A severe security vulnerability has been discovered in Plesk for Linux that could allow users to gain root access on affected servers. The flaw, tracked as CVE-2025-66430, exists within Plesk’s Password-Protected Directories feature and allows attackers to inject arbitrary data…
Tag: Cyber Security News
New Android Malware Mimic as mParivahan and e-Challan Attacking Android Users to Steal Login Credentials
A sophisticated Android malware campaign named NexusRoute is actively targeting Indian citizens by impersonating government services. The operation uses fake versions of the official mParivahan and e-Challan applications to harvest login credentials and financial information from unsuspecting users. This coordinated…
New ARTEMIS AI Agent Outperformed 9 out of 10 Human Penetration Testers in Detecting Vulnerabilities
Researchers from Stanford University, Carnegie Mellon University, and Gray Swan AI have unveiled ARTEMIS, a sophisticated AI agent framework that demonstrates remarkable competitive capabilities against seasoned cybersecurity professionals. In the first-ever comprehensive comparison of AI agents against human experts in…
New Clickfix Attack Exploits finger.exe Tool to Trick Users into Execute Malicious Code
A novel social engineering campaign, dubbed ClickFix, has been identified, which cleverly employs an old Windows command-line tool, finger.exe, to install malware on victims’ systems. This attack begins with a deceptive CAPTCHA verification page, tricking users into running a script…
Storm-0249 Abusing EDR Process Via Sideloading to Hide Malicious Activity
Storm-0249, once known primarily as a mass phishing group, has undergone a significant transformation into a sophisticated initial access broker specializing in precision attacks. This evolution marks a critical shift in threat tactics, moving away from noisy phishing campaigns toward…
Shannon – AI Pentesting Tool that Autonomously Checks for Code Vulnerabilities and Executes Real Exploits
Shannon is a fully autonomous AI pentesting tool for web applications that identifies attack vectors via code analysis and validates them with live browser exploits. Unlike traditional static analysis tools that merely flag potential issues, Shannon operates as a fully…
New Gentlemen Ransomware Breaching Corporate Networks to Exfiltrate and Encrypt Sensitive Data
Gentlemen ransomware, first identified in August 2025, has rapidly evolved into a significant threat targeting corporate networks globally. Operating on a double extortion model, this group exfiltrates sensitive data before encrypting it, ensuring they can leverage stolen information even if…
Microsoft December 2025 Security Updates Breaking Message Queuing (MSMQ) Functionality Affects IIS Sites
Microsoft’s December 2025 security updates have unleashed an unexpected headache for enterprise admins relying on Message Queuing (MSMQ). Installed via KB5071546 on December 9, the patch targeting OS Build 19045.6691 alters MSMQ’s security model, leading to widespread failures in queue…
CISA Adds Sierra Router Vulnerability to KEV Catalogue Following Active Exploitation
A critical vulnerability affecting Sierra Wireless routers has been added to its Known Exploited Vulnerabilities (KEV) catalog. This decision comes after evidence emerged that the flaw is being actively exploited in the wild. Posing significant risks to organizations that still…
Windows Remote Access Connection Manager Vulnerability Enables Arbitrary Code Execution
A critical security issue involving the Windows Remote Access Connection Manager (RasMan) that allows local attackers to execute arbitrary code with System privileges. While investigating CVE-2025-59230, the vulnerability that Microsoft addressed in the October 2025 security updates. 0patch security analysts discovered…
CISA Releases Guidance for Managing UEFI Secure Boot on Enterprise Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), has issued new guidance urging enterprises to verify and manage UEFI Secure Boot configurations to counter bootkit threats. Released in December 2025 as a…
Cybersecurity News Weekly Newsletter – Windows, Chrome, and Apple 0-days, Kali Linux 2025.4, and MITRE Top 25
As 2025 nears its close, the cybersecurity landscape shows no signs of slowing down. This week’s developments highlight how rapidly the threat environment continues to evolve with major zero-day vulnerabilities targeting Windows, Chrome, and Apple devices, each actively exploited in…
CISA Warns of Windows Cloud Files Mini Filter 0-Day Vulnerability Exploited in Attacks
A critical alert regarding an active zero-day vulnerability affecting the Microsoft Windows Cloud Files Mini Filter Driver. The vulnerability poses a significant risk to organizations running affected Windows systems and requires immediate remediation efforts. CISA reports that the vulnerability, tracked…
7 Best Security Awareness Training Platforms For MSPs in 2026
Managed service providers (MSPs) are increasingly popular cyberattack targets. These entities often have numerous endpoints and distributed networks that create many opportunities for adversaries seeking weaknesses to exploit. Security awareness training is just one aspect of defense efforts, but it…
CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability in Google Chromium’s ANGLE graphics engine to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-14174, the flaw allows remote attackers to trigger out-of-bounds memory access…
Empire 6.3.0 Launches With New Features for Red Teams and Penetration Testers
BC Security has announced the release of Empire 6.3.0, the latest iteration of the widely used post-exploitation and adversary emulation framework. This update reinforces Empire’s position as a premier tool for Red Teams and penetration testers, offering a flexible, modular server…
Google Warns Multiple Hacker Groups Are Exploiting React2Shell to Spread Malware
Google Threat Intelligence Group (GTIG) has issued a warning regarding the widespread exploitation of a critical security flaw in React Server Components. Known as React2Shell (CVE-2025-55182), this vulnerability allows attackers to take control of servers remotely without needing a password. Since…
Rust-Based Luca Stealer Spreads Across Linux and Windows Systems
Threat actors are increasingly abandoning traditional languages like C and C++ in favor of modern alternatives such as Golang, Rust, and Nim. This strategic shift enables developers to compile malicious code for both Linux and Windows with minimal modifications. Among…
New Phantom Stealer Campaign Hits Windows Machines Through ISO Mounting
Researchers have uncovered a sophisticated phishing campaign originating in Russia that deploys the Phantom information-stealing malware via malicious ISO files. The attack, dubbed “Operation MoneyMount-ISO,” targets finance and accounting departments explicitly using fake payment confirmation emails to trick victims into…
Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users
Apple patches two WebKit zero-day flaws actively exploited in sophisticated attacks targeting specific iPhone users running iOS versions prior to 26. The iOS 26.2 and iPadOS 26.2 updates, released December 12, 2025, address CVE-2025-43529 and CVE-2025-14174 in WebKit. CVE-2025-43529 involves…