Cybersecurity News
-
Avast Antivirus Sandbox Vulnerabilities Allow Privilege Escalation
SAFA researchers uncovered four kernel heap overflow vulnerabilities in Avast Antivirus’s aswSnx.sys driver, designated CVE-2025-13032, affecting versions before 25.3 on Windows. These flaws originate from double-fetch issues in IOCTL handling,…
Read More » -
CISA, NSA Alert on BRICKSTORM Malware Targeting VMware ESXi and Windows Systems
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), joined by Canadian cyber authorities, have issued a joint alert warning of a sophisticated new malware campaign…
Read More » -
Corporate Users 3x More Likely Targeted by Phishing Than Malware – SpyCloud Report
Austin, TX, USA, December 4th, 2025, CyberNewsWire Phishing has surged 400% year-over-year, highlighting need for real-time visibility into identity exposures. SpyCloud, the leader in identity threat protection, today released new…
Read More » -
New Scanner Released to Detect Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182)
Security researchers have released a specialized scanning tool to identify vulnerable React Server Component (RSC) endpoints in modern web applications, addressing a critical gap in the detection of CVE-2025-55182. New…
Read More » -
PickleScan Uncovers 0-Day Vulnerabilities Allowing Arbitrary Code Execution via Malicious PyTorch Models
JFrog Security Research has uncovered three critical zero-day vulnerabilities in PickleScan, a widely-adopted industry-standard tool for scanning machine learning models and detecting malicious content. These vulnerabilities would enable attackers to…
Read More » -
Examining the Risk of AI-Assisted MedusaLocker Ransomware Attacks
Researchers at Cato CTRL have demonstrated that the feature, designed to streamline AI workflows, can be easily weaponized to deploy MedusaLocker ransomware without the user’s knowledge. A new cybersecurity investigation…
Read More » -
CISA Issues Alert on Actively Exploited Android Zero-Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Android Framework vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild and prompting immediate…
Read More » -
AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk
Baltimore, MD, December 2nd, 2025, CyberNewsWire The 2025 State of AI Data Security Report reveals a widening contradiction in enterprise security: AI adoption is nearly universal, yet oversight remains limited.…
Read More » -
DevilsTongue Spyware Targets Windows Users Across Multiple Countries
Researchers at Insikt Group have uncovered new infrastructure linked to multiple operational clusters associated with Israeli spyware vendor Candiru, revealing an ongoing campaign deploying the sophisticated DevilsTongue malware against Windows…
Read More » -
Qualcomm Alerts Users to Critical Flaws That Compromise the Secure Boot Process
Qualcomm Technologies, Inc. has issued an urgent security bulletin warning customers about multiple critical vulnerabilities affecting millions of devices worldwide. The most severe flaw threatens the secure boot process, a…
Read More » -
Mystery OAST Tool Exploits 200 CVEs Using Google Cloud for Large-Scale Attacks
A sophisticated threat actor has been operating a private Out-of-band Application Security Testing (OAST) service hosted on Google Cloud infrastructure to conduct a large-scale exploit campaign targeting more than 200…
Read More » -
Poland Arrests Suspected Russian Hacker Targeting Local Organizations’ Networks
Polish authorities have made a significant move in their cybercrime enforcement efforts by detaining a Russian national suspected of conducting unauthorized cyber attacks against local organizations. The arrest, made on…
Read More » -
Cybercriminals Register 18,000 Holiday-Themed Domains to Launch Seasonal Scams
The holiday season has always been a magnet for increased online activity, but 2025 marks a new high-water mark in cybercrime intensity. FortiGuard Labs’ latest research spotlights a dramatic surge…
Read More » -
Microsoft Blocks External Scripts in Entra ID Logins to Boost Security
Microsoft has announced a significant security change to the Microsoft Entra ID sign-in experience that will block external scripts from running during user logins. The update is designed to stop…
Read More »