Cybersecurity News
Stay up-to-date with the latest cybersecurity news and developments in the cybersecurity landscape. Be the first to know about the latest threats, current innovations, and major trends in the cyber universe. Check our Cyber News section for the freshest information.
Microsoft fixes critical Kestrel flaw (CVE-2025-55315) enabling HTTP request smuggling
Microsoft has shipped fixes for a critical vulnerability in the Kestrel web server used by ASP.NET Core, tracked as CVE-2025-55315 ...
US Court Bans NSO Group From Targeting WhatsApp, Orders Data Deletion, Cuts Damages to $4M
A US federal court in the Northern District of California has issued a permanent injunction against Israeli spyware developer NSO ...
Europol Dismantles SIMCARTEL: Inside the Global SIM-Farm Network Powering OTP Abuse and Fake Accounts
European law enforcement has dismantled a large-scale SIM-farm ecosystem in an operation codenamed SIMCARTEL, disrupting a global pipeline for phishing, ...
GlassWorm Malware Exploits VS Code Extensions in Significant Supply Chain Attack
Koi Security has documented a significant software supply chain attack in the Visual Studio Code ecosystem. A self-propagating malware dubbed ...
Malicious npm package “https-proxy-utils” delivers AdaptixC2 and underscores open-source supply chain exposure
Security researchers at Kaspersky identified a malicious npm package, https-proxy-utils, masquerading as a proxy utility and abusing npm lifecycle scripts ...
TARmageddon (CVE-2025-62518): Critical Rust tar parsing flaw enables RCE in tokio‑tar and forks
Security researchers at Edera have disclosed a critical logic flaw in the abandoned Rust library async‑tar and multiple forks, including ...
PassiveNeuron zeros in on Windows Server: new APT wave leverages SQL abuse, Cobalt Strike, and custom implants
A newly observed campaign by the PassiveNeuron threat actor underscores a strategic pivot toward server-side targets. According to Kaspersky’s Global ...
Oracle VirtualBox on macOS ARM: Two CVEs Enable VM Escape, Patched in October 2025 CPU
Two vulnerabilities in Oracle VirtualBox, tracked as CVE-2025-62592 and CVE-2025-61760, can be chained to escape from a guest virtual machine ...
ColdRiver pivots to ClickFix: NoRobot and MaybeRobot replace LostKeys in stealthier social engineering campaigns
Google’s Threat Intelligence Group (GTIG) reports a rapid shift in the tradecraft of the Russian‑language threat actor ColdRiver—also tracked as ...
Google Adds “Recovery Contacts” to Gmail: A Human-Assisted, Phishing-Resistant Path to Account Recovery
Google is expanding Gmail account recovery with a new option called Recovery Contacts, a human-assisted mechanism that lets users designate ...
