-
A sophisticated privilege escalation vulnerability in Windows SMB servers, leveraging Ghost Service Principal Names (SPNs) and Kerberos authentication reflection to achieve remote SYSTEM-level access. Microsoft designated this as CVE-2025-58726, an “SMB Server Elevation of Privilege” flaw impacting all Windows versions absent enforced SMB signing. According to Semperis, the issue persists in environments with default Active […] The post New Attack Combines Ghost SPNs and Kerberos Reflection to Elevate Privileges on SMB Servers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Canadian authorities have issued an urgent alert following multiple confirmed incidents where cybercriminals compromised internet-accessible Industrial Control Systems (ICS) devices protecting critical infrastructure across the nation. The Canadian Centre for Cyber Security and the Royal Canadian Mounted Police report that water treatment facilities, energy companies, and agricultural operations have fallen victim to coordinated attacks, raising […] The post Canada Warns of Hackers Breached ICS Devices Controlling Water and Energy Facilities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign is actively targeting WordPress e-commerce websites using the WooCommerce plugin, according to recent findings from the Wordfence Threat Intelligence Team. The malware campaign, which employs advanced evasion techniques…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released Chrome version 142 to the stable channel, addressing multiple critical security vulnerabilities that could allow attackers to execute malicious code on affected systems. The update, now rolling out to Windows, Mac, and Linux users, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has patched a critical race condition vulnerability in its Windows Cloud Files Minifilter driver, known as CVE-2025-55680, which enables local attackers to escalate privileges and create arbitrary files across the system. Discovered by researchers at Exodus Intelligence in March 2024, the flaw was addressed in the October 2025 Patch Tuesday updates, earning a CVSS […] The post Microsoft Windows Cloud Files Minifilter Privilege Escalation Vulnerability Exploited appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The VSCode extension marketplace has become a critical vulnerability in the software supply chain. Security researchers at HelixGuard Team recently discovered 12 malicious extensions operating within the Microsoft VSCode Marketplace and OpenVSX, with f…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has officially promoted Chrome 142 to the stable channel, delivering critical security updates for Windows, Mac, and Linux users. The rollout begins immediately and will continue over the next few days or weeks, ensuring widespread protection against newly discovered threats. This version addresses 20 vulnerabilities, many of which could enable attackers to execute malicious […] The post Chrome 142 Released With Fix for 20 Vulnerabilities that Allows Malicious Code Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The global developer community has been rocked by the emergence of PhantomRaven, a far-reaching campaign involving 126 malicious npm packages with more than 86,000 downloads. Lurking beneath the surface, these packages actively steal npm tokens, GitHub…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about active exploitation of a critical vulnerability affecting Windows Server Update Service (WSUS). The agency updated its alert on October 29, 2025, adding cruc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw has been discovered in the Anti-Malware Security and Brute-Force Firewall WordPress plugin, putting more than 100,000 websites at risk. The vulnerability, identified as CVE-2025-11705, allows authenticated attackers with basic …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
