-
The OpenSSL Project has released a critical security advisory, addressing three significant vulnerabilities that could allow attackers to execute remote code and potentially recover private cryptographic keys. These flaws affect multiple OpenSSL versions across different platforms and could lead to memory corruption, denial of service attacks, and unauthorized access to sensitive cryptographic materials. The most […] The post OpenSSL Vulnerabilities Let Attackers Execute Malicious Code and Recover Private Key Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Organizations face an ever-evolving cyberthreat landscape marked by faster, more complex attacks. Today, Microsoft is answering this call with the general availability of an agentic security platform built on Microsoft Sentinel. This new wave…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A concerning cybersecurity trend has emerged as threat actors exploit the growing popularity of artificial intelligence tools by distributing malicious Chrome extensions masquerading as legitimate platforms. These deceptive extensions target users seeking convenient access to popular services like ChatGPT, Claude, Perplexity, and Meta Llama, creating a significant security risk for unsuspecting individuals and organizations. The […] The post Beware! Threat Actors Distributing Malicious AI Tools as Chrome Extensions appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals are turning a trusted file format against users in a sophisticated new attack campaign. MatrixPDF represents a concerning evolution in social engineering attacks that split malicious activities across multiple platforms to evade detectio…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Research has uncovered three significant vulnerabilities in Google’s Gemini AI assistant suite, dubbed the “Gemini Trifecta,” that could have allowed cybercriminals to steal users’ saved data and live location information. The v…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In late September 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued a public alert regarding the active exploitation of a critical command injection vulnerability tracked as CVE-2025-59689 in Libraesva Email Security Gateway (ESG) devices. This flaw has rapidly emerged as a favored target for threat actors due to its ease of exploitation and the […] The post CISA Warns of Libraesva ESG Command Injection Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated attack campaign targeting improperly managed Microsoft SQL servers has emerged, deploying the XiebroC2 command and control framework to establish persistent access to compromised systems. The attack leverages vulnerable credentials on publicly accessible database servers, allowing threat actors to gain initial foothold and escalate privileges through a multi-stage deployment process. XiebroC2, a publicly available […] The post Threat Actors Hijacking MS-SQL Server to Deploy XiebroC2 Framework appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In recent months, a surge in targeted intrusions attributed to the Iranian-aligned threat group APT35 has set off alarm bells across government and military networks worldwide. First detected in early 2025, the campaign leverages custom-built malware to infiltrate secure perimeters and harvest user credentials. Initial indicators of compromise point to spear-phishing emails with HTML attachments […] The post APT35 Hackers Attacking Government, Military Organizations to Steal Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security Operations Centers (SOCs) protect organizations’ digital assets from ongoing cyber threats. To assess their effectiveness, SOCs use key performance indicators (KPIs) such as Mean Time to Detect (MTTD) and False Positive Rate (FPR). Although these metrics are often seen as separate, they are closely interconnected; improving one can directly enhance the other. By integrating […] The post How SOC Teams Detect Can Detect Cyber Threats Quickly Using Threat Intelligence Feeds appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA has issued an urgent advisory regarding a critical vulnerability in the Linux and Unix sudo utility CVE-2025-32463 that is currently being exploited in the wild. This flaw allows local adversaries to bypass access controls and execute arbitrary commands as the root user, even without explicit sudoers privileges. Sudo Chroot Bypass (CVE-2025-32463) Identified as “Inclusion […] The post CISA Warns of Linux Sudo Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
