-
Telegram has solidified its position as the primary coordination hub for modern hacktivist operations, according to comprehensive research analyzing over 11,000 posts from more than 120 politically motivated threat actor groups. Contrary to assumptions…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
British organisations are facing an unprecedented cyber security crisis as the National Cyber Security Centre reveals a dramatic surge in attacks threatening the nation’s digital infrastructure. This alarming escalation translates to an average o…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The pro-Russian hacktivist collective NoName057(16) has emerged as a notable participant in a coordinated wave of cyberattacks targeting Israeli infrastructure during the October 7 anniversary period. The group claimed responsibility for multiple distr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has confirmed active exploitation of a critical zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service, allowing attackers to escalate privileges and potentially compromise entire systems. Tracked as CVE-2025-59230, the flaw stems from improper access control, enabling low-privileged users to gain SYSTEM-level access. Disclosed on October 14, 2025, the vulnerability affects multiple […] The post Windows Remote Access Connection Manager 0-Day Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated backdoor malware targeting Internet of Things devices has surfaced, employing advanced communication techniques to maintain persistent access to compromised systems. The PolarEdge backdoor, first detected in January 2025, represents a significant evolution in IoT-focused threats, utilizing a custom TLS server implementation and proprietary binary protocol for command and control operations. The malware initially […] The post PolarEdge With Custom TLS Server Uses Custom Binary Protocol for C2 Communication appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered a sophisticated phishing campaign that weaponizes the NPM ecosystem through an unprecedented attack vector. Unlike traditional malicious package installations, this operation leverages the trusted unpkg.com CDN to deliver phishing scripts directly through browsers, targeting enterprise employees across 135+ organizations primarily in Europe’s industrial, technology, and energy sectors. The campaign, discovered in […] The post New Cyberattack Leverages NPM Ecosystem to Infect Developers While Installing Packages appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals have developed a sophisticated phishing campaign targeting Colombian users through fake judicial notifications, deploying a complex multi-stage malware delivery system that culminates in AsyncRAT infection. The campaign demonstrates an alarming evolution in social engineering tactics, leveraging legitimate-looking governmental communications to bypass traditional security measures and successfully compromise unsuspecting victims. The attack campaign employs carefully […] The post Hackers Leverage Judicial Notifications to Deploy Info-Stealer Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortinet has issued an urgent advisory revealing a critical weakness in its FortiPAM and FortiSwitch Manager products that could allow attackers to sidestep authentication entirely through brute-force methods. Tracked as CVE-2025-49201, the flaw stems from a weak authentication mechanism in the Web Application Delivery (WAD) and Graphical User Interface (GUI) components, classified under CWE-1390. With […] The post FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortinet disclosed a high-severity vulnerability in its FortiOS operating system on October 14, 2025, that could enable local authenticated attackers to execute arbitrary system commands. Tracked as CVE-2025-58325, the flaw stems from an incorrect provision of specified functionality (CWE-684) in the CLI component, potentially leading to privilege escalation. With a CVSS v3.1 score of 7.8 […] The post FortiOS CLI Command Bypass Vulnerability Let Attacker Execute System Commands appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft rolled out its October 2025 Patch Tuesday updates, addressing a staggering 173 vulnerabilities across its ecosystem, including four zero-day flaws, of which two are actively exploited in the wild. This monthly security bulletin underscores the relentless pace of threat evolution, with critical remote code execution bugs in Office apps and elevation of privilege issues […] The post Microsoft October 2025 Patch Tuesday – 4 Zero-days and 172 Vulnerabilities Patched appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
