Cyber Security News

A critical security vulnerability in Microsoft Remote Desktop Client could allow attackers to execute arbitrary code on victim systems.  The vulnerability, designated as CVE-2025-48817, affects multiple versions of Windows and poses significant security risks for organizations that rely on Remote Desktop Protocol (RDP) connections. Key Takeaways1. CVE-2025-48817 enables remote code execution via Microsoft Remote Desktop […]

The post Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

Microsoft rolled out its latest cumulative update for Windows 10, version 21H2 and 22H2, as well as Windows 10 Enterprise LTSC 2021 and Windows 10 IoT Enterprise LTSC 2021. The update, identified as KB5062554 (OS Builds 19044.6093 and 19045.6093), includes critical security fixes and quality improvements to enhance system stability and performance. Additionally, Microsoft issued […]

The post KB5062554 – Microsoft Releases Cumulative Update for Windows 10 With July 2025 Patch Tuesday appeared first on Cyber Security News.

Nippon Steel Solutions has disclosed a significant data breach affecting customer, partner, and employee personal information following a zero-day cyber attack that exploited a previously unknown software vulnerability in their network infrastructure. The incident, detected on March 7, 2025, represents a serious security compromise that has prompted the company to implement immediate containment measures and […]

The post Nippon Steel Solutions 0-Day Network Vulnerability Exposes Users Personal Information appeared first on Cyber Security News.

Recently, two vulnerabilities have been discovered in specific Zoom Clients for Windows, which could enable attackers to launch Denial of Service (DoS) attacks. These flaws, tracked under CVE-2025-49464 and CVE-2025-46789, were reported by security researcher fre3dm4n and carry a Medium severity rating with a CVSS score of 6.5 each. Nature of the Vulnerabilities Both vulnerabilities […]

The post Zoom Clients for Windows Vulnerability Exposes Users to DoS Attacks appeared first on Cyber Security News.

Microsoft released patch Tuesday June 2025 as a monthly security update, addressing a total of 130 Microsoft Common Vulnerabilities and Exposures (CVEs) and republishing 10 non-Microsoft CVEs. Vulnerability Type Count Remote Code Execution (RCE) 41 Elevation of Privilege (EoP) 53 Information Disclosure (ID) 18 Denial of Service (DoS) 5 Spoofing 4 Data Tampering 1 Security […]

The post Microsoft Patch Tuesday July 2025: 130 Vulnerabilities Fixed Including 41 RCE appeared first on Cyber Security News.

MediaTek has released a comprehensive security bulletin addressing 16 critical vulnerabilities across its extensive chipset portfolio, affecting devices from smartphones to IoT platforms.  The update, evaluated using the Common Vulnerability Scoring System version 3.1 (CVSS v3.1), includes seven high-severity and nine medium-severity vulnerabilities that impact Bluetooth, WLAN, and various system components.  Device OEMs received notifications […]

The post MediaTek July 2025 Security Update Patches Vulnerabilities Affecting a Wide Range of Their Chipsets appeared first on Cyber Security News.

Ivanti has identified and resolved three high-severity vulnerabilities in its Endpoint Manager (EPM) software. If exploited, these flaws could enable attackers to decrypt other users’ passwords or gain access to sensitive database information, posing significant risks to organizations that rely on this endpoint management solution. Ivanti Endpoint Manager Mobile Vulnerabilities Ivanti’s recent security update targets […]

The post Ivanti Endpoint Manager Mobile Vulnerabilities Allow Attackers to Decrypt Other Users’ Passwords appeared first on Cyber Security News.

Phishing kits are evolving fast. Threat actors behind toolkits like Tycoon2FA, EvilProxy, and Sneaky2FA are getting smarter, setting up infrastructure that bypasses 2FA and mimics trusted platforms like Microsoft 365 and Cloudflare to steal user credentials without raising red flags.  But if you’re part of a SOC or threat intel team, you don’t have to […]

The post Tycoon2FA, EvilProxy, Sneaky2FA: How To Defend Against These Phishing Kit Attacks  appeared first on Cyber Security News.

A critical vulnerability in DNN (formerly DotNetNuke) that allows attackers to steal NTLM credentials through a sophisticated Unicode normalization bypass technique.  The vulnerability, tracked as CVE-2025-52488, affects one of the oldest open-source content management systems and demonstrates how defensive coding measures can be circumvented through clever exploitation of Windows and .NET quirks. Key Takeaways1. CVE-2025-52488 […]

The post DNN Vulnerability Let Attackers Steal NTLM Credentials via Unicode Normalization Bypass appeared first on Cyber Security News.

ThreatFabric researchers have identified a sophisticated new campaign by the Anatsa banking trojan specifically targeting mobile banking customers across the United States and Canada, marking the malware’s third major offensive against North American financial institutions. The latest campaign represents a significant escalation in the threat landscape, with cybercriminals successfully infiltrating the official Google Play Store […]

The post Anatsa Android Banking Malware from Google Play Targeting Users in the U.S. and Canada appeared first on Cyber Security News.

CISA has issued a critical warning regarding a path traversal vulnerability in the Ruby on Rails framework that poses significant risks to web applications worldwide.  The vulnerability, cataloged as CVE-2019-5418, affects the Action View component of Rails and enables attackers to exploit specially crafted accept headers in combination with render file: calls to access arbitrary […]

The post CISA Warns of Rails Ruby on Rails Path Traversal Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Managed Security Service Providers (MSSPs) are specialized companies that deliver outsourced cybersecurity services to protect businesses from evolving cyber threats. These providers offer a range of services, including 24/7 threat monitoring, incident response, vulnerability management, and compliance support. MSSPs help organizations enhance their security posture by leveraging advanced tools like AI-driven analytics, endpoint protection, and […]

The post 25 Best Managed Security Service Providers (MSSP) In 2025 appeared first on Cyber Security News.

Multiple vulnerabilities in macOS SMBClient that could allow attackers to execute arbitrary code remotely and crash systems.  The vulnerabilities affecting the SMB filesystem client used for mounting remote file shares represent a significant security risk, as SMB has been the preferred file sharing protocol since macOS Big Sur.  Two of the flaws have been assigned […]

The post macOS SMBClient Vulnerability Allows Remote Code Execution and Kernel Crash appeared first on Cyber Security News.

CISA has issued an urgent warning regarding a critical vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS) that is being actively exploited in cyberattacks.  The vulnerability, tracked as CVE-2019-9621, poses significant risks to organizations using the popular email and collaboration platform. Key Takeaways1. CISA alerts on an SSRF flaw (CVE-2019-9621) in Zimbra ZCS, actively exploited by […]

The post CISA Warns of Zimbra Collaboration Suite (ZCS) Vulnerability Exploited in Attacks appeared first on Cyber Security News.

In the digital-first landscape of 2025, network security has become a boardroom priority for every Chief Information Security Officer (CISO). With cyber threats evolving in complexity and frequency, organizations need robust, agile, and future-proof solutions to safeguard their digital assets. The right network security company not only protects sensitive data but also ensures regulatory compliance, […]

The post 10 Best Network Security Companies For CISO – 2025 appeared first on Cyber Security News.

Zero Trust Network Access (ZTNA) has become a cornerstone of modern cybersecurity strategies, especially as organizations embrace remote work, cloud adoption, and hybrid infrastructures. In 2025, ZTNA solutions are not just a trend they are a necessity for securing sensitive data, ensuring compliance, and enabling seamless access for distributed workforces. ZTNA platforms enforce the principle […]

The post 10 Best ZTNA Solutions (Zero Trust Network Access) In 2025 appeared first on Cyber Security News.

Scattered Spider’s phishing domain patterns provide actionable insights to proactively counter threats from the notorious cyber group responsible for recent airline attacks. Scattered Spider, a sophisticated cyber threat group known for aggressive social engineering and targeted phishing, is broadening its scope, notably targeting aviation alongside enterprise environments. Check Point Research has uncovered specific phishing domain […]

The post Researchers Expose Scattered Spider’s Tools, Techniques and Key Indicators appeared first on Cyber Security News.

New ransomware group employs advanced virtualization attack tactics to maximize damage and hinder organizational recovery efforts. A newly emerged ransomware group known as BERT has introduced a particularly disruptive capability that sets it apart from traditional ransomware operations: the ability to forcibly terminate ESXi virtual machines before encryption, significantly complicating recovery efforts for targeted organizations. […]

The post BERT Ransomware Forcibly Shut Down ESXi Virtual Machines to Disrupt Recovery appeared first on Cyber Security News.

A sophisticated SEO poisoning campaign targeting system administrators with malicious backdoor malware. Arctic Wolf security researchers have uncovered a dangerous search engine optimization (SEO) poisoning and malvertising campaign that has been targeting IT professionals since early June 2025. The campaign uses fake websites hosting Trojanized versions of popular IT tools, specifically PuTTY and WinSCP, to […]

The post Weaponized Versions of PuTTY and WinSCP Attacking IT Admins Via Search Results appeared first on Cyber Security News.

Call of Duty: WWII has been pulled offline after reports of a serious remote code execution vulnerability that allowed malicious players to take complete control of other gamers’ computers during live multiplayer matches. On Saturday, the Call of Duty development team announced that the PC version of Call of Duty: WWII had been taken offline […]

The post Gamers Playing Call of Duty Hacked – RCE Exploited Let Players Hack Other Players’ PCs appeared first on Cyber Security News.