-
Authentication coercion represents a sophisticated and evolving threat targeting Windows and Active Directory environments across organizations globally. This attack method exploits the fundamental communication mechanisms embedded within every Windows operating system, manipulating machines into automatically transmitting sensitive credentials to attacker-controlled infrastructure. The emergence of this threat vector reflects a significant shift in how threat actors […] The post Authentication Coercion Attack Tricks Windows Machines into Revealing Credentials to Attack-controlled Servers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s ChatGPT. The flaw, lurking in the Custom GPT “Actions” feature, allowed attackers to trick the system into accessing internal cloud metadata, potentially exposing sensitive Azure credentials. The bug, discovered by Open Security during casual experimentation, highlights the risks of user-controlled URL handling in AI tools. SSRF vulnerabilities […] The post ChatGPT Hacked Using Custom GPTs Exploiting SSRF Vulnerability to Expose Secrets appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed a critical SQL injection vulnerability in SQL Server that could allow authenticated attackers to escalate their privileges over a network. Tracked as CVE-2025-59499 and assigned an Important severity rating, the vulnerability st…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed two critical security vulnerabilities affecting GitHub Copilot and Visual Studio Code that could allow attackers to bypass important security protections. Both flaws were reported on November 11, 2025, and carry “Important…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released a new stable Chrome update that addresses a serious flaw in its V8 JavaScript engine. The update, now available as version 142.0.7444.162/.163 for Windows, 142.0.7444.162 for Mac, and 142.0.7444.162 for Linux, will roll out to users…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly identified Android remote access trojan (RAT) dubbed KomeX has surfaced on underground hacker forums, generating widespread concern within the cybersecurity community. Marketed by a threat actor under the alias “Gendirector,” KomeX is built atop the infamous BTMOB RAT codebase and presents a formidable arsenal of spying and device control features. Recognized for its […] The post New KomeX Android RAT Advertised on Hacker Forums with Multiple Subscription Options appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A large-scale phishing campaign has emerged, exploiting Meta’s Business Suite to compromise credentials across thousands of small and medium-sized businesses worldwide. Check Point security researchers identified approximately 40,000 phishing emails distributed to more than 5,000 customers, primarily targeting industries including automotive, education, real estate, hospitality, and finance across the U.S., Europe, Canada, and Australia. The […] The post New Phishing Attack Targeting Meta Business Suite Users to Steal Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed a significant vulnerability in Windows Remote Desktop Services (RDS) that could allow authorized attackers to escalate their privileges on affected systems. Tracked as CVE-2025-60703, the flaw stems from an untrusted pointer dereference, a classic memory safety issue that has plagued software for years, and carries an “Important” severity rating from the company. The […] The post Windows Remote Desktop Services Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In the fast-paced world of “vibecoding,” where developers use AI to build applications rapidly, a new open-source tool is stepping up to tackle security risks. SecureVibes, created by developer Anshuman Bhartiya, leverages Anthropic’s Claude AI through a multi-agent system to detect vulnerabilities in codebases automatically. Released in October 2025, this Python-based scanner aims to make […] The post SecureVibes – AI-backed Tool Uses Claude AI Agents to Scan for Vulnerabilities Across 11 Languages appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Tor Project has released a fresh update for its privacy-focused web browser. Tor Browser 15.0.1 is now available and addresses several high-risk security issues that could have compromised users’ privacy. This update is recommended for all us…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
