-
K7 Labs researchers have identified a sophisticated Python-based malware sample employing multi-stage obfuscation and process injection techniques to achieve stealthy persistence on Windows systems. The malware reconstructs a 65 MB blob, with the bulk …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to immediately address a critical security flaw in Oracle Identity Manager following reports of active exploitation. The vulnerability, tracked as CVE-2025-61757, allows unauthenticated remote attackers to execute arbitrary code on affected systems, posing a severe threat to enterprise and government networks. This warning comes in […] The post CISA Warns of Oracle’s Identity Manager RCE Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Welcome to this week’s edition of the Cybersecurity News Weekly Newsletter, where we analyze the critical incidents defining the current threat landscape. If this week has taught us anything, it is that the stability of our digital infrastructure is just as volatile as the security of the software running upon it. We are witnessing a […] The post Cybersecurity News Weekly Newsletter – Fortinet, Chrome 0-Day Flaws, Cloudflare Outage and Salesforce Gainsight Breach appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Azure Bastion (CVE-2025-49752) allows remote attackers to bypass authentication mechanisms and escalate privileges to administrative levels. The flaw, categorized as an authentication bypass vulnerability, poses an immediate risk to organizations that rely on Azure Bastion for secure administrative access to their cloud infrastructure. Attackers Can Escalate Privileges Without User Interaction The […] The post Critical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Tycoon2FA, a sophisticated phishing-as-a-service platform tracked by Microsoft as Storm-1747, has emerged as the dominant threat targeting Office 365 accounts throughout 2025. The cybercriminal operation has launched an aggressive campaign involving ne…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Remote monitoring tools are essential for managing and maintaining the health and performance of IT infrastructure and systems. Remote monitoring tools provide continuous oversight of network devices, servers, applications, and other critical components from a remote location. These tools help identify and resolve issues proactively by offering real-time alerts, performance metrics, and detailed reports. With […] The post 15 Best Remote Monitoring Tools – 2025 appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity giant CrowdStrike has terminated an employee who allegedly shared sensitive internal system information with a notorious hacking collective. The incident involved the leak of internal screenshots posted on a public Telegram channel operat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated supply chain attack has reportedly compromised data across hundreds of organizations, linking the breach to a critical integration between customer success platform Gainsight and CRM giant Salesforce. The notorious hacking collective ShinyHunters is claiming responsibility for the intrusion, which allegedly affects over 200 companies. The attack vector did not rely on breaking into […] The post ShinyHunters Claims Data Theft from 200+ Companies via Salesforce Gainsight Breach appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Metasploit Framework has introduced a new exploit module targeting critical vulnerabilities in Fortinet’s FortiWeb Web Application Firewall (WAF). This module chains two recently disclosed flaws, CVE-2025-64446 and CVE-2025-58034, to achieve unauthenticated Remote Code Execution (RCE) with root privileges. The release follows reports of active exploitation in the wild, including “silent patches” and subsequent bypasses that have left many […] The post Metasploit Adds Exploit Module for Recently Disclosed FortiWeb 0-Day Vulnerabilities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A former IT contractor from Ohio has admitted to launching a cyberattack against his employer’s network in retaliation for being terminated, federal prosecutors announced this week. Maxwell Schultz, 35, of Columbus, Ohio, pleaded guilty to computer fraud charges after leading a technical attack that locked thousands of employees out of their systems nationwide. On May […] The post Fired Techie Admits Hacking Employer’s Network in Retaliation for Termination appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
