-
Cybersecurity researchers from Mandiant Threat Defense have uncovered a critical zero-day vulnerability in Gladinet’s Triofox file-sharing platform that allowed attackers to bypass authentication and execute malicious code with system-level privi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The xHunt advanced persistent threat group continues to pose a significant cybersecurity risk through sophisticated attacks targeting Microsoft Exchange and IIS web servers with custom-built backdoors. This highly focused cyber-espionage operation has …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Open Web Application Security Project (OWASP) has officially unveiled the eighth edition of its influential Top 10 security risks list for 2025, introducing significant changes that reflect the evolving landscape of application security threats. Th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals are increasingly targeting websites to inject malicious links and boost their search engine optimization rankings through sophisticated blackhat SEO tactics. This campaign primarily focuses on online casino spam, which has become the most prevalent type of spam content affecting compromised websites. Attackers exploit vulnerabilities in WordPress installations to insert spam content promoting online casinos, […] The post Threat Actors Actively Hacking Websites to Inject Malicious Links and Boost their SEO appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Francesco Nicodemo, a prominent political communications strategist and former Democratic Party communications director, has been identified as a new target in the expanding Paragon spyware surveillance campaign. The revelation marks a concerning escalation in the scope of sophisticated digital espionage operations targeting political figures in Italy. Nicodemo, who currently leads the communications agency Lievito, discovered […] The post Italian Adviser Becomes Latest Target in Expanding Paragon Graphite Spyware Surveillance Case appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The construction industry has emerged as a lucrative target for advanced persistent threat groups and organized cybercriminal networks seeking unauthorized access to corporate systems. State-sponsored APT groups from China, Russia, Iran, and North Korea are increasingly focusing their operations on the building and construction sector, exploiting the industry’s rapid digital transformation and heavy reliance on […] The post APT Groups Attacking Construction Industry Networks to Steal RDP, SSH and Citrix Logins appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Chinese Cybersecurity Firm Data Breach Exposes State-Sponsored Hackers Cyber Weapons and Target List
In early November 2025, Knownsec, one of China’s largest cybersecurity firms with direct government ties, experienced a catastrophic data breach that exposed over 12,000 classified documents. The incident revealed the scale and sophistication of state-sponsored cyber operations, including detailed information about cyber weapons, internal hacking tools, and a comprehensive global surveillance target list. This breach […] The post Chinese Cybersecurity Firm Data Breach Exposes State-Sponsored Hackers Cyber Weapons and Target List appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Open Web Application Security Project (OWASP) has unveiled the 2025 edition of its flagship OWASP Top 10 2025, marking the eighth installment and introducing significant updates to address evolving software security threats. Released on November 6, 2025, this revised version incorporates community survey input and expanded data analysis, highlighting two new categories while consolidating […] The post OWASP Top 10 2025 – Revised Version Released With Two New Categories appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new cyberattack targeting Android devices in South Korea has been uncovered, leveraging Google’s asset-tracking feature, Find Hub, to remotely wipe sensitive user data. Threat actors disguised as psychological counselors and North…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw has been discovered in the widely used npm package expr-eval, potentially exposing AI and natural language processing applications to remote code execution attacks. The vulnerability, tracked as CVE-2025-12735, allows attackers to execute arbitrary system commands through maliciously crafted input. The expr-eval library is a JavaScript tool designed to parse and evaluate mathematical […] The post Critical Vulnerability in Popular NPM Library Exposes AI and NLP Apps to Remote Code Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶