-
A major data breach at American First Finance, LLC has exposed sensitive information for nearly 700,000 customers. The breach, which occurred on May 31, 2024, was discovered over a year later on June 18, 2025. An ex-employee of the financial services f…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability has been discovered in LG’s WebOS for smart TVs, allowing an attacker on the same local network to bypass authentication mechanisms and achieve full control over the device. The flaw, which affects models like the LG WebOS 43UT8050, enables unauthenticated attackers to gain root access, install malicious applications, and completely compromise the […] The post LG WebOS TV Vulnerability Let Attackers Bypass Authentication and Enable Full Device Takeover appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Luxury retail giant Kering has confirmed a major data breach affecting its top fashion houses, including Gucci, Balenciaga, and Alexander McQueen. The cybercriminal group known as Shiny Hunters claims to have stolen private details tied to as many as 7…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An ongoing supply chain attack has compromised multiple npm packages published by CrowdStrike, extending a malicious campaign known as the “Shai-Halud attack.” The incident, which involves the same malware previously used to target the popular tinycolor package, highlights the persistent threat of supply chain vulnerabilities within the open-source ecosystem. The npm registry acted swiftly to […] The post CrowdStrike npm Packages Compromised in Ongoing Supply Chain Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
As more companies move their critical systems and data to Amazon Web Services (AWS), attackers are finding new ways to stay hidden inside cloud environments. AWSDoor is a tool designed to simplify and automate persistence techniques in AWS. Persistence…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in the Case Theme User plugin for WordPress allows unauthenticated attackers to hijack any account on vulnerable sites, including administrative accounts, by exploiting the social login feature. Site owners are urged to update …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has released visionOS 26, addressing eighteen security flaws that could allow unauthorized access to sensitive user data. The update, issued on September 15, 2025, covers a wide range of components in the Apple Vision Pro platform. Apple’s …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Attackers are increasingly leveraging sophisticated techniques to maintain long-term access in cloud environments, and a newly surfaced tool named AWSDoor is emerging as a major threat. AWSDoor automates a range of IAM and resource-based persistence methods, allowing adversaries to hide in plain sight within AWS accounts without deploying traditional malware. Key Takeaways1. AWSDoor exploits IAM […] The post AWSDoor – New Persistence Technique Allows Attackers to Hide Malware Within AWS Cloud Environment appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape demands sophisticated tools to identify and exploit vulnerabilities effectively, with Nessus vs Metasploit representing one of the most powerful combinations in modern penetration testing. As cyber threats continue to evolve rapidly, security professionals require comprehensive solutions that can both discover security weaknesses and validate their exploitability through controlled testing environments. The integration […] The post Nessus vs Metasploit Comparison: How To Exploit Vulnerabilities Using These Powerful Tools appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Two critical vulnerabilities, CVE-2025-41248 and CVE-2025-41249, have emerged in Spring Security and Spring Framework that could allow attackers to bypass authorization controls in enterprise applications. These flaws arise when using Spring Security’s @EnableMethodSecurity feature in conjunction with method-level annotations such as @PreAuthorize and @PostAuthorize. In applications where service interfaces or abstract base classes employ unbounded […] The post Spring Framework Security Flaws Enable Authorization Bypass and Annotation Detection Issues appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
