-
Adversary-in-the-Middle (AiTM) attacks are among the most sophisticated and dangerous phishing techniques in the modern cybersecurity landscape. Unlike traditional phishing attacks that merely collect static credentials, AiTM attacks actively intercept and manipulate communications between users and legitimate services in real-time, enabling attackers to bypass multi-factor authentication (MFA) and evade endpoint detection and response (EDR) systems. […] The post How Adversary-In-The-Middle (AiTM) Attack Bypasses MFA and EDR? appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A high-severity Server-Side Request Forgery (SSRF) vulnerability has been identified in the widely used PhpSpreadsheet library, potentially allowing attackers to exploit internal network resources and compromise server security. The vulnerability, tracked as CVE-2025-54370, affects multiple versions of the phpoffice/phpspreadsheet package and carries a CVSS v4.0 score of 8.7. Key Takeaways1. SSRF in PhpSpreadsheet’s Worksheet\Drawing::setPath via […] The post PhpSpreadsheet Library Vulnerability Enables Attackers to Feed Malicious HTML Input appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Nagios XI, a widely-deployed network monitoring solution, has addressed a critical cross-site scripting (XSS) vulnerability in its Graph Explorer feature that could enable remote attackers to execute malicious JavaScript code within users’ browsers. The security flaw was patched in version 2024R2.1, released on August 12, 2025, following responsible disclosure by security researcher Marius Lihet. Key […] The post Nagios XSS Vulnerability Let Remote Attackers to Execute Arbitrary JavaScript appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new Mac malware campaign has emerged, targeting users through a deceptive PDF conversion website that conceals a dangerous two-stage payload. The malware, dubbed “JSCoreRunner,” represents a significant evolution in macOS threats, demonstrating how cybercriminals are adapting their techniques to bypass Apple’s security measures while maintaining zero detection rates on major security platforms. The […] The post New Mac Malware Dubbed ‘JSCoreRunner’ Weaponizing PDF Conversion Site to Deliver Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
TransUnion, one of the nation’s three major credit reporting agencies, has disclosed a significant data breach that exposed the personal information of more than four million U.S. customers. The company is now alerting affected individuals about the cyber incident, which involved unauthorized access to data stored on a third-party application. On July 28, 2025, TransUnion […] The post TransUnion Hack Exposes 4M+ Customers Personal Information appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
DPRK IT workers have leveraged popular code-sharing platforms such as GitHub, CodeSandbox, and Medium to cultivate convincing developer portfolios and land remote positions under fabricated identities. Investigations reveal approximately 50 active GitH…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Emerging in mid-2025, a sophisticated campaign attributed to the Silver Fox APT has begun exploiting a previously unreported vulnerable driver to compromise modern Windows environments. This campaign leverages the WatchDog Antimalware driver (amsdk.sys, version 1.0.600), a Microsoft-signed component built on the Zemana Anti-Malware SDK. By abusing its arbitrary process termination capability, threat actors bypass endpoint […] The post Silver Fox APT Hackers Leveraging Vulnerable driver to Attack Windows 10 and 11 Systems by Evading EDR/AV appeared first on Cyber Security…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated supply chain attack has compromised the popular Nx build platform, affecting millions of weekly downloads and resulting in widespread credential theft. The attack, dubbed “s1ngularity,” represents one of the most comprehensive credential harvesting campaigns targeting the developer ecosystem in 2025. GitGuardian observed that malicious actors infiltrated multiple Nx package versions (20.9.0 through 21.8.0) […] The post Nx Packages With Millions of Weekly Downloads Hacked With Credential Stealer Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals are increasingly turning their sights from desktop to mobile, exploiting Meta’s advertising platform to distribute a sophisticated Android banking trojan disguised as a free TradingView Premium app. Bitdefender Labs warns that these thre…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new Mac malware campaign has emerged that exploits users’ trust in free online PDF conversion tools, demonstrating how cybercriminals continue to evolve their tactics to bypass modern security measures. Cybersecurity firm Mosyle h…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
