Cyber Security News

Multiple vulnerabilities in macOS SMBClient that could allow attackers to execute arbitrary code remotely and crash systems.  The vulnerabilities affecting the SMB filesystem client used for mounting remote file shares represent a significant security risk, as SMB has been the preferred file sharing protocol since macOS Big Sur.  Two of the flaws have been assigned […]

The post macOS SMBClient Vulnerability Allows Remote Code Execution and Kernel Crash appeared first on Cyber Security News.

CISA has issued an urgent warning regarding a critical vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS) that is being actively exploited in cyberattacks.  The vulnerability, tracked as CVE-2019-9621, poses significant risks to organizations using the popular email and collaboration platform. Key Takeaways1. CISA alerts on an SSRF flaw (CVE-2019-9621) in Zimbra ZCS, actively exploited by […]

The post CISA Warns of Zimbra Collaboration Suite (ZCS) Vulnerability Exploited in Attacks appeared first on Cyber Security News.

In the digital-first landscape of 2025, network security has become a boardroom priority for every Chief Information Security Officer (CISO). With cyber threats evolving in complexity and frequency, organizations need robust, agile, and future-proof solutions to safeguard their digital assets. The right network security company not only protects sensitive data but also ensures regulatory compliance, […]

The post 10 Best Network Security Companies For CISO – 2025 appeared first on Cyber Security News.

Zero Trust Network Access (ZTNA) has become a cornerstone of modern cybersecurity strategies, especially as organizations embrace remote work, cloud adoption, and hybrid infrastructures. In 2025, ZTNA solutions are not just a trend they are a necessity for securing sensitive data, ensuring compliance, and enabling seamless access for distributed workforces. ZTNA platforms enforce the principle […]

The post 10 Best ZTNA Solutions (Zero Trust Network Access) In 2025 appeared first on Cyber Security News.

Scattered Spider’s phishing domain patterns provide actionable insights to proactively counter threats from the notorious cyber group responsible for recent airline attacks. Scattered Spider, a sophisticated cyber threat group known for aggressive social engineering and targeted phishing, is broadening its scope, notably targeting aviation alongside enterprise environments. Check Point Research has uncovered specific phishing domain […]

The post Researchers Expose Scattered Spider’s Tools, Techniques and Key Indicators appeared first on Cyber Security News.

New ransomware group employs advanced virtualization attack tactics to maximize damage and hinder organizational recovery efforts. A newly emerged ransomware group known as BERT has introduced a particularly disruptive capability that sets it apart from traditional ransomware operations: the ability to forcibly terminate ESXi virtual machines before encryption, significantly complicating recovery efforts for targeted organizations. […]

The post BERT Ransomware Forcibly Shut Down ESXi Virtual Machines to Disrupt Recovery appeared first on Cyber Security News.

A sophisticated SEO poisoning campaign targeting system administrators with malicious backdoor malware. Arctic Wolf security researchers have uncovered a dangerous search engine optimization (SEO) poisoning and malvertising campaign that has been targeting IT professionals since early June 2025. The campaign uses fake websites hosting Trojanized versions of popular IT tools, specifically PuTTY and WinSCP, to […]

The post Weaponized Versions of PuTTY and WinSCP Attacking IT Admins Via Search Results appeared first on Cyber Security News.

Call of Duty: WWII has been pulled offline after reports of a serious remote code execution vulnerability that allowed malicious players to take complete control of other gamers’ computers during live multiplayer matches. On Saturday, the Call of Duty development team announced that the PC version of Call of Duty: WWII had been taken offline […]

The post Gamers Playing Call of Duty Hacked – RCE Exploited Let Players Hack Other Players’ PCs appeared first on Cyber Security News.

Debian-based penetration testing distribution delivers enhanced tools and prepares for next-generation release. Parrot Security has announced the release of Parrot OS 6.4, marking a significant milestone for the Debian-based penetration testing and cybersecurity distribution. This latest version brings substantial updates to core security tools, including Metasploit Framework 6.4.71, Sliver C2 framework, Caido web security toolkit, […]

The post Parrot OS 6.4 Released With Update For Popular Penetration Testing Tools appeared first on Cyber Security News.

Microsoft has rolled out a significant enhancement to Windows Update functionality, introducing an intelligent notification system designed to keep users informed about critical security vulnerabilities and system compatibility issues.  This latest update transforms how Windows communicates potential security risks by implementing proactive alerts that respect user preferences while maintaining essential security awareness.  Key Takeaways1. Windows […]

The post Windows Update Gets Smarter: New Interface Puts Users in Control of Security Notifications appeared first on Cyber Security News.

A sophisticated new Linux evasion tool called RingReaper has emerged, leveraging the legitimate io_uring kernel feature to bypass modern Endpoint Detection and Response (EDR) systems.  This advanced red team tool demonstrates how attackers can exploit high-performance asynchronous I/O operations to conduct stealthy operations while remaining undetected by traditional security monitoring mechanisms. We recently discussed a […]

The post RingReaper – New Linux EDR Evasion Tool Using io_uring Kernel Feature appeared first on Cyber Security News.

As Amazon Prime Day 2025 approaches on July 8-11, millions of eager shoppers are preparing their wish lists and hunting for the best deals. However, cybercriminals are equally prepared, having registered over 1,000 new fake domains resembling Amazon in June alone. Alarmingly, 87% of these domains have already been flagged as malicious or suspicious, with […]

The post 1000+ New Fake Domains Mimic Amazon Prime Day Registered to Hunt Online Shoppers appeared first on Cyber Security News.

In 2025, Security Service Edge (SSE) solutions have become essential for organizations aiming to secure their rapidly evolving networks. As businesses embrace hybrid work, cloud-first strategies, and global digital operations, the demand for robust, cloud-delivered security has surged. SSE platforms integrate critical security functions such as Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), […]

The post Top 10 Security Service Edge (SSE) Solutions For Network Security – 2025 appeared first on Cyber Security News.

A significant vulnerability affecting modern Linux distributions that allows attackers with brief physical access to bypass Secure Boot protections through initramfs manipulation.  The attack exploits debug shells accessible during boot failures, enabling persistent malware injection that survives system reboots and maintains access even after users enter correct passwords for encrypted partitions. key Takeaways1. Attackers with […]

The post Linux Boot Vulnerability Allows Bypass of Secure Boot Protections on Modern Linux Systems appeared first on Cyber Security News.

In 2025, Managed Service Providers (MSPs) face unprecedented demands for secure, scalable, and flexible network solutions. As businesses accelerate digital transformation, the need for Network as a Service (NaaS) cloud-based, on-demand networking has surged. MSPs must deliver robust, secure connectivity to distributed workforces, hybrid cloud environments, and IoT deployments, all while minimizing capital expenses and […]

The post 10 Best Secure Network As A Service For MSP Providers – 2025 appeared first on Cyber Security News.

Cybercriminals are increasingly exploiting legitimate Windows driver signing processes to deploy sophisticated kernel-level malware, with new research revealing a concerning trend that has compromised over 620 drivers since 2020. A comprehensive investigation by cybersecurity researchers has uncovered how threat actors are systematically abusing Microsoft’s Windows Hardware Compatibility Program (WHCP) and Extended Validation (EV) certificates to […]

The post Threat Actors Abusing Signed Drivers to Launch Modern Kernel Level Attacks on Windows appeared first on Cyber Security News.

In today’s rapidly evolving digital landscape, vulnerability management has become a cornerstone of effective cybersecurity. As organizations expand their digital footprint across cloud, on-premises, and hybrid environments, the need for robust vulnerability management tools is more critical than ever. These solutions not only help identify security weaknesses but also prioritize risks, automate remediation, and ensure […]

The post 10 Best Vulnerability Management Tools In 2025 appeared first on Cyber Security News.

Security researchers from the Socket Threat Research Team have uncovered a sophisticated network of eight malicious Firefox browser extensions that actively steal OAuth tokens, passwords, and spy on users through deceptive tactics. The discovery reveals a coordinated campaign that exploits popular gaming titles and utility applications to compromise user security across the Firefox ecosystem. Major […]

The post 8 New Malicious Firefox Extensions Steal OAuth Tokens, Passwords and Spy on Users appeared first on Cyber Security News.

Two critical vulnerabilities in ScriptCase’s Production Environment module can be chained together to achieve pre-authenticated remote command execution on affected servers.  The vulnerabilities, tracked as CVE-2025-47227 and CVE-2025-47228, affect version 1.0.003-build-2 of the Production Environment module included in ScriptCase version 9.12.006 (23), with previous versions likely vulnerable as well. Key Takeaways1. Two severe CVE-tracked flaws […]

The post ScriptCase Vulnerabilities Let Attackers Execute Remote Code and Gain Server Access appeared first on Cyber Security News.

A sophisticated APT group dubbed “NightEagle” (APT-Q-95) has been conducting targeted attacks against China’s critical technology sectors since 2023.  The group has demonstrated exceptional capabilities in exploiting unknown Exchange vulnerabilities and deploying adaptive malware to steal sensitive intelligence from high-tech companies, chip semiconductor manufacturers, quantum technology firms, artificial intelligence developers, and military industry organizations. Key […]

The post NightEagle APT Attacking Industrial Systems by Exploiting 0-Days and With Adaptive Malware appeared first on Cyber Security News.