Category: Cyber Security News

GitHub is experiencing user-reported outages, with many developers greeted by a prominent error featuring the platform’s unicorn mascot and the message “No server is currently available to service your request.”​ Numerous users across forums and monitoring sites have shared screenshots…

Read more →

The popular text editor Notepad++ has addressed a severe security weakness in its update mechanism that could allow attackers to hijack network traffic and push malicious executables to users under the guise of legitimate updates. Security researchers recently observed suspicious…

Read more →

A critical zero-day vulnerability in Gogs, a widely used self-hosted Git service, is currently being exploited in the wild. Designated as CVE-2025-8110, this flaw allows authenticated users to execute a symlink bypass, leading to Remote Code Execution (RCE). As of…

Read more →

A severe security vulnerability affecting multiple India-based CCTV camera manufacturers has been disclosed. Potentially allowing attackers to access video feeds and steal account credentials without authentication. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on December 9,…

Read more →

New research into legacy .NET Framework SOAP client code has uncovered “SOAPwn,” a class of vulnerabilities. That can be weaponized for remote code execution (RCE) across multiple enterprise products. Including Barracuda Service Center RMM, Ivanti Endpoint Manager, Umbraco CMS 8,…

Read more →

A new malware campaign has emerged that exploits legitimate AI platforms to deliver malicious code directly to unsuspecting users. Threat actors are using sponsored Google search results to redirect users searching for common macOS troubleshooting tips, such as “how to…

Read more →

Fresh leaks from the Iranian state‑backed group Charming Kitten, also tracked as APT35, have exposed key personnel, front companies, and thousands of compromised systems spread across five continents. The internal files show that Iran’s Department 40, within the IRGC Intelligence…

Read more →

Security researchers at Palo Alto Networks discovered a new ransomware threat in June 2025 that marks a significant shift in malware development tactics. The 01flip ransomware family emerges as a fully Rust-written malware designed to attack both Windows and Linux…

Read more →

The cybersecurity world faces an ironic threat as two Chinese hackers who once excelled in Cisco’s training program are now leading sophisticated attacks against the company’s devices. Yuyang and Qiu Daibing were identified as key operators behind the notorious Salt…

Read more →

ValleyRAT, also known as Winos or Winos4.0, has emerged as one of the most sophisticated backdoors targeting organizations worldwide. This modular malware family represents a significant threat to Windows systems, particularly Windows 11 installations running the latest security patches. The…

Read more →

Patches released by Jenkins address a significant denial-of-service (DoS) vulnerability affecting millions of organizations. That rely on the popular automation server for continuous integration and deployment pipelines. A high-severity vulnerability in Jenkins versions 2.540 and earlier (LTS 2.528.2 and earlier).…

Read more →

Critical security patches on December 10, 2025, addressing ten significant vulnerabilities across its Community Edition and Enterprise Edition platforms. GitLab has released updated versions 18.6.2, 18.5.4, and 18.4.6 to address multiple high-severity security issues. High-Severity Threats Identified Four vulnerabilities received…

Read more →

A new AMOS InfoStealer campaign is abusing trust in ChatGPT to infect Mac devices under the guise of simple troubleshooting help. Victims search for a fix to a sound problem, click a sponsored ChatGPT result, and are shown what looks…

Read more →

Security researchers have uncovered a significant threat targeting developers through the VS Code Marketplace. A coordinated campaign involving 19 malicious extensions has been actively infiltrating the platform, with the attack remaining undetected since February 2025. These deceptive extensions carry hidden…

Read more →

A critical information disclosure vulnerability in Windows Defender Firewall Service, which could allow authorized attackers to access sensitive heap memory on affected systems. The vulnerability, tracked as CVE-2025-62468, was assigned an Important severity rating and released on December 9, 2025.…

Read more →

Google has released an urgent security update for the Chrome browser to address a high-severity zero-day vulnerability that is currently being exploited in the wild. This emergency patch is part of the latest Stable channel update, bringing the version to…

Read more →

Critical security updates for Acrobat and Reader are available, addressing multiple vulnerabilities that could allow attackers to execute arbitrary code and bypass essential security features. Adobe issued security bulletin APSB25-119 on December 9, 2025, with a priority rating of 3, affecting both…

Read more →

A sophisticated new phishing framework dubbed “Spiderman” has emerged in the cybercrime underground, dramatically lowering the barrier to entry for financial fraud. This toolkit, observed by Varonis, allows threat actors, even those with minimal technical skill, to spin up pixel-perfect…

Read more →

The Shadowserver Foundation has released alarming new data regarding the exposure of web applications to CVE-2025-55182, a critical vulnerability affecting React Server Components. Following significant improvements to their scanning methodologies, researchers have identified a massive attack surface comprising over 165,000…

Read more →

A critical stored cross-site scripting vulnerability in Ivanti Endpoint Manager (“EPM”) versions 2024 SU4 and below, that could enable attackers to hijack administrator sessions without authentication. The vulnerability, identified as CVE-2025-10573, has been assigned a CVSS score of 9.6 and…

Read more →