-
A sophisticated privilege escalation vulnerability in Windows SMB servers, leveraging Ghost Service Principal Names (SPNs) and Kerberos authentication reflection to achieve remote SYSTEM-level access. Microsoft designated this as CVE-2025-58726, an “SMB Server Elevation of Privilege” flaw impacting all Windows versions absent enforced SMB signing. According to Semperis, the issue persists in environments with default Active […] The post New Attack Combines Ghost SPNs and Kerberos Reflection to Elevate Privileges on SMB Servers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft addressed a critical race condition vulnerability affecting its Windows Cloud Files Minifilter driver in October 2025. The flaw, assigned CVE-2025-55680, was originally discovered in March 2024 and represents a significant security concern fo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Canadian authorities have issued an urgent alert following multiple confirmed incidents where cybercriminals compromised internet-accessible Industrial Control Systems (ICS) devices protecting critical infrastructure across the nation. The Canadian Centre for Cyber Security and the Royal Canadian Mounted Police report that water treatment facilities, energy companies, and agricultural operations have fallen victim to coordinated attacks, raising […] The post Canada Warns of Hackers Breached ICS Devices Controlling Water and Energy Facilities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Global advertising and marketing giant Dentsu has confirmed that its U.S.-based subsidiary Merkle experienced a cyberattack, prompting immediate incident response measures and system shutdowns to contain the breach. The company detected abnormal activity within Merkle’s network infrastructure, which led to proactive security protocols being deployed to minimize operational impact. Merkle, recognized as a leader in […] The post Dentsu has Disclosed that its U.S.-based Subsidiary Merkle Suffers Cyberattack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign is actively targeting WordPress e-commerce websites using the WooCommerce plugin, according to recent findings from the Wordfence Threat Intelligence Team. The malware campaign, which employs advanced evasion techniques…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released Chrome version 142 to the stable channel, addressing multiple critical security vulnerabilities that could allow attackers to execute malicious code on affected systems. The update, now rolling out to Windows, Mac, and Linux users, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has patched a critical race condition vulnerability in its Windows Cloud Files Minifilter driver, known as CVE-2025-55680, which enables local attackers to escalate privileges and create arbitrary files across the system. Discovered by researchers at Exodus Intelligence in March 2024, the flaw was addressed in the October 2025 Patch Tuesday updates, earning a CVSS […] The post Microsoft Windows Cloud Files Minifilter Privilege Escalation Vulnerability Exploited appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The VSCode extension marketplace has become a critical vulnerability in the software supply chain. Security researchers at HelixGuard Team recently discovered 12 malicious extensions operating within the Microsoft VSCode Marketplace and OpenVSX, with f…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has officially promoted Chrome 142 to the stable channel, delivering critical security updates for Windows, Mac, and Linux users. The rollout begins immediately and will continue over the next few days or weeks, ensuring widespread protection against newly discovered threats. This version addresses 20 vulnerabilities, many of which could enable attackers to execute malicious […] The post Chrome 142 Released With Fix for 20 Vulnerabilities that Allows Malicious Code Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The global developer community has been rocked by the emergence of PhantomRaven, a far-reaching campaign involving 126 malicious npm packages with more than 86,000 downloads. Lurking beneath the surface, these packages actively steal npm tokens, GitHub…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
