-
CISA released three significant Industrial Control Systems (ICS) advisories on August 26, 2025, alerting organizations to critical vulnerabilities affecting widely-deployed automation systems. These advisories highlight severe security flaws across INVT Electric’s engineering tools, Schneider Electric’s Modicon controllers, and Danfoss refrigeration systems, with CVSS v4 scores reaching 8.7, indicating high-severity exploitable conditions. Key Takeaways1. CISA issued […] The post CISA releases New ICS Advisories Surrounding Vulnerabilities and Exploits appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has issued emergency security updates across its entire ecosystem to address CVE-2025-43300, a critical zero-day vulnerability in the ImageIO framework that has been actively exploited in sophisticated targeted attacks. This represents the seventh zero-day vulnerability that Apple has patched in 2025, underscoring the persistent and escalating threat landscape facing iOS and macOS devices. The vulnerability’s addition to CISA’s […] The post Analysis of Apple’s ImageIO Zero-Day Vulnerability: Attacker Context and Historical iOS Zero-Click Similarities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated global cybercrime campaign dubbed “ShadowCaptcha” has emerged as a significant threat to organizations worldwide, leveraging fake Google and Cloudflare CAPTCHA pages to trick victims into executing malicious commands. Discovered by researchers at the Israel National Digital Agency in August 2025, this large-scale operation has been active for at least one year, exploiting hundreds […] The post New ShadowCaptcha Attack Exploiting Hundreds of WordPress Sites to Tricks Victims into Executing Malicious Commands appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Huntress identified a novel ransomware variant dubbed Cephalus, deployed in two separate incidents targeting organizations lacking robust access controls. This emerging threat, which claims its name from Greek mythology sym…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly observed variant of the Zip Slip vulnerability has emerged, enabling threat actors to exploit path traversal flaws in widely used decompression utilities. Exploits leveraging this vulnerability craft malicious archives containing specially constructed file names with relative paths. When an unsuspecting user or automated system extracts these archives, files are written outside the intended […] The post New Zip Slip Vulnerability Allows Attackers to Manipulate ZIP Files During Decompression appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Spotify today rolled out a native direct messaging feature, Messages, for both Free and Premium users aged 16+ in select markets on mobile. This long-awaited addition creates a dedicated in-app space to share tracks, podcasts, and audiobooks, supercharging word-of-mouth recommendations. However, security researchers warn that the new chat API could introduce attack vectors if not […] The post Spotify Launches Direct Message Feature for Music Sharing, What are the Risks Associated? appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
BruteForceAI, an innovative penetration testing framework developed by Mor David, integrates large language models (LLMs) with browser automation to autonomously identify login forms and conduct sophisticated brute-force attacks. By combining AI-driven form analysis with evasion techniques and comprehensive logging, BruteForceAI streamlines credential-testing workflows, enabling security teams to uncover weak authentication mechanisms rapidly and efficiently. At […] The post New BruteForceAI Tool Automatically Detects Login Pages and Executes Smart Brute-Force Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The threat actor known as TAG-144, also referred to as Blind Eagle or APT-C-36, has been linked to five distinct activity clusters operating from May 2024 through July 2025, primarily targeting Colombian government entities at local, municipal, and fed…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are leveraging the trusted brand of Indonesia’s state pension fund, PT Dana Tabungan dan Asuransi Pegawai Negeri (Persero), or TASPEN, to deploy a malicious Android application disguised as an official portal. This banking trojan an…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Spotify this week unveiled a new Direct Messaging feature, enabling users to share songs, podcasts and audiobooks within the app. While the move promises streamlined recommendations and deeper engagement among friends, it also raises fresh se…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
