-
A critical authorization bypass vulnerability has emerged in ZYXEL’s ATP and USG series network security appliances, allowing attackers to circumvent two-factor authentication protections and gain unauthorized access to sensitive system configurations. Tracked as CVE-2025-9133, this security flaw affects devices running ZLD firmware version 5.40 and was publicly disclosed on October 21, 2025, following a coordinated […] The post ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sneaky hacking campaign where attackers used publicly available ASP.NET machine keys to break into Windows IIS web servers. These keys, meant to protect web apps, were found in places like Microsoft docs and online forums, making it easy for hackers to trick servers into running harmful code. The group, tracked as REF3927, then installed […] The post Hackers Abuse ASP.NET Machine Keys to Compromise IIS Servers and Deploy Malicious Modules appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybercrime ecosystem surrounding stealer malware has reached unprecedented scale, with threat actors now processing millions of stolen credentials daily through sophisticated distribution networks. Security researchers have been monitoring these op…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated, Rust-based malware dubbed ChaosBot has been exposed utilizing the Discord platform for its Command and Control (C2) operations. This isn’t your average botnet; it’s a new generation of threat that hides its malicious traffi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The first day of Pwn2Own Ireland 2025 wrapped up with a bang, as security researchers uncovered 34 unique zero-day vulnerabilities across various smart devices. Not a single attempt failed, leading to a total payout of $522,500 in prizes. This event, held in Cork, Ireland, from October 21 to 24, brings together top hackers to test […] The post Hackers Exploited 34 Zero-Day Vulnerabilities And Earned $522,500 In Pwn2Own Ireland 2025 appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors infiltrated the official Xubuntu website, redirecting torrent downloads to a malicious ZIP file containing Windows-targeted malware. The incident, uncovered on October 18, 2025, highlights vulnerabilities in community-maintained Linux distribution sites amid rising interest in alternatives to end-of-life operating systems. Users attempting to grab Xubuntu ISOs were instead served a trojan designed to steal […] The post Threat Actors Compromise Xubuntu Website To Deliver Malicious Windows Executable appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Salt Typhoon represents one of the most persistent and sophisticated cyber threats targeting global critical infrastructure today. Believed to be linked to state-sponsored actors from the People’s Republic of China, this advanced persistent threa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cloud account takeover attacks have evolved beyond simple credential theft. Cybercriminals are now exploiting OAuth applications to maintain persistent access to compromised environments, bypassing traditional security measures like password resets and…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has swiftly addressed a high-severity flaw in its Chrome browser’s V8 JavaScript engine, releasing an emergency update to thwart potential remote code execution attacks. The vulnerability, tracked as CVE-2025-12036, stems from an inappropriate implementation within V8, the open-source JavaScript and WebAssembly engine powering Chrome’s rendering capabilities. Discovered and reported internally by Google’s AI-driven security […] The post Chrome V8 JavaScript Engine Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated threat campaign has emerged targeting Russia’s public sector and critical industries between May and August 2025. The Cavalry Werewolf APT group, also known as YoroTrooper and Silent Lynx, has been actively deploying custom-built malware toolsets through highly targeted phishing operations that exploit trusted governmental relationships. The campaign focuses on organizations within energy, mining, […] The post Cavalry Werewolf APT Hackers Attacking Multiple Industries with FoalShell and StallionRAT appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
