-
A critical vulnerability has been discovered in WatchGuard’s Firebox firewalls, which could allow a remote, unauthenticated attacker to execute arbitrary code on affected devices. The flaw, tracked as CVE-2025-9242, has been assigned a critical severity rating with a CVSS score of 9.3 out of 10. WatchGuard disclosed the issue in an advisory, WGSA-2025-00015, released on […] The post Critical WatchGuard Vulnerability Allows Unauthenticated Attacker to Execute Arbitrary Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In recent weeks, cybersecurity researchers have observed the emergence of XillenStealer, a Python-based information stealer publicly hosted on GitHub and rapidly adopted by threat actors. First reported in mid-September 2025, the stealer leverages a user-friendly builder GUI to lower the bar for malicious deployment. Operators can configure exfiltration channels, such as a Telegram bot, and […] The post Python Based XillenStealer Attacking Windows Users to Steal Sensitive Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Since early 2025, cybersecurity analysts have witnessed a marked evolution in the tactics and tooling of MuddyWater, the Iranian state-sponsored Advanced Persistent Threat (APT) group. Historically known for broad Remote Monitoring and Management (RMM)…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new report from Entro Labs reveals that one in five exposed secrets in large organizations can be traced back to SharePoint. Rather than a flaw in SharePoint itself, the real culprit is a simple convenience feature: OneDrive’s default auto-sync. When…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft is set to roll out a new feature for its Teams platform called the Network Strength Indicator, designed to provide users with greater clarity on call quality and disruptions during meetings. The update seeks to clarify technical issues by showing real-time network performance for all participants, which helps to minimize interruptions and enhance the […] The post Microsoft Introduces Network Strength Indicator With Teams to Clarify Disruptions appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated cyberthreat campaign has emerged that represents a significant evolution in social engineering attacks, introducing the first real-world implementation of FileFix attack methodology beyond proof-of-concept demonstrations. This advanced threat leverages steganography techniques to conceal malicious payloads within seemingly innocent JPG images, ultimately delivering the StealC information stealer to compromised systems. The attack campaign represents […] The post New Innovative FileFix Attack in The Wild Leverages Steganography to Deliver StealC Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Tech Note – BeaverTail variant distributed via malicious repositories and ClickFix lure17 September 2025 – Oliver Smith, GitLab Threat Intelligence We have identified infrastructure distributing BeaverTail and InvisibleFerret malware since at least May…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has released iOS 16.7.12 and iPadOS 16.7.12 on September 15, 2025, delivering critical security updates to older-generation devices. The patches address a zero-day flaw in the ImageIO framework that could allow an attacker to execute arbitrary code by enticing a user to process a malicious image file. Apple confirms awareness of a sophisticated exploit […] The post Apple Fixes 0-Day Vulnerabilities in Older version of iPhones and iPad appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
China-aligned TA415 hackers have adopted Google Sheets and Google Calendar as covert command-and-control (C2) channels in a sustained espionage campaign targeting U.S. government, academic, and think tank entities. By blending malicious operations into…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape has witnessed an unprecedented surge in API-focused attacks during the first half of 2025, with threat actors launching over 40,000 documented incidents against application programming interfaces across 4,000 monitored environments. This alarming escalation represents a fundamental shift in attack methodology, as cybercriminals have identified APIs as the most lucrative and vulnerable entry […] The post 40,000+ Cyberattacks Targeting API Environments To Inject Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
