-
The Evil Crow Cable Wind is a stealthy tool for red teamers that hides a powerful hacking implant inside what appears to be a standard USB charging cable. Designed by security researcher Joel Serna Moreno, this device functions as a Human Interface Device (HID) capable of executing automated keystroke attacks at speeds of up to […] The post Charging Cable that Hacks your Device to Record Keystrokes and Control Wi-Fi appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in the Azure API Management Developer Portal enables attackers to bypass administrator controls and register accounts across multiple tenants, even when user sign-up has been explicitly disabled. The vulnerability remains unpat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in Apache Struts could allow attackers to trigger disk exhaustion attacks, rendering affected systems unusable. The vulnerability, tracked as CVE-2025-64775, stems from a file leak in multipart request processing that enables denial-of-service conditions. Apache Struts researcher discovered the vulnerability in Apache Struts’ multipart request processing mechanism. The flaw allows attackers to […] The post Apache Struts Vulnerability Let Attackers Trigger Disk Exhaustion Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered three significant vulnerabilities in OpenVPN, one of the world’s most trusted open-source virtual private network (VPN) solutions. The discovered flaws could allow attackers to crash VPN services, bypass essent…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers have uncovered a sophisticated malware campaign where threat actors weaponize trojanized installers for popular productivity applications to deploy ValleyRat, a persistent remote access tool. The operation demonstrates advanced evasion tech…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released critical security updates to address multiple zero-day vulnerabilities affecting Android devices worldwide. The December 2025 security bulletin reveals that threat actors are actively exploiting at least two of these vulnerabilities in real-world attacks, prompting urgent action from the tech giant. Critical Vulnerabilities Under Active Exploitation The two most concerning vulnerabilities being actively […] The post Google Patches Android 0-Day Vulnerabilities Exploited in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered information-stealing malware called Arkanix is rapidly evolving to target sensitive user data, including VPN credentials, system information, and wireless network passwords. Security researchers have identified this emerging threat a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated threat group operating under the name ShadyPanda has successfully compromised millions of browser users through a methodical seven-year campaign targeting popular Chrome and Edge extensions. The attack represents a significant breach of user trust, as the malicious extensions gained verified status from both Google and Microsoft, making them appear legitimate to unsuspecting users. […] The post 4.3 Million Chrome and Edge Users Hacked in 7-Year ShadyPanda Malware Campaign appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenVPN has released critical security updates for its 2.6 stable and 2.7 development branches, addressing three vulnerabilities that could lead to local denial-of-service (DoS), security bypasses, and buffer over-reads. The patches, included in the newly released version 2.6.17 and 2.7_rc3, fix issues ranging from logic errors in HMAC verification to stability flaws in the Windows […] The post OpenVPN Vulnerabilities Let Hackers Triggers Dos Attack and Bypass Security Checks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released critical security patches addressing two high-severity zero-day vulnerabilities in Android that are currently being exploited in limited, targeted attacks. The vulnerabilities, disclosed in the December 2025 Android Security Bulleti…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
