Cybersafe Cyber Security News

Meta has confirmed that it fixed a vulnerability in Instagram’s password reset system that allowed third parties to trigger password reset emails for users. The company emphasized that no data breach occurred and that user accounts remain secure, despite widespread claims of leaked user data. The issue came to light after users began reporting unsolicited Instagram password reset emails starting January 10, 2026. According to reports, nearly one million users received such emails, creating confusion and fears of a large-scale cyberattack. Meta has not disclosed technical details about the flaw but assured that its systems were not compromised. Despite Meta’s The post Meta patches Instagram Password Reset bug, Denies Data Breach first appeared on Cybersafe News.

Cybersecurity researchers have uncovered two malicious Chrome extensions that secretly siphon chatbot conversations and browsing data to servers controlled by attackers. The extensions — together installed by more than 900,000 users — are: Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI (600,000 users) AI Sidebar with Deepseek, ChatGPT, Claude, and more. (300,000 users) According to researchers at OX Security, the extensions masquerade as productivity tools while quietly sending ChatGPT and DeepSeek chats, along with the URLs of all open tabs, to remote command-and-control servers every 30 minutes. Users are misled into approving “anonymous analytics,” but the tools The post New Chrome malware targets ChatGPT and DeepSeek Chats first appeared on Cybersafe News.

SAP has rolled out its December security updates, addressing 14 vulnerabilities across multiple products, including three rated critical. The most severe issue is CVE-2025-42880 (CVSS 9.9), a code injection flaw in SAP Solution Manager ST 720. Due to missing input sanitization, an authenticated attacker could inject malicious code via a remote-enabled function module, potentially gaining full control of the system and compromising confidentiality, integrity, and availability. SAP Solution Manager is widely used for system monitoring, configuration, incident handling, documentation, and test management, making the flaw particularly impactful. The second critical issue affects SAP Commerce Cloud components in versions HY_COM 2205, The post SAP patches three critical flaws in December 2025 Security Update first appeared on Cybersafe News.

A new phishing-as-a-service kit known as GhostFrame has emerged as one of the most stealthy and dangerous tools used in global cyberattacks, already linked to over 1 million phishing attempts since its discovery in September 2025 by Barracuda researchers. GhostFrame stands out for combining simplicity with high effectiveness. Instead of using traditional phishing pages, it hides its malicious content inside an invisible iframe embedded within a seemingly harmless HTML file. This tactic makes detection extremely challenging for security tools. How GhostFrame Attacks Work GhostFrame operates through a two-stage process. Victims first receive phishing emails with misleading subject lines such as The post GhostFrame: The Stealth Phishing Kit hitting millions first appeared on Cybersafe News.

 The “Korean Leaks” campaign has rapidly become one of the most significant and sophisticated supply chain attacks to hit South Korea’s financial sector in recent years. This operation combined the efforts of the Qilin Ransomware-as-a-Service (RaaS) group with suspected support from North Korea–aligned threat actors known as Moonstone Sleet. By compromising a Managed Service Provider (MSP), the attackers gained a single, powerful entry point into multiple financial organizations. In September 2025, South Korea rose to the second most-targeted nation for ransomware attacks, with Qilin claiming 25 victims in just one month. The group heavily focused on financial services, especially asset The post Qilin Ransomware hits Korean MSP, leaks 2 TB data first appeared on Cybersafe News.

Iberia has notified customers of a data breach caused by unauthorized access to a third-party supplier’s systems. The airline confirmed that customer names, email addresses, and Iberia Club loyalty IDs were exposed, but emphasized that no passwords, account access, or financial data were compromised. In its notification, Iberia said it immediately activated security protocols, strengthened system monitoring, and coordinated with the affected supplier and relevant regulators. The company says it has no evidence of fraudulent use of the leaked data but urges customers to remain vigilant for suspicious messages. The disclosure comes as a threat actor claims to be selling The post Iberia confirms data breach via supplier hack first appeared on Cybersafe News.

CrowdStrike has confirmed that internal screenshots shared by a now-terminated employee made their way to hackers, after being published on Telegram by the Scattered Lapsus$ Hunters cybercrime collective. The company emphasized that no breach of its systems occurred and that no customer data was exposed. According to a CrowdStrike spokesperson, their systems were never compromised and customers remained protected throughout. They have turned the case over to relevant law enforcement agencies. CrowdStrike did not name the insider or the threat group involved, but the statement followed inquiries about screenshots leaked by members of ShinyHunters, Scattered Spider, and Lapsus$. ShinyHunters said The post CrowdStrike Insider leak exposed, No breach reported first appeared on Cybersafe News.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is urging government agencies to immediately patch a critical Oracle Identity Manager flaw, tracked as CVE-2025-61757, which is actively exploited as a zero-day. The vulnerability, discovered by Searchlight Cyber analysts Adam Kues and Shubham Shah, is a pre-authentication remote code execution (RCE) flaw caused by an authentication bypass in Oracle Identity Manager’s REST APIs. Attackers can trick the security filter into treating protected endpoints as public by adding parameters like ?WSDL or ;.wadl to URL paths. Once inside, attackers can access a Groovy script compilation endpoint that normally doesn’t execute code—but can The post Oracle Identity Manager Zero-Day exploited first appeared on Cybersafe News.

Dutch authorities have seized around 250 physical servers running a bulletproof hosting service used exclusively by cybercriminals to maintain anonymity and evade law enforcement. The Dutch police (Politie) did not disclose the name of the service but said it had supported illegal activity since 2022 and had appeared in over 80 cybercrime investigations worldwide. Bulletproof hosting providers offer infrastructure that ignores abuse reports, resists takedown requests, and avoids Know Your Customer (KYC) checks. These services are typically used by ransomware gangs, malware operators, phishing groups, spammers, and even money-laundering operations. Clients often pay in cryptocurrency to stay anonymous. Thousands of The post Dutch Police seize 250 servers used for Bulletproof Hosting first appeared on Cybersafe News.

A threat actor known as “888” has reportedly leaked sensitive data belonging to LG Electronics, triggering serious cybersecurity concerns. The breach, which was first highlighted on November 16, 2025, allegedly includes source code repositories, configuration files, SQL databases, and hardcoded credentials and SMTP server details that could expose LG’s internal communications and development systems. The leak appeared on ThreatMon, where “888” shared sample files to demonstrate authenticity. The data is said to originate from a contractor access point, suggesting a supply-chain weakness rather than a direct corporate intrusion. Cybersecurity experts warn that hardcoded credentials within code can allow attackers to The post LG Source Code and Credentials allegedly leaked by hacker first appeared on Cybersafe News.