Today's cybersecurity headlines are brought to you by ThreatPerspective
| Follow @EthHackingNews |
| Follow @EthHackingNews |
Trojanized mapping app steals users' locations, contacts, and more. Russian military personnel are being targeted with recently discovered Android malware that steals their contacts and tracks their location. Th
Published: 2025-04-24T20:02:40
Prompt injections are the Achilles' heel of AI assistants. Google offers a potential fix. In the AI world, a vulnerability called a "prompt injection" has haunted developers since chatbots went mainstream in 202
Published: 2025-04-16T11:15:44
Navigate the complexities of GenAI adoption with a comprehensive framework that integrates governance, technology, and adaptive security measures Partner content As generative AI (GenAI) technologies rapidly evolve, security leaders face the challen
Published: 2025-04-24T19:00:12
Cybercriminals are targeting software shops, accountants, lawyers The percentage of confirmed data breaches involving third-party relationships doubled last year as cybercriminals increasingly exploited weak links in supply chains and partner ecosyst
Published: 2025-04-24T09:28:08
Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours The time from vulnerability disclosure to proof-of-concept (PoC) exploit code can now be as short as a few hours, thanks to generative AI models.
Published: 2025-04-21T20:31:26
Trump administration senior officials are facing harsh criticism after it was revealed that they had used the personal messaging app Signal to discuss highly classified military intelligence in a group chat. The chat, in which Defense Secretary Pete Hegseth laid out plans for an upcoming military strike in Yemen, inadvertently added Jeffrey Goldberg, the editor-in-chief of The […] 
Trump administration senior officials are facing harsh criticism after it was revealed that they had used the personal messaging app Signal to discuss highly classified military intelligence in a group chat. The chat, in which Defense Secretar...
Published: 2025-04-25T13:37:50
WhatsApp is launching a new Advanced Chat Privacy feature that aims to prevent people from taking conversations outside the app. When the setting is turned on, you can block others from exporting your chat history and automatically downloading photos and videos sent in the app. The feature will prevent people from using messages for Meta […] 
WhatsApp is launching a new “Advanced Chat Privacy” feature that aims to prevent people from taking conversations outside the app. When the setting is turned on, you can block others from exporting your chat history and automatically downloading ph...
Published: 2025-04-23T13:59:22
Attackers are sending phishing emails that appear to be from no-reply@google.com, presented as an urgent subpoena alert about law enforcement seeking information from the target's Google Account. Bleeping Computer reports that the scam utilizes G
Published: 2025-04-21T10:28:13
The government will continue funding the Common Vulnerabilities and Exposures (CVE) program. In a statement to The Verge, US Cybersecurity and Infrastructure Agency (CISA) spokesperson Jared Auchey said it executed the option period on the contract to ensure there will be no lapse in critical CVE services last night. On Tuesday, MITRE, the government-funded organization […] 
The government will continue funding the Common Vulnerabilities and Exposures (CVE) program. In a statement to The Verge, US Cybersecurity and Infrastructure Agency (CISA) spokesperson Jared Auchey said it “executed the option period on the contrac...
Published: 2025-04-16T11:12:40
Funding is about to run out for the Common Vulnerabilities and Exposures (CVE) program a system used by major companies like Microsoft, Google, Apple, Intel, and AMD to identify and track publicly disclosed cybersecurity vulnerabilities. The program helps engineers identify how bad an exploit is and how to prioritize applying patches or other mitigations. […] 
Funding is about to run out for the Common Vulnerabilities and Exposures (CVE) program a system used by major companies like Microsoft, Google, Apple, Intel, and AMD to identify and track publicly disclosed cybersecurity vulnerabilities. The prog...
Published: 2025-04-15T16:41:52
4chan appears to be down following a major hack that reportedly exposed its source code. A user on a competing messaging board claimed responsibility for the attack on Monday night and claimed to have reopened the site's /qa/ board. 4chan is, obviously, also notorious for trying to trick outsiders about things happening on the site, […] 
4chan appears to be down following a major hack that reportedly exposed its source code. A user on a competing messaging board claimed responsibility for the attack on Monday night and claimed to have reopened the site’s /qa/ board. 4chan is, obvio...
Published: 2025-04-15T11:45:15
Android is launching a new security feature that will force devices to reboot themselves if you haven’t unlocked them for a while, making it harder for other people to access the data inside. The feature included in the latest Google Play services update says that Android phones will automatically restart if locked for 3 consecutive […] 
Android is launching a new security feature that will force devices to reboot themselves if you haven’t unlocked them for a while, making it harder for other people to access the data inside. The feature included in the latest Google Play ser...
Published: 2025-04-15T07:43:17
Car rental giant Hertz is alerting customers that personal information including credit card details and Social Security numbers may have been stolen in a data breach that impacted one of the firm’s vendors. In a notice posted to its website, Hertz says that company data was acquired by an unauthorized third-party during a cyberattack exploiting […] 
Car rental giant Hertz is alerting customers that personal information including credit card details and Social Security numbers may have been stolen in a data breach that impacted one of the firm’s vendors. In a notice posted to its website,...
Published: 2025-04-15T05:58:37
Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. [...]
Published: 2025-04-25T15:44:35
British retailer giant Marks & Spencer (M&S) has suspended online orders while working to recover from a recently disclosed cyberattack. [...]
Published: 2025-04-25T11:05:09
African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries. [...]
Published: 2025-04-25T10:57:05
A recent Windows security update that creates an 'inetpub' folder has introduced a new weakness allowing attackers to prevent the installation of future updates. [...]
Published: 2025-04-25T10:23:39
Baltimore City Public Schools notified tens of thousands of employees and students of a data breach following an incident in February when unknown attackers hacked into its network. [...]
Published: 2025-04-25T10:06:23
SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. [...]
Published: 2025-04-25T09:01:48
The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide. [...]
Published: 2025-04-25T05:34:59
Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. [...]
Published: 2025-04-24T16:24:49
In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. [...]
Published: 2025-04-24T15:13:32
A ransomware attack in January at Frederick Health Medical Group, a major healthcare provider in Maryland, has led to a data breach affecting nearly one million patients. [...]
Published: 2025-04-24T12:19:14
by Anjeanette Damon, ProPublica, and Perla Trevizo, ProPublica and The Texas Tribune, and photography by Cengiz Yar, ProPublica
Published: 2025-04-16T06:00:00
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organizati... 
Published: 2025-04-16T03:59:18
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The Wh... 
Published: 2025-04-15T03:27:51
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operat... 
Published: 2025-04-10T15:31:58
Infosec is a team sport unless you're in the White House Opinion Just when it seems they couldn't be that careless, US officials tasked with defending the nation go and do something else that puts American critical infrastructure, national security, and troops' lives in danger.
Published: 2025-04-25T23:58:09
What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future Kent Landfield, a founding member of the Common Vulnerabilities and Exposures (CVE) program and member of the board, learned through social media that the system he helped create was just hours away from losing funding.
Published: 2025-04-25T22:19:09
GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures Ivanti VPN users should stay alert as IP scanning for the vendor's Connect Secure and Pulse Secure systems surged by 800 percent last week, according to threat intel biz GreyNoise.
Published: 2025-04-25T19:00:12
Where have we heard this before? Feb security update needs its own fix More than one month after complaints starting flying, Microsoft has fixed a Windows bug that caused some Remote Desktop sessions to freeze.
Published: 2025-04-25T18:00:08
One step forward and one step back as earlier hopes of progress dashed by latest update Marks & Spencer has paused online orders for customers via its website and app as the UK retailer continues to wrestle with an ongoing "cyber incident."
Published: 2025-04-25T16:13:39
German software giant paywalls details, but experts piece together the clues SAP's latest out-of-band patch is for a perfect 10/10 bug in NetWeaver that experts suspect could have already been exploited as a zero-day.
Published: 2025-04-25T15:31:11
Third-party data supplier also in hot water with Brit regulator over consent issues Britain's data privacy watchdog has slapped a fine of 90k ($120k) on a business that targeted people with intrusive marketing phone calls, despite them being registered with the official "Do Not Call" opt-out service.
Published: 2025-04-25T09:29:05
Because coding phishing sites from scratch is a real pain in the neck Darcula, a cybercrime outfit that offers a phishing-as-a-service kit to other criminals, this week added AI capabilities to its kit that help would-be vampires spin up phishing sites in multiple languages more efficiently.
Published: 2025-04-25T06:18:14
At least it wasn't Harvard Yale New Haven Health has notified more than 5.5 million people that their private details were likely stolen by miscreants who broke into the healthcare system's network last month.
Published: 2025-04-24T20:32:57
This one weird trick can stop Windows updates dead in their tracks Turns out Microsoft's latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now hijacked by a security researcher to break Windows updates.
Published: 2025-04-24T18:01:06
Collecting data from solo players is a Far Cry from being necessary, says noyb For anyone who's ever been frustrated by the need to go online to play a single-player video game, the European privacy specialists at noyb have heard you, and they've filed a complaint against Ubisoft in Austria dealing specifically with the issue.
Published: 2025-04-24T15:59:07
Customers told to expect further delays as contactless payments still down UK high street retailer Marks & Spencer says contactless payments are still down following its "cyber incident" and order delays are likely to continue.
Published: 2025-04-24T10:18:42
Cybercriminals are targeting software shops, accountants, lawyers The percentage of confirmed data breaches involving third-party relationships doubled last year as cybercriminals increasingly exploited weak links in supply chains and partner ecosystems.
Published: 2025-04-24T09:28:08
Back of the nyet! Russian soldiers are being targeted with an Android app specially altered to pinpoint their location and scan their phones for files, with the ability to exfiltrate sensitive documents if instructed.
Published: 2025-04-24T07:24:15
Biggest threat to America's critical infrastructure? Ransomware Digital scammers and extortionists bilked businesses and individuals in the US out of a "staggering" $16.6 billion last year, according to the FBI the highest losses recorded since bureau's Internet Crime Complaint Center (IC3) started tracking them 25 years ago.
Published: 2025-04-24T00:51:47
Tech giants don't need smartphone mics to target adverts your insurer just gives your data away, anyway US health insurance giant Blue Shield of California handed sensitive health information belonging to as many as 4.7 million members to Google's advertising empire, likely without these individuals' knowledge or consent.
Published: 2025-04-23T22:18:35
A mystery thief and a critical CVE involved in crypto cash grab Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency.
Published: 2025-04-23T18:28:06
All aboard the hype train The security industry loves its buzzwords, and this is always on full display at the annual RSA Conference event in San Francisco. Don't believe us? Take a lap on the expo floor, and you'll be bombarded with enough acronyms and over-the-top claims to send you straight to the nearest bar, which will likely serve specialty cocktails with names like The Great CASB and Firewall Fizz.
Published: 2025-04-23T17:41:00
Stolen credentials edge out email tricks for cloud break-ins because they're so easy to get Criminals used stolen credentials more frequently than email phishing to gain access into their victims' IT systems last year, marking the first time that compromised login details claimed the number two spot in Mandiant's list of most common initial infection vectors.
Published: 2025-04-23T13:00:07
Bake in security now or pay later, says Mike Rogers AI engineers should take a lesson from the early days of cybersecurity and bake safety and security into their models during development, rather than trying to bolt it on after the fact, according to former NSA boss Mike Rogers.
Published: 2025-04-23T10:34:14
The CVE system nearly dying shows that someone has lost the plot Opinion We almost lost the Common Vulnerabilities and Exposures (CVE) database system, but that's only the tip of the iceberg of what President Trump and company are doing to US cybersecurity efforts.
Published: 2025-04-23T08:27:06
Chrome will keep third-party cookies, a win for web giant's ad rivals After six years of work, Google's Privacy Sandbox, technology for delivering ads while protecting privacy, looks like dust in the wind.
Published: 2025-04-22T20:20:21
As cyber-agency faces cuts, makes noises about switching up program Two top officials have resigned from Uncle Sam's Cybersecurity and Infrastructure Security Agency, aka CISA, furthering fears of a brain drain amid White House cuts to the federal workforce.
Published: 2025-04-22T19:30:56
In effect: 'Ha ha the government is borked and so are you' Ransomware scumbags - potentially those behind the Fog gang - are channeling their inner Elon Musk with their latest ransom note, spotted by researchers at Trend Micro.
Published: 2025-04-22T18:02:13
Security bods can earn up to $10K per report Ransomware threat hunters can now collect rewards of $10,000 for each piece of intel they file under a new bug bounty that aims to squash extortionists.
Published: 2025-04-22T17:08:09
Retailer tight-lipped on details as digital hiccup disrupts customer orders UK high street mainstay Marks & Spencer told the London Stock Exchange this afternoon it has been managing a "cyber incident" for "the past few days."
Published: 2025-04-22T16:07:09
What used to be a serious issue mainly in Southeast Asia is now the world's problem Scam call centers are metastasizing worldwide "like a cancer," according to the United Nations, which warns the epidemic has reached a global inflection point as syndicates scale up and spread out.
Published: 2025-04-22T15:15:11
10 other certificates 'were mis-issued and have now been revoked' Certificate issuer SSL.com's domain validation system had an unfortunate bug that was exploited by miscreants to obtain, without authorization, digital certs for legit websites.
Published: 2025-04-22T02:23:39
Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours The time from vulnerability disclosure to proof-of-concept (PoC) exploit code can now be as short as a few hours, thanks to generative AI models.
Published: 2025-04-21T20:31:26
It's now hitting govt, enterprise targets On March 11 - Patch Tuesday - Microsoft rolled out its usual buffet of bug fixes. Just eight days later, miscreants had weaponized one of the vulnerabilities, using it against government and private sector targets in Poland and Romania.
Published: 2025-04-21T17:43:10
AI-spoofed Mark joins fellow billionaires as the voice of the street here's how it was probably done Video Crosswalk buttons in various US cities were hijacked over the past week or so to rather than robotically tell people it's safe to walk or wait instead emit the AI-spoofed voices of Jeff Bezos, Elon Musk, and Mark Zuckerberg.
Published: 2025-04-19T13:03:11
Using LLMs to pick programs, people, contracts to cut is bad enough but doing it with Musk's Grok? Yikes Updated A group of 48 House Democrats is concerned that Elon Musk's cost-trimmers at DOGE are being careless in their use of AI to help figure out where to slash, creating security risks and giving the oligarch's artificial intelligence lab an inside track to train its models on government info.
Published: 2025-04-18T19:06:55
Some in the infosec world definitely want to see Big Red crucified CISA the US government's Cybersecurity and Infrastructure Security Agency has issued an alert for those who missed Oracle grudgingly admitting some customer data was stolen from the database giant's public cloud infrastructure.
Published: 2025-04-18T16:28:12
MITRE, EUVD, GCVE WTF? Comment The splintering of the global system for identifying and tracking security bugs in technology products has begun.
Published: 2025-04-18T09:54:07
Illegitimi non carborundum? Nice password, Mr Ex-CISA Chris Krebs, the former head of the US Cybersecurity and Infrastructure Security Agency (CISA) and a longtime Trump target, has resigned from SentinelOne following a recent executive order that targeted him and revoked the security clearances of everybody at the company.
Published: 2025-04-17T18:56:10
Truck-mounted demonstration weapon costs 10p a pop, says MOD British soldiers have successfully taken down drones with a radio-wave weapon.
Published: 2025-04-17T10:45:14
Ignored infosec rules, exfiltrated data then the mysterious login attempts from a Russian IP address began claim Democratic lawmakers are calling for an investigation after a tech staffer at the US National Labor Relations Board (NLRB) blew the whistle on the cost-trimming DOGE's activities at the employment watchdog which the staffer claims included being granted superuser status in contravention of standard operating procedures, exfiltrating data, and seemingly leaking credentials to someone with a Russian IP address.
Published: 2025-04-17T02:46:12
Microsoft rewards those who patch early with bricks hurled through its operating system Keeping with its rich history of updates that break Windows in unexpected ways, Microsoft has warned that two recent patches for Windows 11 24H2 are triggering blue screen crashes.
Published: 2025-04-16T21:16:10
Extraordinary rendition of data, or just dropped it out of a helicopter? CIA Director John Ratcliffe's smartphone has almost no trace left of the infamous Signalgate chat the one in which he and other top US national security officials discussed a secret upcoming military operation in a group Signal conversation a journalist was inadvertently added to.
Published: 2025-04-16T20:58:16
From noise to clarity: Why CISOs are shifting to adversarial exposure validation Partner content A vast majority of security teams are overwhelmed by the large number of security alerts and vulnerabilities.
Published: 2025-04-16T19:01:09
Uncertainty is the new certainty In an 11th-hour reprieve, the US government last night agreed to continue funding the globally used Common Vulnerabilities and Exposures (CVE) program.
Published: 2025-04-16T16:54:25
DPP Law is appealing against data watchdog's conclusions A law firm is appealing against a 60,000 fine from the UK's data watchdog after 32 GB of personal information was stolen from its systems.
Published: 2025-04-16T14:45:07
Vintage phishing varietal has improved with age Russia never stops using proven tactics, and its Cozy Bear, aka APT 29, cyber-spies are once again trying to lure European diplomats into downloading malware with a phony invitation to a lux event.
Published: 2025-04-16T12:29:09
It involves a number close to three or six depending on the pickle you're in Ransomware operators jack up their ransom demands by a factor of 2.8x if they detect a victim has cyber-insurance, a study highlighted by the Netherlands government has confirmed.
Published: 2025-04-16T06:25:12
Because vulnerability management has nothing to do with national security, right? Updated US government funding for the world's CVE program the centralized Common Vulnerabilities and Exposures database of product security flaws ends Wednesday.
Published: 2025-04-16T00:00:47
800K? Make that double, and we'll need a double, too, for the pain A Texas firm that provides backend IT and other services for American insurers has admitted twice as many people had their info stolen from it than previously disclosed.
Published: 2025-04-15T20:43:14
Source code, moderator info, IP addresses, more allegedly swiped and leaked Thousands of 4chan users reported outages Monday night amid rumors on social media that the edgy anonymous imageboard had been ransacked by an intruder, with someone on a rival forum claiming to have leaked its source code, moderator identities, and users' IP addresses.
Published: 2025-04-15T18:56:37
Beijing claims NSA went for gold in offensive cyber, got caught in the act China's state-run press has taken its turn in trying to highlight alleged foreign cyber offensives, accusing the US National Security Agency of targeting the 2025 Asian Winter Games.
Published: 2025-04-15T18:02:13
Login green-lit for lone staffer if he's trained, papered up, won't pull an Elez A federal judge has partly lifted an injunction against Elon Musk's Trump-blessed cost-trimming DOGE unit, allowing one staff member to access sensitive US Treasury payment systems. This access includes personally identifiable financial information tied to millions of Americans.
Published: 2025-04-15T17:41:38
Let the espionage and access resale campaigns begin (again) A cyberspy crew or individual with ties to China's Ministry of State Security has infected global organizations with a remote access trojan (RAT) that's "even better" than Cobalt Strike, using this stealthy backdoor to enable its espionage and access resale campaigns.
Published: 2025-04-15T14:00:15
In this episode of Uncanny Valley, our hosts explain how to prepare for travel to and from the United States and how to stay safe.
Published: 2025-04-24T21:28:33
Google is rolling out an end-to-end encrypted email feature for business customers, but it could spawn phishing attacks, particularly in non-Gmail inboxes.
Published: 2025-04-24T16:00:00
Following the death of Pope Francis, the Vatican is preparing to organize a new conclave in less than 20 days. This is how they’ll tamp down on leaks.
Published: 2025-04-23T06:00:00
Customs and Border Protection has broad authority to search travelers’ devices when they cross into the United States. Here’s what you can do to protect your digital life while at the US border.
Published: 2025-04-21T10:30:00
Plus: A US judge rules against police cell phone “tower dumps,” China names alleged NSA agents it says were involved in cyberattacks, and Customs and Border Protection reveals its social media spying tools.
Published: 2025-04-19T09:30:00
In a document published Thursday, ICE explained the functions that it expects Palantir to include in a prototype of a new program to give the agency “near real-time” data about people self-deporting.
Published: 2025-04-18T15:13:45
The New Jersey attorney general claims Discord’s features to keep children under 13 safe from sexual predators and harmful content are inadequate.
Published: 2025-04-17T15:00:00
Massive Blue is helping cops deploy AI-powered social media bots to talk to people they suspect are anything from violent sex criminals all the way to vaguely defined “protesters.”
Published: 2025-04-17T10:30:00
The CVE Program is the primary way software vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it.
Published: 2025-04-16T20:10:04
A lawsuit over the Trump administration’s infamous Houthi Signal group chat has revealed what steps departments took to preserve the messages and how little they actually saved.
Published: 2025-04-15T21:27:40
Though the exact details of the situation have not been confirmed, community infighting seems to have spilled out in a breach of the notorious image board.
Published: 2025-04-15T19:14:57
Microsoft held off on releasing the privacy-unfriendly feature after a swell of pushback last year. Now it’s trying again, with a few improvements that skeptics say still aren't enough.
Published: 2025-04-14T20:35:28
From crypto kingpins to sophisticated scammers, these are the lesser-known hacking groups that should be on your radar.
Published: 2025-04-14T10:00:00
Allegedly responsible for the theft of $1.5 billion in cryptocurrency from a single exchange, North Korea’s TraderTraitor is one of the most sophisticated cybercrime groups in the world.
Published: 2025-04-14T10:00:00
For the past decade, this group of FSB hackers including “traitor” Ukrainian intelligence officers has used a grinding barrage of intrusion campaigns to make life hell for their former countrymen and cybersecurity defenders.
Published: 2025-04-14T10:00:00
Millions of scam text messages are sent every month. The Chinese cybercriminals behind many of them are expanding their operations and quickly innovating.
Published: 2025-04-14T10:00:00
Despite their hacktivist front, CyberAv3ngers is a rare state-sponsored hacker group bent on putting industrial infrastructure at risk and has already caused global disruption.
Published: 2025-04-14T10:00:00
Though less well-known than groups like Volt Typhoon and Salt Typhoon, Brass Typhoon, or APT 41, is an infamous, longtime espionage actor that foreshadowed recent telecom hacks.
Published: 2025-04-14T10:00:00
After a series of setbacks, the notorious Black Basta ransomware gang went underground. Researchers are bracing for its probable return in a new form.
Published: 2025-04-14T10:00:00
An email sent by the Department of Homeland Security instructs people in the US on a temporary legal status to leave the country. But who the email actually applies to and who actually received it is far from clear.
Published: 2025-04-13T01:35:06
North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. "In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co) to spread
Published: 2025-04-25T19:35:00
Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. "The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue," ReliaQuest said in a report published this week. The cybersecurity
Published: 2025-04-25T16:11:00
When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of Non-Human Identities (NHIs). At the top of mind when NHIs are mentioned, most security teams immediately think of Service Accounts.
Published: 2025-04-25T16:00:00
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions. The vulnerabilities, flagged by cybersecurity vendor OPSWAT, are listed below - CVE-2025-27610 (CVSS score: 7.5) - A path traversal
Published: 2025-04-25T14:27:00
Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS). The malware, along with a web shell, were "installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks against organizations in Japan around December 2024," JPCERT/CC researcher Yuma
Published: 2025-04-25T14:13:00
At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea's software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in
Published: 2025-04-24T19:41:00
Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring. This causes a "major blind spot in Linux runtime security tools," ARMO said. "This mechanism allows a user application to perform various actions without using system calls," the company said in
Published: 2025-04-24T18:28:00
The Evolving Healthcare Cybersecurity Landscape Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted and the convergence of IT and medical systems creating an expanded attack surface, traditional security approaches are proving inadequate. According to recent statistics, the healthcare sector
Published: 2025-04-24T18:26:00
As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. "We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure," VulnCheck said in a report shared with The Hacker News. This translates to 45 security flaws that have been weaponized
Published: 2025-04-24T18:25:00
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. "This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes," Netcraft said in a fresh report shared with The Hacker News.
Published: 2025-04-24T16:57:00
A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028, carries a CVSS score of 9.0 out of a maximum of 10.0. "A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute arbitrary code without
Published: 2025-04-24T15:30:00
WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation in traditional chats and groups. "This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp said in a statement. The optional feature
Published: 2025-04-24T09:33:00
Multiple threat activity clusters with ties to North Korea (aka Democratic People's Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. "The focus on Web3 and cryptocurrency appears to be primarily financially motivated due to the heavy sanctions that have been placed on North Korea," Google-owned Mandiant said in
Published: 2025-04-23T22:39:00
The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering campaign aimed at Israel in October 2024. Google-owned Mandiant described UNC2428 as a threat actor aligned with Iran that engages in cyber espionage-related operations. The intrusion set is said to have distributed the malware through a "complex
Published: 2025-04-23T18:38:00
Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software. "The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it in various ways, including through one of the Russian Android app catalogs," Doctor Web said in an
Published: 2025-04-23T17:52:00
Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before. Attackers are increasingly leveraging identity-based techniques over software exploits, with phishing and stolen credentials (a byproduct of phishing) now the primary
Published: 2025-04-23T16:30:00
Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly targeted social engineering operations, per Volexity, are a shift from previously documented attacks that leveraged a technique known as device code
Published: 2025-04-23T16:19:00
The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users' private keys. The malicious activity has been found to affect five different versions of the package: 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The issue has been addressed in versions 4.2.5 and 2.14.3.
Published: 2025-04-23T12:47:00
Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. "We've made the decision to maintain our current approach to offering users third-party cookie choice in Chrome, and will not be rolling out a new standalone prompt for third-party cookies," Anthony Chavez, vice president of Privacy
Published: 2025-04-23T10:49:00
Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy miners like XMRig to illicitly profit off the compute resources. This involves deploying a malware strain
Published: 2025-04-22T22:16:00
Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that's based on Apache Airflow. "This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their access to the default Cloud Build service account, which
Published: 2025-04-22T19:36:00
As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for more than 70% of modern malware attacks. Keep Aware’s recent State of Browser Security report highlights major concerns security leaders face with employees using the web browser for most of their work.
Published: 2025-04-22T16:30:00
In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and redirect message recipients to fraudulent sites that harvest their credentials. "The first thing to note is that this is a valid, signed email it really was sent from no-reply@google.com," Nick Johnson
Published: 2025-04-22T16:20:00
Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it's also in the process of migrating the Entra ID signing service as well. The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and United States government clouds to
Published: 2025-04-22T13:08:00
The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025. "Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company," the Symantec Threat Hunter Team said in a new report
Published: 2025-04-22T09:59:00
Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC). "In some systems, initial access was gained through
Published: 2025-04-21T22:12:00
A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to
Published: 2025-04-21T20:43:00
The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture. The solution is more complex. For this article, we’ll focus on the device threat vector. The risk they pose is significant, which is why device
Published: 2025-04-21T16:55:00
Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps like a misconfigured pipeline, a trusted browser feature,
Published: 2025-04-21T15:40:00
Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week. "Net
Published: 2025-04-21T12:31:00
The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool
Published: 2025-04-20T10:28:00
Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - node-telegram-utils (132 downloads) node-telegram-bots-api (82 downloads) node-telegram-util (73 downloads) According to supply chain
Published: 2025-04-19T20:41:00
ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0. "An improper authentication control vulnerability exists in certain ASUS router firmware series,"
Published: 2025-04-19T14:22:00
Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim Khodjibaev, Chetan
Published: 2025-04-18T20:45:00
A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical write-up of the campaign. The
Published: 2025-04-18T17:33:00
Your employees didn’t mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal until it is. If this sounds familiar, you're not alone. Most security teams are already behind in detecting how AI tools are quietly reshaping their SaaS environments. And
Published: 2025-04-18T15:15:00
Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence," Cisco Talos researcher Joey Chen said in a Thursday analysis.
Published: 2025-04-18T12:40:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure
Published: 2025-04-18T09:59:00
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement
Published: 2025-04-17T20:52:00
Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater),
Published: 2025-04-17T17:02:00
Talking about AI: Definitions Artificial Intelligence (AI) AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing various technologies and methodologies, including Machine Learning (ML) and Deep Learning. Machine
Published: 2025-04-17T16:56:00
A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0. "The vulnerability allows an attacker with network access to an Erlang/OTP SSH server
Published: 2025-04-17T16:02:00
Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords? How blockchain works Blockchain is a secure way to maintain, encrypt, and exchange digital records of transactions.
Published: 2025-04-17T16:00:00
Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing a rogue installer from fraudulent websites that masquerade as legitimate software like Binance or
Published: 2025-04-17T14:27:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection
Published: 2025-04-17T11:14:00
Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-31200 (CVSS score: 7.5) - A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio
Published: 2025-04-17T09:03:00
Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered in a binary named "schtasks.exe," which enables an administrator to create, delete, query, change,
Published: 2025-04-16T21:48:00
Google on Wednesday revealed that it suspended over 39.2 million advertiser accounts in 2024, with a majority of them identified and blocked by its systems before it could serve harmful ads to users. In all, the tech giant said it stopped 5.1 billion bad ads, restricted 9.1 billion ads, and blocked or restricted ads on 1.3 billion pages last year. It also suspended over 5 million accounts for
Published: 2025-04-16T18:18:00
Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to spoofed Microsoft login pages. "Attackers weaponize Gamma, a relatively new AI-based presentation tool, to deliver a link to a fraudulent Microsoft SharePoint login portal," Abnormal Security researchers Callie Hinman Baron and Piotr Wojtyla
Published: 2025-04-16T17:14:00
Introduction Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these interconnected systems to launch attacks. By first infiltrating a third-party vendor with undetected
Published: 2025-04-16T16:56:00
Researchers identified a new malware, named DslogdRAT, deployed after exploiting a now-patched flaw in Ivanti Connect Secure (ICS). JPCERT/CC researchers reported that a new malware, dubbed DslogdRAT, and a web shell were deployed by exploiting a zero-day vulnerability during attacks on Japanese organizations in December 2024. The vulnerability, tracked as CVE-2025-0282 (CVSS score: 9.0), is a […]
Published: 2025-04-25T17:56:11
A zero-day in SAP NetWeaver is potentially being exploited, putting thousands of internet-facing applications at risk. Researchers warn that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is potentially being exploited. Thousands of internet-facing applications are potentially at risk. The flaw in SAP NetWeaver Visual Composer Metadata Uploader stems from a lack […]
Published: 2025-04-25T15:48:27
The North Korea-linked Lazarus Group targeted at least six firms in South Korea in a cyber espionage campaign called Operation SyncHole. Kaspersky researchers reported that the North Korea-linked APT group Lazarus targeted at least six firms in South Korea in a cyber espionage campaign tracked as Operation SyncHole. The campaign has been active since at […]
Published: 2025-04-25T10:49:11
The Interlock ransomware gang claimed responsibility for the attack on the leading kidney dialysis company DaVita and leaked alleged stolen data. DaVita Inc. provides kidney dialysis services through a network of 2,675 outpatient centers in the United States, serving 200,800 patients, and 367 outpatient centers in 11 other countries, serving 49,400 patients. DaVita specializes in treating end-stage renal […]
Published: 2025-04-25T07:13:10
Yale New Haven Health (YNHHS) announced that threat actors stole the personal data of 5.5 million patients in a cyberattack. Yale New Haven Health (YNHHS) disclosed a data breach that exposed personal information of 5.5 million patients following a cyberattack that occurred earlier this month. Yale New Haven Health System (YNHHS) is a nonprofit healthcare […]
Published: 2025-04-24T17:41:19
Crooks exploit the death of Pope Francis, using public curiosity and emotion to launch scams and spread malware, an old tactic during global events. After Pope Francis’ death, cybercriminals launched scams and malware attacks, exploiting public curiosity, grief, and confusion. Cybercriminals are ready to exploit any event of global interest, it has already happened in […]
Published: 2025-04-24T12:11:58
WhatsApp adds Advanced Chat Privacy feature that allows users to block others from sharing chat content outside the app. WhatsApp announced the availability of a new feature called “Advanced Chat Privacy” for both individual and group chats that enhances content protection. The feature blocks chat exports, auto-media downloads, and the use of messages in AI […]
Published: 2025-04-24T10:22:00
A new Android spyware was discovered in a fake Alpine Quest app, reportedly used by Russian soldiers for war zone planning. Doctor Web researchers uncovered a new spyware, tracked as Android.Spy.1292.origin, targeting Russian military personnel. The malicious code was hidden in a trojanized Alpine Quest app and spread via Russian Android catalogs. The malware steals […]
Published: 2025-04-24T05:28:53
New malware campaign targets Docker environments using unknown methods to secretly mine cryptocurrency, researchers warn. Researchers from Darktrace and Cado Security have spotted a malware campaign that targets Docker environments with a novel technique to mine cryptocurrency. The malware campaign targets Docker environments to deploy a malicious node connected to Teneo, a decentralized infrastructure network. […]
Published: 2025-04-23T18:15:48
The xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack aimed at stealing users’ private keys. Threat actors compromised the Ripple cryptocurrency npm JavaScript library xrpl.js to harvest users’ private keys. xrpl.js is the recommended library for integrating a JavaScript/TypeScript app with the XRP, it has more than 140.000 weekly downloads. Hundreds of thousands of […]
Published: 2025-04-23T09:39:10
A global assault on encryption and privacy has intensified, with governments pushing for law enforcement access to encrypted data and social media companies required to provide backdoors. As this struggle unfolds, experts warn about the erosion of individual freedoms and the creation of a surveillance state.
Published: Sat Apr 19 05:15:27 2025 by llama3.2 3B Q4_K_M
A prankster's dream hack has brought America's cities to a standstill as they're forced to listen to AI-generated voices of the rich and famous while crossing the street - all thanks to a vulnerability in Polara's pedestrian signal system that was conveniently left open by its manufacturer. Find out how this vulnerability was exploited to create an AI-spooked America, one intersection at a time.
Published: Sat Apr 19 08:47:27 2025 by llama3.2 3B Q4_K_M
Rogue npm packages have been discovered that mimic popular libraries but harbor malicious code. These packages can plant SSH backdoors on Linux systems, granting attackers persistent remote access. The discovery highlights the growing concern for Linux system security and serves as a stark reminder of the importance of vigilance in the cybersecurity landscape.
Published: Sat Apr 19 13:02:12 2025 by llama3.2 3B Q4_K_M
A new Android malware, dubbed 'SuperCard X', has emerged with remarkable technical sophistication, specifically designed to target NFC-enabled devices via relay attacks. By exploiting vulnerabilities in user behavior, this malicious entity can siphon sensitive payment card information, paving the way for point-of-sale and ATM transactions. With its evasive tactics and customizability, SuperCard X poses a significant threat to Android users worldwide.
Published: Sat Apr 19 16:27:09 2025 by llama3.2 3B Q4_K_M
A newly disclosed critical vulnerability in Erlang/OTP SSH allows unauthenticated attackers to remotely execute code on impacted devices, putting telecom, database, and high-availability systems at risk. Public exploits are now available for the CVE-2025-32433 bug, which was fixed in versions 25.3.2.10 and 26.2.4. With over 600,000 IP addresses running Erlang/OTP, threat actors will soon begin scanning for vulnerable systems, prompting experts to urge immediate patching of devices running the daemon.
Published: Sat Apr 19 16:49:51 2025 by llama3.2 3B Q4_K_M
Microsoft Entra lockouts have left Windows administrators reeling after a new security feature was introduced with a flawed implementation that triggered widespread false positives. The issue has already affected numerous organizations worldwide, with some reports suggesting that up to 1/3 of all accounts were impacted.
Published: Sat Apr 19 18:00:43 2025 by llama3.2 3B Q4_K_M
A new variant of WINELOADER malware has been linked to a phishing campaign targeting diplomatic entities across Europe, as part of an APT29 (Cozy Bear or Midnight Blizzard) attack. GRAPELOADER is a newly observed initial-stage tool used for fingerprinting, persistence, and payload delivery.
Published: Sun Apr 20 01:22:06 2025 by llama3.2 3B Q4_K_M
The start of a new year brings with it a wave of fresh security concerns, as several high-profile exploits and malware variants have emerged in January 2025. This article provides an overview of the key developments in the world of cyber threats and highlights the need for increased vigilance from consumers to protect themselves from emerging threats.
Published: Sun Apr 20 06:45:42 2025 by llama3.2 3B Q4_K_M
Discover the latest cybersecurity incidents and malware variants reported in the Security Affairs Malware Newsletter Round 42. Find out how attackers are using innovative techniques to evade detection and compromise devices running on various operating systems.
Published: Sun Apr 20 12:15:04 2025 by llama3.2 3B Q4_K_M
Phishers have abused Google OAuth to spoof Google's systems, using a technique called DKIM replay phishing attack to trick recipients into accessing legitimate-looking support portals that asked for Google account credentials. This attack has been similar to one targeting PayPal users in March and highlights the importance of vigilance in detecting phishing attempts.
Published: Mon Apr 21 09:36:24 2025 by llama3.2 3B Q4_K_M
State-sponsored hackers are embracing a new social engineering tactic called ClickFix, which involves creating fake websites that impersonate legitimate platforms. These attacks can lead to the installation of malware on devices, compromising sensitive information. In this article, we explore the rise of ClickFix and provide guidance on how individuals and organizations can protect themselves from these sophisticated threats.
Published: Mon Apr 21 09:45:21 2025 by llama3.2 3B Q4_K_M
Google phishers are using Google's own tools to create convincing phishing emails that can bypass traditional security checks. Learn more about this sophisticated scheme and how you can protect yourself from falling victim to these scams.
Published: Mon Apr 21 10:54:56 2025 by llama3.2 3B Q4_K_M
Pete Hegseth's use of Signal for sensitive information has raised serious concerns about the lack of accountability within the US government, particularly when it comes to its handling of classified information. The incident highlights the need for greater transparency and oversight to prevent similar breaches in the future.
Published: Mon Apr 21 11:03:18 2025 by llama3.2 3B Q4_K_M
The SuperCard X Android malware has emerged as a significant threat to contactless payments, enabling cybercriminals to conduct fraudulent cashouts through NFC relay attacks. This highly sophisticated malware-as-a-service (MaaS) platform combines social engineering tactics with malicious application installation and NFC data interception to achieve its objectives.
Published: Mon Apr 21 11:11:56 2025 by llama3.2 3B Q4_K_M
In a recent development, cybersecurity researchers have identified a new malicious campaign attributed to the state-sponsored threat actor known as Kimsuky. The campaign exploits the now-patched BlueKeep vulnerability in Microsoft Remote Desktop Services, gaining initial access into compromised systems through phishing emails and other vectors. This article delves deeper into the details of this threat, exploring its implications for cybersecurity professionals and offering insights into how to protect against similar attacks.
Published: Mon Apr 21 12:37:39 2025 by llama3.2 3B Q4_K_M
A recent incident involving a newly discovered vulnerability in Windows has highlighted the ongoing threat landscape in the world of cybersecurity, emphasizing the importance of staying vigilant in the face of new threats and having robust security measures in place to protect against sophisticated attacks.
Published: Mon Apr 21 14:09:18 2025 by llama3.2 3B Q4_K_M
A North Korea-linked group known as Kimsuky has been linked to a sophisticated attack campaign that exploited a patched Microsoft Remote Desktop Services flaw to gain unauthorized access to compromised systems. The group's use of multiple vectors in their attack campaign highlights their sophistication and persistence as a threat actor, and underscores the need for organizations to prioritize cybersecurity measures to mitigate these threats.
Published: Mon Apr 21 14:53:17 2025 by llama3.2 3B Q4_K_M
AI models have been demonstrated to generate exploit code at lightning-fast speeds, posing significant challenges for cybersecurity defenders as attackers harness the power of generative AI models to develop and deploy new threats. The implications are far-reaching, necessitating a fundamental shift in the way enterprises approach cybersecurity defense.
Published: Mon Apr 21 16:11:22 2025 by llama3.2 3B Q4_K_M
A critical flaw in SSL.com's domain validation system has been discovered by a researcher, enabling certificate mis-issuance for legitimate websites. The vulnerability was exploited by the researcher to obtain certificates for domains like aliyun.com, which could have led to man-in-the-middle attacks and phishing. SSL.com has since acknowledged the issue and taken steps to rectify it.
Published: Mon Apr 21 21:43:03 2025 by llama3.2 3B Q4_K_M
Lotus Panda, a China-linked cyber espionage group, has been linked to a series of attacks on government ministries, air traffic control organizations, telecoms operators, and construction companies in an unnamed Southeast Asian country. The attackers used custom-made tools, including loaders, credential stealers, and reverse SSH, to breach these targets.
Published: Mon Apr 21 23:53:01 2025 by llama3.2 3B Q4_K_M
Microsoft has taken significant steps to strengthen its cybersecurity protections following a major breach in 2023, known as Storm-0558. The company has moved the MSA signing service to Azure confidential VMs and announced plans to migrate the Entra ID signing service to the same platform. These measures come as part of Microsoft's Secure Future Initiative, which aims to mitigate attack vectors used by attackers in the breach. By using hardened identity SDKs, phishing-resistant MFA, and other security measures, Microsoft is committed to protecting its customers' sensitive data and preventing similar breaches in the future.
Published: Tue Apr 22 04:14:21 2025 by llama3.2 3B Q4_K_M
Japan's Financial Services Agency (FSA) has issued a warning about the growing threat of unauthorized trading via stolen credentials from fake security firms' sites. With hundreds of millions of yen in damages reported, the agency is urging users to prioritize their online security and take proactive steps to protect themselves from these types of attacks.
Published: Tue Apr 22 04:39:22 2025 by llama3.2 3B Q4_K_M
Abilene, Texas, takes systems offline following a sophisticated cyberattack that has brought its municipal services to a halt. The incident highlights the vulnerability of government agencies to cyber threats and underscores the need for robust cybersecurity protocols.
Published: Tue Apr 22 06:08:16 2025 by llama3.2 3B Q4_K_M
A new report from Keep Aware highlights the growing threat of employees' personal use of their browser to enterprise cybersecurity. With 70% of phishing campaigns impersonating Microsoft, OneDrive, or Office 365, and malware reassembly in the browser becoming a major concern, security teams must take action to protect their organizations. Learn more about the challenges of browser security and how to address them in this detailed report.
Published: Tue Apr 22 07:19:03 2025 by llama3.2 3B Q4_K_M
Phishers have developed an extremely sophisticated method of exploiting Google's infrastructure to send phishing emails that bypass traditional email security measures. This attack utilizes Google Sites as a lookalike page, making it challenging for victims to distinguish between legitimate and malicious messages.
Published: Tue Apr 22 07:30:32 2025 by llama3.2 3B Q4_K_M
The FBI has claimed that it lost records related to its purchasing of powerful hacking tools, sparking concerns about the agency's transparency and accountability. As a major player in investigating and preventing cybercrimes, the lack of information about its cyber capabilities and tools is concerning.
Published: Tue Apr 22 08:39:33 2025 by llama3.2 3B Q4_K_M
The vulnerability landscape has taken a hit in recent weeks, with several high-profile discoveries leaving experts scrambling to patch and protect against. A new vulnerability in Google Cloud Platform (GCP) that could enable an attacker to elevate their privileges in the Cloud Composer workflow orchestration service stands out as particularly concerning.
In this article, we will delve deeper into the details of ConfusedComposer, explore its potential impact, and discuss the broader implications for cloud security. We'll also examine other recent discoveries in the field, including vulnerabilities in Microsoft Azure, Microsoft Entra ID, and AWS EC2 instances.
Published: Tue Apr 22 10:08:07 2025 by llama3.2 3B Q4_K_M
The United Nations Office on Drugs and Crime has warned about the growing epidemic of scam call centers, which are metastasizing worldwide like a cancer, threatening global cybersecurity and human trafficking.
Published: Tue Apr 22 11:23:14 2025 by llama3.2 3B Q4_K_M
Ripple's recommended XRP library xrpl.js was hacked and compromised, allowing malicious actors to steal wallet seeds and private keys. This devastating attack on cryptocurrency security highlights the need for stringent cybersecurity measures in software development.
Published: Tue Apr 22 12:42:16 2025 by llama3.2 3B Q4_K_M
Halcyon has launched its Threat Research Incentive Program (TRIP), a bug bounty program aimed at rewarding ransomware intel submissions. Researchers can earn up to $10,000 per report for valuable intelligence on ransomware groups, platforms, affiliates, and other key players in the ransomware ecosystem.
Published: Tue Apr 22 12:57:37 2025 by llama3.2 3B Q4_K_M
Recently, a new type of malware has been identified that leverages web3 technology to mine cryptocurrency by exploiting Docker environments. The attack exploits a previously undocumented technique using Teneo Web3 Node to earn crypto via fake heartbeat signals. Understanding this attack is crucial in staying ahead of the evolving threat landscape.
Published: Tue Apr 22 13:05:39 2025 by llama3.2 3B Q4_K_M
SK Telecom warns customer USIM data exposed in malware attack. The South Korean mobile operator's breach highlights the growing threat of cyberattacks on telecommunications companies, emphasizing the need for robust security measures and incident response plans.
Published: Tue Apr 22 14:20:07 2025 by llama3.2 3B Q4_K_M
The rise of Fog ransomware highlights the growing concern over cybersecurity threats worldwide. As individuals, organizations, and governments continue to evolve their measures to protect themselves, it is essential that they also understand the complex web of relationships involved in these threats.
Published: Tue Apr 22 14:28:17 2025 by llama3.2 3B Q4_K_M
Hackers have been exploiting a vulnerability in Zoom's remote control feature to carry out social engineering attacks on cryptocurrency users, resulting in significant losses for several high-value targets. Learn more about this security threat and how to protect yourself from these types of attacks.
Published: Tue Apr 22 15:37:06 2025 by llama3.2 3B Q4_K_M
In a stunning reversal, Google has dropped its plans for the Privacy Sandbox, a technology aimed at protecting users while delivering targeted ads. The move comes as regulators and rivals had long argued that it undermined traditional third-party cookies and facilitated online tracking. This decision raises questions about the future of digital privacy and highlights the ongoing struggle between technological innovation and regulatory oversight.
Published: Tue Apr 22 16:09:58 2025 by llama3.2 3B Q4_K_M
CISA officials Bob Lord and Lauren Zabierek have recently announced their resignation from the agency, leaving behind significant contributions to the Secure by Design program. As the implications of this brain drain unfold, it raises questions about the future of cybersecurity in the United States and whether CISA's efforts will continue to prioritize robust security standards.
Published: Tue Apr 22 16:29:59 2025 by llama3.2 3B Q4_K_M
Millions of SK Telecom customers are potentially at risk following a USIM data compromise. The South Korean telecommunications giant warned that threat actors accessed customer Universal Subscriber Identity Module (USIM) information through a malware attack.
Published: Tue Apr 22 16:51:30 2025 by llama3.2 3B Q4_K_M
Marks & Spencer has confirmed a cyberattack that has resulted in delays to its Click and Collect service, highlighting the importance of proactive cybersecurity strategies and collaboration among businesses in addressing evolving threats.
Published: Tue Apr 22 19:04:26 2025 by llama3.2 3B Q4_K_M
Google has dropped plans for a standalone cookie prompt in its Chrome browser as part of its ongoing efforts to address user privacy concerns and prioritize the Privacy Sandbox initiative. The decision marks a significant shift in the company's stance on third-party cookies, one that is likely to have far-reaching implications for online publishers, developers, and users alike.
Published: Wed Apr 23 02:21:10 2025 by llama3.2 3B Q4_K_M
A major software supply chain attack has compromised Ripple's popular JavaScript API for interacting with the XRP Ledger blockchain, xrpl.js. The malicious activity, discovered on April 21, 2025, affected five different versions of the package and is believed to have been carried out by threat actors who managed to steal a developer's npm access token. Users relying on the xrpl.js library are advised to update their instances to the latest version (4.2.5 and 2.14.3) to mitigate potential threats.
Published: Wed Apr 23 03:30:47 2025 by llama3.2 3B Q4_K_M
Recent months have witnessed a dizzying parade of threats to global cybersecurity, from APT campaigns to high-profile data breaches, highlighting the ongoing vulnerability of even the most seemingly secure systems. As one expert noted, "The use of SIM swapping attacks as a means of breaching sensitive data is an alarming development that underscores the need for greater vigilance in protecting our digital identities."
Published: Wed Apr 23 03:50:43 2025 by llama3.2 3B Q4_K_M
The US government's devastating failures in cyber security have put the entire country at risk of catastrophic breaches, compromising sensitive information and threatening the very fabric of American society. The Trump administration's approach has exposed a culture of incompetence, lack of transparency, and inadequate preparedness, leaving the nation vulnerable to unprecedented threats.
Published: Wed Apr 23 05:02:58 2025 by llama3.2 3B Q4_K_M
Marks & Spencer has confirmed a cyber incident, leaving customers vulnerable to payment fraud. The company has taken steps to protect its customers and business but acknowledged that the incident may have caused inconvenience for some.
Published: Wed Apr 23 05:22:44 2025 by llama3.2 3B Q4_K_M
Ex-NSA boss Mike Rogers warns against repeating cybersecurity mistakes by incorporating security into AI development from the outset, emphasizing defensibility, redundancy, and resilience to prevent data breaches and other security-related problems.
Published: Wed Apr 23 06:44:57 2025 by llama3.2 3B Q4_K_M
Stolen credentials have become the second most common initial infection vector, surpassing email phishing in Mandiant's M-Trends 2025 report. This trend is attributed to the ease with which cybercriminals can obtain user login information and the proliferation of malware that can collect private user data.
Published: Wed Apr 23 08:54:37 2025 by llama3.2 3B Q4_K_M
ASUS has released a fix for a critical AMI bug that allows hackers to brick servers. The vulnerability, CVE-2024-54085, poses a significant threat to server administrators and organizations relying on AMI-powered servers from major hardware vendors. To mitigate the risk of exploitation, server administrators are advised to apply the latest firmware updates as soon as possible.
Published: Wed Apr 23 10:03:17 2025 by llama3.2 3B Q4_K_M
Phishing attacks continue to pose a significant threat to organizations, but traditional detection methods are proving ineffective. A new approach using browser-based identity security platforms is gaining traction as a more effective and timely response to phishing threats.
Published: Wed Apr 23 10:17:30 2025 by llama3.2 3B Q4_K_M
Iran-Linked Hackers Employ Sophisticated Malware Campaign Targeting Israel
In a recent development that has shed new light on the ever-evolving threat landscape of cyber espionage, it has come to light that Iran-nexus threat actors have been observed employing a complex chain of deception techniques to deliver malware to individuals in Israel. The malicious campaign utilized a social engineering tactic masquerading as a recruitment opportunity from an Israeli defense contractor to trick victims into downloading a tool that ultimately led to the installation of a backdoor known as MURKYTOUR.
Published: Wed Apr 23 10:34:27 2025 by llama3.2 3B Q4_K_M
A new Android spyware campaign has been uncovered that disguises itself as the Alpine Quest mapping software, targeting Russian military personnel in the Special Military Operation zone. The malicious app collects sensitive information from its victims' devices, including mobile phone numbers and their accounts, contact lists, current date and geolocation, and information about stored files. Followed by 5.20+ million followers on Twitter, The Hacker News is a trusted cybersecurity news platform that provides expert insights, exclusive resources, and strategies to stay ahead of emerging threats.
Published: Wed Apr 23 10:43:07 2025 by llama3.2 3B Q4_K_M
Russian hackers have been aggressively targeting individuals and organizations with ties to Ukraine and human rights, aiming to gain unauthorized access to Microsoft 365 accounts using a sophisticated social engineering operation that leverages legitimate Microsoft OAuth workflows. To protect yourself from this type of attack, learn more about how to defend against social engineering operations and stay up-to-date on the latest cybersecurity threats.
Published: Wed Apr 23 10:58:09 2025 by llama3.2 3B Q4_K_M
A recent supply chain attack on the xrpl.js library exposed cryptocurrency users to significant risk. The attackers compromised the library by releasing malicious code through the official NPM package, compromising over 2.9 million downloads. Fortunately, patches have been released to address the vulnerability, but it serves as a reminder of the importance of robust security measures in our increasingly interconnected software ecosystem.
Published: Wed Apr 23 11:19:51 2025 by llama3.2 3B Q4_K_M
The FBI has announced record-breaking cybercrime losses of $16.6 billion in 2024, with older Americans being disproportionately affected. As cyber threats continue to evolve, it's essential for individuals and organizations to take proactive steps to protect themselves against these devastating losses.
Published: Wed Apr 23 13:11:54 2025 by llama3.2 3B Q4_K_M
America's Front Door Security Revolution: Eufy's All-Time Low Deal on Top-Picked Video Doorbell is now available at an unbeatable price. Discover how this cutting-edge device can revolutionize your home security with its dual-camera system, local storage, and extensive integration capabilities.
Published: Wed Apr 23 13:34:15 2025 by llama3.2 3B Q4_K_M
A critical vulnerability has been exposed in the Ripple NPM package, which can steal cryptocurrency from users. The attack was carried out by injecting malware into the package's code, allowing attackers to gain access to sensitive information. Users are advised to rotate their private keys and take immediate action to mitigate potential damage.
Published: Wed Apr 23 13:44:47 2025 by llama3.2 3B Q4_K_M
Agentic AI is set to take center stage at RSA Conference 2025, promising to transform cybersecurity with its unparalleled speed and accuracy. But what does this mean for human analysts, and how can we mitigate the risks associated with these autonomous systems? Dive into our in-depth analysis of agentic AI's potential impact on the security industry.
Published: Wed Apr 23 13:53:43 2025 by llama3.2 3B Q4_K_M
North Korean hackers have escalated their phishing campaigns, with a recent incident involving TRON users losing an astonishing $137 million USD worth of assets in a single day. The DPRK's sophisticated attacks demonstrate the need for enhanced security measures and greater awareness among organizations and individuals.
Published: Wed Apr 23 14:06:16 2025 by llama3.2 3B Q4_K_M
New malware has been discovered targeting Docker environments with an innovative method of secretly mining cryptocurrency, employing layers within a malicious image to evade detection. Despite complex obfuscation and attempts to shift towards alternative methods of generating crypto, the true profitability of this method remains uncertain.
Published: Wed Apr 23 14:25:07 2025 by llama3.2 3B Q4_K_M
Blue Shield of California has exposed 4.7 million patients' sensitive medical data to Google Ads, raising concerns about targeted advertising based on an individual's healthcare needs. The incident highlights a disturbing trend in which healthcare organizations are not adequately protecting their members' personal health information.
Published: Wed Apr 23 18:49:23 2025 by llama3.2 3B Q4_K_M
The FBI's Internet Crime Complaint Center (IC3) has released its 2024 report, revealing a staggering $16.6 billion in losses due to cybercrime in the United States last year. This marks the highest losses recorded since IC3 began tracking these crimes 25 years ago. The report highlights the evolving nature of cyber threats and the need for continued vigilance and cooperation between law enforcement agencies, cybersecurity professionals, and organizations to combat these risks.
Published: Wed Apr 23 21:02:57 2025 by llama3.2 3B Q4_K_M
Cybersecurity experts warn about the growing threats of AI-powered tools and highlight the need for organizations to implement robust protection mechanisms. From WhatsApp's new chat privacy feature to recent network vulnerabilities and supply chain risks, it's essential to stay vigilant in the face of emerging threats.
Published: Thu Apr 24 00:15:02 2025 by llama3.2 3B Q4_K_M
Researchers have uncovered a sophisticated Android spyware hidden within a fake version of the popular Alpine Quest mapping software, targeting Russian military personnel in a deceptive campaign. The malicious app was discovered by Doctor Web researchers and has been causing concern among cybersecurity experts.
Published: Thu Apr 24 01:34:59 2025 by llama3.2 3B Q4_K_M
Alpine Quest Android App Hijacked by Spyware to Spy on Russian Soldiers
Published: Thu Apr 24 02:50:06 2025 by llama3.2 3B Q4_K_M
Third-party breaches have doubled in the past year, with 30% attributed to exploited software vulnerabilities and supply chain compromises, according to a comprehensive report by Verizon. As global supply chains become increasingly complex, organizations must prioritize cybersecurity when engaging with third parties to mitigate risks.
Published: Thu Apr 24 05:09:03 2025 by llama3.2 3B Q4_K_M
The Evolving Landscape of Healthcare Cybersecurity: A Comprehensive Guide to Overcoming Traditional Challenges and Embracing Zero Trust
As healthcare organizations face unprecedented cybersecurity challenges, it's essential to understand the evolving threat landscape and the importance of embracing a comprehensive Zero Trust approach. This article delves into the world of healthcare cybersecurity, exploring the latest trends, risks, and security strategies to help organizations protect patient data, ensure clinical operations continuity, and meet regulatory requirements.
Published: Thu Apr 24 06:19:12 2025 by llama3.2 3B Q4_K_M
A critical security flaw has been discovered in the Commvault Command Center, which allows remote attackers to execute arbitrary code without authentication. This vulnerability, tracked as CVE-2025-34028, carries a CVSS score of 9.0 out of a maximum of 10.0 and affects versions 11.38.0 through 11.38.19. Organizations are urged to apply necessary mitigations to safeguard against potential threats.
Published: Thu Apr 24 06:29:17 2025 by llama3.2 3B Q4_K_M
A recent discovery has exposed a significant security vulnerability in Linux's io_uring interface, which allows rootkits to operate undetected on systems while bypassing advanced Enterprise security software. The blindspot was discovered by ARMO researchers, who created a proof-of-concept rootkit called "Curing" to demonstrate the practicality of this vulnerability. To address this issue, Google has turned off io_uring by default on Android and ChromeOS, and the industry is moving towards implementing Kernel Runtime Security Instrumentation (KRSI) to detect and prevent io_uring-based attacks.
Published: Thu Apr 24 07:52:56 2025 by llama3.2 3B Q4_K_M
The rise of sophisticated phishing tools has made it increasingly difficult for cybersecurity professionals to keep up with the ever-evolving threats. The latest addition to this arsenal is Darcula, a phishing-as-a-service (PhaaS) platform that has integrated generative artificial intelligence (GenAI) capabilities, making it easier for less tech-savvy criminals to deploy customized scams in minutes.
Published: Thu Apr 24 08:00:11 2025 by llama3.2 3B Q4_K_M
Cybercrime Opportunism: How Global Events are Exploited by Cybercriminals
As the world mourned the passing of Pope Francis, a significant global event, cybercriminals seized the opportunity to launch a series of malicious attacks. This phenomenon is dubbed "cyber threat opportunism" and highlights the ever-evolving nature of cybercrime.
Published: Thu Apr 24 08:22:04 2025 by llama3.2 3B Q4_K_M
The Yale New Haven Health data breach has left over 5.5 million patients vulnerable to identity theft and financial exploitation, highlighting the need for robust cybersecurity measures in the healthcare industry.
Published: Thu Apr 24 09:48:18 2025 by llama3.2 3B Q4_K_M
In a recent operation dubbed Operation SyncHole, the notorious Lazarus Group has successfully targeted six major organizations in South Korea. The attack, which leveraged vulnerabilities in Cross EX and Innorix Agent, highlights the ongoing threat posed by Lazarus Group attacks. To mitigate this risk, organizations must prioritize cybersecurity measures and remain vigilant in the face of evolving threats.
Published: Thu Apr 24 10:08:55 2025 by llama3.2 3B Q4_K_M
In a recent discovery, researchers have uncovered a proof-of-concept (PoC) rootkit called Curing that leverages the Linux async I/O mechanism called io_uring to bypass traditional system call monitoring tools. This new exploit highlights the major blind spots in Linux runtime security tools, leaving users vulnerable to rootkits that can operate solely on io_uring. Users need to be aware of this new threat and take necessary precautions to protect their systems.
Published: Thu Apr 24 10:15:41 2025 by llama3.2 3B Q4_K_M
As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, marking a significant increase from the 151 vulnerabilities that were exploited in Q4 2024. This trend highlights the alarming pace at which cybersecurity professionals are dealing with vulnerabilities and the devastating consequences of their exploitation.
Published: Thu Apr 24 10:37:50 2025 by llama3.2 3B Q4_K_M
A devastating data breach at Frederick Health has exposed nearly 1 million patients' sensitive information to potential exploitation. The incident highlights the ongoing vulnerability of healthcare providers to cyber threats and underscores the importance of robust cybersecurity measures in protecting confidential data.
Published: Thu Apr 24 11:47:19 2025 by llama3.2 3B Q4_K_M
Microsoft has introduced a generous bug bounty program for its AI-powered products and services, offering rewards of up to $30,000 USD for critical and important severity vulnerabilities found by qualified researchers. This move is seen as an effort by the company to promote responsible innovation in the field of AI and to encourage researchers to identify potential security threats early on.
Published: Thu Apr 24 12:05:42 2025 by llama3.2 3B Q4_K_M
The DaVita kidney dialysis firm has fallen victim to a devastating ransomware attack, which has resulted in the theft of sensitive patient data. The Interlock ransomware gang claims responsibility for the attack, stating that they have published the stolen data on their dark web site. DaVita has reportedly contacted authorities regarding potential phishing attempts targeting patients who shared sensitive information with the organization.
Published: Thu Apr 24 12:16:07 2025 by llama3.2 3B Q4_K_M
Ubisoft, one of the largest video game publishers in the world, has been accused by a European privacy specialist of violating the GDPR by forcing gamers to log in online even when playing single-player games without any multiplayer or online functionality. The complaint highlights issues related to data protection and the responsibility that gaming companies bear in handling personal data.
Published: Thu Apr 24 12:36:21 2025 by llama3.2 3B Q4_K_M
Gmail's recent rollout of an end-to-end encrypted email feature has raised concerns among security experts about its potential to create a vulnerability for scammers. While the tool aims to provide an additional layer of security, it also introduces new risks that must be carefully managed.
Published: Thu Apr 24 12:50:44 2025 by llama3.2 3B Q4_K_M
The Lazarus Group has launched a sophisticated campaign dubbed Operation SyncHole, exploiting vulnerabilities in Cross EX and Innorix Agent to target six organizations in South Korea. This operation highlights the group's adaptability and reach, as well as its efforts to minimize detection by developing new malware and enhancing existing tools.
Published: Thu Apr 24 13:06:37 2025 by llama3.2 3B Q4_K_M
As GenAI technologies continue to evolve, security leaders must adopt a structured approach to securing these systems, balancing immediate priorities with long-term maturity. A robust AI governance framework, anticipatory technology controls, strengthened data access and usage controls, and comprehensive identity security stacks are essential components of this framework.
Published: Thu Apr 24 14:22:43 2025 by llama3.2 3B Q4_K_M
The Lazarus Group has launched a sophisticated watering hole attack that compromised six major organizations in South Korea, demonstrating its continued evolution as a threat group. This attack highlights the importance of staying vigilant and proactive in protecting against cyber threats.
Published: Thu Apr 24 14:30:31 2025 by llama3.2 3B Q4_K_M
Microsoft's latest patch job has introduced a new security concern, as a mysterious inetpub folder hijacked by a security researcher has been found to have a flaw in the workaround that was supposed to block symlink attacks.
Published: Thu Apr 24 14:46:40 2025 by llama3.2 3B Q4_K_M
Yale New Haven Health disclosed a data breach that exposed personal information of 5.5 million patients following a cyberattack earlier this month, raising concerns about patient safety and confidentiality.
Published: Thu Apr 24 15:08:53 2025 by llama3.2 3B Q4_K_M
Android.Spy.1292.origin: a new Android spyware has been discovered that targets Russian military personnel on the front lines, using a Trojanized mapping app to steal sensitive information and compromise user devices.
Published: Thu Apr 24 16:18:24 2025 by llama3.2 3B Q4_K_M
Microsoft 365 account hijackers have taken advantage of vulnerabilities in OAuth 2.0 workflows, using sophisticated phishing attacks that trick employees into sharing authorization codes or clicking on malicious links. Researchers at Volexity have identified the threat actors and are advising organizations to take specific precautions to protect their Microsoft 365 accounts.
Published: Thu Apr 24 16:27:57 2025 by llama3.2 3B Q4_K_M
The Yale New Haven Health cybersecurity incident is one of the largest healthcare data breaches in history, affecting over 5.5 million patients. The breach highlights the vulnerability of healthcare organizations to cyberattacks and underscores the need for robust cybersecurity measures within the sector.
Published: Thu Apr 24 16:37:47 2025 by llama3.2 3B Q4_K_M
Learn how to protect your digital life when crossing into the US in our comprehensive guide to navigating device searches at the border.
Published: Thu Apr 24 16:51:34 2025 by llama3.2 3B Q4_K_M
Darcula, a notorious cybercrime outfit, has added artificial intelligence (AI) capabilities to its phishing-as-a-service kits, making it easier for would-be cybercriminals to create and deploy customized phishing attacks. This development highlights the increasing sophistication of cybercrime tools and underscores the importance of cybersecurity awareness and education.
Published: Fri Apr 25 02:24:52 2025 by llama3.2 3B Q4_K_M
A critical security vulnerability has been discovered in Rack::Static middleware, which enables attackers to access sensitive files and inject malicious code. The disclosed vulnerabilities pose a significant threat to systems that utilize Rack::Static and Infodraw Media Relay Service. Organizations are urged to take immediate action to patch their systems and prevent potential data breaches.
Published: Fri Apr 25 04:48:40 2025 by llama3.2 3B Q4_K_M
Cybersecurity researchers have warned of a new malware called DslogdRAT that has been deployed via the exploitation of a zero-day vulnerability in Ivanti Connect Secure (ICS). The malware is believed to be part of a larger campaign involving the SPAWN malware family operated by UNC5221. Attacks have been linked to IP addresses in the Netherlands, Germany, and the United States, with malicious IPs being observed using TOR exit nodes.
Published: Fri Apr 25 05:01:02 2025 by llama3.2 3B Q4_K_M
DaVita Inc., a leading kidney dialysis firm, has faced a high-profile cybersecurity crisis due to an Interlock ransomware attack. The company's network was encrypted, resulting in the theft of sensitive information, including patient records. The leaked files are currently being posted on the Interlock ransomware gang's data leak site, posing risks to patients' personal data.
Published: Fri Apr 25 05:22:03 2025 by llama3.2 3B Q4_K_M
The FBI has issued a public service announcement seeking tips that could help identify and locate the Salt Typhoon hackers who targeted US telecommunications infrastructure. In response, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Sichuan Juxinhe Network Technology, a Chinese cybersecurity firm believed to be directly involved in the Salt Typhoon telecom breaches. The FBI is urging individuals with any information regarding the individuals who comprise Salt Typhon or other Salt Typhon activity to come forward and provide it. This is a clear indication that the authorities are taking the situation seriously and are willing to engage with the public in an effort to gather more information about these cyber-attacks.
Published: Fri Apr 25 06:36:13 2025 by llama3.2 3B Q4_K_M
A £90k fine for AFK Letters: The Rise of Cold-Calling Invasive Marketing Tactics highlights the need for greater awareness and education among businesses about their obligations under data protection laws. Find out more about this case and its implications for consumers and businesses alike.
Published: Fri Apr 25 06:44:40 2025 by llama3.2 3B Q4_K_M
A critical flaw in SAP NetWeaver has been discovered, allowing hackers to upload malicious JSP web shells with the intention of facilitating unauthorized file uploads and code execution. This vulnerability is rated with a maximum severity score of 10.0 on the Common Vulnerability Scoring System (CVSS), making it one of the most critical vulnerabilities discovered in recent times.
Published: Fri Apr 25 07:03:24 2025 by llama3.2 3B Q4_K_M
Non-Human Identities (NHIs) pose a significant security threat to organizations due to their increasing presence in modern tech stacks. NHIs authenticate using secrets, which are highly sought after by attackers and often lack proper management, leading to breaches. Understanding the growth of NHIs and their authentication methods is crucial for securing sensitive information.
Published: Fri Apr 25 07:14:21 2025 by llama3.2 3B Q4_K_M
The Lazarus group has been behind one of the most complex campaigns targeting supply chains in South Korea, dubbed Operation SyncHole. This campaign utilizes modular, stealthy, and locally tailored malware to compromise target systems and exploit vulnerabilities in software development vendors' products. Researchers have reported a total of four different malware execution chains based on these phases from at least six affected organizations. The implications of this threat are significant, highlighting the need for increased vigilance and cooperation among governments, industries, and cybersecurity experts to protect critical infrastructure and sensitive information.
Published: Fri Apr 25 07:35:15 2025 by llama3.2 3B Q4_K_M
SAP has issued emergency updates to address a critical zero-day vulnerability that has been actively exploited by sophisticated attackers. The vulnerability, tracked under CVE-2025-31324, is an unauthenticated file upload vulnerability in SAP NetWeaver Visual Composer's Metadata Uploader component. Organizations are advised to apply the latest patches as soon as possible and consider implementing immediate mitigations to prevent potential attacks.
Published: Fri Apr 25 08:50:38 2025 by llama3.2 3B Q4_K_M
Unpacking the various news updates and deals from this week reveals a diverse range of topics, from affordable security cameras to nostalgic reboots and clearance sales. Amidst these announcements, we find ourselves pondering the intersections between technology, politics, and pop culture, each providing their own unique insights into our rapidly evolving world.
Published: Fri Apr 25 08:57:35 2025 by llama3.2 3B Q4_K_M
A recently disclosed vulnerability in SAP NetWeaver has been found to be exploited by threat actors, allowing them to upload malicious executable binaries and potentially harm the host system. Learn more about this critical flaw and how it affects enterprise systems.
Published: Fri Apr 25 09:09:50 2025 by llama3.2 3B Q4_K_M
UK retail giant Marks & Spencer has been forced to pause online orders due to a sophisticated cyberattack that disrupted several critical services. The company has promised to take steps to strengthen its digital defenses in response to the incident.
Published: Fri Apr 25 10:21:42 2025 by llama3.2 3B Q4_K_M
MTN announces that a cyberattack has compromised customer data, raising concerns about the vulnerability of personal information in the mobile industry.
Published: Fri Apr 25 10:30:17 2025 by llama3.2 3B Q4_K_M
Microsoft recently released a security update as part of its Patch Tuesday initiative, but it may have inadvertently introduced a new vulnerability that could be exploited by malicious actors. A junction created by the latest patch allows non-admin users to block future updates from being installed on their systems.
Published: Fri Apr 25 10:39:11 2025 by llama3.2 3B Q4_K_M
Baltimore City Public Schools has suffered a significant data breach affecting over 31,000 people, highlighting the need for robust cybersecurity measures in public institutions.
Published: Fri Apr 25 10:46:57 2025 by llama3.2 3B Q4_K_M
io9 reviews "The Legend of Ochi", a poignant coming-of-age tale that uses stunning puppets to explore themes of empathy, understanding, and coexistence between humans and creatures. With heartfelt performances and rich world-building, this fantasy film is sure to captivate audiences on April 25.
Published: Fri Apr 25 10:57:09 2025 by llama3.2 3B Q4_K_M
A critical SAP zero-day vulnerability has been identified, which could grant attackers full control over SAP business data and processes. The vulnerability, identified as CVE-2025-31324, is related to the metadata uploader component in NetWeaver's no-code Visual Composer app-building tool. SAP customers are advised to apply the emergency patch released by SAP earlier today and assess vulnerable systems for compromise.
Published: Fri Apr 25 11:04:41 2025 by llama3.2 3B Q4_K_M
In a recent campaign, North Korean hackers have been using fake job postings and cryptocurrency firms to distribute malware. The Contagious Interview campaign involves the use of artificial intelligence-powered tools to optimize every step in the process of applying and interviewing for roles. This article provides an in-depth analysis of the campaign and its implications for cybersecurity professionals.
Published: Fri Apr 25 11:14:40 2025 by llama3.2 3B Q4_K_M
Marks & Spencer's Cyber Incident: A Cautionary Tale of Online Security Breaches
Marks & Spencer has paused online orders due to an ongoing "cyber incident" that has been causing significant disruptions to its operations. The company has assured customers that they do not need to take any action, but cybersecurity experts are warning of potential phishing attempts and urging the company to take more robust action to mitigate the impact of the breach.
Published: Fri Apr 25 12:31:26 2025 by llama3.2 3B Q4_K_M
A zero-day vulnerability in SAP NetWeaver allegedly exploited by an initial access broker has highlighted the ongoing threat landscape in the world of software vulnerabilities. Organizations that use SAP NetWeaver or similar software should take immediate action to patch any vulnerabilities and implement robust security controls to prevent similar incidents in the future.
Published: Fri Apr 25 12:51:14 2025 by llama3.2 3B Q4_K_M
The NSA's Warnings: How Signal's End-to-End Encryption Became a Target for Russian Phishing Campaigns
A recent incident involving top military officials using a popular messaging app to plan and discuss highly classified operations has raised serious concerns about the role of technology in national security planning and the need for greater oversight and regulation. This article delves into the context surrounding this incident, exploring the implications and shedding light on the vulnerabilities inherent to end-to-end encrypted communication platforms like Signal.
Published: Fri Apr 25 14:01:04 2025 by llama3.2 3B Q4_K_M
Experts have warned Ivanti VPN users about a surge in endpoint scans that may indicate coordinated reconnaissance and preparation for future attacks, following the vendor's Connect Secure system being targeted by zero-day attacks in January 2025.
Published: Fri Apr 25 14:10:41 2025 by llama3.2 3B Q4_K_M
Microsoft has issued a patch to address issues with Remote Desktop sessions freezing in Windows Server 2025, bringing relief to users who had been experiencing frustration for over a month. The company's efforts to improve its patch management processes are seen as a positive step towards improving the reliability of Microsoft's products.
Published: Fri Apr 25 14:18:55 2025 by llama3.2 3B Q4_K_M
JPCERT/CC has warned about a new malware threat, DslogdRAT, deployed in Ivanti Connect Secure. This malware exploits a zero-day vulnerability and poses significant risks to enterprise networks. Organizations using Ivanti Connect Secure software are advised to patch their systems with the latest version, implement robust security measures, and conduct regular security audits to mitigate this risk.
Published: Fri Apr 25 14:39:42 2025 by llama3.2 3B Q4_K_M
Craft CMS has been hit by a zero-day exploit chain that was used to steal data from compromised servers. The vulnerabilities were two zero-day exploits that were chained together to breach Craft CMS servers, exploiting CVE-2025-32432 and CVE-2024-58136. Craft CMS has since fixed these vulnerabilities in their respective versions, but webmasters are advised to take precautions to protect themselves.
Published: Fri Apr 25 15:45:52 2025 by llama3.2 3B Q4_K_M
The world of cybersecurity is reeling from news that the U.S. government has stopped funding the Common Vulnerabilities and Exposures (CVE) program, leaving stakeholders scrambling to secure its future. The CVE Foundation, a new initiative formed by some board members in response to this crisis, aims to ensure the long-term sustainability and neutrality of the CVE program. With many calling for increased independence and global funding, can the CVE program truly thrive as an independent entity, or will it remain forever entwined with the whims of governments? Only time will tell.
Published: Fri Apr 25 18:16:31 2025 by llama3.2 3B Q4_K_M
US Defense Secretary Pete Hegseth's decision to set up an insecure internet connection in his office has raised significant security concerns, highlighting a broader issue with the lack of emphasis on cybersecurity within the US government. The incident is part of a larger pattern of carelessness among senior officials, including the use of commercial apps and services on personal devices connected to the public internet.
Published: Fri Apr 25 19:28:30 2025 by llama3.2 3B Q4_K_M
| Follow @EthHackingNews |