Category: Cyber Security News

CISA Warns of CitrixBleed 2 Vulnerability Exploited in Attacks

CISA has issued an urgent warning regarding a critical vulnerability in Citrix NetScaler ADC and Gateway products that is being actively exploited in cyberattacks.  The vulnerability, tracked as CVE-2025-5777, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog with…

IT Giant Ingram Micro Restores Operations Following Ransomware Attack

In a significant cybersecurity incident that underscored the persistent threat of ransomware attacks on global IT infrastructure, Ingram Micro Holding Corporation successfully restored its business operations after a four-day battle against malicious actors who infiltrated its internal systems. The attack,…

Apache HTTP Server 2.4.64 Released With Patch for 8 Vulnerabilities

The Apache Software Foundation has released Apache HTTP Server version 2.4.64, addressing eight critical security vulnerabilities that affected versions spanning from 2.4.0 through 2.4.63.  This latest update resolves a range of issues, including HTTP response splitting, server-side request forgery (SSRF),…

AMD Warns of Transient Scheduler Attacks Affecting Wide Range of Chipsets

Advanced Micro Devices has disclosed a series of critical security vulnerabilities affecting multiple generations of its processor architectures, stemming from transient scheduler attacks that exploit speculative execution mechanisms. The vulnerabilities, identified through four distinct Common Vulnerabilities and Exposures (CVE) entries,…

Top 11 Best SysAdmin Tools in 2025

In today’s rapidly evolving IT landscape, system administrators (SysAdmins) are the backbone of organizational efficiency and security. The right tools not only streamline workflows but also ensure robust monitoring, automation, and troubleshooting. As infrastructures become increasingly hybrid and complex, the…

Hackers Actively Exploiting CitrixBleed 2 Vulnerability in the Wild

Researchers have observed widespread exploitation attempts targeting a critical memory disclosure vulnerability in Citrix NetScaler devices, designated as CVE-2025-5777 and dubbed “CitrixBleed 2.”  This pre-authentication flaw enables attackers to craft malicious requests that leak uninitialized memory from affected NetScaler ADC…

10 Best Digital Forensic Investigation Tools – 2025

In today’s digital-first world, cybercrime is evolving rapidly, making digital forensic investigation tools indispensable for law enforcement, cybersecurity professionals, and corporate investigators. These tools empower experts to uncover, analyze, and present digital evidence from computers, mobile devices, cloud services, and…

Hackers Stolen $500,000 in Crypto Assets by Weaponizing AI Extension

A sophisticated cybercrime operation has successfully stolen $500,000 in cryptocurrency assets from a Russian blockchain developer through a malicious extension targeting the Cursor AI integrated development environment. The attack, which occurred in June 2025, represents a concerning evolution in supply…

INE Security Unveiled Enhanced eMAPT Certification

Cary, North Carolina, July 10th, 2025, CyberNewsWire Industry’s Most Comprehensive Mobile Application Penetration Testing Program Addresses Real-World Mobile Security Challenges. INE Security, a leading provider of cybersecurity education and cybersecurity certifications, today launched its significantly enhanced eMAPT (Mobile Application Penetration Testing)…

Hackers Abused GitHub to Spread Malware Mimic as VPN

A sophisticated malware campaign has emerged exploiting the trusted GitHub platform to distribute malicious software disguised as legitimate tools. Threat actors have successfully weaponized the popular code repository to host and distribute the notorious Lumma Stealer malware, masquerading it as…

ServiceNow Platform Vulnerability Let Attackers Exfiltrate Sensitive Data

A significant vulnerability in ServiceNow’s platform, designated CVE-2025-3648 and dubbed “Count(er) Strike,” enables attackers to exfiltrate sensitive data, including PII, credentials, and financial information.  This high-severity vulnerability exploits the record count UI element on list pages through enumeration techniques and…

New PerfektBlue Attack Exposes Millions of Cars to Remote Hacking

A new and critical security threat, PerfektBlue, has emerged, targeting OpenSynergy’s BlueSDK Bluetooth framework and posing an unprecedented risk to the automotive industry. This sophisticated attack vector enables remote code execution (RCE) on millions of devices across automotive and other…

Hackers Exploiting GeoServer RCE Vulnerability to Deploy CoinMiner

A critical remote code execution vulnerability in GeoServer has become a prime target for cybercriminals deploying cryptocurrency mining malware across global networks. The vulnerability, designated CVE-2024-36401, affects the popular open-source Geographic Information System server written in Java, which provides essential…

GitPhish – A New Tool that Automates GitHub Device Code Phishing Attack

GitPhish represents a significant advancement in automated social engineering tools, specifically targeting GitHub’s OAuth 2.0 Device Authorization Grant implementation.  This open-source tool streamlines the traditionally complex process of executing device code phishing attacks, addressing critical operational challenges faced by security…

Best SOC 2 Type 2 Certified Complaint Solutions – 2025

In today’s digital-first business landscape, SOC 2 Type 2 compliance is no longer optional for organizations handling sensitive customer data. As cyber threats escalate and regulatory scrutiny intensifies, demonstrating robust security controls and continuous monitoring is essential for trust, growth,…

Microsoft Outlook Down: Users Unable to Access Mailboxes

In a significant disruption for millions of users worldwide, Microsoft Outlook has been experiencing a major outage since Wednesday, July 9, 2025, starting at 10:20 PM UTC. The issue has left users unable to access their mailboxes through any connection…

Reflectiz Now Available on the Datadog Marketplace

Reflectiz, a leading cybersecurity company specializing in web exposure management, today announced a new integration with Datadog, Inc. (NASDAQ: DDOG), the monitoring and security platform for cloud applications. This integration combines advanced website security intelligence with enterprise-grade observability, empowering organizations with…

Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks

Apache Tomcat has addressed three critical denial-of-service (DoS) vulnerabilities that could allow malicious actors to disrupt web applications and services.  These security flaws, tracked as CVE-2025-52434, CVE-2025-52520, and CVE-2025-53506, affect all Apache Tomcat versions from 9.0.0.M1 to 9.0.106.  The vulnerabilities…

10 Best Secure Web Gateway Vendors In 2025

In 2025, the need for robust secure web gateways (SWGs) has never been greater. As organizations shift to hybrid work, cloud-first strategies, and digital transformation, threats targeting web traffic have grown in sophistication. Secure web gateways are now a foundational…

Microsoft SQL Server 0-Day Vulnerability Exposes Sensitive Data Over Network

A critical information disclosure vulnerability in Microsoft SQL Server, designated as CVE-2025-49719, allows unauthorized attackers to access sensitive data over network connections.  This vulnerability stems from improper input validation within SQL Server’s processing mechanisms, enabling attackers to disclose uninitialized memory…

10 Best Advanced Endpoint Security Tools – 2025

10 Best Advanced Endpoint Security Tools – 2024 Introduction In today’s digital-first business landscape, advanced endpoint security is not just a luxury—it’s a necessity. As organizations expand their operations across cloud, remote, and hybrid environments, every endpoint becomes a potential…

25 Best Managed Security Service Providers (MSSP) In 2025

Managed Security Service Providers (MSSPs) are specialized companies that deliver outsourced cybersecurity services to protect businesses from evolving cyber threats. These providers offer a range of services, including 24/7 threat monitoring, incident response, vulnerability management, and compliance support. MSSPs help…

10 Best ZTNA Solutions (Zero Trust Network Access) In 2025

Zero Trust Network Access (ZTNA) has become a cornerstone of modern cybersecurity strategies, especially as organizations embrace remote work, cloud adoption, and hybrid infrastructures. In 2025, ZTNA solutions are not just a trend they are a necessity for securing sensitive…

IT Gain Ingram Micro Internal Systems Hit by Ransomware Attack

Global technology distributor Ingram Micro has confirmed that its internal systems have been compromised by ransomware, leading to significant operational disruptions across its worldwide IT ecosystem operations.  The Irvine, California-based company, which serves nearly 90% of the global population through…

Parrot OS 6.4 Released With Update For Popular Penetration Testing Tools

Debian-based penetration testing distribution delivers enhanced tools and prepares for next-generation release. Parrot Security has announced the release of Parrot OS 6.4, marking a significant milestone for the Debian-based penetration testing and cybersecurity distribution. This latest version brings substantial updates…

New Slopsquatting Attack Leverage Coding Agents Workflows to Deliver Malware

Researchers have identified a sophisticated new supply-chain threat targeting AI-powered development workflows, where malicious actors exploit coding agents‘ tendency to “hallucinate” non-existent package names to distribute malware. This emerging attack vector, dubbed “slopsquatting,” represents an evolution of traditional typosquatting that…

NordDragonScan Attacking Windows Users to Steal Login Credentials

Security researchers have uncovered a new high-severity cyberattack campaign targeting Microsoft Windows users through a sophisticated infostealer malware called “NordDragonScan.” The malware employs advanced techniques to steal login credentials, browser data, and sensitive documents from compromised systems. Advanced Delivery Method…

10 Best Vulnerability Management Tools In 2025

In today’s rapidly evolving digital landscape, vulnerability management has become a cornerstone of effective cybersecurity. As organizations expand their digital footprint across cloud, on-premises, and hybrid environments, the need for robust vulnerability management tools is more critical than ever. These…