-
Microsoft unveiled significant enhancements to threat intelligence at Ignite 2025, bringing the Threat Intelligence Briefing Agent directly into the Defender portal. This integration marks a pivotal shift in how security teams approach cyber defense, moving from reactive responses to proactive threat anticipation. The Threat Intelligence Briefing Agent, initially launched in March 2025, is now fully […] The post Microsoft Threat Intelligence Briefing Agent Now Integrated With the Defender Portal appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Malicious ‘Free’ VPN Extension with 9 Million Installs Hijacks User Traffic and Steals Browsing Data
A deceptive browser campaign has exposed millions of users to extensive surveillance through seemingly innocent VPN extensions. Chrome extensions marketed as “Free Unlimited VPN” services accumulated over 9 million installations before security detection, with the malware remaining hidden for nearly six years. These tools promised simple privacy solutions with single-click activation, yet delivered precisely the […] The post Malicious ‘Free’ VPN Extension with 9 Million Installs Hijacks User Traffic and Steals Browsing Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in WhatsApp has allowed researchers to expose the phone numbers of 3.5 billion users, marking one of the most significant data leaks ever documented. This vulnerability, rooted in the app’s contact discovery feature, persisted despite warnings to Meta dating back to 2017, raising serious concerns about user privacy on the world’s […] The post WhatsApp Vulnerability Exposes 3.5 Billion Users’ Phone Numbers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Oligo Security researchers have uncovered an active global hacking campaign that leverages artificial intelligence to attack AI infrastructure. The operation, dubbed ShadowRay 2.0, exploits a known yet disputed vulnerability in Ray an open-source frame…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortinet has disclosed a critical OS command injection vulnerability affecting multiple versions of FortiWeb that is currently being exploited in the wild. The flaw, tracked as CVE-2025-58034, allows authenticated attackers to execute unauthorized code…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Socket Threat Research Team has uncovered a sophisticated npm malware campaign orchestrated by the threat actor dino_reborn, who deployed 7 malicious packages designed to distinguish genuine targets from security researchers before executing their …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortinet has released an urgent security advisory addressing a newly discovered zero-day vulnerability, CVE-2025-58034, in its FortiWeb web application firewall platform, after evidence emerged of active exploitation in the wild. The flaw, characterized as improper neutralization of special elements used in OS commands (CWE-78), enables authenticated attackers to execute unauthorized code or commands on targeted […] The post New FortiWeb 0-Day Command Injection Vulnerability Exploited in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SolarWinds has released an urgent security update for its Serv-U file transfer software, patching three critical vulnerabilities that could enable attackers with administrative access to execute remote code on affected systems. The flaws, all rated 9.1…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has integrated Azure Firewall with its AI-powered Security Copilot platform, bringing natural language threat investigation capabilities to cloud network security teams. The new integration allows security analysts to investigate malicious ne…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Remote Access Trojans (RATs) and Trojan Stealers continue to dominate the threat landscape as some of the most prevalent malware families. To evade detection on compromised systems, these threats increasingly employ sophisticated crypters, loaders, and…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶