Cybersecurity News
-
High-Risk Ivanti EPM Vulnerability Opens Door to Admin Session Hijacking
A critical stored cross-site scripting (XSS) vulnerability has been discovered in Ivanti Endpoint Manager (EPM), allowing unauthenticated attackers to hijack administrator sessions by injecting malicious JavaScript into the management dashboard.…
Read More » -
AI-Powered Analysis Exposes Massive 5,000-Domain Chinese Malware Operation
DomainTools Investigations has uncovered critical findings regarding the expansion of a massive malware-delivery network targeting Chinese-speaking users worldwide, which has been active since June 2023 and has grown to approximately…
Read More » -
Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws
Zoom has released security patches to address two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. These vulnerabilities expose users to privilege escalation attacks and unauthorized software…
Read More » -
Makop Ransomware Evolves with Advanced Evasion Techniques and Exploit Arsenal
Makop, a ransomware strain derived from Phobos, continues to pose a significant threat by exploiting exposed Remote Desktop Protocol (RDP) systems and integrating new attack components, including antivirus-killer modules and…
Read More » -
Akira Group Targets Hyper-V and VMware ESXi with Ransomware Exploiting Vulnerabilities
Hypervisors, the invisible backbone of modern corporate IT, have become the new primary battleground for ransomware groups. According to new data from Huntress, attacks targeting hypervisors to deploy ransomware have…
Read More » -
Hackers Exploit Delivery Receipts in Messaging Apps to Steal Users’ Private Information
A severe security flaw has been uncovered, putting billions of WhatsApp and Signal users worldwide at risk of being secretly monitored. According to researchers, hackers can exploit the delivery receipt…
Read More » -
Hackers Exploit Multiple Ad Networks to Distribute Triada Malware to Android Users
Adex, a leading anti-fraud and traffic-quality platform under AdTech Holding, has successfully identified and neutralized a complex, multi-year malware operation linked to the notorious Triada Trojan. This persistent campaign, which…
Read More » -
Apple, Google, and Samsung May Soon Activate Always-On GPS in India
India’s government is considering a proposal to require smartphone manufacturers to enable satellite location tracking on all devices permanently, which has sparked significant backlash from major tech companies, including Apple,…
Read More » -
LOLPROX Unveils Undetected Exploitation Routes for Stealthy Hypervisor Attacks
A new security analysis has unveiled “LOLPROX,” a comprehensive catalog of “Living Off The Land” (LOL) techniques specifically targeting Proxmox Virtual Environment (VE). The research, detailed by security researcher Andy…
Read More » -
Threat Actors Distribute CoinMiner Malware through USB Drives to Infect Workstations
Cybercriminals continue to exploit USB drives as infection vectors, with recent campaigns delivering sophisticated CoinMiner malware that establishes persistent cryptocurrency-mining operations on compromised workstations. Security researchers have documented an evolving…
Read More » -
Beyond CVEs – Turning Visibility into Action with ASM
Torrance, California, USA, December 5th, 2025, CyberNewsWire Criminal IP will host a live webinar on December 16 at 11:00 AM Pacific Time (PT), focusing on the shift in cyberattack strategies.…
Read More » -
FvncBot Android Malware Steals Keystrokes and Injects Harmful Payloads
A newly discovered Android banking trojan, FvncBot, has emerged as a sophisticated threat targeting mobile banking users in Poland. Researchers from Intel 471 first identified this malware on November 25,…
Read More » -
Barts Health NHS Reveals Data Breach Linked to Oracle Zero-Day Exploited by Clop Ransomware
Barts Health NHS Trust has disclosed a significant data breach affecting patient and staff information after the Cl0p ransomware gang exploited a critical vulnerability in Oracle E-Business Suite software. The…
Read More » -
Malicious Go Packages Impersonate Google’s UUID Library to Steal Sensitive Data
A hidden danger has been lurking in the Go programming ecosystem for over four years. Security researchers from the Socket Threat Research Team have discovered two malicious software packages that…
Read More » -
2.15M Next.js Web Services Exposed Online, Active Attacks Reported
Security teams worldwide are rushing to patch systems after the disclosure of a critical React vulnerability, CVE-2025-55182, widely known as “React2Shell.” The flaw affects React Server Components (RSC) and has…
Read More » -
Sprocket Security Earns Repeat Recognition in G2’s Winter 2025 Penetration Testing Index
Madison, United States, December 5th, 2025, CyberNewsWire Sprocket Security is proud to announce that it has once again been recognized by G2 for “High Performer,” “Best Support,” and “Easiest to…
Read More »