-
Red team researchers have unveiled XRayC2, a sophisticated command-and-control framework that weaponizes Amazon Web Services’ X-Ray distributed application tracing service to establish covert communication channels. This innovative technique demo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape continues to evolve as threat actors behind the WARMCOOKIE backdoor malware have significantly enhanced their capabilities, introducing new features and maintaining active development despite law enforcement disruptions. The…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Oracle has issued an urgent security alert for a critical zero-day vulnerability affecting Oracle E-Business Suite that allows remote code execution without authentication. The vulnerability, tracked as CVE-2025-61882, has now received public proof-of-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A proof-of-concept exploit has been released for CVE-2025-32463, a critical local privilege escalation vulnerability affecting the Sudo binary that allows attackers to gain root access on Linux systems. The flaw was discovered by security researcher Ri…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A zero-day vulnerability in the Zimbra Collaboration Suite (ZCS) was actively exploited in targeted attacks earlier in 2025. The flaw, identified as CVE-2025-27915, is a stored cross-site scripting (XSS) vulnerability that attackers leveraged by sending weaponized iCalendar (.ICS) files to steal sensitive data from victims’ email accounts. The attacks were first identified by StrikeReady, which […] The post Hackers Exploit Zimbra Vulnerability as 0-Day with Weaponized iCalendar Files appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed vulnerability, named the WireTap attack, allows attackers with physical access to break the security of Intel’s Software Guard eXtensions (SGX) on modern server processors and steal sensitive information. A research paper released in October 2025 details how this method can extract cryptographic keys from supposedly secure SGX enclaves using a low-cost setup, […] The post New WireTap Attack Break Server SGX To Exfiltrate Sensitive Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used game development platform. The flaw, designated CVE-2025-59489, exposes applications built with vulnerable Unity Editor versions to unsafe file loading attacks that could enable local code execution and privilege escalation across multiple operating systems. The vulnerability stems from […] The post Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has announced a significant security enhancement for Outlook users, implementing the retirement of inline SVG image support across Outlook for Web and the new Outlook for Windows platforms. This change represents a proactive measure to strengthen email security infrastructure and protect users from potential cybersecurity threats. The rollout timeline has been strategically structured to […] The post Microsoft to Disable Inline SVG Images Display to Outlook for Web and Windows Users appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A groundbreaking cybersecurity vulnerability has emerged that transforms Perplexity’s AI-powered Comet browser into an unintentional collaborator for data theft. Security researchers at LayerX have discovered a sophisticated attack vector dubbed “CometJacking” that enables malicious actors to weaponize a single URL to extract sensitive user data without requiring any traditional credential theft or malicious webpage content. […] The post New CometJacking Attack Let Attackers Turn Perplexity Browser Against You in One Click appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A data breach at a third-party customer service provider has exposed the personal data of some Discord users, including names, email addresses, and a small number of scanned government-issued photo IDs. The incident did not compromise Discord’s main systems, and the unauthorized access was limited to data handled by the company’s support teams. Discord announced […] The post Discord Data Breach – Customers Personal Data and Scanned Photo IDs leaked appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
