-
A critical security vulnerability in XWiki collaboration software is being actively exploited by threat actors to deploy cryptocurrency mining malware on vulnerable systems. The flaw, tracked as CVE-2025-24893, represents a serious threat to organizati…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has issued a critical security update for ASP.NET Core to address CVE-2025-55315, a high-severity flaw that enables HTTP request smuggling and could allow attackers to bypass key security controls. Disclosed on October 14, 2025, this vulnerability has a CVSS v3.1 score of 9.9, making it one of the most severe issues ever reported in […] The post Microsoft Details ASP.NET Vulnerability That Enables Attackers To Smuggle HTTP Requests appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape continues to face persistent threats from emerging ransomware groups, with Gunra representing a significant concern since its emergence in April 2025. This threat actor has launched systematic attacks across multiple industr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Docker Compose, a cornerstone tool for developers managing containerized application harbors a high-severity vulnerability that lets attackers overwrite files anywhere on a host system. Discovered in early October 2025 by Imperva, the issue stems from improper handling of remote artifacts in Docker’s OCI support, enabling path traversal attacks without even launching containers. Assigned CVE-2025-62725 with […] The post Docker Compose Vulnerability Allow Attacks To Overwrite Arbitrary Files appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Mozilla has announced a significant transparency initiative for its Firefox browser ecosystem, implementing mandatory data disclosure requirements for extension developers. Starting November 3rd, 2025, all newly submitted Firefox extensions must explic…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has released a critical security update addressing a severe vulnerability in ASP.NET Core that could enable attackers to execute HTTP request smuggling attacks. On October 14, 2025, the company issued patches for CVE-2025-55315, a security fe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new remote access trojan called Atroposia has emerged in underground cybercrime marketplaces, offering attackers a comprehensive toolkit for hidden remote desktop access, credential theft, and network manipulation at an accessible price…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
AI language models like ChatGPT, DeepSeek, and Copilot are transforming business operations at lightning speed. They help us generate documents, summarise meetings, and even make decisions faster than ever before. But this rapid adoption comes at a pri…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated Android banking trojan named Herodotus has emerged on the mobile threat landscape, introducing groundbreaking techniques to evade detection systems. During routine monitoring of malicious distribution channels, the Mobile Threat Intelligence service discovered unknown malicious samples distributed alongside notorious malware variants like Hook and Octo. Despite sharing distribution infrastructure, these samples revealed closer similarities […] The post New Android Malware Herodotus Mimic Human Behaviour to Bypass Biometrics Detection appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals have developed a sophisticated phishing technique that exploits invisible characters embedded within email subject lines to evade automated security filters. This attack method leverages MIME encoding combined with Unicode soft hyphens to disguise malicious intent while appearing legitimate to human readers. The technique represents an evolution in social engineering tactics, targeting email filtering mechanisms […] The post New Phishing Attack Using Invisible Characters Hidden in Subject Line Using MIME Encoding appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
