Mastodon Mastodon Mastodon Mastodon

Cybersecurity News

Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.

Man monitors screen displaying malware alert in a tech workspace.

Malicious npm package “https-proxy-utils” delivers AdaptixC2 and underscores open-source supply chain exposure

CyberSecureFox Editorial Team

Security researchers at Kaspersky identified a malicious npm package, https-proxy-utils, masquerading as a proxy utility and abusing npm lifecycle scripts ...

Abandoned library with "БИБЛИОТЕКА" sign, surrounded by overgrown vegetation.

TARmageddon (CVE-2025-62518): Critical Rust tar parsing flaw enables RCE in tokio‑tar and forks

CyberSecureFox Editorial Team

Security researchers at Edera have disclosed a critical logic flaw in the abandoned Rust library async‑tar and multiple forks, including ...

SQL Server cabinet contrasted with shadowy figures hacking into it.

PassiveNeuron zeros in on Windows Server: new APT wave leverages SQL abuse, Cobalt Strike, and custom implants

CyberSecureFox Editorial Team

A newly observed campaign by the PassiveNeuron threat actor underscores a strategic pivot toward server-side targets. According to Kaspersky’s Global ...

Laptop screen displaying VirtualBox logo with a warning symbol overlay.

Oracle VirtualBox on macOS ARM: Two CVEs Enable VM Escape, Patched in October 2025 CPU

CyberSecureFox Editorial Team

Two vulnerabilities in Oracle VirtualBox, tracked as CVE-2025-62592 and CVE-2025-61760, can be chained to escape from a guest virtual machine ...

Hooded figure typing on a laptop, with eerie portraits and chess pieces nearby.

ColdRiver pivots to ClickFix: NoRobot and MaybeRobot replace LostKeys in stealthier social engineering campaigns

CyberSecureFox Editorial Team

Google’s Threat Intelligence Group (GTIG) reports a rapid shift in the tradecraft of the Russian‑language threat actor ColdRiver—also tracked as ...

Phone displaying account recovery screen with a photo and prompt.

Google Adds “Recovery Contacts” to Gmail: A Human-Assisted, Phishing-Resistant Path to Account Recovery

CyberSecureFox Editorial Team

Google is expanding Gmail account recovery with a new option called Recovery Contacts, a human-assisted mechanism that lets users designate ...

** Man looking concerned at a laptop displaying a service discontinued message.

DNS0.eu Shuts Down: Impact on EU DNS Security and Migration Paths to DNS4EU and NextDNS

CyberSecureFox Editorial Team

DNS0.eu has ceased operations, replacing its website with a brief notice: “The service is no longer running… maintaining it became ...

Professional examining a digital alert about security vulnerabilities in a futuristic setting.

TP-Link Omada gateways hit by critical unauthenticated RCE; firmware updates available

CyberSecureFox Editorial Team

TP-Link has disclosed four security issues affecting Omada series gateways, with two vulnerabilities enabling arbitrary command execution with root privileges. ...

Silhouetted figure holding a phone, laptop displaying symbols of security and danger.

China Alleges NSA Targeted National Time Service Center: What It Means for Critical Infrastructure

CyberSecureFox Editorial Team

China’s Ministry of State Security (MSS) alleges the U.S. National Security Agency conducted targeted cyber operations against the National Time ...

Man interacting with a futuristic digital display in a sleek, illuminated setting.

PolarEdge Botnet Exploits Cisco CVE-2023-20118 to Build ORB-Style Proxy Network Targeting Cisco, ASUS, QNAP and Synology Devices

CyberSecureFox Editorial Team

Security researchers have published a technical analysis of the PolarEdge botnet, a campaign actively observed since February 2025 and aimed ...