-
Ferocious Kitten, a covert cyber-espionage group active since at least 2015, has emerged as a persistent threat to Persian-speaking dissidents and activists within Iran. The group, known for its careful targeting and evolving tactics, deploys its custo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Email-based threats have reached a critical inflection point in the third quarter of 2025. Threat actors are systematically exploiting weaknesses in traditional email security defenses by targeting the world’s two largest email ecosystems: Microsoft Outlook and Google Gmail. The Q3 Email Threat Trends Report reveals that over 90 percent of phishing attacks now concentrate on […] The post Threat Actors Attacking Outlook and Google Bypassing Traditional Email Defenses appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
KnowBe4 Threat Labs has uncovered a sophisticated phishing campaign that marks a turning point in cybercriminal capabilities. The threat landscape is shifting dramatically with the emergence of Quantum Route Redirect. This powerful automation tool tran…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Devolutions Server has been found vulnerable to a critical security flaw that allows low-privileged authenticated users to impersonate other accounts by replaying pre-MFA cookies. The vulnerability, identified as CVE-2025-12485, carries a critical CVS…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new ransomware operation dubbed VanHelsing has emerged as a rapidly expanding threat in the cybercriminal landscape. First observed on March 7, 2025, this operation functions as a Ransomware-as-a-Service (RaaS) platform, licensing its d…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security vulnerability has been discovered in WatchGuard Firebox devices that could allow attackers to bypass authentication mechanisms and gain unauthorized SSH access to affected systems. Tracked as CVE-2025-59396, this flaw poses a significant thr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Zoom has issued multiple security bulletins detailing patches for several vulnerabilities affecting its Workplace applications. The disclosures, published today, highlight two high-severity issues alongside medium-rated flaws, underscoring the ongoing challenges in securing video conferencing tools used by millions in hybrid work environments. These updates come as cybersecurity experts warn of increasing exploitation attempts on collaboration […] The post Zoom Vulnerabilities Let Attackers Bypass Access Controls to Access Session Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SAP released its monthly Security Patch Day updates, addressing 18 new security notes and providing two updates to existing ones, focusing on vulnerabilities that could enable remote code execution and various injection attacks across its product ecosystem. These patches are crucial for enterprises relying on SAP systems, as unpatched flaws could expose sensitive data and […] The post SAP Security Update – Patch for Critical Vulnerabilities Allowing Code Execution and Injection Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google Mandiant has disclosed active exploitation of CVE-2025-12480, a critical unauthenticated access vulnerability in Gladinet’s Triofox file-sharing platform. The threat cluster tracked as UNC6485 has been weaponizing this flaw since August 2025 to gain unauthorized administrative access and establish persistent remote control over compromised systems. The vulnerability stems from improper access control validation in Triofox versions 16.4.10317.56372 and […] The post Hackers Exploiting Triofox 0-Day Vulnerability to Execute Malicious Payload Abusing Anti-Virus Feature appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers at CyberProof have uncovered critical connections between two sophisticated banking trojans Maverick and Coyote that are actively targeting Brazilian users through WhatsApp. The discovery came after investigating a suspicious file …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
