-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day vulnerability affecting Apple iOS, iPadOS, and macOS systems that is being actively exploited in the wild. CVE-2025-43300, an out-of-boun…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed vulnerability in Docker Desktop for Windows has revealed how a simple Server-Side Request Forgery (SSRF) attack could lead to complete host system compromise. CVE-2025-9074, discovered by Felix Boulet and reported on August 21, 2025, affects all Docker Desktop versions prior to 4.44.3 and demonstrates how container isolation can be completely bypassed through […] The post Windows Docker Desktop Vulnerability Leads to Full Host Compromise appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated cyber espionage campaign has emerged targeting Ukrainian and Polish organizations through weaponized PDF invitation files designed to execute malicious shell scripts. The campaign, active since April 2025, demonstrates a calculated approach to infiltrating government and private sector networks through carefully crafted social engineering tactics. The threat actors behind this operation have leveraged seemingly […] The post UAC-0057 Hackers Weaponizing PDF Invitation Files to Execute Shell Scripts appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has announced significant restrictions on the use of default onmicrosoft.com domains for email communication, implementing new throttling measures to combat spam and improve email deliverability across its Microsoft 365 platform. Policy Chang…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have developed an artificial intelligence system capable of automatically generating working exploits for published Common Vulnerabilities and Exposures (CVEs) in just 10-15 minutes at approximately $1 per exploit, fundamental…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Socket’s Threat Research Team has uncovered a deceptive Go module named golang-random-ip-ssh-bruteforce, which masquerades as an efficient SSH brute-forcing tool but secretly exfiltrates stolen credentials to its creator. Published on June 24, 2022, th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cyber threat actors have launched sophisticated phishing operations aimed at military and government personnel in South Asia, leveraging defense-related lures to distribute malicious archives and applications. Recent detections include ZIP files like &…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The National Institute of Standards and Technology (NIST) has unveiled a comprehensive concept paper outlining proposed NIST SP 800-53 Control Overlays for Securing AI Systems, marking a significant milestone in establishing standardized cybersecurity frameworks for artificial intelligence applications. Released on August 14, 2025, this initiative addresses the growing need for structured risk management approaches in […] The post NIST Releases Control Overlays to Manage Cybersecurity Risks in Use and Developments of AI Systems appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Telecommunications giant Colt Technology Services has confirmed that customer data was compromised in a sophisticated cyber attack that began on August 12, 2025. The company disclosed that threat actors accessed sensitive files containing customer information and subsequently posted document titles on the dark web, prompting immediate containment measures and law enforcement notification. Key Takeaways1. Colt […] The post Colt Confirms Customer Data Stolen in Ransomware Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Microsoft Azure’s API Connection infrastructure enabled attackers to compromise resources across different Azure tenants worldwide. The flaw, which earned Gulbrandsrud a $40,000 bounty and a Black Hat presentation slot, exploited Azure’s shared API Management (APIM) instance architecture to gain unauthorized access to Key Vaults, Azure SQL databases, and third-party services like […] The post Azure’s Default API Connection Vulnerability Enables Full Cross-Tenant Compromise appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
