Microsoft has released security updates to fix a serious vulnerability in SQL Server that allows attackers to gain higher system privileges. The flaw, tracked as CVE-2025-59499, was disclosed on November 11, 2025, and affects multiple versions including SQL Server 2016, 2017, 2019, and 2022. This vulnerability stems from improper handling of special characters in SQL […] The post Microsoft SQL Server Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

A new phishing campaign is targeting iPhone owners who have lost their devices, exploiting their hope of recovery to steal Apple ID credentials. The National Cyber Security Centre (NCSC) has received multiple reports of cases where victims received text messages claiming their lost or stolen iPhones had been found abroad, sometimes months after the devices […] The post New Phishing Attack Targeting iPhone Owners Who’ve Lost Their Devices appeared first on Cyber Security News.

A Chinese national has been sentenced to over 11 years in prison following one of the most significant cryptocurrency fraud investigations in history. Zhimin Qian, 47, received an 11-year and eight-month sentence for possessing and transferring criminal property under the Proceeds of Crime Act 2002. The case marks the culmination of a seven-year investigation by […] The post Chinese National Jailed for Laundering Over £5 Billion by Defrauding Over 128,000 Victims appeared first on Cyber Security News.

A large phishing campaign has been targeting travelers worldwide, using more than 4,300 fake domains to steal payment card information. The operation focuses on people planning vacations or about to check into hotels by sending fake booking confirmation emails that appear to come from trusted travel companies. The attackers have created a network of websites […] The post Massive Phishing Attack Impersonate as Travel Brands Attacking Users with 4,300 Malicious Domains appeared first on Cyber Security News.

A sophisticated backdoor malware campaign has emerged targeting Windows users through a weaponized version of SteamCleaner, a legitimate open-source utility designed to clean junk files from the Steam gaming platform. The malware establishes persistent access to compromised systems by deploying malicious Node.js scripts that maintain continuous communication with command-and-control servers, enabling attackers to execute arbitrary […] The post Beware of Malicious Steam Cleanup Tool Attack Windows Machines to Deploy Backdoor Malware appeared first on Cyber Security News.

The advanced persistent threat group APT-C-08, also known as Manlinghua or BITTER, has launched a sophisticated campaign targeting government organizations across South Asia by exploiting a critical directory traversal vulnerability in WinRAR. Security researchers have identified the group’s first operational use of CVE-2025-6218, a flaw affecting WinRAR versions 7.11 and earlier that allows attackers to […] The post APT-C-08 Hackers Exploiting WinRAR Vulnerability to Attack Government Organizations appeared first on Cyber Security News.

A sophisticated phishing campaign has emerged, targeting organizations across Central and Eastern Europe by impersonating legitimate global brands to deceive users into surrendering their login credentials. The attack utilizes self-contained HTML files delivered as email attachments, eliminating the need for external server hosting or suspicious URLs that traditional security systems typically detect. Once opened, these […] The post New Phishing Attack Leverages Popular Brands to Harvest Login Credentials appeared first on Cyber Security News.

Threat actors continue to evolve their techniques for bypassing macOS security controls, shifting away from traditional attack vectors that Apple has systematically patched. Following Apple’s removal of the “right-click and open” Gatekeeper override in August 2024, attackers have identified and weaponized a new delivery mechanism using compiled AppleScript files with deceptive naming conventions. These .scpt […] The post Hackers Weaponize AppleScript to Creatively Deliver macOS Malware Mimic as Zoom/Teams Updates appeared first on Cyber Security News.

Authentication coercion represents a sophisticated and evolving threat targeting Windows and Active Directory environments across organizations globally. This attack method exploits the fundamental communication mechanisms embedded within every Windows operating system, manipulating machines into automatically transmitting sensitive credentials to attacker-controlled infrastructure. The emergence of this threat vector reflects a significant shift in how threat actors […] The post Authentication Coercion Attack Tricks Windows Machines into Revealing Credentials to Attack-controlled Servers appeared first on Cyber Security News.