tools
-
Threat Actors Distribute CoinMiner Malware through USB Drives to Infect Workstations
Cybercriminals continue to exploit USB drives as infection vectors, with recent campaigns delivering sophisticated CoinMiner malware that establishes persistent cryptocurrency-mining…
Read More » -
Malicious Go Packages Impersonate Google’s UUID Library to Steal Sensitive Data
A hidden danger has been lurking in the Go programming ecosystem for over four years. Security researchers from the Socket…
Read More » -
2.15M Next.js Web Services Exposed Online, Active Attacks Reported
Security teams worldwide are rushing to patch systems after the disclosure of a critical React vulnerability, CVE-2025-55182, widely known as…
Read More » -
Sprocket Security Earns Repeat Recognition in G2’s Winter 2025 Penetration Testing Index
Madison, United States, December 5th, 2025, CyberNewsWire Sprocket Security is proud to announce that it has once again been recognized…
Read More » -
Corporate Users 3x More Likely Targeted by Phishing Than Malware – SpyCloud Report
Austin, TX, USA, December 4th, 2025, CyberNewsWire Phishing has surged 400% year-over-year, highlighting need for real-time visibility into identity exposures.…
Read More » -
New Scanner Released to Detect Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182)
Security researchers have released a specialized scanning tool to identify vulnerable React Server Component (RSC) endpoints in modern web applications,…
Read More » -
PickleScan Uncovers 0-Day Vulnerabilities Allowing Arbitrary Code Execution via Malicious PyTorch Models
JFrog Security Research has uncovered three critical zero-day vulnerabilities in PickleScan, a widely-adopted industry-standard tool for scanning machine learning models…
Read More » -
Examining the Risk of AI-Assisted MedusaLocker Ransomware Attacks
Researchers at Cato CTRL have demonstrated that the feature, designed to streamline AI workflows, can be easily weaponized to deploy…
Read More » -
CISA Issues Alert on Actively Exploited Android Zero-Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Android Framework vulnerabilities to its Known Exploited Vulnerabilities (KEV)…
Read More » -
AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk
Baltimore, MD, December 2nd, 2025, CyberNewsWire The 2025 State of AI Data Security Report reveals a widening contradiction in enterprise…
Read More » -
DevilsTongue Spyware Targets Windows Users Across Multiple Countries
Researchers at Insikt Group have uncovered new infrastructure linked to multiple operational clusters associated with Israeli spyware vendor Candiru, revealing…
Read More » -
Mystery OAST Tool Exploits 200 CVEs Using Google Cloud for Large-Scale Attacks
A sophisticated threat actor has been operating a private Out-of-band Application Security Testing (OAST) service hosted on Google Cloud infrastructure…
Read More » -
Cybercriminals Register 18,000 Holiday-Themed Domains to Launch Seasonal Scams
The holiday season has always been a magnet for increased online activity, but 2025 marks a new high-water mark in…
Read More » -
Microsoft Blocks External Scripts in Entra ID Logins to Boost Security
Microsoft has announced a significant security change to the Microsoft Entra ID sign-in experience that will block external scripts from…
Read More » -
One Identity Safeguard Named a Visionary in the 2025 Gartner Magic Quadrant for PAM
Alisa Viejo, CA, USA, November 27th, 2025, CyberNewsWire Gartner has recognized One Identity as a Visionary in the 2025 Gartner Magic…
Read More » -
Cobalt Strike 4.12 Adds New Injection, UAC Bypasses & C2 Features
Fortra has officially released Cobalt Strike 4.12, introducing a comprehensive suite of new features designed to enhance red team operations and…
Read More »