-
Cybersecurity researchers have uncovered a sophisticated phishing campaign that weaponizes the NPM ecosystem through an unprecedented attack vector. Unlike traditional malicious package installations, this operation leverages the trusted unpkg.com CDN to deliver phishing scripts directly through browsers, targeting enterprise employees across 135+ organizations primarily in Europe’s industrial, technology, and energy sectors. The campaign, discovered in […] The post New Cyberattack Leverages NPM Ecosystem to Infect Developers While Installing Packages appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In its October 2025 Patch Tuesday release, Microsoft addressed a staggering 172 security vulnerabilities across its vast ecosystem, with four zero-day flaws stealing the spotlight, two of which are already being exploited in the wild. This massive secu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals have developed a sophisticated phishing campaign targeting Colombian users through fake judicial notifications, deploying a complex multi-stage malware delivery system that culminates in AsyncRAT infection. The campaign demonstrates an alarming evolution in social engineering tactics, leveraging legitimate-looking governmental communications to bypass traditional security measures and successfully compromise unsuspecting victims. The attack campaign employs carefully […] The post Hackers Leverage Judicial Notifications to Deploy Info-Stealer Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortinet has issued an urgent advisory revealing a critical weakness in its FortiPAM and FortiSwitch Manager products that could allow attackers to sidestep authentication entirely through brute-force methods. Tracked as CVE-2025-49201, the flaw stems from a weak authentication mechanism in the Web Application Delivery (WAD) and Graphical User Interface (GUI) components, classified under CWE-1390. With […] The post FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortinet disclosed a high-severity vulnerability in its FortiOS operating system on October 14, 2025, that could enable local authenticated attackers to execute arbitrary system commands. Tracked as CVE-2025-58325, the flaw stems from an incorrect provision of specified functionality (CWE-684) in the CLI component, potentially leading to privilege escalation. With a CVSS v3.1 score of 7.8 […] The post FortiOS CLI Command Bypass Vulnerability Let Attacker Execute System Commands appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft rolled out its October 2025 Patch Tuesday updates, addressing a staggering 173 vulnerabilities across its ecosystem, including four zero-day flaws, of which two are actively exploited in the wild. This monthly security bulletin underscores the relentless pace of threat evolution, with critical remote code execution bugs in Office apps and elevation of privilege issues […] The post Microsoft October 2025 Patch Tuesday – 4 Zero-days and 172 Vulnerabilities Patched appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft officially ended support for Windows 10, marking the close of a decade-long era for one of the most popular operating systems in history. This means that as of today, the company will no longer deliver free security updates, feature enhancements, or technical assistance for the OS, leaving millions of devices potentially exposed to emerging […] The post Support for Windows 10 Ends Today Leaving Users Vulnerable to Cyberattacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In recent weeks, a sophisticated phishing campaign has emerged, targeting corporate and consumer accounts by impersonating both OpenAI and Sora-branded login portals. Attackers distribute emails crafted to appear as legitimate service notifications, warning recipients of account suspension or unusual activity. These messages include links directing victims to counterfeit login pages that closely replicate the original […] The post Hackers Mimic as OpenAI and Sora Services to Steal Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers can exploit vulnerabilities in signed UEFI shells to bypass Secure Boot protections on over 200,000 Framework laptops and desktops. According to Eclypsium, these vulnerabilities expose fundamental flaws in how modern systems trust boot components, potentially enabling persistent malware infections that evade detection. Disclosed recently to Framework, the issues stem from legitimate diagnostic tools that, […] The post UEFI Shell Vulnerabilities Could Allow Hackers to Bypass Secure Boot on 200,000+ Laptops appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Pixnapping, a novel class of side-channel attacks targeting Android devices that can covertly extract sensitive screen data, including two-factor authentication (2FA) codes from Google Authenticator in under 30 seconds. This exploit leverages Android’s core APIs and a hardware vulnerability in graphics processing units (GPUs), affecting nearly all modern Android phones without requiring special permissions, researchers […] The post New Pixnapping Attack Steals 2FA Codes From Google Authenticator Within 30 Seconds appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
