-
A sophisticated cyberattack targeting Oracle E-Business Suite (EBS) customers has exposed critical vulnerabilities in enterprise resource planning systems, compromising an estimated 100 organizations worldwide between July and October 2025. The campaign, attributed to the notorious Clop ransomware group and linked to the financially motivated threat actor FIN11, exploited a zero-day vulnerability, CVE-2025-61882, to achieve unauthenticated […] The post Lessons from Oracle E-Business Suite Hack That Allegedly Compromises Nearly 30 Organizations Worldwide appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A surge in attacks exploiting iCalendar (.ics) files as a sophisticated threat vector that bypasses traditional email security defenses. These attacks leverage the trusted, plain-text nature of calendar invitations to deliver credential phishing campaigns, malware payloads, and zero-day exploits. Over the past year, calendar-based phishing has emerged as the third most common email social engineering […] The post Hackers Weaponizing Calendar Files as New Attack Vector Bypassing Traditional Email Defenses appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Black Friday 2025 represents the most dangerous shopping season in cybercrime history, with fraudsters leveraging artificial intelligence, deepfake technology, and sophisticated social engineering tactics to target millions of consumers globally. Recent cybersecurity research indicates that scam websites surged 89% year-over-year, while phishing attacks account for 42% of Black Friday-specific threats, with 32% specifically targeting digital […] The post 10 Popular Black Friday Scams – How to Detect the Red Flags and Protect your wallet and Data appeared first on Cyber…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybercrime landscape has undergone a dramatic transformation in 2025, with artificial intelligence emerging as a cornerstone technology for malicious actors operating in underground forums. According to Google’s Threat Intelligence Group (GTIG), the underground marketplace for illicit AI tools has matured significantly this year, with multiple offerings of multifunctional tools designed to support various stages […] The post List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape has entered an unprecedented era of sophistication with the emergence of AI-powered ransomware attacks. Recent research from MIT Sloan and Safe Security reveals a shocking statistic: 80% of ransomware attacks now utilize artificial intelligence. This represents a fundamental shift from traditional malware operations to autonomous, adaptive threats that can evolve in real-time […] The post AI-Powered Ransomware Is the Emerging Threat That Could Bring Down Your Organization appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
PsExec represents one of the most contradictory tools in the cybersecurity landscape, a legitimate system administration utility that has become a cornerstone of malicious lateral movement campaigns. Recent threat intelligence reports indicate that PsExec remains among the top five tools used in cyberattacks as of 2025, with ransomware groups like Medusa, LockBit, and Kasseika actively […] The post How Windows Command-line Utility PsExec Can Be Abused To Execute Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape experienced a significant escalation in September 2025, when Cisco disclosed multiple critical zero-day vulnerabilities affecting its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) platforms. At the center of this security crisis lies CVE-2025-20333, a devastating remote code execution vulnerability with a CVSS score of 9.9, which sophisticated state-sponsored threat actors […] The post Lesson From Cisco ASA 0-Day RCE Vulnerability That Actively Exploited In The Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape in 2025 has been marked by an unprecedented surge in zero-day vulnerabilities actively exploited by threat actors. According to recent data, more than 23,600 vulnerabilities were published in the first half of 2025 alone, representing a 16% increase over 2024. This alarming trend has seen sophisticated threat actors, including nation-state groups and […] The post Top Zero-Day Vulnerabilities Exploited in the Wild in 2025 appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The JavaScript ecosystem experienced one of its most sophisticated and damaging supply chain attacks in September 2025, when a novel self-replicating worm dubbed “Shai-Hulud” compromised over 477 npm packages, marking the first successful automated propagation campaign in the npm registry’s history. This attack represents a significant evolution in supply chain threats, leveraging both social engineering and […] The post Lessons Learned From Massive npm Supply Chain Attack Using “Shai-Hulud” Self-Replicating Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape demands sophisticated tools to identify and exploit vulnerabilities effectively, with Nessus vs Metasploit representing one of the most powerful combinations in modern penetration testing. As cyber threats continue to evolve rapidly, security professionals require comprehensive solutions that can both discover security weaknesses and validate their exploitability through controlled testing environments. The integration […] The post Nessus vs Metasploit Comparison: How To Exploit Vulnerabilities Using These Powerful Tools appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
