-
Critical vulnerabilities were identified in Chaos Mesh, a popular Cloud Native Computing Foundation chaos engineering platform used for fault injection testing in Kubernetes environments. The security flaws, collectively dubbed “Chaotic Deputy,” comprise four CVEs that enable complete cluster compromise through relatively simple exploitation techniques. Key Takeaways1. “Chaotic Deputy” in Chaos Mesh <2.7.3 allows unauthenticated GraphQL […] The post Critical Chaos Mesh Vulnerabilities Let Attackers Takeover Kubernetes Cluster appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A medium-severity vulnerability has been discovered in the official Kubernetes C# client, which could allow an attacker to intercept and manipulate sensitive communications. The flaw, rated 6.8 on the CVSS scale, stems from improper certificate validation logic. This weakness exposes applications using the client to Man-in-the-Middle (MiTM) attacks, potentially leading to the compromise of credentials, […] The post Kubernetes C# Client Vulnerability Exposes API Server Communication To MiTM Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A global ad fraud and click fraud operation, dubbed SlopAds, comprising 224 Android apps that collectively amassed more than 38 million downloads across 228 countries and territories. Under the guise of AI-themed utilities, these apps employ advanced o…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Conor Brian Fitzpatrick, the 22-year-old founder of BreachForums, has been resentenced to three years in federal prison for operating one of the world’s largest cybercriminal marketplaces. The New York resident was sentenced on September 16, 2025, for creating and administering a platform that facilitated the sale of stolen data and harbored child sexual abuse material […] The post World’s Largest Hacking Forum BreachForums Creator Sentenced to Three Years in Prison appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Two cybersecurity industry leaders have made significant announcements regarding their participation in the upcoming MITRE ATT&CK Evaluations, marking a notable shift in how major security vendors approach independent testing validation. Diagram il…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft’s Digital Crimes Unit (DCU) has seized control of 338 websites facilitating RaccoonO365, the rapidly expanding phishing-as-a-service platform that enables anyone to harvest Microsoft 365 credentials. Acting under a court order from the Southe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Conor Brian Fitzpatrick, the founder and operator of BreachForums, has been resentenced to three more years in prison after a federal appeals court vacated his earlier light sentence. Authorities say Fitzpatrick created and ran one of the world’s large…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Malicious advertising campaigns have surged in sophistication, with cybercriminals exploiting and even operating adtech firms to deliver malware, credential stealers and phishing schemes directly through mainstream ad networks. A cluster of interconnec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A threat actor who gained initial access through a SonicWall VPN device was able to escalate their attack by finding Huntress recovery codes saved in a plaintext file on a user’s desktop. This allowed the attacker to log into the client’s security portal, where they attempted to remediate incident reports and uninstall security agents to […] The post How a Plaintext File On Users’ Desktops Exposed Secrets Leads to Akira Ransomware Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recently disclosed vulnerability in the Kubernetes C# client library allows attackers to carry out man-in-the-middle (MiTM) attacks against the API server. The flaw stems from improper certificate validation when using custom certificate authorities …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
