-
CISA has issued an urgent alert about a critical vulnerability in Fortinet’s FortiWeb Web Application Firewall (WAF), actively exploited by threat actors to seize administrative control of affected systems. Tracked as CVE-2025-64446, the flaw stems from a relative path traversal issue (CWE-23) that enables unauthenticated attackers to execute arbitrary administrative commands through specially crafted HTTP […] The post CISA Warns of Fortinet FortiWeb WAF Vulnerability Exploited in the Wild to Gain Admin Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding multiple vulnerabilities affecting General Industrial Controls’ Lynx+ Gateway device. Released on November 13, 2025, under alert code ICSA-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In November 2025, a new malware campaign emerged that combines social engineering tricks with advanced stealing tools. The attack starts when criminals trick users into running commands through the Windows Run window, a technique known as ClickFix. Once users follow these instructions, their computers become infected with Amatera Stealer, an advanced piece of malware designed […] The post EVALUSION Campaign Using ClickFix Technique to deploy Amatera Stealer and NetSupport RAT appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly identified ransomware group, Yurei, has emerged as a significant threat to organizations worldwide, with confirmed attacks targeting entities in Sri Lanka and Nigeria across multiple critical industries. First publicly identified in early Septe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
As artificial intelligence infrastructure rapidly expands, critical security flaws threaten the backbone of enterprise AI deployments. Security researchers at Oligo Security have uncovered a series of dangerous Remote Code Execution (RCE) vulnerabilities affecting major AI frameworks from Meta, NVIDIA, Microsoft, and PyTorch projects, including vLLM and SGLang. The vulnerabilities, collectively termed “ShadowMQ,” stem from the […] The post Critical RCE Vulnerabilities in AI Inference Engines Exposes Meta, Nvidia and Microsoft Frameworks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A dangerous espionage campaign is targeting senior government and defense officials worldwide. Iranian hackers are using fake conference invitations and meeting requests to trick victims. The attackers spend weeks building trust before striking. They reach out through WhatsApp to make their messages look legitimate. This campaign, known as SpearSpecter, combines patience with powerful malware to […] The post Iranian SpearSpecter Attacking High-Value Officials Using Personalized Social Engineering Tactics appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly released open-source tool called SilentButDeadly is raising security concerns by demonstrating how attackers can effectively turn off Endpoint Detection and Response systems and antivirus software without terminating any processes. Developed by…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sandbox escape vulnerability affecting iPhones and iPads running iOS 16.2 beta 1 or earlier versions. The proof-of-concept (POC) exploits weaknesses in the itunesstored and bookassetd daemons, enabling attackers to modify sensitive files on the device’s Data partition areas typically protected from unauthorized access. Researcher Kim shared the details in a blog post on October […] The post New MobileGestalt Exploit for iOS 26.0.1 Enables Unauthorized Writes to Protected Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has taken a significant step toward its vision of an Agentic SOC by announcing the public preview of the Alert Triage and Investigation agent, a purpose-built AI agent natively embedded into Google Security Operations. This advancement brings th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Outlook NotDoor backdoor malware first appeared in threat campaigns identified by Lab52, the intelligence arm of Spanish firm S2 Grupo. Linked to APT28/Fancy Bear, NotDoor leverages malicious Outlook macros for persistent access and data theft. Attackers embed these macro payloads within Outlook’s data files to monitor incoming emails and trigger hidden code on infected systems. […] The post Researchers Detailed Techniques to Detect Outlook NotDoor Backdoor Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
