Cyber Security News

Attackers injected malicious code into GitHub Actions workflows in a widespread campaign to steal Python Package Index (PyPI) publishing tokens. While some tokens stored as GitHub secrets were successfully exfiltrated, PyPI administrators have confirmed that the platform itself was not compromised and the stolen tokens do not appear to have been used. The attack campaign […]

The post Hackers Injecting Malicious Code into GitHub Actions Workflows to Steal PyPI Publishing Tokens appeared first on Cyber Security News.

A critical vulnerability in Microsoft’s Entra ID could have allowed an attacker to gain complete administrative control over any tenant in Microsoft’s global cloud infrastructure. The flaw, now patched, was discovered in July 2025 and has been assigned CVE-2025-55241. The vulnerability, described by the researcher as the most impactful he will probably ever find, resided […]

The post Critical Microsoft’s Entra ID Vulnerability Allows Attackers to Gain Complete Administrative Control appeared first on Cyber Security News.

SquareX first discovered and disclosed Last Mile Reassembly attacks at DEF CON 32 last year, warning the security community of 20+ attacks that allow attackers to bypass all major SASE/SSE solutions and smuggle malware through the browser. Despite responsible disclosures to all major SASE/SSE providers, no vendor has made an official statement to warn its […]

The post Palo Alto Networks Acknowledges SquareX Research on Limitations of SWGs Against Last Mile Reassembly Attacks appeared first on Cyber Security News.

The JavaScript ecosystem experienced one of its most sophisticated and damaging supply chain attacks in September 2025, when a novel self-replicating worm dubbed “Shai-Hulud” compromised over 477 npm packages, marking the first successful automated propagation campaign in the npm registry’s history. This attack represents a significant evolution in supply chain threats, leveraging both social engineering and […]

The post Lessons Learned from Massive npm Supply Chain Attack Using “Shai-Hulud” Self-Replicating Malware appeared first on Cyber Security News.

Python developers face a growing threat from typosquatted packages in the Python Package Index (PyPI), with malicious actors increasingly targeting this trusted repository to distribute sophisticated malware. Recent discoveries have exposed a concerning trend where threat actors create packages that closely mimic legitimate libraries, using slight spelling variations to trick unsuspecting developers into installing harmful […]

The post Beware of Typosquatted Malicious PyPI Packages That Delivers SilentSync RAT appeared first on Cyber Security News.

Raven Stealer has emerged as a potent information‐stealing threat targeting users of Chromium‐based browsers, most notably Google Chrome. First observed in mid-2025, this lightweight malware distinguishes itself through a modular architecture and stealthy design, allowing it to harvest sensitive information without alerting victims. Delivered predominantly via cracked software bundles and underground forums, Raven Stealer capitalizes […]

The post Raven Stealer Attacking Google Chrome Users to Steal Sensitive Data appeared first on Cyber Security News.

Jenkins has released critical updates addressing four security flaws that unauthenticated and low-privileged attackers could exploit to disrupt service or glean sensitive configuration details.  Administrators running Jenkins weekly releases up to 2.527 or the Long-Term Support (LTS) stream up to 2.516.2 must upgrade to mitigate these risks. HTTP/2 Denial of Service (CVE-2025-5115) A high-severity issue […]

The post Jenkins Patches Multiple Vulnerabilities that Allow Attackers to Cause a Denial of Service appeared first on Cyber Security News.

The newly publicized Pixie Dust attack has once again exposed the critical vulnerabilities inherent in the Wi-Fi Protected Setup (WPS) protocol, enabling attackers to extract the router’s WPS PIN offline and seamlessly join the wireless network.  By targeting weak randomization in the registrar’s nonces, this exploit subverts the intended security of WPS without requiring proximity […]

The post Pixie Dust Wi-Fi Attack Exploits Routers WPS to Obtain PIN and Connect With Wireless Network appeared first on Cyber Security News.

A critical zero-day remote code execution (RCE) vulnerability, identified as CVE-2025-9961, has been discovered in TP-Link routers. Security research firm ByteRay has released a proof-of-concept (PoC) exploit, demonstrating how attackers can bypass Address Space Layout Randomization (ASLR) protections to gain full control over affected devices. The vulnerability resides in the router’s Customer Premises Equipment (CPE) […]

The post TP-Link Router 0-Day RCE Vulnerability Exploited Bypassing ASLR Protections – PoC Released appeared first on Cyber Security News.

Protecting digital infrastructure is critical in 2025, as cyber threats escalate in complexity and diversity. Next‑Generation Firewalls (NGFWs) have become the cornerstone for enterprise security, offering not just robust traffic filtering, but also deep packet inspection, advanced threat intelligence, and seamless cloud integration for defense against today’s persistent and evolving threats. Why Top 10 Best […]

The post Top 10 Best Next‑Generation Firewall (NGFW) Providers in 2025 appeared first on Cyber Security News.

Dynamic Application Security Testing (DAST) platforms have become fundamental for safeguarding web applications as digital assets and attack surfaces scale in both size and complexity. The modern DAST landscape is shaped by increased API adoption, rapid deployment cycles, and the rise of AI-driven vulnerabilities, making 2025 a turning point for intelligent, automated security solutions. This […]

The post Top 10 Best Dynamic Application Security Testing (DAST) Platforms in 2025 appeared first on Cyber Security News.

Google has released an emergency security update for its Chrome web browser to address a high-severity zero-day vulnerability that is being actively exploited in the wild. Users are strongly urged to update their browsers immediately to protect against potential attacks. The vulnerability, tracked as CVE-2025-10585, is the latest in a series of zero-days discovered and […]

The post Google Chrome 0-Day Vulnerability Actively Exploited in the Wild – Patch Now appeared first on Cyber Security News.

Since early 2025, cybersecurity teams have observed a marked resurgence in operations attributed to MuddyWater, an Iranian state–sponsored advanced persistent threat (APT) actor. Emerging initially through broad remote monitoring and management (RMM) exploits, the group has pivoted to highly targeted campaigns employing custom malware backdoors and multi-stage payloads designed to evade detection. Rather than relying […]

The post MuddyWater Hackers Using Custom Malware With Multi-Stage Payloads and Uses Cloudflare to Mask Fingerprints appeared first on Cyber Security News.

A sophisticated mobile ad fraud operation dubbed “SlopAds” has infiltrated Google Play Store with 224 malicious applications that collectively amassed over 38 million downloads across 228 countries and territories. The campaign represents one of the most extensive mobile fraud schemes discovered to date, utilizing advanced steganography techniques and multi-layered obfuscation to deliver fraudulent advertising payloads […]

The post 224 Malicious Android Apps on Google Play With 38 Million Downloads Delivering Malicious Payloads appeared first on Cyber Security News.

Syteca, a global cybersecurity provider, introduced the latest release of its platform, continuing the mission to help organizations reduce insider risks and ensure sensitive data protection. Syteca 7.21 is a major update designed to enhance user privacy, simplify access management, provide seamless oversight, and improve the user experience. With release 7.21, Syteca delivers a set […]

The post New in Syteca Release 7.21: Agentless Access, Sensitive Data Masking, and Smooth Session Playback appeared first on Cyber Security News.

A decade-old Unicode vulnerability known as BiDi Swap allows attackers to spoof URLs for sophisticated phishing attacks. By exploiting how browsers render mixed Right-to-Left (RTL) and Left-to-Right (LTR) language scripts, threat actors can craft URLs that appear legitimate but secretly redirect users to malicious sites. The BiDi Swap attack builds on prior Unicode manipulation methods […]

The post Hackers Exploit RTL/LTR Scripts and Browser Gaps to Hide Malicious URLs appeared first on Cyber Security News.

Since mid-2024, cybercriminals have leveraged a subscription-based phishing platform known as RaccoonO365 to harvest Microsoft 365 credentials at scale. Emerging as an off-the-shelf service, RaccoonO365 requires minimal technical skill, allowing threat actors to deploy convincing phishing campaigns by impersonating official Microsoft communications. These kits replicate Microsoft branding, email templates, and login portals to trick recipients […]

The post Microsoft Dismantles 300+ Websites Used to Distribute RaccoonO365 Phishing Service appeared first on Cyber Security News.

The digital advertising ecosystem has become a prime hunting ground for cybercriminals, who are increasingly exploiting advertising technology companies to distribute malware and conduct malicious campaigns. Rather than simply abusing legitimate platforms, threat actors are now operating as the platforms themselves, creating a sophisticated web of deception that leverages the inherent complexity and fragmentation of […]

The post Threat Actors Abuse Adtech Companies to Target Users With Malicious Ads appeared first on Cyber Security News.

The PureHVNC remote administration tool (RAT) has emerged as a sophisticated component of the Pure malware family, gaining prominence in mid-2025 amid an uptick in targeted intrusion campaigns. Originating from underground forums and Telegram channels, PureHVNC is marketed by its author, known as PureCoder, alongside companion tools such as PureCrypter, PureLogs, and PureMiner. Its adoption […]

The post PureHVNC RAT Developers Leverage GitHub Host Source Code appeared first on Cyber Security News.

A critical security flaw has been discovered in Greenshot, a popular open-source screenshot utility for Windows. The vulnerability allows a local attacker to execute arbitrary code within the Greenshot process, potentially enabling them to bypass security measures and carry out further attacks. A proof-of-concept (PoC) exploit has been released, demonstrating the severity of the issue. […]

The post Windows Screenshot Utility Greenshot Vulnerability Enable Malicious code execution – PoC Released appeared first on Cyber Security News.