Cyber Security News

A critical security vulnerability has been discovered in Apache Tika’s PDF parser module that could enable attackers to access sensitive data and trigger malicious requests to internal systems.  The flaw, designated as CVE-2025-54988, affects multiple versions of the widely used document parsing library and has been assigned a critical severity rating by security researchers. Key The post Critical Apache Tika PDF Parser Vulnerability Allow Attackers to Access Sensitive Data appeared first on Cyber Security News.

A Russian state-sponsored cyber espionage group designated as Static Tundra has been actively exploiting a seven-year-old vulnerability in Cisco networking devices to steal configuration data and establish persistent access across critical infrastructure networks. The sophisticated threat actor, linked to Russia’s Federal Security Service (FSB) Center 16 unit, has been targeting unpatched and end-of-life network devices The post Russian Hackers Exploiting 7-Year-Old Cisco Vulnerability to Collect Configs from Industrial Systems appeared first on Cyber Security News.

A new attack vector called PromptFix exploits AI-powered browsers by embedding malicious instructions within seemingly innocent web content.  The attack represents an evolution of traditional ClickFix scams, specifically designed to manipulate agentic AI systems rather than human users. The research, conducted by security experts testing Perplexity’s Comet AI browser, demonstrates how attackers can hijack AI The post New PromptFix Attack Tricks AI Browsers to Run Malicious Hidden Prompts appeared first on Cyber Security News.

Google Cloud has unveiled a comprehensive suite of security enhancements at its Security Summit 2025, marking a significant evolution in enterprise AI security frameworks. The technology giant’s latest announcements, delivered by VP and GM Jon Ramsey, focus on two critical areas: securing AI innovations within organizations and empowering cybersecurity teams with AI-driven defensive capabilities. These The post Google Announces New Capabilities for Enabling Defenders and Securing AI Innovation appeared first on Cyber Security News.

A sophisticated new malware loader called QuirkyLoader has emerged as a significant cybersecurity threat, actively distributing well-known infostealers and remote access trojans (RATs) since November 2024. The malware has demonstrated remarkable versatility in delivering multiple payload families, including Agent Tesla, AsyncRAT, FormBook, MassLogger, Remcos, Rhadamanthys, and Snake Keylogger, making it a formidable multi-purpose tool for The post New Loader Malware Dubbed ‘QuirkyLoader’ Delivering Infostealers and RATs appeared first on Cyber Security News.

Japan experienced a significant surge in ransomware attacks during the first half of 2025, with incidents increasing by approximately 1.4 times compared to the same period in 2024. According to comprehensive research conducted by cybersecurity analysts, 68 ransomware cases affected Japanese organizations between January and June 2025, representing a substantial rise from the 48 cases The post Ransomware Incidents Targeting Japan Increased by Approximately 1.4 Times appeared first on Cyber Security News.

Apple released emergency security updates for iOS and iPadOS to patch a critical zero-day vulnerability in its core Image I/O framework. The flaw, tracked as CVE-2025-43300, is confirmed to be under active exploitation in highly targeted attacks. The urgent patches, released as iOS 18.6.2 and iPadOS 18.6.2, address a memory corruption vulnerability that could be The post Critical Apple 0-Day Vulnerability Actively Exploited in the Wild – Update Now appeared first on Cyber Security News.

A novel and highly tricky phishing campaign is actively stealing Microsoft 365 credentials by exploiting Microsoft’s own Active Directory Federation Services (ADFS) to redirect users from legitimate office.com links to malicious login pages. The technique, identified by researchers at the cybersecurity firm Push Security, marks a significant evolution in phishing attacks, effectively bypassing both user The post Hackers Weaponize Active Directory Federation Services and office.com to Steal Microsoft 365 logins appeared first on Cyber Security News.

Every type of organization—whether it’s a multinational giant with thousands of employees or a single tech enthusiast running a homelab—needs a web application firewall (WAF).  The reason is straightforward: web applications face constant threats from cyber attacks that can exploit vulnerabilities to steal data, disrupt services, or damage reputation.  The costs associated with server resources, The post SafeLine: A Free Zero Trust Web Application Firewall for 2026 appeared first on Cyber Security News.

Link11, a Germany-based global IT security provider, has released insights into the evolving cybersecurity threat landscape and announced the capabilities of its Web Application and API Protection (WAAP) platform, designed to provide multi-layered defenses against modern digital threats. The rapid pace of digital transformation has expanded the opportunities for organizations across industries. However, every new The post Link11 Highlights Growing Cybersecurity Risks and Introduces Integrated WAAP Protection Platform appeared first on Cyber Security News.