The year 2024 marked a significant milestone in cybersecurity, featuring an extraordinary surge in Common Vulnerabilities and Exposures (CVE) data.| Cyber Security News
Raven Stealer - A new iteration of the lightweight information stealer known as Raven Stealer is rapidly gaining traction in underground.| Cyber Security News
In September 2025, Kandji’s security researchers uncovered a sophisticated credential theft campaign targeting macOS developers through spoofed Homebrew installer sites. The tactics used paralleled recent pro-Russian hacktivist methods employed against operational technology (OT) and industrial control system (ICS) environments. The operation exploited trust in package managers to deliver malicious payloads capable of credential harvesting and […] The post Credential Theft Tactics by Pro-...| Cyber Security News
A pro-Russian hacktivist group known as TwoNet was caught targeting a decoy water treatment facility during a honeypot operation by Forescout’s Vedere Labs in September 2025. The incident, which unfolded via unauthorized access to a human-machine interface (HMI), highlights an evolving trend of hacktivists pivoting from web defacement to more nuanced intrusions against operational technology (OT) and […] The post Credential Theft Tactics by Pro-Russian Hacktivists Against OT and ICS Env...| Cyber Security News
Trend Micro researchers uncovered a serious security lapse involving hardcoded Azure Storage Account credentials embedded within multiple signed DLLs used in an official Axis Communications plugin for Autodesk® Revit®. The exposure, reported under multiple Trend Zero Day Initiative™ advisories (ZDI-24-1181, ZDI-24-1328, ZDI-24-1329, and ZDI-25-858), revealed that Axis’s cloud accounts, responsible for distributing Revit plugin installers […] The post Critical Axis Communications Vulne...| Cyber Security News
Microsoft has taken swift action to tighten security around Internet Explorer (IE) mode in its Edge browser following credible intelligence that cybercriminals were exploiting it to compromise Windows environments. The report, published by Microsoft’s Edge Security Team, reveals that attackers leveraged unpatched vulnerabilities in Internet Explorer’s JavaScript engine (Chakra) and abused in-browser features to execute […] The post Threat Actors Leveraging Legacy IE Mode in Microsoft Ed...| Cyber Security News
The escalating sophistication of cybercriminal operations necessitates a robust defense strategy that extends beyond the corporate firewall. As threat actors increasingly leverage the hidden corners of the internet—the dark web—to trade stolen credentials, plan attacks, and leak proprietary data, organizations must adopt advanced monitoring solutions. Identifying the Best Dark Web Monitoring Tools is no longer […] The post Top 10 Best Dark Web Monitoring Tools in 2025 appeared first on ...| Cyber Security News
A new wave of “Contagious Interview” supply-chain attacks has infected the npm registry with over 338 malicious JavaScript packages, attributed to North Korean threat actors leveraging fake recruiter personas and typosquatted dependencies. The operation, which has amassed more than 50,000 cumulative downloads, continues to exploit social engineering and open-source ecosystems to target Web3, blockchain, and […] The post 338 Malicious Packages Traced to North Korean Hackers Targeting Sof...| Cyber Security News
Security researchers from Dell’s Counter Threat Unit™ (CTU) and Sophos have uncovered an active malware campaign exploiting the WhatsApp Web platform to spread a self-propagating worm that installs Brazilian banking trojans and cryptocurrency credential stealers. The campaign, which began on September 29, 2025, primarily targets users in Brazil and leverages deceptive messages and malicious ZIP […] The post New WhatsApp Worm Campaign Discovered Delivering Banking Malware for Credential ...| Cyber Security News
A new cybercrime alliance calling itself Scattered Lapsus$ Hunters, also referenced in underground channels as SP1D3R HUNTERS or SLSH, has launched an aggressive extortion campaign targeting corporate Salesforce tenants globally. The group, which security researchers link to the so‑called “Trinity of Chaos” composed of Muddled Libra (Scattered Spider), Bling Libra (ShinyHunters), and LAPSUS$, claims to have stolen over one billion Salesforce records […] The post Claims of a 1-B...| Cyber Security News
EDR-Freeze is a proof-of-concept utility designed to incapacitate endpoint detection and response (EDR) or antivirus engines without resorting to kernel exploits or vulnerable driver installations. Instead, it hijacks legitimate Windows Error Reporting components, specifically WerFaultSecure.exe and the MiniDumpWriteDump API, to induce a temporary coma in security processes. Upon execution, EDR-Freeze_1.0.exe spawns WerFaultSecure.exe under the guise […] The post Forensic Breakdown – How ...| Cyber Security News
Astaroth, a notorious banking trojan, has reemerged in a campaign that abuses trusted cloud platforms to maintain resilience against takedown efforts. The infection process begins with highly targeted phishing emails, often themed around business, document signing, or job applications, which trick recipients into downloading a ZIP file. This archive contains an obfuscated Windows Shortcut (LNK) […]| Cyber Security News
To counter this trend, Volexity has introduced GoResolver, an innovative open-source tool designed to simplify the reverse engineering of obfuscated Golang binaries.| Cyber Security News
Cybersecurity experts have identified a concerning trend in the misuse of the open-source Pyramid pentesting tool.| Cyber Security News
A high-severity DoS vulnerability, tracked as CVE-2024-3393, has been discovered in the DNS Security feature of Palo Alto Networks PAN-OS.| Cyber Security News
As AI-driven security solutions proliferate, this transparent benchmark provides critical insight into accuracy, speed, and actionable intelligence generation.| Cyber Security News
A critical weakness in Cisco’s IOS and IOS XE platforms allows an unauthenticated adversary to bypass TACACS+ authentication, potentially granting full administrative control of affected routers and switches. Tracked as CVE-2025-20160 and carrying a CVSS 3.1 score of 8.1, the flaw stems from improper validation of the TACACS+ shared secret configuration. Cisco has not observed […]| Cyber Security News
Today, the National Cyber Security Centre (NCSC) – part of GCHQ – issued further advice to help network defenders mitigate| Cyber Security News
A recent presentation at Botconf 2025 in Angers shed light on the ongoing threat posed by RapperBot, a sophisticated botnet.| Cyber Security News
The patches were made available on July 15, 2025, targeting critical security flaws that could potentially compromise Windows systems and enable denial-of-service attacks.| Cyber Security News
A critical security flaw in the NVIDIA Container Toolkit (NCT) the foundational software powering many cloud-based AI and GPU services.| Cyber Security News
According to the Dmpdump report, the campaign first emerged on VirusTotal on August 28, 2025, when a file uploaded from Malaysia triggered alarms.| Cyber Security News
The vulnerability arises from how Axios decodes data: URLs, allowing an attacker to trigger unbounded memory allocation and crash Node.js processes.| Cyber Security News
The breach originated from attackers exploiting the Drift communication and sales engagement platform, which maintained connections to various Salesforce instances.| Cyber Security News
Microsoft 365 administrators across multiple global regions are currently experiencing significant difficulties adding multifactor authentication (MFA).| Cyber Security News
The Lumma information stealer, a notorious C++ malware strain, continues its prominence in the cyber threat landscape.| Cyber Security News
ESPHome vulnerability - A critical vulnerability has been discovered in the ESPHome web server component on the ESP-IDF platform.| Cyber Security News
Researchers have uncovered a novel phishing-as-a-service (PhaaS) platform named "ONNX Store" that specifically targets Microsoft 365 credentials.| Cyber Security News
A critical vulnerability impacting millions of Google Pixel devices worldwide is a pre-installed, system-level application named Showcase.apk.| Cyber Security News
Azure Health Bot Service, a cloud platform for AI-powered healthcare virtual assistants, suffered from critical vulnerabilities.| Cyber Security News
Attackers leveraged compromised infrastructure for email distribution, malware hosting, and data exfiltration, underscoring the ongoing threat to these organizations.| Cyber Security News
The vulnerabilities, tracked as CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424, pose significant risks to organizations relying on these network infrastructure components for application delivery and secure remote access.| Cyber Security News
Cybersecurity researchers at GreyNoise have uncovered a significant pattern that could revolutionize how organizations prepare for emerging threats.| Cyber Security News
A sophisticated threat campaign leveraging GitHub’s infrastructure has been attributed to the North Korean state-backed threat group.| Cyber Security News
Telegram SSH brute-force - Socket's Threat Research Team has uncovered a sophisticated supply chain attack targeting cybersecurity.| Cyber Security News
The UK NCSC has released an in-depth technical report exposing a sophisticated malware campaign, dubbed “UMBRELLA STAND”.| Cyber Security News
Cybersecurity analysts at WithSecure report a steady uptick in highly targeted cyber activities utilizing Remote Monitoring and Management (RMM) tools.| Cyber Security News
Wolf's Assault - A sophisticated APT group known as Scaly Wolf has executed a persistent multi-year campaign against a Russian.| Cyber Security News
The alleged data breach includes backend source code, payment systems, customer balances, and sensitive company details.| Cyber Security News
The breach, which affected nearly 122 million unique corporate email addresses, has raised concerns about data privacy and security.| Cyber Security News
Workday recently disclosed that it was targeted in a social engineering campaign designed to compromise employee trust and gain unauthorized access to sensitive systems.| Cyber Security News
A critical security flaw, CVE-2024-53704, has been identified in SonicWall's SonicOS SSLVPN application, enabling remote attackers.| Cyber Security News
The Sarcoma ransomware group has expanded its list of victims, targeting three prominent companies across the United States, Germany, and Taiwan.| Cyber Security News
The technique, observed since March 2024, leverages both malspam and compromised websites to deliver the malicious script via popups.| Cyber Security News
Red Hat, Inc. and AMD have announced a strategic collaboration aimed at expanding customer choice in building, deploying, and managing AI workloads.| Cyber Security News
This latest iteration features a more compact development cycle of just 42 days, resulting in focused improvements and critical backend changes that will impact developers worldwide.| Cyber Security News
Released on August 14, 2025, this major update introduces groundbreaking features that extend VirtualBox's capabilities across multiple platforms| Cyber Security News
Microsoft Threat Intelligence has uncovered a sophisticated cyberespionage campaign by the Russian state actor Secret Blizzard.| Cyber Security News
The flaw, tracked as CVE-2025-2183 with a CVSS score of 4.5, affects the certificate validation process in GlobalProtect applications running on Windows and Linux systems.| Cyber Security News
A recent demonstration has brought to light a critical exploit chain capable of bypassing modern zero-trust security policies.| Cyber Security News
Adversary-in-the-Middle (AitM) phishing attacks have rapidly escalated in both scale and sophistication, posing a significant threat.| Cyber Security News
In a groundbreaking move, the UK's National Crime Agency (NCA) has brought the seized LockBit darknet site back online.| Cyber Security News
Qilin ransomware - The Qilin ransomware group has once again dominated the cyberthreat landscape in July 2025, claiming 73 victims.| Cyber Security News
Cyber Press offers a dedicated & fast Cyber Security News Coverage, so you can keep track of Activities & stay Sture.| Cyber Security News
Microsoft mandates multi-factor authentication (MFA) for all Azure sign-ins in response to escalating cyber threats.| Cyber Security News
Microsoft has rolled out a comprehensive set of security enhancements aimed at countering the surge in AiTM phishing attacks.| Cyber Security News
In a recent wave of cyberattacks, the Cl0p ransomware group has demonstrated its ability to exploit vulnerabilities in widely used file transfer software.| Cyber Security News
IDA licensing has undergone significant changes, as licenses are now platform-agnostic, allowing them to be used across Windows, Linux, and macOS.| Cyber Security News
Dell Technologies has issued a security advisory regarding multiple vulnerabilities in its RecoverPoint for Virtual Machines (RP4VM) software.| Cyber Security News
Microsoft Threat Intelligence has uncovered a novel cyberattack strategy employed by the North Korean state-sponsored hacking group Emerald Sleet.| Cyber Security News
The directory, located at https://server.xcode.co.id/files/mimikatz/Win32/, has raised sconcerns about potential misuse by malicious actors.| Cyber Security News
Recent investigations have revealed that ransomware groups like BianLian and Rhysida are using Azure Storage Explorer to steal sensitive data| Cyber Security News
The update includes fixes for 25 critical RCE vulnerabilities, three of which are zero-day vulnerabilities actively exploited in the wild.| Cyber Security News
The victims, all based in France, include Omydoo, Ayomi.fr, and ADULLACT, marking a significant escalation in their cyber extortion campaign.| Cyber Security News
The breach underscores persistent vulnerabilities in the nation’s cybersecurity infrastructure and raises pressing concerns about data protection.| Cyber Security News
Netskope Threat Labs has uncovered a widespread phishing campaign that leverages Webflow's Content Delivery Network (CDN) and SEO.| Cyber Security News
In October 2023, Microsoft introduced native support for 11 additional compression formats in Windows 11 through the KB5031455 update.| Cyber Security News
A C#-based malware loader, Trammy.dll, obfuscated with ConfuserEx, is part of a complex infection chain initiated by an ISO image email.| Cyber Security News
IllusionCAPTCHA capitalizes on the human brain's unique ability to interpret visual discrepancies, creating tasks that are intuitive for humans but perplexing for AI.| Cyber Security News
A surge in Advanced Persistent Threat (APT) attacks has been witnessed in Korea, with notable exploitation of malicious Hancom Office (HWP) and LNK files.| Cyber Security News
This marks yet another chapter in the group's ongoing campaign of digital extortion and data breaches.| Cyber Security News
This incident underscores the growing threat of ransomware targeting architecture and engineering (A&E) firms.| Cyber Security News
Microsoft Entra ID has introduced a robust security mechanism called protected actions, aimed at preventing attackers from permanently deleting user accounts.| Cyber Security News
A critical vulnerability in SolarWinds' Web Help Desk (WHD) software has been identified, allowing remote, unauthenticated attackers to exploit hardcoded credentials embedded in the system.| Cyber Security News
The pursuit of single-bit fault injection attacks has long been regarded as a challenging frontier in hardware security.| Cyber Security News
A critical security vulnerability, identified as CVE-2025-1077, has been disclosed in IBL Software Engineering's Visual Weather software and its derived products.| Cyber Security News
The incident underscores the growing threat posed by this ransomware group, which has targeted various industries worldwide.| Cyber Security News
The EarlyCrow system introduces a groundbreaking approach to detecting Advanced Persistent Threat (APT) malware command and control (C&C) communications.| Cyber Security News
The group announced their exploit on social media, asserting that they had exfiltrated a substantial amount of sensitive data.| Cyber Security News
The exposed information reportedly includes sensitive personal details such as names, email addresses, phone numbers, and home addresses.| Cyber Security News