-
A sophisticated evolution of the RondoDox botnet has emerged with a staggering 650% increase in exploitation capabilities, marking a significant escalation in the threat landscape for both enterprise and IoT infrastructure. First documented by FortiGuard Labs in September 2024, the original RondoDox variant focused narrowly on DVR systems with just two exploit vectors. The newly […] The post RondoDox Botnet Updated Their Arsenal with 650% More Exploits Targeting Enterprises appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
New ‘SleepyDuck’ Malware in Open VSX Marketplace Allow Attackers to Control Windows Systems Remotely
A sophisticated remote access trojan named SleepyDuck has infiltrated the Open VSX IDE extension marketplace, targeting developers using code editors like Cursor and Windsurf. The malware disguised itself as a legitimate Solidity extension under the identifier juan-bianco.solidity-vlang, exploiting name squatting techniques to deceive unsuspecting users. Initially published on October 31st as version 0.0.7, the extension […] The post New ‘SleepyDuck’ Malware in Open VSX Marketplace Allow Attackers to Control Windows Systems Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical remote code execution (RCE) vulnerability tracked as CVE-2025-11953 in the @react-native-community/cli NPM package. With nearly 2 million weekly downloads, this package powers the command-line interface for React Native, a JavaScript framework beloved by developers building cross-platform mobile apps. The vulnerability, scored at CVSS 9.8 for its network accessibility, low complexity, and potential for […] The post Critical RCE Vulnerability in Popular React Native NPM Package Exposes Developers to Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Critical vulnerabilities in Microsoft Teams, a platform central to workplace communication for over 320 million users worldwide, enable attackers to impersonate executives and tamper with messages undetected. These vulnerabilities, now patched by Microsoft, allowed both external guests and insiders to spoof identities in chats, notifications, and calls, potentially leading to fraud, malware distribution, and misinformation. […] The post Hackers Can Exploit Microsoft Teams Vulnerabilities to Manipulate Messages and Alter Notifications appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers have successfully stolen more than $100 million by exploiting a critical vulnerability in the Balancer protocol. Balancer, a leading DeFi platform known for its automated market-making pools, confirmed that only its V2 Composable Stable Pools were affected by the exploit. The remainder of its pools, including Balancer V3 and other older pools, remain untouched […] The post Hackers Stolen Over $100 Million by Exploiting Balancer DeFi Protocol appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft is implementing a significant security enhancement to its Authenticator app, introducing automatic detection of jailbroken and rooted devices for Microsoft Entra credentials. Beginning in February 2026, the company will automatically delete all Microsoft Entra credentials stored on jailbroken iOS devices and rooted Android devices to prevent unauthorized access and strengthen the organization’s security posture. […] The post Microsoft Entra Credentials in the Authenticator App on Jail-Broken Devices to be Wiped Out appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new backdoor named SesameOp has emerged with a novel approach to command-and-control communications that fundamentally challenges traditional security assumptions. Discovered in July 2025 by Microsoft’s Incident Response and Detection and Response Team, this malware represents a significant shift in how threat actors exploit legitimate cloud services for covert operations. Rather than relying on […] The post SesameOp Leveraging OpenAI Assistants API for Stealthy Communication with C2 Servers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability has been discovered in the Post SMTP WordPress plugin, affecting over 400,000 active installations across the web. The vulnerability, identified as CVE-2025-11833 with a CVSS score of 9.8, allows unauthenticated attackers to ac…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Zscaler, a leading cloud security company, has acquired SPLX, an innovative AI security pioneer, to enhance its Zero Trust Exchange platform with advanced AI protection capabilities. The acquisition will integrate shift-left AI asset discovery, automat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Zscaler, a leading cloud security company, has announced the acquisition of SPLX, an innovative AI security firm, to enhance its Zero Trust Exchange platform with advanced artificial intelligence protection capabilities. The acquisition aims to help organizations secure their AI investments throughout the entire development and deployment lifecycle. The integration of SPLX’s technology into Zscaler’s platform […] The post Zscaler Acquires Enterprise AI Security Firm SPLX to Boost Zero Trust Exchange appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶