-
Microsoft Teams is rolling out a new feature that allows users to misreport messages flagged as security threats. The capability, rolling out by the end of November 2025, targets organizations using Microsoft Defender for Office 365 Plan 2 or Microsoft…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new macOS malware campaign dubbed “Nova Stealer” has emerged, targeting cryptocurrency users through an elaborate scheme that replaces legitimate wallet applications with malicious counterparts designed to harvest sensitive …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Sneaky2FA phishing service has recently added a dangerous new capability to its toolkit that makes stealing Microsoft account credentials even easier for attackers. Push Security analysts and researchers have identified this threat operating in the wild, using a sophisticated technique called Browser-in-the-Browser (BITB) to trick users into handing over their login information. This development […] The post New Sneaky 2FA Phishing Kit with BitB Technique Attacking Users to Steal Microsoft Account Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has enhanced its cloud security capabilities by integrating Azure Firewall with Security Copilot, an AI-powered security solution designed to help security teams work faster and more efficiently. This integration allows security analysts to investigate malicious network traffic using simple, natural-language questions rather than complex technical queries. Security Copilot is a generative AI tool that […] The post Microsoft Integrated Azure Firewall With AI-powered Security Copilot appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SolarWinds has released security patches addressing three critical remote code execution vulnerabilities in Serv-U that could allow attackers with administrative privileges to execute arbitrary code on affected systems. The vulnerabilities disclosed in Serv-U version 15.5.3 pose significant risks to organizations that rely on the file transfer software for secure data exchange. Multiple Pathways to Remote […] The post Critical SolarWinds Serv-U Vulnerabilities Let Attackers Execute Malicious Code Remotely as Admin appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft unveiled significant enhancements to threat intelligence at Ignite 2025, bringing the Threat Intelligence Briefing Agent directly into the Defender portal. This integration marks a pivotal shift in how security teams approach cyber defense, moving from reactive responses to proactive threat anticipation. The Threat Intelligence Briefing Agent, initially launched in March 2025, is now fully […] The post Microsoft Threat Intelligence Briefing Agent Now Integrated With the Defender Portal appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Malicious ‘Free’ VPN Extension with 9 Million Installs Hijacks User Traffic and Steals Browsing Data
A deceptive browser campaign has exposed millions of users to extensive surveillance through seemingly innocent VPN extensions. Chrome extensions marketed as “Free Unlimited VPN” services accumulated over 9 million installations before security detection, with the malware remaining hidden for nearly six years. These tools promised simple privacy solutions with single-click activation, yet delivered precisely the […] The post Malicious ‘Free’ VPN Extension with 9 Million Installs Hijacks User Traffic and Steals Browsing Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in WhatsApp has allowed researchers to expose the phone numbers of 3.5 billion users, marking one of the most significant data leaks ever documented. This vulnerability, rooted in the app’s contact discovery feature, persisted despite warnings to Meta dating back to 2017, raising serious concerns about user privacy on the world’s […] The post WhatsApp Vulnerability Exposes 3.5 Billion Users’ Phone Numbers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Oligo Security researchers have uncovered an active global hacking campaign that leverages artificial intelligence to attack AI infrastructure. The operation, dubbed ShadowRay 2.0, exploits a known yet disputed vulnerability in Ray an open-source frame…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortinet has disclosed a critical OS command injection vulnerability affecting multiple versions of FortiWeb that is currently being exploited in the wild. The flaw, tracked as CVE-2025-58034, allows authenticated attackers to execute unauthorized code…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶