A critical authentication bypass vulnerability has emerged in Nokia’s CloudBand Infrastructure Software (CBIS) and Nokia Container Service (NCS) Manager API, designated as CVE-2023-49564. This high-severity flaw, scoring 9.6 on the CVSS v3.1 scale, enables unauthorized attackers to circumvent authentication mechanisms through specially crafted HTTP headers, potentially granting complete access to restricted API endpoints without valid […] The post Nokia CBIS/NCS Manager API Vulnerability Let Attackers Bypass Authentication appeared first on Cyber Security News.

In early 2025, cybersecurity researchers observed an unprecedented collaboration between two Russian APT groups targeting Ukrainian organizations. Historically, Gamaredon has focused on broad spear-phishing campaigns against government and critical infrastructure, while Turla has specialized in high-value cyberespionage using sophisticated implants. Their joint operations mark a significant escalation: Gamaredon gains initial access using its established toolkit, […] The post Russian Hacking Groups Gamaredon and Turla Attacking Organizations to Deploy Kazuar Backdoor appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding sophisticated malware campaigns targeting Ivanti Endpoint Manager Mobile (EPMM) systems. Cybercriminals are actively exploiting two critical vulnerabilities, CVE-2025-4427 and CVE-2025-4428, to deploy advanced persistent threats that enable complete system compromise and arbitrary code execution on targeted servers. The attack campaign emerged shortly […] The post CISA Warns of Hackers Exploiting Ivanti Endpoint Manager Mobile Vulnerabilities to Deploy Malware appeared first on Cyber Security News.

The emergence of a new campaign weaponizing legitimate remote monitoring and management software has alarmed security teams worldwide. Attackers are distributing trojanized installers for ConnectWise ScreenConnect—now known as ConnectWise Control—to deliver dual payloads: the widely used AsyncRAT and a custom PowerShell-based RAT. By leveraging trusted software footprints and open directories, adversaries bypass signature-based defenses and […] The post Beware of Weaponized ScreenConnect App That Delivers AsyncRAT and PowerShell RAT appeared first on Cyber Security News.

Cybersecurity researchers have identified a potential connection between two Yemen-based cybercriminal organizations, the Belsen Group and ZeroSevenGroup, following an extensive investigation into their operational patterns and attack methodologies. The discovery comes amid growing concerns about sophisticated network intrusion campaigns targeting critical infrastructure and enterprise systems across multiple continents. The Belsen Group first emerged in January […] The post Researchers Uncover Link Between Belsen and ZeroSeven Cybercriminal Groups appeared first on Cyber Security News.

The emergence of the SystemBC botnet marks a significant evolution in proxy-based criminal infrastructure. Rather than co-opt residential devices for proxying, SystemBC operators have shifted to compromising large commercial Virtual Private Servers (VPS), enabling high-volume proxy services with minimal disruption to end users. In recent months, Lumen Technologies has observed an average of 1,500 newly […] The post SystemBC Botnet Hacked 1,500 VPS Servers Daily to Hire for DDoS Attack appeared first on Cyber Security News.

In recent months, security teams have observed the emergence of a sophisticated malware loader, dubbed CountLoader, which leverages weaponized PDF files to deliver ransomware payloads. First detected in late August 2025, CountLoader is linked to multiple Russian-speaking cybercriminal groups, including affiliates of LockBit, BlackBasta, and Qilin. By masquerading as legitimate documents—often impersonating Ukrainian law enforcement—this […] The post New Malware Loader ‘CountLoader’ Weaponized PDF File to Deliver Ransomware appeared first on Cyber Security News.

The ransomware threat landscape witnessed a dramatic shift in August 2025 as the Qilin group claimed responsibility for 104 separate attacks worldwide. Emerging earlier this year, Qilin quickly cemented its position through aggressive double-extortion tactics and a broad affiliate recruitment strategy. Initial compromises have predominantly leveraged exposed Remote Desktop Protocol (RDP) servers and publicly facing […] The post Qilin Led Ransomware Attack Claimed to Compromised 104 Organizations in August appeared first on Cyber Security News.

The global spyware market continues its alarming expansion, with new research revealing the emergence of 130 additional entities spanning 46 countries between 1992 and 2024. This shadowy ecosystem of surveillance technologies has grown from 435 documented entities in the initial assessment to 561 organizations, fundamentally reshaping the landscape of offensive cyber capabilities. The proliferation extends […] The post Global Spyware Markets to Identify New Entities Entering The Market appeared first on Cyber Security News.