A critical stored cross-site scripting vulnerability has emerged in the popular DotNetNuke (DNN) Platform, threatening websites powered by this widely-used content management system. The vulnerability, tracked as CVE-2025-59545 with a severity score of 9.1 out of 10, affects all DNN Platform versions prior to 10.1.0 and allows attackers to execute malicious scripts through the platform’s […] The post Critical DNN Platform Vulnerability Let Attackers Execute Malicious Scripts appeared first on Cyber Security News.

Three sophisticated malware families have emerged as significant threats to telecommunications and manufacturing sectors across Central and South Asia, representing a coordinated campaign that exploits legitimate system processes to deliver powerful backdoor capabilities. RainyDay, Turian, and a new variant of PlugX have been systematically abusing DLL search order hijacking techniques to execute malicious loaders, establishing […] The post RainyDay, Turian and Naikon Malwares Abuse DLL Search Order to Execute Malicious Loaders appeared first on Cyber Security News.

In recent months, a sophisticated threat actor leveraging North Korean IT worker employment fraud has surfaced, demonstrating how social engineering can bypass traditional security controls. The adversary’s modus operandi involves posing as remote software engineers, submitting legitimate-looking résumés, completing coding assessments, and ultimately blending into corporate environments. Initial signs were subtle: benign emails, genuine code […] The post New North Korean IT Worker With Innocent Job Application Get Access to Organization’s Network appeared first on Cyber Security News.

In recent weeks, cybersecurity teams have observed a surge in malicious GitHub repositories masquerading as legitimate security and financial software. Threat actors have crafted convincing forks of projects bearing names like Malwarebytes, LastPass, Citibank, and SentinelOne, populated with trojanized installers and scripts that deliver stealthy malware payloads. These repositories exploit the trust developers place in […] The post Weaponized Malwarebytes, LastPass, Citibank, SentinelOne, and Others on GitHub Deliver Malware appeared first on Cyber Security News.

A sophisticated cybercrime campaign has emerged that transforms legitimate AWS infrastructure into weaponized attack platforms through an innovative combination of containerization and distributed denial-of-service capabilities. The ShadowV2 botnet represents a significant evolution in cyber threats, leveraging exposed Docker daemons on Amazon Web Services EC2 instances to establish persistent footholds for large-scale DDoS operations. This campaign […] The post ShadowV2 Botnet Exploits Docker Containers on AWS to Turn Thems as Infected System for DDoS Attack appeared first on Cyber Security News.

A sophisticated new malware family dubbed YiBackdoor has emerged in the cybersecurity landscape, posing a significant threat to organizations worldwide. First observed in June 2025, this malicious software represents a concerning evolution in backdoor technology, featuring advanced capabilities that enable threat actors to execute arbitrary commands, capture screenshots, collect sensitive system information, and deploy additional […] The post New YiBackdoor Allows Attackers to Execute Arbitrary Commands and Exfiltrate Sensitive Data from Hacked Systems appeared first on Cyber Security News.