Cybersecurity News
Stay up-to-date with the latest cybersecurity news and developments in the cybersecurity landscape. Be the first to know about the latest threats, current innovations, and major trends in the cyber universe. Check our Cyber News section for the freshest information.
Europol Dismantles SIMCARTEL: Inside the Global SIM-Farm Network Powering OTP Abuse and Fake Accounts
European law enforcement has dismantled a large-scale SIM-farm ecosystem in an operation codenamed SIMCARTEL, disrupting a global pipeline for phishing, ...
GlassWorm Malware Exploits VS Code Extensions in Significant Supply Chain Attack
Koi Security has documented a significant software supply chain attack in the Visual Studio Code ecosystem. A self-propagating malware dubbed ...
Malicious npm package “https-proxy-utils” delivers AdaptixC2 and underscores open-source supply chain exposure
Security researchers at Kaspersky identified a malicious npm package, https-proxy-utils, masquerading as a proxy utility and abusing npm lifecycle scripts ...
TARmageddon (CVE-2025-62518): Critical Rust tar parsing flaw enables RCE in tokio‑tar and forks
Security researchers at Edera have disclosed a critical logic flaw in the abandoned Rust library async‑tar and multiple forks, including ...
PassiveNeuron zeros in on Windows Server: new APT wave leverages SQL abuse, Cobalt Strike, and custom implants
A newly observed campaign by the PassiveNeuron threat actor underscores a strategic pivot toward server-side targets. According to Kaspersky’s Global ...
Oracle VirtualBox on macOS ARM: Two CVEs Enable VM Escape, Patched in October 2025 CPU
Two vulnerabilities in Oracle VirtualBox, tracked as CVE-2025-62592 and CVE-2025-61760, can be chained to escape from a guest virtual machine ...
ColdRiver pivots to ClickFix: NoRobot and MaybeRobot replace LostKeys in stealthier social engineering campaigns
Google’s Threat Intelligence Group (GTIG) reports a rapid shift in the tradecraft of the Russian‑language threat actor ColdRiver—also tracked as ...
Google Adds “Recovery Contacts” to Gmail: A Human-Assisted, Phishing-Resistant Path to Account Recovery
Google is expanding Gmail account recovery with a new option called Recovery Contacts, a human-assisted mechanism that lets users designate ...
DNS0.eu Shuts Down: Impact on EU DNS Security and Migration Paths to DNS4EU and NextDNS
DNS0.eu has ceased operations, replacing its website with a brief notice: “The service is no longer running… maintaining it became ...
TP-Link Omada gateways hit by critical unauthenticated RCE; firmware updates available
TP-Link has disclosed four security issues affecting Omada series gateways, with two vulnerabilities enabling arbitrary command execution with root privileges. ...
