-
A newly discovered ransomware-as-a-service platform called Gentlemen’s RaaS has recently emerged on underground hacking forums, offering threat actors a sophisticated cross-platform attack capability. The service, advertised by the threat actor known as zeta88, represents a significant expansion in ransomware delivery models, targeting critical infrastructure across multiple operating systems. This development signals an intensified threat landscape […] The post New Gentlemen’s RaaS Advertised on Hacking Forums Targeting Windows, Linux and ESXi Systems appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A massive 4TB SQL Server backup file belonging to global accounting giant Ernst & Young (EY) was discovered publicly accessible on Microsoft Azure. The exposure, uncovered by cybersecurity firm Neo Security during a routine asset mapping exercise, highlights how even well-resourced organizations can inadvertently leave sensitive data vulnerable to the internet’s automated scanners. Neo Security’s […] The post EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fraudulent investment platforms impersonating cryptocurrency and forex exchanges have emerged as the predominant method used by financially motivated cybercriminals to defraud victims across Asia and beyond. These sophisticated scam operations deploy advanced social engineering tactics to manipulate victims into transferring funds to attacker-controlled systems that masquerade as legitimate trading platforms. The threat landscape has evolved […] The post Huge Surge in Fake Investment Platforms Mimic Forex Exchanges Steal Logins appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft experienced a widespread service outage on Wednesday, October 29, 2025, affecting its Azure cloud platform and Microsoft 365 suite, leaving thousands of users unable to access critical business services. The disruption, which began around 16:…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A groundbreaking security vulnerability has emerged that fundamentally challenges the integrity of modern trusted execution environments across Intel and AMD server platforms. Researchers from Georgia Tech, Purdue University, and van Schaik LLC have unveiled TEE.fail, a sophisticated attack methodology that exploits weaknesses in DDR5 memory bus interposition to extract sensitive cryptographic keys from supposedly secure […] The post New TEE.fail Attack Breaks Trusted Environments to Exfiltrate Secrets from Intel and AMD DDR5 Environments appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Amazon Web Services encountered significant operational challenges in its US-EAST-1 region on October 28, 2025, with elevated latencies affecting EC2 instance launches and cascading issues across container orchestration services. The disruption, which began earlier in the day, impacted multiple AWS offerings reliant on Elastic Container Service (ECS), highlighting ongoing vulnerabilities in the cloud giant’s densely […] The post AWS US-EAST-1 Region Experiences Delays in EC2 Instance Deployments appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical cross-site scripting (XSS) vulnerability has been discovered in the popular LiteSpeed Cache plugin for WordPress, affecting millions of websites worldwide. The vulnerability, tracked as CVE-2025-12450, poses a significant risk to site visitors and administrators alike. The LiteSpeed Cache plugin is one of the most widely used performance optimization tools in the WordPress ecosystem, […] The post WordPress Plugin Vulnerability Exposes 7 Million Sites to XSS Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new open-source tool called HikvisionExploiter has emerged, designed to automate attacks on vulnerable Hikvision IP cameras. Released on GitHub in mid-2024 but gaining renewed attention amid 2025’s surge in camera exploits, this Python-based utility targets unauthenticated endpoints in cameras running outdated firmware, such as version 3.1.3.150324. Developed for researchers and red teamers, it streamlines […] The post Hikvision Exploiter – An Automated Exploitation Toolkit Targeting Hikvision IP Cameras appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The npm ecosystem faces a sophisticated new threat as ten malicious packages have emerged, each designed to automatically execute during installation and deploy a comprehensive credential harvesting operation. This attack campaign represents a significant evolution in supply chain compromises, combining multiple layers of obfuscation with cross-platform compatibility to target developers across Windows, Linux, and macOS […] The post 10 Malicious npm Packages with Auto-Run Feature on Install Deploys Multi-Stage Credential Harvester appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A public exploit code demonstrating how attackers could exploit CVE-2025-40778, a critical vulnerability in BIND 9 that enables DNS cache poisoning. The Internet Systems Consortium (ISC) initially disclosed this flaw on October 22, revealing a dangerous weakness in the world’s most widely used DNS software. The vulnerability allows remote, unauthenticated attackers to inject forged DNS […] The post PoC Exploit Released for BIND 9 Vulnerability that Let Attackers Forge DNS Records appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
