-
Cybercriminals are increasingly targeting websites to inject malicious links and boost their search engine optimization rankings through sophisticated blackhat SEO tactics. This campaign primarily focuses on online casino spam, which has become the most prevalent type of spam content affecting compromised websites. Attackers exploit vulnerabilities in WordPress installations to insert spam content promoting online casinos, […] The post Threat Actors Actively Hacking Websites to Inject Malicious Links and Boost their SEO appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Francesco Nicodemo, a prominent political communications strategist and former Democratic Party communications director, has been identified as a new target in the expanding Paragon spyware surveillance campaign. The revelation marks a concerning escalation in the scope of sophisticated digital espionage operations targeting political figures in Italy. Nicodemo, who currently leads the communications agency Lievito, discovered […] The post Italian Adviser Becomes Latest Target in Expanding Paragon Graphite Spyware Surveillance Case appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The construction industry has emerged as a lucrative target for advanced persistent threat groups and organized cybercriminal networks seeking unauthorized access to corporate systems. State-sponsored APT groups from China, Russia, Iran, and North Korea are increasingly focusing their operations on the building and construction sector, exploiting the industry’s rapid digital transformation and heavy reliance on […] The post APT Groups Attacking Construction Industry Networks to Steal RDP, SSH and Citrix Logins appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Chinese Cybersecurity Firm Data Breach Exposes State-Sponsored Hackers Cyber Weapons and Target List
In early November 2025, Knownsec, one of China’s largest cybersecurity firms with direct government ties, experienced a catastrophic data breach that exposed over 12,000 classified documents. The incident revealed the scale and sophistication of state-sponsored cyber operations, including detailed information about cyber weapons, internal hacking tools, and a comprehensive global surveillance target list. This breach […] The post Chinese Cybersecurity Firm Data Breach Exposes State-Sponsored Hackers Cyber Weapons and Target List appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Open Web Application Security Project (OWASP) has unveiled the 2025 edition of its flagship OWASP Top 10 2025, marking the eighth installment and introducing significant updates to address evolving software security threats. Released on November 6, 2025, this revised version incorporates community survey input and expanded data analysis, highlighting two new categories while consolidating […] The post OWASP Top 10 2025 – Revised Version Released With Two New Categories appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new cyberattack targeting Android devices in South Korea has been uncovered, leveraging Google’s asset-tracking feature, Find Hub, to remotely wipe sensitive user data. Threat actors disguised as psychological counselors and North…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw has been discovered in the widely used npm package expr-eval, potentially exposing AI and natural language processing applications to remote code execution attacks. The vulnerability, tracked as CVE-2025-12735, allows attackers to execute arbitrary system commands through maliciously crafted input. The expr-eval library is a JavaScript tool designed to parse and evaluate mathematical […] The post Critical Vulnerability in Popular NPM Library Exposes AI and NLP Apps to Remote Code Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical remote code execution vulnerability has been discovered in LangGraph’s checkpoint serialization system. The flaw CVE-2025-64439 affects versions of langgraph-checkpoint before 3.0. It allows attackers to execute arbitrary Python code when untrusted data is deserialized. The vulnerability resides in LangGraph’s JsonPlusSerializer, the default serialization protocol used for checkpoint persistence. When the serializer encounters illegal […] The post LangGraph Vulnerability Allows Malicious Python Code Execution During Deserialization appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated supply chain attack has compromised critical industrial control systems through nine malicious NuGet packages designed to inject time-delayed destructive payloads into database operations and manufacturing environments. Socket’s T…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The infamous Meow attack, which devastated unsecured databases since 2020, has resurfaced with renewed force through MAD-CAT (Meow Attack Data Corruption Automation Tool). This custom-built adversarial simulation tool demonstrates how easily attackers …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶