On the eve of Moldova’s parliamentary elections scheduled for September 28, 2025, cybersecurity researchers have uncovered a sophisticated Russian-backed disinformation campaign designed to undermine public confidence in Moldova’s pro-European leadership. The campaign began surfacing in April 2025, when analysts first observed a cluster of newly registered domains publishing biased news articles in both Romanian and […] The post New Russian Disinformation Campaign Targeting Upcoming Moldova’s Elections appeared first on Cyber Security News.

Critical vulnerabilities discovered in Supermicro Baseboard Management Controller (BMC) firmware have exposed a troubling pattern where inadequate security fixes create new attack vectors, allowing sophisticated adversaries to bypass signature verification mechanisms and maintain persistent control over enterprise server infrastructure. These flaws, affecting multiple generations of Supermicro motherboards, demonstrate how design weaknesses in firmware validation processes […] The post BMC Firmware Vulnerabilities Allow Attackers to Bypass Signature Verification Features appeared first on Cyber Security News.

A sophisticated cybercriminal campaign has emerged targeting Indonesian and Vietnamese Android users with banking trojans disguised as legitimate government identity applications and payment services. The malicious operation, active since approximately August 2024, employs advanced evasion techniques to deliver variants of the BankBot trojan family while maintaining an extensive infrastructure of over 100 domains. The threat […] The post Banking Trojans Attacking Android Users Mimic as Government and Legitimate Payment Apps appeared first on Cyber Security News.

A critical stored cross-site scripting vulnerability has emerged in the popular DotNetNuke (DNN) Platform, threatening websites powered by this widely-used content management system. The vulnerability, tracked as CVE-2025-59545 with a severity score of 9.1 out of 10, affects all DNN Platform versions prior to 10.1.0 and allows attackers to execute malicious scripts through the platform’s […] The post Critical DNN Platform Vulnerability Let Attackers Execute Malicious Scripts appeared first on Cyber Security News.

Three sophisticated malware families have emerged as significant threats to telecommunications and manufacturing sectors across Central and South Asia, representing a coordinated campaign that exploits legitimate system processes to deliver powerful backdoor capabilities. RainyDay, Turian, and a new variant of PlugX have been systematically abusing DLL search order hijacking techniques to execute malicious loaders, establishing […] The post RainyDay, Turian and Naikon Malwares Abuse DLL Search Order to Execute Malicious Loaders appeared first on Cyber Security News.

In recent months, a sophisticated threat actor leveraging North Korean IT worker employment fraud has surfaced, demonstrating how social engineering can bypass traditional security controls. The adversary’s modus operandi involves posing as remote software engineers, submitting legitimate-looking résumés, completing coding assessments, and ultimately blending into corporate environments. Initial signs were subtle: benign emails, genuine code […] The post New North Korean IT Worker With Innocent Job Application Get Access to Organization’s Network appeared first on Cyber Security News.