Tag: Cyber Security News

Threat actors are now targeting Microsoft 365 accounts using a growing attack method known as OAuth device code phishing. This technique takes advantage of the OAuth 2.0 device authorization flow, a legitimate Microsoft feature designed for devices with limited input…

Read more →

Security researchers at the National Institute of Standards and Technology (NIST) have uncovered critical security flaws in the Exim mail server. That could allow remote attackers to take complete control of vulnerable systems. The vulnerabilities affect Exim version 4.99 when…

Read more →

Cyber criminals are changing their tactics by recruiting insiders within organizations instead of relying on traditional attack methods like brute force or social engineering. Recent findings show that employees in banks, telecom companies, and technology firms are being approached through…

Read more →

The U.S. Department of Justice (DOJ) has charged 54 individuals in a sweeping crackdown on a transnational cyber-physical attack network. The indictments, announced by U.S. Attorney Lesley A. Woods, allege a massive conspiracy involving “ATM jackpotting” to fund Tren de…

Read more →

A new and ominous player has emerged in the rapidly expanding landscape of “Shadow AI.” Researchers at Resecurity have identified DIG AI, an uncensored artificial intelligence tool hosted on the darknet that is empowering threat actors to automate cyberattacks, generate…

Read more →

In a week that revealed the flaws in digital trust, cybersecurity headlines were filled with high-profile breaches, zero-day exploits, and bold nation-state espionage. Attackers claimed to have swiped usernames, emails, and encrypted passwords from over 1.2 million accounts, underscoring the…

Read more →

Security researchers have identified at least 120 Cisco Secure Email Gateway and Cisco Secure Email and Web Manager devices vulnerable to a critical zero-day flaw that attackers are actively exploiting in the wild. The vulnerability, tracked as CVE-2025-20393, currently has…

Read more →

GitHub has announced the general availability of Claude Opus 4.5, Anthropic’s advanced AI model, across its Copilot platform. This integration enhances AI capabilities for developers using GitHub’s code assistance tools. The Claude Opus 4.5 model is now accessible to users…

Read more →

Microsoft has begun deploying Baseline Security Mode across Microsoft 365 tenants, a new dashboard in the M365 Admin Center that centralizes recommended security configurations for Office, SharePoint, Exchange, Teams, and Entra. Announced at Ignite 2025, this opt-in feature helps administrators…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency (NSA) and Canadian Centre for Cyber Security (Cyber Centre), has released updated indicators of compromise (IOCs) and detection signatures for BRICKSTORM malware. The latest update, published on…

Read more →

In a shocking betrayal of industry trust, two former cybersecurity professionals have pleaded guilty to federal charges for launching ransomware attacks against U.S. businesses. The pair, whose day jobs involved helping companies respond to hacks and negotiate ransoms, admitted to…

Read more →

Cybersecurity researchers have uncovered a sophisticated email campaign deploying a commodity loader to distribute Remote Access Trojans and information stealers. The operation primarily targets manufacturing and government organizations across Italy, Finland, and Saudi Arabia, using highly evasive techniques. Multi-Vector Attack…

Read more →

In a major disruption to remote work and collaboration, Microsoft Teams experienced a significant outage on Friday, affecting thousands of users across multiple regions. Reports of messaging delays, failed message deliveries, and issues with other service functions began surging around…

Read more →

Over 25,000 Fortinet devices worldwide with FortiCloud Single Sign-On (SSO) enabled, leaving them potentially exposed to remote attacks. The finding stems from enhanced device fingerprinting in a new Device Identification report, which scanned global IP addresses and flagged these systems…

Read more →

Iranian state-sponsored threat actors, commonly tracked as “Prince of Persia,” have resurfaced with a sophisticated cyberespionage campaign targeting global critical infrastructure and private networks. Active since the early 2000s, this group recently deployed updated malware variants to infiltrate organizational systems…

Read more →

The Cloud Atlas advanced persistent threat group has continued its sophisticated campaign targeting organizations across Eastern Europe and Central Asia during the first half of 2025, leveraging outdated Microsoft Office vulnerabilities to deliver multiple backdoor implants. This campaign reveals a…

Read more →

Scripted Sparrow is a newly identified Business Email Compromise (BEC) group operating across three continents. Their operations are vast, leveraging significant automation to generate and distribute attack messages on a global scale. The group primarily targets organizations by masquerading as…

Read more →

The ransomware landscape in 2025 has reached new heights, evolving from a cybersecurity issue into a strategic threat to national security and global economic stability. This year saw a 34%-50% surge in attacks compared with 2024, with 4,701 confirmed incidents…

Read more →

An active phishing campaign is currently targeting HubSpot users through a sophisticated combination of social engineering and infrastructure compromise. The attack leverages business email compromise tactics, paired with website hijacking, to deliver credential-stealing malware to unsuspecting marketing professionals and business…

Read more →

Roundcube Webmail has released critical security updates addressing two significant vulnerabilities affecting versions 1.6 and 1.5 LTS. The flaws could enable attackers to execute malicious scripts and gain unauthorized access to sensitive information through multiple attack vectors. The first vulnerability…

Read more →