-
Cybersecurity researchers have uncovered an active global hacking campaign leveraging a known flaw in Ray, an open-source AI framework widely used for managing distributed computing tasks. Dubbed ShadowRay 2.0, this attack exploits vulnerability CVE-2023-48022 to silently seize control of powerful AI computing clusters and turn them into cryptocurrency mining operations. The campaign represents a significant […] The post New ShadowRay Attack Exploit Ray AI-Framework Vulnerability to Attack AI Systems appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical vulnerability affecting Fortinet FortiWeb appliances that threat actors are currently exploiting in active attacks. The agency added CVE-2025-58034 to its Known Exploited Vulnerabilities (KEV) catalog on November 18, 2025, signaling immediate risk to organizations using the affected product. The vulnerability […] The post CISA Warns of Fortinet FortiWeb OS Command Injection Vulnerability Exploited in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In October 2025, Morphisec’s anti-ransomware prevention platform detected and neutralized a sophisticated cyberattack targeting a major U.S. real estate company. The campaign showcased the emerging threat posed by the Tuoni C2 framework a free, m…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft is introducing a new capability in Teams that allows users to report messages they believe were mistakenly flagged as security threats. The feature represents a significant step toward improving detection accuracy and reducing false positives across organizations worldwide. Completion of availability is expected by the end of November 2025. The reporting feature enables users […] The post Microsoft Teams New Feature Let Users Report Messages Incorrectly Flagged as Security Threats appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Multiple critical vulnerabilities affect D-Link DIR-878 routers across all models and firmware revisions. These devices reached the end of life on January 31, 2021. They will no longer receive security updates or technical support from D-Link Corporation. The vulnerabilities allow remote attackers to gain complete control of affected routers without requiring authentication. Two of the […] The post Multiple Vulnerabilities in D-Link EoL/EoS Routers Allows Remote Code Execution Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign targeting the npm ecosystem has emerged, deploying a clever detection system that distinguishes between regular users and security researchers. The threat actor, operating under the alias dino_reborn, created seven malicious npm packages designed to redirect users to crypto-themed scam sites while evading security detection. This intricate operation represents a new frontier […] The post New npm Malware Campaign Verifies if the Visitor is a Victim or a Researcher Before Triggering Infection appeared first on Cyber Security…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity threats continue to evolve with sophisticated evasion methods. A new .NET-based malware loader has emerged that demonstrates an advanced approach to concealing the notorious Lokibot trojan within image files. This multi-stage payload delivery system uses steganography, a technique that embeds hidden data inside legitimate-looking files, making detection significantly more challenging for security tools and […] The post New .NET Malware Hides Lokibot Malware within PNG/BMP Files to Evade Detection appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated Akira ransomware attack orchestrated by the Howling Scorpius group recently left a global data storage and infrastructure company grappling with massive operational disruption all triggered by a single, seemingly innocent click on a web…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft Teams is rolling out a new feature that allows users to misreport messages flagged as security threats. The capability, rolling out by the end of November 2025, targets organizations using Microsoft Defender for Office 365 Plan 2 or Microsoft…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new macOS malware campaign dubbed “Nova Stealer” has emerged, targeting cryptocurrency users through an elaborate scheme that replaces legitimate wallet applications with malicious counterparts designed to harvest sensitive …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
