-
A serious security flaw in Cisco Catalyst Center Virtual Appliance has been discovered that allows attackers with low-level access to gain full administrator control over affected systems. The vulnerability, tracked as CVE-2025-20341, impacts virtual appliances running on VMware ESXi and carries a high severity rating with a CVSS score of 8.8. This flaw poses a […] The post Cisco Catalyst Center Vulnerability Let Attackers Escalate Priveleges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A proof-of-concept (PoC) exploit tool for CVE-2025-64446 has been publicly released on GitHub. This vulnerability, affecting FortiWeb devices from Fortinet, involves a critical path traversal flaw that has already been observed in real-world attacks, allowing unauthorized access to sensitive CGI endpoints. Security researchers warn that the tool’s availability could accelerate exploitation attempts against unpatched systems […] The post PoC Exploit Tool Released for FortiWeb WAF Vulnerability Exploited in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A severe remote code execution (RCE) flaw has been uncovered in pgAdmin4, the popular open-source interface for PostgreSQL databases. Dubbed CVE-2025-12762, the vulnerability affects versions up to 9.9 and could allow attackers to run arbitrary commands on the hosting server, potentially compromising entire database infrastructures. The issue stems from improper handling of code injection during […] The post Critical pgAdmin4 Vulnerability Lets Attackers Execute Remote Code on Servers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new threat targeting Chinese users has appeared with a dangerous ability to shut down security tools. RONINGLOADER, a multi-stage loader spreading a modified version of the gh0st RAT, uses clever tricks to bypass antivirus protection. The malware arrives through fake software installers that pretend to be legitimate programs like Google Chrome and Microsoft Teams. […] The post RONINGLOADER Weaponizes Signed Drivers to Disable Defender and Evade EDR Tools appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Attackers are using fake invoice emails to spread XWorm, a remote-access trojan that quietly steals login credentials, passwords, and sensitive files from infected computers. When a user opens the attached Visual Basic Script file, the malware begins working silently in the background without any visible warnings or alerts. This makes it extremely dangerous because victims […] The post Hackers are Weaponizing Invoices to Deliver XWorm That Steals Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Chinese government-backed hackers used Anthropic’s Claude Code tool to carry out advanced spying on about thirty targets worldwide, successfully breaking into several major organizations. The first documented large-scale cyberattack executed primarily by leveraging artificial intelligence with minimal human intervention. The operation, detected in mid-September 2025 by Anthropic security team, targeted leading tech companies, financial institutions, […] The post First Large-scale Cyberattack Using AI Tools With Minimal Human Input appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new malware family targeting macOS systems has emerged with advanced detection evasion techniques and multi-stage attack chains. Named DigitStealer, this information stealer uses multiple payloads to steal sensitive data while leaving minimal traces on infected machines. The malware disguises itself as legitimate software and uses clever methods to bypass Apple’s security protections. DigitStealer spreads […] The post Highly Sophisticated macOS DigitStealer Employs Multi-Stage Attacks to Evade detection appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortinet has released urgent security updates to address a critical vulnerability in its FortiWeb Web Application Firewall (WAF) that is being actively exploited in the wild. Tracked as CVE-2025-64446, the flaw allows unauthenticated attackers to execu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new wave of Formbook malware attacks has appeared, using weaponized ZIP archives and multiple script layers to bypass security controls. The attacks begin with phishing emails containing ZIP files that hold VBS scripts disguised as payment confirmation documents. These scripts trigger a chain of events that downloads and installs the malware on victim systems. […] The post Formbook Malware Delivered Using Weaponized Zip Files and Multiple Scripts appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Phishing attacks continue to be one of the most persistent threats targeting organizations worldwide. Cybercriminals are constantly improving their methods to steal sensitive information, and a recently discovered phishing kit demonstrates just how advanced these operations have become. This particular framework was designed to impersonate the Italian IT and web services provider Aruba S.p.A., a […] The post A Multi-Stage Phishing Kit Using Telegram to Harvest Credentials and Bypass Automated Detection appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
