Category: Cyber Security News

North Korean state-sponsored hackers from the notorious Kimsuky group have launched a sophisticated multi-platform campaign targeting users across Facebook, email, and Telegram platforms between March and April 2025. The Advanced Persistent Threat (APT) operation, dubbed the “Triple Combo” attack, represents…

Read more →

Tel Aviv, Israel, June 9th, 2025, CyberNewsWire Available to the public and debuting at the Gartner Security & Risk Management Summit,Browser total is a first of its kind browser security assessment tool conducting more than 120tests to provide posture standing,…

Read more →

Tel Aviv, Israel, June 9th, 2025, CyberNewsWire Available to the public and debuting at the Gartner Security & Risk Management Summit,Browser total is a first of its kind browser security assessment tool conducting more than 120tests to provide posture standing,…

Read more →

In recent months, a new wave of sophisticated malware campaigns has swept through millions of devices worldwide, driven by an elusive infrastructure known as HelloTDS and its signature ploy, FakeCaptcha. The campaign’s cunning blend of social engineering and technical subterfuge…

Read more →

Kettering Health, a prominent healthcare network, has confirmed that its systems were compromised by the notorious Interlock ransomware group on May 20, 2025, in what marks another significant cyberattack targeting critical healthcare infrastructure.  The healthcare provider disclosed the breach in…

Read more →

The Internet of Things (IoT) ecosystem has experienced unprecedented growth, with projections indicating that over 29 billion connected devices will be in use by 2030. However, this rapid expansion has introduced significant security vulnerabilities that threaten both individual privacy and…

Read more →

A new wave of cyberattacks has emerged targeting critical infrastructure through the exploitation of Fortigate security appliance vulnerabilities, with threat actors successfully deploying the notorious Qilin ransomware across multiple organizations. This sophisticated campaign leverages specific Common Vulnerabilities and Exposures (CVEs)…

Read more →

Windows 11’s latest 24H2 update has inadvertently broken a widely-used malware evasion technique known as the Lloyd Labs self-delete method, forcing cybersecurity professionals and threat actors alike to adapt their tools and techniques for the new operating system environment. The…

Read more →

Digital forensics has become an indispensable component of modern cybersecurity operations, enabling investigators to extract, analyze, and preserve digital evidence during security incidents. The sophisticated landscape of cyber threats demands equally advanced forensic methodologies that can rapidly identify attack vectors,…

Read more →

A critical cross-site scripting (XSS) vulnerability in the popular Jenkins Gatling Plugin allows attackers to bypass Content-Security-Policy (CSP) protections.  The vulnerability, tracked as CVE-2025-5806, affects Gatling Plugin version 136.vb_9009b_3d33a_e and poses significant risks to Jenkins environments utilizing this performance testing…

Read more →

Arkana Security Group claims to have successfully gained access to Ticketmaster’s database infrastructure and exfiltrated massive volumes of sensitive customer data. The threat actors have reportedly announced their intentions to sell comprehensive datasets containing ticket sales records, payment methodologies, customer…

Read more →

A critical zero-day vulnerability discovered in Salesforce‘s default controller has exposed millions of user records across thousands of deployments worldwide.  The security flaw, found in the built-in aura://CsvDataImportResourceFamilyController/ACTION$getCsvAutoMap controller, allowed attackers to extract sensitive user information and document details through…

Read more →

A sophisticated new malware attack vector that manipulates users through fake browser verification prompts designed to mimic legitimate CAPTCHA systems.  This attack leverages social engineering techniques combined with clipboard manipulation and obfuscated PowerShell commands to trick victims into voluntarily executing…

Read more →

A new proof-of-concept (PoC) exploit for a critical zero-day vulnerability affecting multiple Fortinet products raises urgent concerns about the security of enterprise network infrastructure. The vulnerability, tracked as CVE-2025-32756, carries a maximum CVSS score of 9.8 and enables unauthenticated remote…

Read more →

Kali GPT, a specialized AI model built on GPT-4 architecture, has been specifically developed to integrate seamlessly with Kali Linux, offering unprecedented support for offensive security professionals and students alike. Kali GPT represents a significant breakthrough in the integration of…

Read more →

A sophisticated new information-stealing malware written in the Rust programming language has emerged, demonstrating advanced capabilities to extract sensitive data from both Chromium-based and Gecko-based web browsers. The malware, known as Myth Stealer, represents a significant evolution in cybercriminal tactics,…

Read more →

Cybersecurity researchers have identified a sophisticated new social engineering campaign that exploits fundamental human trust in everyday computer interactions. The ClickFix technique, which has been actively deployed since March 2024, represents a dangerous evolution in cybercriminal tactics that bypasses traditional…

Read more →

A sophisticated malware distribution campaign has weaponized over 140 GitHub repositories to target inexperienced cybercriminals and gaming cheat users, representing one of the largest documented cases of supply chain attacks on the platform. The repositories, masquerading as legitimate malware tools…

Read more →

A sophisticated new social engineering attack campaign has emerged that exploits users’ familiarity with routine security checks to deliver malware through deceptive Cloudflare verification pages. The ClickFix attack technique represents a concerning evolution in phishing methodology, abandoning traditional file downloads…

Read more →

DragonForce, a sophisticated ransomware operation that emerged in fall 2023, has established itself as a formidable threat in the cybercriminal landscape by claiming over 120 victims across the past year. Unlike traditional ransomware-as-a-service models, this threat actor has evolved into…

Read more →