-
A sophisticated remote data-wipe attack targeting Android devices has emerged, exploiting Google’s Find Hub service to execute destructive operations on smartphones and tablets across South Korea. This campaign represents the first documented case where state-sponsored threat actors weaponized a legitimate device protection service to remotely erase user data and disrupt normal device operations. The malware, […] The post Android Remote Data-Wipe Malware Attacking Users Leveraging Google’s Find Hub appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Synology has released an urgent security update addressing a critical remote code execution vulnerability in BeeStation OS that allows unauthenticated attackers to execute arbitrary code on affected devices. The vulnerability, tracked as CVE-2025-12686 and identified by ZDI-CAN-28275, carries a critical CVSS3 base score of 9.8, reflecting its severe impact and exploitability. The flaw stems from […] The post Synology BeeStation 0-Day Vulnerability Let Remote Attackers Execute Arbitrary Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A surge in attacks exploiting iCalendar (.ics) files as a sophisticated threat vector that bypasses traditional email security defenses. These attacks leverage the trusted, plain-text nature of calendar invitations to deliver credential phishing campaigns, malware payloads, and zero-day exploits. Over the past year, calendar-based phishing has emerged as the third most common email social engineering […] The post Hackers Weaponizing Calendar Files as New Attack Vector Bypassing Traditional Email Defenses appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated supply chain attack has emerged, targeting industrial control systems through compromised .NET packages. The threat landscape shifted on November 5, 2025, when researchers identified nine malicious NuGet packages designed to inject destructive payloads into critical infrastructure environments. Published under the NuGet alias shanhai666 between 2023 and 2024, these packages accumulated nearly 9,500 downloads […] The post Weaponized NuGet Packages Inject Time-Delayed Destructive Payloads to Attack ICS Systems appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security vulnerability has been discovered in Zoom Workplace’s VDI Client for Windows that could allow attackers to escalate their privileges on affected systems. The flaw, tracked as CVE-2025-64740 and assigned bulletin ZSB-25042, has been rat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The notorious APT-C-08 hacking group, also known as BITTER, has been observed weaponizing a critical WinRAR directory traversal vulnerability (CVE-2025-6218) to launch sophisticated attacks against government organizations across South Asia. This devel…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security vulnerability has been discovered in Zoom Workplace VDI Client for Windows that could allow attackers to gain elevated privileges on affected systems. The flaw, tracked as CVE-2025-64740, has been assigned a high severity rating with a CVSS score of 7.5, according to Zoom’s security bulletin ZSB-25042. The vulnerability stems from improper verification of […] The post Zoom Workplace for Windows Vulnerability Allow Users to Escalate Privilege appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Devolutions Server could allow attackers with low-level access to impersonate other user accounts by exploiting how the application handles authentication cookies before multi-factor authentication is completed. The security flaw, tracked as CVE-2025-12485, stems from improper privilege management during pre-MFA cookie handling. When users log in to Devolutions Server, the application generates temporary […] The post Devolutions Server Vulnerability Let Attackers Impersonate Users Using Pre-MFA Cookie appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recent investigation by Cyble Research and Intelligence Labs (CRIL) has uncovered a sophisticated phishing campaign exploiting globally recognized and regional brands to steal user credentials, marking an escalation in adversary tradecraft and reach….
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SAP has released a significant security update addressing 18 new vulnerabilities across its enterprise software portfolio, including several critical flaws related to code execution and data injection. This monthly security patch day features four high…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
