. The vulnerability […]

The post Ni8mare Vulnerability Let Attackers Hijack n8n Servers – Exploit Released and 26,512 Hosts Vulnerable appeared first on Cyber Security News.

Three malicious npm packages are targeting JavaScript developers to steal browser logins, API keys, and cryptocurrency wallet data. The packages, named bitcoin-main-lib, bitcoin-lib-js, and bip40, were uploaded to the public npm registry and posed as tools linked to the popular bitcoinjs project. Any developer who added them as dependencies could silently install a new remote […]

The post Three Malicious NPM Packages Attacking Developers to Steal Login Credentials appeared first on Cyber Security News.

Hackers are exploiting VMware ESXi instances in the wild with a zero-day exploit toolkit that chains multiple vulnerabilities for VM escapes. Cybersecurity firm Huntress disrupted one such attack, attributing initial access to a compromised SonicWall VPN.​ Threat actors gained a foothold via SonicWall VPN, then used a compromised Domain Admin account for lateral movement to […]

The post Hackers Exploiting VMware ESXi Instances in the Wild Using zero-day Exploit Toolkit appeared first on Cyber Security News.

A recent phishing campaign is abusing QR codes in a new way, turning simple HTML tables into working codes that redirect users to malicious sites. Instead of embedding a QR image in the email body, the attackers build the code from hundreds of tiny table cells, each styled as black or white. The result still […]

The post Hackers Using Malicious Imageless QR Codes to Render Phishing Attack Via HTML Table appeared first on Cyber Security News.

A sophisticated Windows packer known as pkr_mtsi has emerged as a powerful tool for delivering multiple malware families through widespread malvertising campaigns. First detected on April 24, 2025, this malicious packer continues to operate actively, distributing trojanized installers disguised as legitimate software applications. The packer targets popular tools including PuTTY, Rufus, and Microsoft Teams, using […]

The post Windows Packer pkr_mtsi Powers Widespread Malvertising Campaigns Delivering Multiple Malware Families appeared first on Cyber Security News.

ownCloud has urgently urged users of its Community Edition to enable multi-factor authentication (MFA). A threat intelligence report from Hudson Rock highlighted incidents in which attackers compromised self-hosted file-sharing platforms, including some ownCloud deployments, but ownCloud stresses that its platform itself remains unbreached. Hudson Rock’s analysis revealed no zero-day exploits or vulnerabilities in ownCloud’s architecture. […]

The post ownCloud Urges Users to Enable Multi-Factor Authentication Following Credential Theft appeared first on Cyber Security News.

CrazyHunter ransomware has emerged as a critical and evolving threat that specifically targets healthcare organizations and sensitive medical infrastructure. This Go-developed malware represents a significant escalation in ransomware sophistication, employing advanced encryption methods and delivery mechanisms designed to bypass modern security defenses. Healthcare institutions in Taiwan have experienced repeated attacks, with at least six known […]

The post CrazyHunter Ransomware Attacking Healthcare Sector with Advanced Evasion Techniques appeared first on Cyber Security News.

A sophisticated Go-based botnet dubbed GoBruteforcer is aggressively targeting Linux servers worldwide, brute-forcing weak passwords on internet-exposed services including FTP, MySQL, PostgreSQL, and phpMyAdmin. Check Point Research recently documented a new 2025 variant of the malware that demonstrates significant technical improvements over previous versions and has successfully compromised tens of thousands of servers.​ The botnet […]

The post GoBruteforcer Botnet Attacking Linux Servers Worldwide – 50,000 Internet-facing Servers at Risk appeared first on Cyber Security News.

ANY.RUN, the interactive malware analysis platform, has wrapped up 2025 with impressive growth figures and significant contributions to the cybersecurity community. The company’s annual report reveals how its global user base collectively spent over 400,000 hours analyzing threats—equivalent to more than 45 years of continuous research. The platform processed 5.7 million analyses across 195 countries […]

The post From Tycoon2FA to Lazarus Group – Inside ANY.RUN’s Biggest Discoveries of 2025 appeared first on Cyber Security News.

A proof-of-concept (PoC) exploit for CVE-2025-38352, a critical race condition vulnerability in the Linux kernel, has been publicly released on GitHub. The vulnerability, discovered earlier this year, targets the POSIX CPU timers implementation and was previously exploited in limited, targeted attacks against 32-bit Android devices. CVE-2025-38352 is a use-after-free (UAF) vulnerability in the Linux kernel’s handle_posix_cpu_timers() function. […]

The post PoC Exploit Released for Android/Linux Kernel Vulnerability CVE-2025-38352 appeared first on Cyber Security News.

Researchers from the Chinese Academy of Sciences and Nanyang Technological University have introduced AURA, a novel framework to safeguard proprietary knowledge graphs in GraphRAG systems against theft and private exploitation. Published on arXiv just a week ago, the paper highlights how adulterating KGs with fake but plausible data renders stolen copies useless to attackers while […]

The post Researchers Manipulate Stolen Data to Corrupt AI Models and Generate Inaccurate Outputs appeared first on Cyber Security News.