Cyber Security News

A moderate-severity Cross-Site Scripting (XSS) vulnerability has been identified in phpMyAdmin, a widely used open-source tool for managing MySQL databases.  This flaw, tracked as CVE-2025-24530, affects versions 5.x prior to 5.2.2 and is linked to the “Check tables” feature.  The vulnerability allows attackers to exploit improperly sanitized table or database names to execute malicious JavaScript […]

The post phpMyAdmin Vulnerability Let Hackers Trigger XSS Attack With Malicious Tables appeared first on Cyber Security News.

New ransomware strains are quietly infiltrating VMware ESXi hosts by setting up SSH tunnels and concealing malicious traffic within legitimate activity. This stealth tactic allows attackers to access critical virtual machine environments without triggering many of the standard alarms or detection systems that monitor more conventional network paths. Because ESXi appliances often remain unmonitored, cybercriminals […]

The post New Ransomware Attacking VMware ESXi Hosts Via SSH Tunneling appeared first on Cyber Security News.

A new proof-of-concept (PoC) has been released for Microsoft Outlook zero-click remote code execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE), identified as CVE-2025-21298. The PoC demonstrates memory corruption, shedding light on the flaw’s potential for exploitation stemming from a double-free condition in the ole32.dll component, which can lead to serious security risks […]

The post PoC Exploit Released For Critical Microsoft Outlook (CVE-2025-21298) Zero-Click RCE Vulnerability appeared first on Cyber Security News.

A critical vulnerability in Subaru’s STARLINK connected vehicle service was discovered late last year, exposing millions of vehicles and customer accounts across the United States, Canada, and Japan to potential cyberattacks. Subaru is known for its all-wheel-drive vehicles, high safety ratings, and strong presence in motorsports. Popular models like the Outback and Forester contribute to […]

The post Subaru Car Vulnerability Lets Hackers Control Millions of Cars Remotely Using Starlink appeared first on Cyber Security News.

A recent cybersecurity report has identified critical vulnerabilities in Palo Alto Networks firewall devices that could enable attackers to bypass Secure Boot protections, exploit firmware-level flaws, and obtain elevated privileges, allowing them to maintain persistence within the networks of targeted organizations. Eclypsium researchers have revealed findings highlighting the growing threats to security appliances tools specifically […]

The post Critical Palo Alto Firewall Vulnerabilities Let Hackers Bypass Secure Boot & Exploit Firmware appeared first on Cyber Security News.

Unit 42 researchers Bradley Duncan and Zach Diehl uncovered a malicious campaign exploiting Bing search advertisements to deliver malware through deceptive websites impersonating legitimate software pages. This alarming discovery highlights the growing trend of attackers leveraging legitimate platforms for malicious purposes. Malicious Bing Ad Campaign The researchers detected a malicious ad in Bing search results […]

The post Fake Microsoft Teams Page Drops Malware On Windows By Exploiting Bing Ads appeared first on Cyber Security News.

The cybersecurity landscape faces a growing threat with the emergence of the Tycoon 2FA phishing kit, a sophisticated Phishing-as-a-Service (PhaaS) platform designed to bypass MFA and evade detection. First identified in August 2023, Tycoon 2FA has undergone significant updates, making it one of the most formidable tools for cybercriminals targeting services like Microsoft 365 and […]

The post Tycoon 2FA Phishing Kit Using Specially Crafted Code To Evade Detection appeared first on Cyber Security News.

The development of generative AI offered both opportunities for beneficial productivity transformation and opportunities for malicious exploitation.  GhostGPT, an uncensored AI chatbot created specifically for cybercrime, is the most recent threat in this domain. GhostGPT, which researchers at Abnormal Security identified, is a new frontier in the use of artificial intelligence for illicit activities, such […]

The post GhostGPT – New AI Black Hat Tool Used by Hackers to Generative Malware & Exploits appeared first on Cyber Security News.

A critical security vulnerability, CVE-2025-0282, has been identified and exploited in the wild, affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This stack-based buffer overflow vulnerability, rated with a CVSS score of 9.0, allows unauthenticated attackers to execute arbitrary code remotely. The flaw impacts versions of Ivanti Connect Secure prior to 22.7R2.5, […]

The post 33,542 Ivanti Connect Secure Instances Exposed as Exploitation of CVE-2025-0282 Unfolds appeared first on Cyber Security News.

Researchers analyzed new versions of the Banshee macOS Stealer sample that initially evaded detection by most antivirus engines, as analysis revealed that the malware employed a unique string encryption technique.  The encryption method was identical to that used by Apple’s XProtect antivirus engine for encrypting YARA rules within its binaries. By leveraging this shared encryption […]

The post 100 Million macOS Users At Risk – New Banshee Malware Attacks Bypassing Apple’s XProtect appeared first on Cyber Security News.

Welcome to this week’s Cyber Security Newsletter, where we explore the latest advancements and important updates in the field of cybersecurity. Your engagement in this rapidly changing digital landscape is crucial, and we strive to provide you with the most relevant insights and information. This edition focuses on emerging threats and the current status of […]

The post Weekly Cybersecurity Newsletter: Cyber Attack News, Vulnerabilities & Data Breaches appeared first on Cyber Security News.

IBM disclosed a significant vulnerability in its watsonx.ai platform, potentially exposing users to cross-site scripting (XSS) attacks. The vulnerability, identified as CVE-2024-49785, affects both IBM watsonx.ai on Cloud Pak for Data and standalone IBM watsonx.ai installations. The security flaw allows authenticated users to embed arbitrary JavaScript code in the Web UI when using unauthorized, third-party […]

The post IBM watsonx.ai Vulnerability Let Attackers Embed Arbitrary JavaScript Code in Web UI appeared first on Cyber Security News.

Security researchers have successfully hacked Apple’s proprietary ACE3 USB-C controller. This chip, introduced with the iPhone 15 and iPhone 15 Pro, represents a significant leap in USB-C technology, handling power delivery and acting as a sophisticated microcontroller with access to critical internal systems. Despite Apple’s enhanced security measures, researchers employed advanced techniques to bypass its […]

The post Researchers Hacked into Apple’s New USB-C Controller appeared first on Cyber Security News.

A critical security vulnerability in Ivanti Connect Secure VPN appliances has left 2,048 instances worldwide exposed to potential exploitation, with the United States hosting the highest number of vulnerable systems. The vulnerability tracked as CVE-2025-0282, has been actively exploited since mid-December 2024. The vulnerability is a critical stack-based buffer overflow with a CVSS score of […]

The post 2,048 Ivanti VPN Instances Vulnerable to Exploited Zero-Day Attacks appeared first on Cyber Security News.

On September 21, 2024, a critical security vulnerability was identified by Google researchers in the Monkey’s Audio (APE) decoder used in Samsung’s flagship Galaxy S23 and S24 devices. Now it got fixed after 3 months since the Google Project Zero team disclosed the vulnerability with a 90-day deadline. The latest update addresses critical vulnerabilities within […]

The post Critical Samsung 0-Click Vulnerability Found in S24 and S23 Devices Got Fixed appeared first on Cyber Security News.

A sophisticated credit card skimmer malware had been found hitting WordPress checkout pages, silently injecting malicious JavaScript into database records to obtain sensitive payment details.  Attackers may utilize existing payment fields or inject a fake credit card form to steal payment information covertly and undetected. Targets WordPress Checkout Pages via Database Injection Sucuri claims that […]

The post New Skimmer Malware Hijacking WordPress Websites to Steal Credit Cards appeared first on Cyber Security News.

Samsung Mobile has announced the release of a comprehensive maintenance update as part of its monthly Security Maintenance Release (SMR) process. This latest update addresses critical vulnerabilities within the Android operating system and includes essential patches from both Google and Samsung, aimed at bolstering user security and device integrity. The January 2025 Security Maintenance Release […]

The post Samsung Patches Multiple Vulnerabilities That Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

Microsoft has resolved a persistent issue that caused classic Outlook to freeze or hang when users attempted to copy text using the Ctrl+C shortcut. The problem, which primarily affected Microsoft 365 customers using Current Channel Version 2409 (Build 18025.20096) or higher, was particularly troublesome for users of languages requiring an Input Method Editor (IME). The […]

The post Microsoft Fixes Outlook Client Freeze Issue When Copying Text Using Ctrl+C appeared first on Cyber Security News.

A novel type of phishing attack has been discovered, targeting both Android and iOS users. This attack combines traditional social engineering techniques with the use of Progressive Web Applications (PWAs) and WebAPKs, making it a significant threat to mobile users. The attack was first identified in November 2023, and since then, multiple cases have been […]

The post Android & iOS Users Targeted with New Phishing Attack Using PWAs & WebAPKs appeared first on Cyber Security News.

In modern business, cybersecurity is not merely a technical concern but a crucial financial safeguard. With cyber threats growing in sophistication and frequency, the financial implications of neglecting cybersecurity training are severe and multifaceted. INE Security, a global leader in cybersecurity training and certifications, is exploring how overlooking this critical aspect of organizational strategy can […]

The post INE Security Alert: The Steep Cost of Neglecting Cybersecurity Training appeared first on Cyber Security News.