-
Security researchers have unveiled a sophisticated new attack technique dubbed “Pixnapping” that can extract two-factor authentication codes from Google Authenticator and other sensitive mobile applications in under 30 seconds. Pixnapping l…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has confirmed active exploitation of a critical zero-day vulnerability affecting the Windows Remote Access Connection Manager, designated as CVE-2025-59230. The security flaw, disclosed on October 14, 2025, allows attackers with limited syste…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Telegram has solidified its position as the primary coordination hub for modern hacktivist operations, according to comprehensive research analyzing over 11,000 posts from more than 120 politically motivated threat actor groups. Contrary to assumptions…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
British organisations are facing an unprecedented cyber security crisis as the National Cyber Security Centre reveals a dramatic surge in attacks threatening the nation’s digital infrastructure. This alarming escalation translates to an average o…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The pro-Russian hacktivist collective NoName057(16) has emerged as a notable participant in a coordinated wave of cyberattacks targeting Israeli infrastructure during the October 7 anniversary period. The group claimed responsibility for multiple distr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has confirmed active exploitation of a critical zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service, allowing attackers to escalate privileges and potentially compromise entire systems. Tracked as CVE-2025-59230, the flaw stems from improper access control, enabling low-privileged users to gain SYSTEM-level access. Disclosed on October 14, 2025, the vulnerability affects multiple […] The post Windows Remote Access Connection Manager 0-Day Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated backdoor malware targeting Internet of Things devices has surfaced, employing advanced communication techniques to maintain persistent access to compromised systems. The PolarEdge backdoor, first detected in January 2025, represents a significant evolution in IoT-focused threats, utilizing a custom TLS server implementation and proprietary binary protocol for command and control operations. The malware initially […] The post PolarEdge With Custom TLS Server Uses Custom Binary Protocol for C2 Communication appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered a sophisticated phishing campaign that weaponizes the NPM ecosystem through an unprecedented attack vector. Unlike traditional malicious package installations, this operation leverages the trusted unpkg.com CDN to deliver phishing scripts directly through browsers, targeting enterprise employees across 135+ organizations primarily in Europe’s industrial, technology, and energy sectors. The campaign, discovered in […] The post New Cyberattack Leverages NPM Ecosystem to Infect Developers While Installing Packages appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals have developed a sophisticated phishing campaign targeting Colombian users through fake judicial notifications, deploying a complex multi-stage malware delivery system that culminates in AsyncRAT infection. The campaign demonstrates an alarming evolution in social engineering tactics, leveraging legitimate-looking governmental communications to bypass traditional security measures and successfully compromise unsuspecting victims. The attack campaign employs carefully […] The post Hackers Leverage Judicial Notifications to Deploy Info-Stealer Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortinet has issued an urgent advisory revealing a critical weakness in its FortiPAM and FortiSwitch Manager products that could allow attackers to sidestep authentication entirely through brute-force methods. Tracked as CVE-2025-49201, the flaw stems from a weak authentication mechanism in the Web Application Delivery (WAD) and Graphical User Interface (GUI) components, classified under CWE-1390. With […] The post FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
