Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Russia's RomCom: A Highly-Targeted Attack Group Exploiting WinRAR Vulnerabilities

Russia-linked attackers affiliated with the RomCom group have been exploiting a high-severity vulnerability in WinRAR to launch targeted attacks on financial, manufacturing, defense, and logistics companies in Europe and Canada. As the threat landscape continues to evolve, organizations must prioritize software updates and cybersecurity measures to stay ahead of these highly-targeted attack groups.

Published: Mon Aug 11 15:36:10 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Netherlands Faces Citrix Netscaler Cybersecurity Crisis: How a Critical Flaw Exposed Orgs to Breaches


The Dutch National Cyber Security Centre is warning of a critical Citrix NetScaler flaw that was exploited by hackers to breach multiple organizations in the Netherlands. Organizations affected by this vulnerability are advised to upgrade their software immediately to prevent future breaches.

Published: Mon Aug 11 15:22:24 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A $250,000 Reward for a Chrome Sandbox Escape: A New Benchmark in Browser Security Vulnerability Reporting

A researcher has earned $250,000 from Google for identifying a critical Chrome sandbox escape vulnerability, highlighting the importance of responsible disclosure in browser security. This achievement sets a new benchmark for browser security vulnerability reporting and underscores the evolving landscape of cybersecurity threats.

Published: Mon Aug 11 14:12:35 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New Vulnerabilities Found in TETRA Radio Communications Protocol Expose Law Enforcement Communications


A recent study has found that Terrestrial Trunked Radio (TETRA) protocols are vulnerable to various security issues. Researchers from Midnight Blue have identified several encryption mechanisms used in TETRA standard as being susceptible to replay and brute-force attacks, even decrypting encrypted traffic. As a result, users of TETRA networks are advised to migrate to secure E2EE solutions and implement additional mitigations to prevent potential attacks.

Published: Mon Aug 11 14:05:16 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

US Recoups $1 Million Stolen from New York Company by North Korean IT Bandits

US authorities have recouped over $1 million stolen from a New York company by three alleged North Korean IT bandits. The incident highlights the growing threat posed by rogue state actors and the importance of robust cybersecurity measures to protect sensitive systems and financial assets.

Published: Mon Aug 11 13:56:00 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

WinRAR Zero-Day Exploitation: A Deep Dive into the Cybersecurity Threat

WinRAR zero-day attacks have infected PCs with malware, exploiting a path traversal vulnerability in the popular archiver tool. The Russian cyberespionage group RomCom has been linked to the attacks, which delivered known malware families using three distinct attack chains.

Published: Mon Aug 11 13:48:00 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Global Security Alert: Erlang/OTP SSH Flaw Exposed to Unauthenticated Attackers, Targeting Operational Technology Networks

A critical security flaw in the Erlang/Open Telecom Platform (OTP) SSH implementation has been exposed, with over 70% of detections originating from firewalls protecting operational technology (OT) networks. Experts warn that this vulnerability poses a significant risk to exposed assets and industrial-specific ports.

Published: Mon Aug 11 11:58:41 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Wikimedia Foundation's Battle Against the UK's Online Safety Act: A Tangled Web of Regulations and Consequences

Wikipedia has lost a legal battle against the UK's tech secretary in an attempt to tighten the criteria around the Online Safety Act 2023 (OSA), which could have significant implications for the non-profit organization's operations.

Published: Mon Aug 11 11:51:19 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The AI Imperative: Balancing Defense and Attack


The debate over whether AI favors defense or offense has sparked significant discussion among security experts at Black Hat 2025. With AI becoming an increasingly critical component of both cybersecurity strategies and attack methodologies, understanding the nuances of its application is crucial for organizations seeking to stay ahead in this rapidly evolving threat landscape.

Published: Mon Aug 11 11:41:10 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Growing Threat of Native Phishing: How Microsoft 365 Apps Are Being Exploited by Attackers



The rise of native phishing has marked a significant shift in the tactics employed by cyber attackers. This type of phishing attack, which leverages trusted applications and services within the organization's Microsoft 365 suite, has become an increasingly effective means of deceiving users and gaining access to sensitive data. By understanding the tactics used by attackers and taking steps to enhance their security posture, organizations can reduce the risk of successful phishing attacks and protect sensitive data.

Summary: Native phishing, a type of phishing attack that leverages trusted applications and services within the organization's Microsoft 365 suite, has become an increasingly effective means of deceiving users and gaining access to sensitive data. By understanding the tactics used by attackers and taking steps to enhance their security posture, organizations can reduce the risk of successful phishing attacks and protect sensitive data.

Published: Mon Aug 11 11:29:53 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

MuddyWater’s DarkBit ransomware cracked for free data recovery: Uncovering the Secrets Behind a Nation-State Attack and the Breakthrough that Made it Possible

MuddyWater’s DarkBit ransomware cracked for free data recovery: A Breakthrough in Cybersecurity as Profero Cracks the Encryption of a Nation-State Attacker's Ransomware

Published: Mon Aug 11 10:06:11 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The VexTrio Affair: Unveiling a Web of Cyber Deceit


A new analysis has exposed VexTrio as a sophisticated cybercriminal organization operating across multiple European countries. With dozens of businesses and front companies masquerading as a legitimate ad tech firm, VexTrio poses a significant threat to individuals and organizations alike.

Published: Mon Aug 11 08:55:56 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Rise of Deepfake Fraud: A Growing Threat to Cybersecurity

Deepfake fraud is becoming an increasingly dire threat, with experts warning that it could cost the US up to $40 billion by 2027. As AI-generated content becomes more common, making it difficult for users to distinguish between real and fake content, researchers are working on developing new tools and technologies that can detect deepfakes more effectively.

Published: Mon Aug 11 08:39:28 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Intel CEO Under Fire: The Battle for Technological Supremacy in the Face of Rising Tensions with China

Intel CEO Lip-Bu Tan finds himself at the center of a maelstrom as President Donald Trump calls for his resignation over allegations of connections with Chinese semiconductor firms.

Published: Mon Aug 11 08:30:23 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Imperative of Aligning Security with Business Value: Lessons from Exposure Management


Aligning Security with Business Value: Lessons from Exposure Management
The world of cybersecurity has long been dominated by a paradigm that prioritizes technical security measures above all else. However, recent research highlights the need for a more holistic approach to security one that aligns security efforts with business value. Learn how exposure management strategies can help organizations achieve stronger protection and more efficient operations.

Published: Mon Aug 11 07:19:38 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Dark Allure of Palantir: Unpacking the Mysterious World of Big Data and Surveillance



Palantir, a tech company with ties to government agencies and corporations, has been quietly gaining traction since the 2010s. But beneath its nontechnical interface and glossy marketing campaigns lies a complex web of power and control that has raised concerns among former employees, critics, and potential users alike.

Published: Mon Aug 11 07:11:13 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Linus Torvalds' Verbal Rebuke: A Cautionary Tale of Late and Low-Quality Code

Linus Torvalds has publicly reprimanded a Linux kernel contributor for submitting late and low-quality patches for RISC-V support in Linux 6.17, highlighting the importance of timely and well-crafted code submissions in open-source development.

Published: Mon Aug 11 06:57:36 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Smart Buses: A Window to Vulnerability Exposed

Smart buses have become an increasingly integral part of modern transportation systems but recent research highlights critical vulnerabilities that pose significant risks to hacking, control, and surveillance. Researchers have demonstrated how hackers can exploit flaws in these systems for tracking, control, and spying, raising concerns about the security of urban transportation networks around the world.

Published: Mon Aug 11 05:47:19 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Gray Market Economy of Video Game Cheats: A Multimillion-Dollar Industry Driven by Sophisticated Hacks and Underground Economies

Inside the Multimillion-Dollar Gray Market for Video Game Cheats

Published: Mon Aug 11 05:41:09 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Exposure of Over 29,000 Unpatched Exchange Servers Leaves Millions Vulnerable to Exploitation

Over 29,000 Exchange servers remain unpatched against a high-severity vulnerability, leaving millions vulnerable to exploitation by threat actors. The U.S. government has issued an emergency directive urging all organizations to mitigate this risk by Monday at 9:00 AM ET.

Published: Mon Aug 11 05:31:49 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Exposing the Shadow of Data Breach: The Connex Credit Union Incident


A recent data breach affecting over 172,000 Connex Credit Union members has left many with a sense of unease about their personal financial information. As investigators delve deeper into the incident, it remains to be seen what concrete measures will be taken by the organization to safeguard its members against future breaches.

Published: Mon Aug 11 04:18:53 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Recruitment of Skilled Penetration Testers: The Dark Side of Ransomware Operations

The MedusaLocker ransomware group is looking for skilled penetration testers to target ESXi, Windows, and ARM-based systems. This development highlights the blurring of lines between legitimate security practices and malicious activities in the cybercrime underworld.

Published: Mon Aug 11 03:10:31 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Critical WinRAR Zero-Day Vulnerability: A New Threat to Personal and Business Data Security

A critical vulnerability in the popular file archiving utility WinRAR has been discovered, allowing attackers to obtain arbitrary code execution by crafting malicious archive files. Users are advised to update to the latest version immediately to protect themselves from potential attacks.

Published: Mon Aug 11 02:02:25 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Trend Micro's Critical Vulnerability Exposes Management Console Weakness


Trend Micro has recently reported two critical vulnerabilities (CVEs) under active exploitation, which have left customers of its Apex One endpoint security platform vulnerable to attacks. The vulnerabilities, identified as CVE-2025-54948 and CVE-2025-54987, both boast a CVSS score of 9.4 and are present in the platform's web-based managed console. In response to this issue, Trend Micro has informed customers using Apex One 2019 Management Server versions 14039 and below that they will not receive a patch until around the middle of August. However, the company has offered an alternative mitigation strategy, which involves disabling the ability for administrators to utilize the Remote Install Agent function to deploy agents from the Trend Micro Apex One Management Console.



Published: Sun Aug 10 17:45:39 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New DDoS Flaws in Public Domain Controllers Allow Attackers to Harness Global Infrastructure


A new DDoS attack technique has been discovered by SafeBreach researchers, which enables attackers to harness tens of thousands of public domain controllers into a malicious botnet via RPC and LDAP. This vulnerability allows attackers to conduct devastating DDoS attacks without purchasing dedicated infrastructure or leaving a traceable footprint.

Published: Sun Aug 10 15:37:13 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Google Confronts Extortion Threat Following Salesforce CRM Data Breach

Google has confirmed a significant data breach in its Salesforce CRM instance, exposing sensitive information of prospective Google Ads customers. The company is facing an extortion threat from ShinyHunters, a financially motivated group that uses voice phishing tactics to target Salesforce systems for large-scale data theft and extortion. Financial data was not impacted, but the incident highlights the importance of maintaining a strong cybersecurity posture.

Published: Sun Aug 10 14:28:12 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Animated Revival of Homestuck: A New Era for Andrew Hussie's Internet Icon

Spindlehorse is set to bring Andrew Hussie's iconic series Homestuck back to life with a new animated pilot featuring some of the voice actors from the original webcomic. With Prime Video on board, fans are hopeful that this project could become something more than just a one-off – stay tuned for updates and get ready to revisit the world of Sburb.

Published: Sun Aug 10 13:19:32 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Critical Windows Vulnerability Exposed: The RPC EPM Poisoning Exploit Chain

Researchers have exposed a previously unknown vulnerability in Microsoft's Windows Remote Procedure Call (RPC) communication protocol. This vulnerability, known as "Windows EPM poisoning," allows an attacker to impersonate a legitimate server and manipulate client behavior. Organizations running Windows systems are urged to prioritize patching this vulnerability ASAP.

Published: Sun Aug 10 09:01:34 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

DEF CON Hackers Plug Security Holes in US Water Systems Amidst Growing Threats

DEF CON hackers have been deployed to plug security holes in US water systems, amidst a growing threat landscape. The volunteers, led by Jake Braun, co-founder of DEF CON Franklin, aim to provide free cybersecurity services to American critical infrastructure systems, with the goal of protecting thousands of water systems across the country.

Published: Sun Aug 10 07:42:32 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Resurgence of Portable Point-of-Sale Scams: A Growing Threat to Financial Security

Portable point-of-sale scams have seen a resurgence in recent years, with thieves using modified portable POS terminals to steal small amounts from victims' wallets or bags. Learn how to protect yourself from these malicious activities and stay informed about the latest scams and prevention methods.

Published: Sun Aug 10 05:27:11 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Ransomware, Spyware, and Phishing: A Complex Landscape of Cyber Threats

In this latest newsletter from Security Affairs, we explore some of the most significant cyber threats facing us today, including ransomware attacks, spyware, phishing, data breaches, and new malware variants.

Published: Sun Aug 10 03:15:54 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Dark Side of Convenience: How Lenovo's Linux-Based Webcams Became Vulnerable to BadUSB Attacks



A recent discovery has exposed vulnerabilities in certain Lenovo webcams, known as BadCam, which can be exploited by attackers using the BadUSB attack method. The affected devices run Linux and lack firmware validation, making them susceptible to remote hijacking. This incident highlights the need for robust security measures and demonstrates the importance of manufacturers taking proactive steps in securing their products.



Published: Sun Aug 10 03:07:00 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Global Landscape of Cybersecurity Threats: A Weekly Roundup


A Global Landscape of Cybersecurity Threats: A Weekly Roundup

Recent weeks have seen a plethora of cybersecurity threats and incidents, from ransomware attacks to data breaches and phishing campaigns. This article provides an in-depth look at some of the most significant threats and incidents that have emerged in recent weeks, including Embargo Ransomware, police spyware use limits, phishing exploits, and data breaches. Stay informed and vigilant with the latest news and insights on cybersecurity threats and incidents.

Published: Sat Aug 9 21:54:27 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The TeleMessage Saga: A Tale of Inadequate Security Measures and the Unforeseen Consequences

TeleMessage's recent discovery highlights the importance of proper security measures in protecting sensitive information. The app's alleged breach has raised concerns about its users' safety and has sparked a renewed focus on cybersecurity.

Published: Sat Aug 9 19:44:52 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A New Layer of Malice: The Evolving Threat of BadUSB and the Unpatched Vulnerabilities of Lenovo Webcams

Researchers at Eclypsium have discovered a vulnerability in select model webcams from Lenovo that can be exploited to turn them into BadUSB attack devices, highlighting the growing concern surrounding USB-based peripherals and the need for manufacturers and consumers to take proactive measures to protect against such threats.

Published: Sat Aug 9 15:30:43 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Quantum Revolution: Unlocking the Secrets of Quantum Sensing Technology


The Quantum Revolution: Unlocking the Secrets of Quantum Sensing Technology is a game-changer in the field of quantum computing, aiming to democratize and expand quantum sensing technology by making it more affordable and accessible. The Uncut Gem project, led by Victoria Kumaran and Mark Carney, aims to develop a quantum sensor using simple off-the-shelf computing parts and a special type of diamond, opening up new possibilities for research institutions and individuals alike.

Published: Sat Aug 9 15:21:02 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

60 Malicious Ruby Gems Exposed: A Looming Threat to Developers and Users


A recent report by Socket has revealed that sixty malicious Ruby gems containing credential-stealing code were downloaded over 275,000 times since March 2023. The gems targeted primarily South Korean users of automation tools for various platforms, including Instagram, TikTok, Twitter/X, Telegram, Naver, WordPress, and Kakao. This incident highlights the growing concern about supply chain attacks on RubyGems, emphasizing the importance of vigilance and proactive security measures among developers.

Published: Sat Aug 9 15:13:27 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Google Confirms Data Breach Exposed Potential Google Ads Customers' Information

Google has confirmed a recent data breach affecting potential Google Ads customers' information and has attributed the incident to ShinyHunters and Scattered Spider. The breach exposed approximately 2.55 million data records, including business names and contact information.

Published: Sat Aug 9 15:06:13 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Unraveling the Shadows: The Rise of Embargo Ransomware and its $34.2M Crypto Heist


Embargo ransomware has netted $34.2 million in cryptocurrency since its emergence in April 2024, making it one of the most successful ransomware groups in recent times. With its advanced technologies and tactics, this group is pushing the boundaries of what is possible in the world of cybercrime.

Published: Sat Aug 9 13:53:20 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New Era of Vulnerability: Researchers Uncover Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems

A new era of vulnerability has emerged as researchers uncover jailbreak techniques that can bypass OpenAI's GPT-5 LLM, exposing cloud and IoT systems to a range of emerging risks. This breakthrough highlights the need for robust AI security measures and alignment engineering over assumption.

Published: Sat Aug 9 10:38:40 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Growing Landscape of Cybersecurity Breaches: A Comprehensive Analysis



A recent surge in high-profile cybersecurity breaches has highlighted the growing threat landscape facing organizations today. From the breach of Columbia University's personal data to the hacking of Google's customer support system, these incidents underscore the importance of robust cybersecurity measures and the need for continued vigilance in the face of an increasingly complex digital landscape.

Published: Sat Aug 9 07:19:41 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Flawed Security of Global Police and Military Radios: A Threat to National Security


In a shocking revelation, researchers have discovered that a widely used encryption algorithm for police and military radios across the globe is vulnerable to eavesdropping due to a fundamental flaw in its design. This vulnerability could have significant implications for national security, as these radios are used by law enforcement agencies, special forces, and covert military units worldwide.

Published: Sat Aug 9 07:11:29 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Phishing Attacks: The WinRAR Flaw CVE-2025-8088 - A Glimpse into the Dark World of Cyber Espionage

Phishing attacks have taken on a new dimension with the exploitation of CVE-2025-8088 by attackers to install RomCom malware. In this article, we delve into the world of cyber espionage and explore how this vulnerability has been utilized in spear-phishing attacks. We examine the implications of this exploit and highlight the need for users to remain vigilant and for organizations to enhance their security measures.

Published: Sat Aug 9 04:56:59 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Germany Tightens Reins on Police Spyware: A New Era for Data Protection

Germany has ruled that police can only use spyware in cases involving serious crimes punishable by at least three years in prison. The ruling limits the use of surveillance software to high-severity cases, setting a precedent for law enforcement agencies worldwide.

Published: Sat Aug 9 04:51:47 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

CyberArk and HashiCorp Flaws Exposed: A Catastrophic Vulnerability Landscape for Enterprise Security

CyberArk and HashiCorp Flaws Exposed: A Catastrophic Vulnerability Landscape for Enterprise Security. Researchers have identified over a dozen vulnerabilities in CyberArk Secrets Manager and HashiCorp Vault, allowing remote attackers to crack open corporate identity systems without the need for valid credentials.

Published: Sat Aug 9 00:40:25 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Shifting Landscape of Cybersecurity: A World on the Brink

Former US National Security Agency and Cyber Command chief Paul Nakasone warned that the world has entered a precarious state of flux, where technology has become increasingly politicized. As the Trump administration continues to shape US cybersecurity priorities, it remains to be seen how this will impact global stability and security.

Published: Fri Aug 8 19:24:03 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

French Telecom Giant Bouygues Telecom Hit by Massive Data Breach Exposing 6.4 Million Customers' Personal Information

French telecom giant Bouygues Telecom has suffered a massive data breach exposing approximately 6.4 million customers' personal information, including contact details and bank card numbers, according to reports published on August 8, 2025.

Published: Fri Aug 8 18:11:50 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

KrebsOnSecurity's Rise to Prominence: The Story Behind the HBO Max Series

KrebsOnSecurity's expertise on cybersecurity has been showcased in a new HBO Max series that delves into the life of a notorious Finnish hacker. The documentary follows Julius Kivimäki's rise to infamy and his subsequent conviction for a string of high-profile cybercrimes.

Published: Fri Aug 8 18:05:25 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

WinRAR Zero-Day Exploited to Install Malware through Archive Extraction


A recently fixed WinRAR vulnerability was exploited by attackers using a phishing attack. The exploit allows attackers to plant malware on archive extraction, putting users at risk of remote code execution. This serves as another reminder of the importance of keeping software up-to-date and prioritizing cybersecurity measures.

Published: Fri Aug 8 17:56:42 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Malwarebytes Uncovers New Method of Exploiting .svg Files to Hijack Likes on Facebook

Malwarebytes has uncovered a new method that adult websites are using to hijack likes on Facebook by embedding JavaScript code inside .svg files. The technique involves heavily obscuring the code using custom versions of "JSFuck" and is difficult to detect. Dozens of porn sites have been identified as abusing this format, and Facebook regularly shuts down accounts that engage in such abuse. Learn more about how these malicious actors are exploiting vulnerabilities in web applications.

Published: Fri Aug 8 17:50:10 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Unlocking the Dark Secrets of Securam's Safes: An In-Depth Analysis of the Most Vulnerable Safe Locks on the Market

Exploiting the Unseen Vulnerabilities: A Deep Dive into Securam's Secure Locks

Published: Fri Aug 8 16:19:14 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Dark Side of AI-Driven Propaganda: China's Growing Influence on US Politicians


A Chinese company called GoLaxy has been using AI-generated content to shape public opinion in favor of Beijing's policies, targeting US politicians and social media influencers with tailored propaganda campaigns. The revelation highlights the rapidly evolving nature of AI and its applications in propaganda and influence operations.

Published: Fri Aug 8 16:10:56 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Dark Cloud Over Social Security: The Unintended Consequences of Trump's Policies

A Dark Cloud Over Social Security: The Unintended Consequences of Trump's Policies

Published: Fri Aug 8 15:56:46 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Dark Web of Exploitation: A WinRAR Zero-Day Flaw and RomCom Hackers' Mischief

WinRAR's security has been breached by hackers who are using zero-day exploits in phishing attacks. Users must download the latest version of WinRAR 7.13 to ensure they have protection against this vulnerability.

Published: Fri Aug 8 15:50:09 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Columbia University Data Breach Exposes Personal Information of Over 860,000 Individuals


Columbia University suffered a devastating cyberattack that exposed personal data of over 860,000 individuals. The university is offering two years of free credit monitoring and identity protection services to affected individuals and has strengthened its systems with enhanced security measures.

Published: Fri Aug 8 14:43:08 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Ai-Generated Phishing Pages Fuel Brazilian Scam as Efimer Trojan Steals $16 from 5,000 Victims



A recent phishing campaign exploiting AI-powered website building tools has targeted users in Brazil and around the world, with 5,015 victims reported. The malicious websites, designed to mimic Brazilian government agencies, aim to steal cryptocurrency wallets by making users submit sensitive information and paying a fee through the PIX payment system.

Published: Fri Aug 8 12:33:52 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Critical Flaw in Corporate Streaming Platforms: The Unresolved API Misconfiguration Vulnerability

A critical flaw in corporate streaming platforms has been discovered, allowing unauthorized access to vast amounts of sensitive data without logging in. Security researcher Farzan Karimi has identified the issue and released a tool to help others identify similar vulnerabilities.

Published: Fri Aug 8 12:21:32 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The StarDict Vulnerability: A Global Security Concern

A widely used dictionary app in Debian has been found to have a concerning feature that allows users to send their selected text to servers in China in plaintext, raising concerns about data protection and potential exploitation.

Published: Fri Aug 8 11:11:44 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The U.S. Judiciary's Cybersecurity Breach: A Threat to Confidential Court Documents


The U.S. Federal Judiciary has confirmed that it suffered a cyberattack on its electronic case management systems, which host confidential court documents. The breach raised concerns about the security of sensitive information contained within the system and highlights the need for robust cybersecurity measures in public and private sectors.

Published: Fri Aug 8 11:05:27 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Snitch Puck: Uncovering the Hidden Microphones and Security Weaknesses of Motorola's Halo 3C Sensor


A Teen Hacker Uncovers the Dark Secret Behind Motorola's Halo 3C: A Device Designed to Spy on Vulnerable Populations


Published: Fri Aug 8 08:44:54 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cressey's Conundrum: The Enduring National Security Threats of Microsoft


Roger Cressey, a former senior cybersecurity and counter-terrorism advisor to two U.S. presidents, has expressed his deep concern over the long-standing security vulnerabilities in Microsoft products, particularly those utilized by the government. In an interview with The Register, Cressey described the situation as "a $4 trillion monster," emphasizing that Microsoft's lack of attention to security poses a significant risk to national security.

Published: Fri Aug 8 08:35:57 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

RubyGems and PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes



A recent surge in malicious activity has been detected on two prominent software repositories: RubyGems and Python Package Index (PyPI). A total of 60 malicious packages have been uncovered targeting the RubyGems ecosystem, with the activity assessed to be active since at least March 2023. The threat actor behind this campaign is believed to be using the aliases zon, nowon, kwonsoonje, and soonje, who has published these malicious gems posing as automation tools for various social media platforms. These gems not only offered the promised functionality but also harbored covert functionality to exfiltrate usernames and passwords to an external server under the threat actor's control.

The discovery of these malicious packages highlights the need for improved security measures to protect software repositories from such threats. In response, PyPI maintainers have imposed new restrictions to secure Python package installers and inspectors from confusion attacks arising from ZIP parser implementations. The new restrictions will reject Python packages "wheels" (which are nothing but ZIP archives) that attempt to exploit ZIP confusion attacks and smuggle malicious payloads past manual reviews and automated detection tools.

Stay up-to-date with the latest news on cybersecurity threats and how to protect yourself from them.

Published: Fri Aug 8 07:19:25 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Leaked Credentials: The Silent Threat to Cybersecurity


A recent report has revealed a 160% increase in leaked credentials in 2025 compared to the previous year, highlighting the growing threat of automated phishing campaigns and infostealer malware. To combat this trend, organizations need to implement robust security measures that detect and respond to leaked credentials quickly. This article provides an in-depth look at the world of leaked credentials and explores ways to protect against this growing threat.

Published: Fri Aug 8 07:01:56 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Critical Security Vulnerability in Google's Gemini Large Language Model-Powered Applications

A critical security vulnerability has been discovered in Google's Gemini large language model-powered applications, which can be exploited by attackers to perform various malicious actions, including memory poisoning, unwanted video streaming, email exfiltration, and control over smart home systems. Google has acknowledged the vulnerability and initiated a mitigation effort, highlighting the importance of securing AI-powered applications against prompt injection attacks.

Published: Fri Aug 8 06:47:44 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Rise of Proxies as a VPN Alternative Amidst UK's Online Safety Act Frenzy

As the UK's Online Safety Act takes effect, many users are seeking alternative solutions to VPNs, with proxy servers emerging as a popular choice. Decodo reports a notable increase in UK proxy users, highlighting the calculated decisions made by businesses in response to uncertainty surrounding VPN services.

Published: Fri Aug 8 05:39:42 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Columbia University Data Breach Exposes Sensitive Information of Nearly 870,000 Individuals


Columbia University has disclosed a significant data breach that exposed sensitive information of nearly 870,000 individuals. The breach involved unauthorized access to personal, financial, and health information, highlighting the critical role that cybersecurity plays in maintaining trust and confidence among stakeholders.

Published: Fri Aug 8 04:21:39 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Royal and BlackSuit Ransomware Gangs: The Global Cybercrime Threat You Need to Know


The Royal and BlackSuit ransomware gangs have left over 450 US companies vulnerable to cybercrime, with combined ransom payments exceeding $370 million. Learn more about the tactics used by these gangs and how businesses can protect themselves.

Published: Fri Aug 8 03:11:36 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The UK's Online Safety Act: A Cautionary Tale of Prohibition



The UK's Online Safety Act is a prime example of how regulation can lead to unintended consequences. By examining the flaws in this law and the strategies used by those who seek to circumvent it, we can gain a deeper understanding of the complexities surrounding online content regulation and the need for more effective and nuanced approaches.

Published: Fri Aug 8 02:03:23 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Airline Data Breaches Expose Sensitive Customer Information



Airline Data Breaches Expose Sensitive Customer Information

Two major airlines, Air France and KLM, have disclosed a data breach incident that has left many customers concerned about their personal information being exposed. The breach occurred due to unauthorized access to a third-party platform used for customer support. Although the airlines' internal systems were not affected, sensitive customer data was potentially exposed.

Read more about this developing story and learn how companies can mitigate potential risks and protect their customers' sensitive information.

Published: Thu Aug 7 23:53:16 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Leaked: North Korea's Meticulous Plans for Global IT Worker Schemes


A new leak reveals the meticulous job-planning and targeting strategies employed by North Korean IT workers who have infiltrated companies worldwide, exposing their workaday lives and the constant surveillance they're under. The data, obtained by a cybersecurity researcher, sheds light on how these individuals track potential jobs, log their ongoing applications, and record earnings with painstaking attention to detail.


Published: Thu Aug 7 23:46:51 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Flawed Biometric Security: Microsoft's "Hello" System Vulnerable to Exploitation


Flawed Biometric Security: Microsoft's "Hello" System Vulnerable to Exploitation
German researchers have discovered a critical flaw in Microsoft's biometric security system, known as "Hello". The vulnerability allows attackers to inject new facial scans and unlock devices with ease. Learn more about this alarming discovery and the implications for business users.

Published: Thu Aug 7 23:27:50 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Exposing the Vulnerabilities in Space-Based Systems: A Threat to Global Satellites and National Security

Recent research has exposed critical software vulnerabilities in satellite systems, raising serious concerns about the security of our orbital platforms and the potential consequences of a successful cyber attack. The discovery highlights the need for increased vigilance and investment in cybersecurity to ensure that these critical systems are secure against potential threats.

Published: Thu Aug 7 23:21:03 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Dawn of Humility: How OpenAI's GPT-5 Marks a New Era in AI Development

OpenAI's GPT-5 marks a significant shift in how we perceive AI, one that recognizes the importance of acknowledging limitations and uncertainty. By emphasizing humility and transparency, this latest model promises to bring about a new era of trust and cooperation between humans and machines.

Published: Thu Aug 7 23:04:03 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

CISA Issues Emergency Directive: Federal Agencies Must Mitigate Microsoft Exchange Hybrid Vulnerability by Monday


CISA has issued an emergency directive ordering all Federal Civilian Executive Branch (FCEB) agencies to mitigate a critical Microsoft Exchange hybrid vulnerability tracked as CVE-2025-53786. This directive is aimed at preventing potential attacks that could compromise entire domains and infrastructure. To stay protected, federal agencies must take immediate action and implement the recommended mitigations by Monday morning.

Published: Thu Aug 7 22:55:12 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Evolving Threat Landscape: SocGholish Malware and its Ties to Keitaro TDS and Other Notorious Actors


The SocGholish malware has been identified as a sophisticated threat actor that leverages Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to spread its malicious payload. With ties to other notorious actors such as Dridex, Raspberry Robin, and Evil Corp, SocGholish represents a significant escalation in the evolving threat landscape. To stay protected against these emerging threats, individuals must remain informed about the latest developments and implement robust security measures.



Published: Thu Aug 7 15:25:25 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

EXPOSING THE WEAKNESS: Encryption Made for Police and Military Radios May Be Easily Cracked


A recent discovery has exposed a vulnerability in an encryption algorithm widely used by law enforcement and military agencies, raising concerns about the effectiveness of current security protocols. The implications of this finding are far-reaching, and have sparked questions about the security of sensitive communication systems used by governments and critical infrastructure around the world.

Published: Thu Aug 7 15:18:09 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A National Security Crisis Unfolds: The Growing Threat of Armory Breaches

A growing threat of armory breaches has highlighted the vulnerability of US military facilities to theft and intrusion. Experts warn that these incidents pose significant threats not only to sensitive equipment but also to national security, underscoring the need for more robust security measures to protect these critical assets.

Published: Thu Aug 7 15:09:57 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Micorosft Exchange Server Vulnerability Exposed: A Total Domain Compromise Threat

Microsoft has announced a critical security flaw in its Exchange Server hybrid deployments, which could allow attackers to escalate privileges from on-premises Exchange to the cloud. The vulnerability, tracked as CVE-2025-53786, poses a significant threat to organizations that use Exchange hybrid and highlights the ongoing need for prioritizing security in cloud-based infrastructure.

Published: Thu Aug 7 15:00:39 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Air Force's Unlikely Use for Elon Musk's Cybertrucks: Target Practice

The U.S. Air Force has announced plans to purchase two Tesla Cybertrucks as targets for precision munitions during testing and training exercises, marking a unique approach to addressing defense needs.

Published: Thu Aug 7 14:53:26 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

SonicWall SSLVPN Vulnerability Saga: Separating Fact from Fiction


SonicWall has revealed that recent Akira ransomware attacks are not exploiting a zero-day vulnerability in their Gen 7 firewalls. Instead, they claim that the attacks are targeting endpoints that did not follow recommended mitigation measures for CVE-2024-40766 when migrating from Gen 6 to Gen 7 firewalls. Despite this, some customers have reported breaches despite disabling their VPN services and taking other recommended measures. What's behind these reports, and what can SonicWall do to prevent similar attacks in the future?

Published: Thu Aug 7 14:43:53 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Bouygues Telecom Data Breach: A Major Cybersecurity Incident for French Telecommunications Giant


Bouygues Telecom has confirmed a major data breach impacting an estimated 6.4 million customers worldwide. The company's response to the breach highlights the ongoing struggle between telecommunications providers and sophisticated hackers who target sensitive customer information.

Published: Thu Aug 7 14:36:54 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New EDR Killer Tool Used by Eight Different Ransomware Groups Leaves Security Teams on High Alert

Researchers from Sophos have identified a new Endpoint Detection and Response (EDR) killer tool used by eight different ransomware groups. This EDR killer tool uses a heavily obfuscated binary that is self-decoded at runtime and injected into legitimate applications, leaving security teams on high alert about the evolving nature of cyber threats.

Published: Thu Aug 7 14:30:30 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Evolution of Cloud Security: Understanding Continuous Threat Exposure Management (CTEM)


Continuous Threat Exposure Management (CTEM) is a new strategy that aims to continuously assess, validate, and remediate an organization's exposure across all environments. It provides a unified view of risk posture by connecting the dots between misconfigurations, identity risks, unpatched vulnerabilities, and internet-exposed assets. By adopting CTEM, organizations can see significant improvements in asset visibility, time spent on remediation, and breach prevention. This article will explore what CTEM really means and why it's particularly well-suited to cloud and hybrid ecosystems.

Published: Thu Aug 7 13:22:28 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

ReVault Flaw: A Critical Vulnerability in Dell's ControlVault3 Firmware Exposes Over 100 Laptop Models to Firmware Implants and Windows Login Bypass


A recent revelation has exposed over 100 Dell laptop models to critical vulnerabilities in Dell's ControlVault3 firmware, allowing for firmware implants and Windows login bypass via physical access. This article provides an in-depth look at the ReVault flaw, its impact, and mitigation strategies to protect affected systems.

Published: Thu Aug 7 13:11:03 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

CERT-UA Warns of Sophisticated Phishing Attacks by UAC-0099 Targeting Ukraine's Defense Sector



CERT-UA, the national cyber security agency of Ukraine, has warned about a series of sophisticated phishing attacks targeting the country's defense sector by UAC-0099. These attacks use malicious HTA files attached to phishing emails that appear to be court summons, and have been linked to several high-profile cyber espionage operations against Ukrainian government agencies and private companies.

Published: Thu Aug 7 13:00:58 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Revolutionizing Cybersecurity: Microsoft Unveils Project Ire, AI-Powered Malware Detection System

Microsoft has unveiled Project Ire, an autonomous artificial intelligence system designed to autonomously detect and classify malware with unprecedented precision, marking a significant step forward in the quest for smarter security solutions.

Published: Thu Aug 7 12:53:00 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

CISA and Microsoft Warn of Critical Exchange Hybrid Flaw: A Threat to Hybrid Cloud Environments


CISA and Microsoft have issued a high-severity warning regarding a critical vulnerability in Exchange hybrid deployments, tracked as CVE-2025-53786. This particular flaw allows attackers to escalate privileges within an organization's connected cloud environment without leaving any easily detectable and auditable trace. Organizations relying on Exchange should prioritize the implementation of robust security measures and regular patching to prevent potential exploitation.

Published: Thu Aug 7 12:42:23 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

VexTrio: The Ad Tech Empire Behind Millions of Fake Apps and Scams


VexTrio Viper, a multinational criminal enterprise with ties to Russia and Belarus, has been linked to millions of fake apps and scams on Apple and Google's official app storefronts. The group uses complex networks of interconnected companies to deceive users into signing up for subscriptions that are difficult to cancel. As cybersecurity experts call out the industry for its lack of awareness in treating scams with the same severity as malware, VexTrio Viper's activities serve as a stark reminder of the need for greater vigilance and education.

In this exposé, we delve into the world of VexTrio Viper and explore the sinister forces behind its operation. From fake VPN apps to spam blocker scams, our investigation reveals the shocking extent of the organization's malicious activities. Stay ahead of the curve with The Hacker News as we uncover the truth behind VexTrio Viper.

Published: Thu Aug 7 12:35:23 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Devastating Discovery: Amazon ECS Vulnerability Exposed, Leaving Cloud Environments Wide Open to Attackers



Amazon Elastic Container Service (ECS) has been left vulnerable to attack after researchers discovered a critical vulnerability that allows attackers to exploit the service and gain access to sensitive data and control over cloud environments. The vulnerability, codenamed ECScape, was uncovered by researchers at Sweet Security and has sent shockwaves through the cybersecurity community. In this article, we will delve into the details of the discovery and explore the implications for organizations that rely on AWS and use ECS to deploy containerized applications.

Published: Thu Aug 7 12:27:41 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The SonicWall VPN Patch: A Critical Update to Prevent Malicious Activity



A recent surge in attacks targeting SonicWall SSL VPN appliances has been linked to an older, now-patched bug. The vulnerability in question was disclosed by SonicWall in August 2024 and was described as an improper access control issue that could allow malicious actors unauthorized access to the devices. In response, SonicWall has advised updating firmware to SonicOS version 7.3.0 and enforcing MFA and strong password policies. Organizations are urged to take proactive measures to protect their networks from such threats by ensuring they stay up-to-date with the latest security patches.

Published: Thu Aug 7 12:11:39 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Axiom: 6,500 Axis Servers Expose Remoting Protocol - A Critical Vulnerability That Could Expose Cameras to Takeover Attacks

Over 6,500 servers have been found to expose a critical vulnerability in Axis surveillance products. If left unpatched, this flaw could allow an attacker to take control of the cameras within a specific deployment, hijack feeds, watch them, or shut them down. Fortunately, Axis has released updates for their devices to fix these vulnerabilities.

Published: Thu Aug 7 12:04:03 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Microsoft Discloses Critical Exchange Server Flaw Allowing Silent Cloud Access in Hybrid Setups

Microsoft has disclosed a critical security flaw (CVE-2025-53786) affecting on-premise versions of Exchange Server, which could enable an attacker to gain elevated privileges within the organization's connected cloud environment. The vulnerability highlights the need for organizations to prioritize the security of their hybrid Exchange Server environments and underscores Microsoft's commitment to addressing emerging cybersecurity threats.

Published: Thu Aug 7 11:54:48 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The AI-Powered Cloud Security Landscape: Navigating the Evolving Threats of 2025


The world of cloud security is undergoing a significant transformation as artificial intelligence (AI) becomes an integral component of both defense and offense landscapes. The Sysdig Cloud Defense Report 2025 provides valuable insights into this evolving threat landscape, highlighting the need for security teams to adapt their strategies in order to stay ahead of the game.

Published: Thu Aug 7 11:47:46 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Malicious Go Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes

Researchers have uncovered a set of 11 malicious Go packages that can compromise both Windows and Linux systems, trigger remote data wipes, and steal sensitive information. The discovery highlights ongoing supply chain risks arising from cross-platform software development.

Published: Thu Aug 7 11:40:15 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Increasingly Perilous Realm of Python Supply Chain Security: A Threat Assessment

As the threat landscape in Python supply chain security continues to evolve, it's essential for developers and organizations to take proactive steps to protect themselves. Join us on our upcoming webinar "How to Secure Your Python Supply Chain in 2025" to learn about the latest trends, strategies, and tools for mitigating risks and securing your Python environment.

Published: Thu Aug 7 11:33:30 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT: A New Frontier in AI Hacking Vulnerabilities

Researchers have discovered a vulnerability in OpenAI's Connectors that allows attackers to extract sensitive information from Google Drive using a single poisoned document. This attack highlights the risks associated with connecting AI models to external services and underscores the importance of robust security measures against prompt injection attacks.

Published: Thu Aug 7 11:15:09 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cybersecurity's Next Frontier: The Rise of Agentic AI as a Savior from the Cybercrisis

Agentic AI offers a promising solution to the growing threat of cybercrime by providing a powerful new tool for detecting and responding to cyber attacks. With its ability to automate complex tasks and improve efficiency, agentic AI is set to revolutionize the field of cybersecurity.

Published: Thu Aug 7 11:05:35 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Amyrthy's Reckoning: The Role of X in Fueling UK Violence

Amyrthy's Reckoning: The Role of X in Fueling UK Violence

Published: Thu Aug 7 10:58:19 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Meta's AI Training Practices Under Scrutiny: A European Perspective

Meta's decision to train its AI models on user data has sparked controversy among European users, with only 7% supporting the practice. The company must provide clear information about these activities and give users a simple route to opt out of processing, as required by EU regulations.

Published: Thu Aug 7 10:49:37 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Behind the Scenes of Black Hat's Network Operations Center: A Hub of Security Excellence

Behind the scenes of Black Hat's network operations center, a team of highly skilled volunteers work tirelessly to ensure the security and stability of the network during the annual conference. From identifying and mitigating security threats to partnering with vendors and donating cutting-edge technology, this unassuming room is home to a hub of cybersecurity excellence.

Published: Thu Aug 7 10:37:50 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Air France and KLM Disclose Major Data Breach: Cybersecurity Community on High Alert as Global Aviation Industry Faces Increasing Threats

Air France and KLM Disclose Major Data Breach: Cybersecurity Community on High Alert as Global Aviation Industry Faces Increasing Threats

Published: Thu Aug 7 10:29:19 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cryptomixer Founders Pled Guilty to Laundering Millions for Cybercriminals: A Deep Dive into the Investigation and Consequences


Cryptomixer Founders Pled Guilty to Laundering Millions for Cybercriminals: A Deep Dive into the Investigation and Consequences

Published: Thu Aug 7 10:20:36 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

CISA Releases Malware Analysis Report for SharePoint Server Attacks


CISA has released a malware analysis report detailing a series of sophisticated exploits known as "ToolShell" that have been used by threat actors to breach over 400 SharePoint Server organizations worldwide. The vulnerabilities, including CVE-2025-53770, allow for remote code execution and data exfiltration through untrusted data deserialization. To mitigate this threat, CISA has released a set of Sigma rules that can be used by security scanners to detect the malware.

Published: Thu Aug 7 10:12:41 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Akira Ransomware Exploits CPU Tuning Tool to Disable Microsoft Defender: A Growing Concern for Cybersecurity


Akira ransomware has been exploiting a legitimate Intel CPU tuning driver to disable Microsoft Defender, highlighting the importance of keeping all software and drivers up-to-date. Recent attacks have been linked to SonicWall VPNs, and system administrators are advised to remain vigilant for signs of Akira-related activity until the situation is resolved.

Published: Wed Aug 6 21:35:03 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Ai-Powered Malware Analysis: Microsoft's Project Ire Revolutionizes Cybersecurity

Microsoft has made a breakthrough in its AI-powered malware analysis project, with nearly 9 out of 10 files flagged as malicious being actually malicious. The company's autonomous AI agent uses large language models and reverse engineering tools to detect and classify malware, paving the way for significant improvements in cybersecurity.

Published: Wed Aug 6 16:17:15 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Google's Salesforce Database Breach Exposed: A Cautionary Tale of Cybercrime and Data-Shaming

Google has confirmed that its Salesforce database was breached by ShinyHunters, with attackers allegedly planning to launch a data-shaming site to extort victims. The breach highlights the ongoing threat landscape and the need for businesses to bolster their cybersecurity defenses.

Published: Wed Aug 6 14:05:10 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Dark Side of AI: How Google's Gemini Assistant Can Be Hacked

Google's Gemini AI assistant has been found vulnerable to prompt injection attacks, which can hijack smart devices and put users in danger. As AI becomes increasingly integrated into public life, the potential risks of such weaknesses become critical.

Published: Wed Aug 6 13:56:49 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Trend Micro Patches Critical Apex One RCE Flaws Exploited in the Wild



Trend Micro has patched two critically vulnerable flaws in its Apex One on-premises management console, which were actively exploited in the wild. The company recommends that customers review remote access to critical systems and ensure perimeter security policies are up-to-date to prevent similar attacks.

Published: Wed Aug 6 11:47:44 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

WhatsApp Cracks Down on 6.8 Million Scam Accounts in Global Takedown

WhatsApp has taken a major step in combating global scams by removing 6.8 million accounts linked to scam centers, mainly located in Cambodia. This move is part of the platform's proactive efforts to protect its users from financial losses and scam-related activities.

Published: Wed Aug 6 11:39:49 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Hacker extradited to US for stealing $3.3 million from taxpayers: A Detailed Analysis of a Sophisticated Cybercrime Scheme

Nigerian national extradited to US to face charges related to stealing $3.3 million from taxpayers through sophisticated cybercrime scheme targeting U.S. tax preparation businesses.

Published: Wed Aug 6 11:31:19 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Google Suffers Data Breach Amid Ongoing Salesforce Attack Campaign

Google suffers data breach in ongoing Salesforce data theft attacks, as the tech giant joins a list of companies targeted by ShinyHunters' sophisticated vishing scams and social engineering tactics.

Published: Wed Aug 6 10:10:44 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

AI Vulnerabilities on the Rise: A Growing Concern for Security Experts

A new study has revealed a growing vulnerability in Google's Gemini chatbot, highlighting the need for greater security measures to protect against prompt-injection attacks. The researchers' findings have significant implications for the development of AI-powered applications and underscore the importance of prioritizing security in this rapidly evolving field.

Published: Wed Aug 6 09:02:19 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Unsettling Reality of China's Business Environment: Navigating the Gray Areas for International Travelers

As tensions between the US and China escalate, international business travelers are facing an increasingly complex and precarious landscape when venturing to China. From pervasive government surveillance to reputational damage, the risks facing foreign executives are multifaceted and far-reaching.

Published: Wed Aug 6 08:52:24 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Microsoft Unveils Project Ire: A Groundbreaking AI-Powered Malware Classification System

Microsoft has unveiled a groundbreaking AI-powered malware classification system called Project Ire, which aims to revolutionize the way malware is detected and classified. With its impressive accuracy rates and multi-step analysis process, this innovative system is set to enhance cybersecurity measures in a major way.

Published: Wed Aug 6 07:42:15 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

AI-Driven Revolution in vCISO Services: A Game-Changer for SMBs



The cybersecurity landscape is undergoing a significant transformation with the rise of advanced threats and growing awareness among businesses. In response to this shift, SMBs are increasingly turning to vCISO services. A recent report by Cynomi reveals that adoption of the vCISO offering has jumped from 21% in 2024 to 67% in 2025, a 319% increase in just one year. With AI transforming how vCISO services are delivered, service providers can support more clients, deliver higher-quality outputs, and improve profit margins. The full 2025 State of the vCISO Report offers insights into this revolution.

Published: Wed Aug 6 07:35:26 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

WhatsApp Unveils Enhanced Security Measures to Combat Scams

WhatsApp has introduced a new security feature aimed at protecting its users from scams, including a "safety overview" context card that provides key information about groups and tips on how to stay safe. The update is part of the company's ongoing efforts to combat scams and cybercrime on its platform.

Published: Wed Aug 6 07:28:02 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Dell Laptops Vulnerable to Critical ReVault Flaws, Allowing Hackers to Bypass Windows Login



Dell laptops are vulnerable to critical ReVault flaws that can allow hackers to bypass Windows login and install malware that persists across system reinstalls. With over 100 models affected, users must take immediate action to protect themselves against this devastating security flaw. Follow these tips to mitigate the risk and stay one step ahead of malicious actors.



Published: Wed Aug 6 07:19:53 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Microsoft's AI-Powered Web Protocol Hit with Embarrassing Security Flaw: A Critical Examination of the Industry Standard for Classifying Vulnerabilities


Microsoft's recent plan for fixing the web with AI has hit an embarrassing security flaw. The discovery highlights the challenges of security in an AI era and raises questions about how Microsoft plans to balance speed and security when deploying new AI protocols.

Published: Wed Aug 6 07:11:20 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Trend Micro Confirms Active Exploitation of Critical Apex One Flaws



A critical vulnerability in on-premise versions of Trend Micro's Apex One Management Console has been discovered and exploited in the wild. According to recent reports, two vulnerabilities have been identified as management console command injection and remote code execution flaws. This article provides an in-depth look at these vulnerabilities, their impact, and the measures being taken by Trend Micro to mitigate the risks associated with them.

Published: Wed Aug 6 05:58:12 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Nuclear Experts Warn of Inevitable Integration of Artificial Intelligence into World's Most Deadly Systems


Nuclear experts warn that artificial intelligence will soon be used in the world's most deadly systems, raising concerns about the potential for AI to introduce vulnerabilities and undermine human decisionmaking. As the debate over AI and nuclear weapons continues, one thing is clear: the integration of these technologies is inevitable - but it also poses a number of critical questions about how we can ensure that human judgment remains central to the launch of nuclear weapons.

Published: Wed Aug 6 05:50:47 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Trend Micro Warns of Newly Exploited Apex One Zero-Day Vulnerability



Trend Micro has issued a warning to its customers regarding an actively exploited zero-day vulnerability in its Apex One endpoint security platform. The vulnerability allows pre-authenticated attackers to execute arbitrary code remotely on systems running unpatched software, highlighting the importance of staying up-to-date with security patches and taking proactive measures to secure systems against emerging threats.

Published: Wed Aug 6 05:42:20 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cybersecurity Threat Actor Gamaredon Intensifies Spearphishing Activities Targeting Ukrainian Entities


Cybersecurity Threat Actor Gamaredon Intensifies Spearphishing Activities Targeting Ukrainian Entities

Gamaredon, a Russian-aligned spear-phishing group, has significantly intensified its activities in recent months. The group's use of sophisticated tactics, including fast-flux DNS techniques and legitimate third-party services, makes it challenging for security researchers to detect and track its activities. Despite these challenges, Gamaredon remains a significant threat actor due to its continuous innovation and aggressive spear-phishing campaigns.

Published: Wed Aug 6 04:29:34 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cybersecurity Alert: D-Link Vulnerabilities Exposed Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three old security flaws impacting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities (KEV) catalog, warning FCEB agencies of potential cyber threats.

Published: Wed Aug 6 03:19:44 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Google Addresses Critical Qualcomm Flaws Exploited by Attackers


Google recently released security patches to address multiple Android vulnerabilities, including two critical Qualcomm flaws that were actively exploited in the wild. These flaws highlight the ongoing threat landscape and the need for continuous monitoring and patching efforts. By releasing these critical patches and urging users to update, Google has taken a proactive approach to mitigating potential risks and ensuring the continued security of Android devices.

Published: Wed Aug 6 02:09:34 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

U.S. Cybersecurity Agency Identifies New Vulnerabilities in D-Link Cameras and Network Video Recorders


U.S. Cybersecurity Agency Identifies New Vulnerabilities in D-Link Cameras and Network Video Recorders

A recent update by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified multiple security flaws in various D-Link products, including cameras and network video recorders. These vulnerabilities pose a significant risk to networks if left unaddressed, highlighting the importance of conducting regular security audits and implementing necessary patches or updates.

Published: Wed Aug 6 01:56:13 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cybersecurity Concerns Loom: D-Link Router Flaws Exposed Amid Active Exploitation Reports

Three high-severity vulnerabilities impacting D-Link Wi-Fi cameras and video recorders have been added to the KEV catalog due to active exploitation reports. Organizations are advised to apply patches and updates as soon as possible to secure their networks and prevent potential breaches.

Published: Wed Aug 6 01:50:01 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

AI-Driven Cybersecurity Revolution: How Artificial Intelligence is Redefining Adversarial Testing

A new wave of innovation is sweeping across the cybersecurity industry, driven by the increasing use of artificial intelligence (AI) in adversarial testing. According to recent reports and expert insights, AI-powered solutions are transforming the way security teams approach threat detection and mitigation, enabling faster resolution of complex technical issues and providing clear, concise, and context-specific findings.

Published: Wed Aug 6 01:41:14 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Persistent Threat Lurks in the Shadows: The Vulnerability in Cursor AI YOLO Mode



A persistent remote code execution bug has been discovered in popular AI-powered coding tool Cursor, allowing an attacker to secretly modify the Model Context Protocol (MCP) configuration and execute malicious commands silently on the victim's machine. The vulnerability highlights a critical weakness in the trust model behind AI-assisted development environments and underscores the need for greater security awareness and testing of these emerging technologies.

Published: Tue Aug 5 19:26:21 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Switch 2 Conundrum: The Rise of Game-Key Cards and the End of Physical Gaming Ownership


Nintendo's Switch 2 has sparked a heated debate about game ownership and preservation, with many gamers advocating for physical game-key cards over digital downloads. But is this the future of gaming? As we dive into the world of Nintendo's latest console, we'll explore the implications of game-key cards on game ownership and why it's essential to reject this trend.


Published: Tue Aug 5 18:17:34 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Adobe Issues Emergency Fixes for AEM Forms Zero-Days After PoCs Released

Adobe has issued emergency fixes for AEM Forms zero-days after a Proof of Concept (PoC) exploit chain was released, exposing arbitrary code execution and improper Restriction of XML External Entity Reference (XXE) vulnerabilities. The latest updates are available now to mitigate the risks associated with these severe vulnerabilities.

Published: Tue Aug 5 18:00:16 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

PBS Data Breach Exposes Employee Information on Discord Servers

PBS has confirmed a data breach involving the exposure of corporate contact information for its employees and affiliates. Thousands of employee records were leaked onto Discord servers, sparking concerns about potential misuse and the importance of robust security measures.

Published: Tue Aug 5 17:48:14 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Voice Phishing Attacks: The Looming Threat to Corporate Security


Voice phishing attacks are becoming increasingly prevalent, with companies like Cisco recently falling victim to these tactics. In this article, we'll explore the growing threat of voice phishing and provide guidance on how businesses can protect themselves from these sophisticated attacks.

Published: Tue Aug 5 17:27:32 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Microsoft Ups the Stakes: $5M Bug Bounty Offered for Zero Day Quest 2026

Microsoft has announced a $5M bug bounty offer for its Zero Day Quest 2026 live hacking contest, which will bring together top researchers from around the world to identify and exploit serious security flaws in cloud and AI systems. The contest promises to be even more lucrative than previous iterations, with a larger pool of potential bounty awards.

Published: Tue Aug 5 15:07:26 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Rise of ClickFix: A Sophisticated Malware Campaign Exploiting CAPTCHAs to Spread Cross-Platform Infections


ClickFix, a sophisticated social engineering tactic, has been found to be a highly effective method for spreading cross-platform infections. By exploiting trust and leveraging legitimate-looking content, ClickFix has become a potent tool in the cybercriminal arsenal. This article provides an in-depth look at the evolution of ClickFix and its implications for security professionals.

Published: Tue Aug 5 15:00:13 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Exposing the Dark Side: Unraveling the "FraudOnTok" Malicious Campaign Targeting TikTok Shop Users

CTM360 has uncovered a new global malware campaign dubbed "FraudOnTok" that spreads the SparkKitty spyware through fake TikTok shops to steal cryptocurrency wallets and drain funds.

Published: Tue Aug 5 13:52:45 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Breakthrough in Malware Detection: Human Users' Decoding Strategies Revealed


Researchers from the Universities of Guelph and Waterloo discovered how human users decide whether an application is legitimate or malware before installing it. The study found that despite preconceptions, most participants were capable of making accurate judgments in real-time, with a significant boost in performance when given a system monitoring tool to aid their decision-making.

Published: Tue Aug 5 12:12:46 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New Measures to Combat Group Chat Scams on WhatsApp: A Comprehensive Approach to Protecting Users

WhatsApp has introduced a new "safety overview" feature aimed at protecting its users from group chat scams, providing key details about unknown groups before they can even see the messages within. This feature builds upon WhatsApp's existing context card initiative and aims to limit who can invite users to groups.

Published: Tue Aug 5 12:04:49 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cisco Discloses CRM Data Breach via Vishing Attack: A Cautionary Tale of Phishing and Security Lapses


Cisco Systems has disclosed a recent data breach involving its Customer Relationship Management (CRM) system, where an attacker used a vishing attack to gain access to basic user information. The incident highlights the ongoing threat posed by phishing attacks and the need for robust security measures in place. While no sensitive data or systems were compromised, the exposure of user information is still a cause for concern.

Published: Tue Aug 5 10:55:40 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

LLM Vulnerabilities: A New Era of AI Security Threats


Recent discoveries have exposed several vulnerabilities in Large Language Models (LLMs), which are becoming increasingly important tools for various applications. These vulnerabilities highlight the need for more robust security measures to protect LLMs and their applications, as well as the importance of prioritizing AI security in light of these recent threats.

Published: Tue Aug 5 10:46:12 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Google Addresses Multiple Qualcomm Vulnerabilities Exploited in the Wild

Google has released an August 2025 patch addressing multiple vulnerabilities, including two Qualcomm bugs actively exploited in the wild, highlighting the evolving threat landscape and emphasizing the importance of timely security updates to protect device users.

Published: Tue Aug 5 10:36:40 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Cyber Threat Landscape of Summer 2025: A Season of Unrelenting Attacks

Summer 2025 saw a surge in cyber attacks targeting hospitals, retail giants, and insurance firms, with nation-state actors and ransomware groups taking advantage of vulnerabilities such as CVE-2025-53770 and CVE-2025-49704. Security teams must patch their systems, validate each CVE, focus on exploit chains, and train their humans to prevent future breaches.

Published: Tue Aug 5 10:22:49 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Nvidia Patches Critical Vulnerabilities in Triton Inference Server, Averting Potential AI Model Theft


Nvidia has issued a critical patch for its Triton Inference Server, addressing a chain of high-severity vulnerabilities that could lead to remote code execution. The patch addresses potential risks including AI model theft, sensitive data breaches, or manipulation of AI model responses. Organizations using the server must update to the latest version as soon as possible.

Published: Tue Aug 5 10:08:20 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cisco Discloses Widespread Data Breach Impacting Cisco.com User Accounts


A recent data breach at Cisco Systems Incorporated has exposed the personal and user information of thousands of individuals with Cisco.com user accounts. According to an announcement made by the company on August 5th, 2025, cybercriminals stole sensitive information following a voice phishing (vishing) attack. While the incident did not impact Cisco's products or services, it highlights the ongoing threats posed by vishing and social engineering attacks, which can be highly sophisticated and difficult to detect.

Published: Tue Aug 5 08:58:24 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Silent Threat of Data Blindness: How Misconfigured Systems and Overpermissioned Users Can Expose Critical Information


The Silent Threat of Data Blindness: How Misconfigured Systems and Overpermissioned Users Can Expose Critical Information

Summary:
A growing concern in today's cybersecurity landscape is data blindness – the inability to see, track, or understand where sensitive data lives and how it's being exposed. This phenomenon can lead to incidents like breaches born from blind spots, where no one sees the data slipping out until it's too late. By adopting a mindset shift towards continuous visibility, security leaders can inform breach prevention, compliance reporting, identity governance, and even how security teams prioritize effort. It's time to rethink data visibility from snapshots to real-time awareness and adopt a proactive approach to protect sensitive information from exposure.



Published: Tue Aug 5 07:48:02 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Misconfigurations Not Vulnerabilities: The Hidden Danger Behind SaaS Security Risks


Misconfigurations and vulnerabilities are often used interchangeably in cybersecurity conversations, but a closer examination reveals that these terms are not synonymous. In fact, understanding the distinction between the two is crucial for maintaining robust SaaS security postures.

Published: Tue Aug 5 07:39:51 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The World's Largest Security Gathering: BSides Las Vegas, Black Hat, and DEF CON Descend upon Sin City

Join over 10,000 security professionals at one of three conferences descending upon Sin City – BSides Las Vegas, Black Hat, and DEF CON. With presentations on everything from finding solutions to old security challenges to exploring AI-powered hacking techniques, these events promise to be an exhilarating experience for anyone interested in staying ahead of the curve.

Published: Tue Aug 5 07:30:13 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Android Security Patches Address Qualcomm Flaws Exploited in Targeted Attacks

Android security patches have been released by Google to address vulnerabilities in the August 2025 security update, including two Qualcomm flaws that were exploited in targeted attacks. The patches aim to provide an additional layer of protection against potential threats and are a result of the ongoing efforts to improve the security of Android devices.

Published: Tue Aug 5 07:05:45 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Akira Ransomware Surge Sparks SonicWall Investigation: Potential Zero-Day Exploited Through Vulnerable Firewalls

SonicWall has launched an investigation into a surge in Akira ransomware attacks targeting its Gen 7 firewalls with SSLVPN enabled. The company believes that a zero-day vulnerability may be responsible for the increased activity, and is urging users to take immediate action to protect themselves from potential exploitation.

Published: Tue Aug 5 05:52:01 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Evolution of Cybersecurity Operations Centers: From Alert Chaos to Real-Time Threat Analysis

Expert cybersecurity professionals share insights on how SOCs can stay ahead of emerging threats by leveraging interactive analysis, automated triage, collaboration, and privacy-first workflows.

Published: Tue Aug 5 05:44:36 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

MICROSOFT UNVEILS EXPANDED ZERO DAY QUEST PRIZE POOL AND RESEARCH CHALLENGE TO ENCOURAGE SECURITY RESEARCHERS



Microsoft has significantly expanded its Zero Day Quest prize pool to $5 million, as part of a broader initiative to encourage security researchers to identify vulnerabilities in its cloud and AI products and platforms. With increased rewards and opportunities for collaboration, Microsoft aims to promote a culture of security transparency and continuous improvement.



Published: Tue Aug 5 05:26:13 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

NVIDIA's Triton Server: A Web of Vulnerabilities Exposed Through Remote Takeover


NVIDIA's Triton Server has exposed AI systems to remote takeover through critical vulnerabilities. The discovery of these flaws highlights the need for swift action and emphasizes the importance of defense-in-depth in securing AI infrastructure.

Published: Tue Aug 5 04:18:23 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Lurking in the Shadows: The Rise of AI-Driven Cyber Threats and How to Protect Yourself

Recent AI-driven phishing campaigns have targeted Meta Business Suite users, while another campaign, dubbed "ClickTok," has exploited TikTok Shop users globally with an aim to steal credentials and distribute trojanized apps. Experts urge individuals and organizations to take proactive measures to protect themselves from these emerging threats.

Published: Tue Aug 5 03:07:14 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

SonicWall's SSL VPN Zero-Day Nightmare: A Brewing Storm of Cyber Chaos


SonicWall's SSL VPN has been targeted by a surge in Akira ransomware attacks, raising concerns about potential zero-day vulnerabilities. Follow the latest updates on this developing story as SonicWall investigates the breach.

Published: Tue Aug 5 01:56:26 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Nearly Undetectable: The Rise of the "Plague" Malware on Linux Systems


Recently, researchers at Nextron Threat discovered a highly-persistent Linux backdoor known as "Plague" that has been evading detection using traditional tools. This malware exploits core authentication mechanisms to maintain stealth and persistence, making it exceptionally difficult to detect. With its advanced obfuscation techniques and hardcoded passwords, Plague poses a significant threat to Linux users. Stay informed about the latest security developments and take necessary precautions to protect your systems.

Published: Mon Aug 4 19:39:42 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

SonicWall Under Siege: A Delicate Dance between Cybersecurity and Ransomware

SonicWall is under siege as a series of highly sophisticated ransomware attacks target its firewall devices, exploiting a likely zero-day vulnerability to bypass multi-factor authentication. The company has promised to release updated firmware and guidance to mitigate the impact, but experts warn that MFA enforcement alone may not protect against these types of attacks.

Published: Mon Aug 4 17:30:23 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Fashion Giant Chanel Hit by Widespread Salesforce Data Breach: A Looming Threat to Customer Privacy


Fashion giant Chanel has been hit by a devastating data breach that exposed sensitive customer information. The attack, which is part of an ongoing wave of Salesforce data theft attacks, highlights the growing threat to corporate and individual privacy in the digital age.

Published: Mon Aug 4 16:21:11 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

PXA Stealer: The Python-Powered Malware Behind the Great Data Heist


A recent report has highlighted a sophisticated Python-powered malware known as PXA Stealer that has pilfered an impressive array of credentials from over 4,000 victims across 62 countries. The malware, linked to a Vietnamese-speaking group with ties to an organized cybercrime marketplace, has been able to steal sensitive data including passwords, credit card numbers, and browser cookies. According to SentinelLabs and Beazley Security, PXA Stealer has become increasingly sophisticated in its tactics, utilizing Python as its primary payload language and employing phishing emails to lure victims into downloading the malware.

Published: Mon Aug 4 14:00:41 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Northwest Radiologists Data Breach: A Comprehensive Analysis


Northwest Radiologists experienced a network disruption in January 2025, exposing the personal information of 350,000 Washington State residents. The breach highlights the ongoing battle between cybersecurity and data protection, emphasizing the need for robust measures to safeguard sensitive information.

Published: Mon Aug 4 11:43:44 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Vietnamese Hackers' Latest Steal: A Global Scourge of Passwords and Browsers

Recent reports have highlighted the efforts of Vietnamese hackers to steal sensitive information from thousands of unsuspecting victims across 62 countries using a sophisticated piece of malware called PXA Stealer. This latest development underscores the need for robust cybersecurity measures to protect against such attacks and highlights the importance of staying vigilant in the face of emerging threats.

Published: Mon Aug 4 11:36:58 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

NVIDIA Triton Inference Server Vulnerabilities Exposed: A Threat to AI-Driven Organizations

NVIDIA Triton Inference Server has been found to contain three critical security flaws that could allow unauthenticated attackers to execute code and hijack AI servers, posing a significant risk to organizations relying on this popular platform for their AI-driven operations.

Published: Mon Aug 4 11:29:08 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New Plague Linux Malware: A Stealthy Menace to Linux Infrastructure

Researchers have discovered a new Linux malware known as "Plague" that allows attackers to gain persistent SSH access and bypass authentication on compromised systems. The malware features advanced obfuscation techniques and environment tampering to evade detection, making it a sophisticated threat to Linux infrastructure.

Published: Mon Aug 4 11:20:37 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

CTM360 Unveils the Shadowy World of ClickTok: A Complex Scam Campaign Targeting TikTok Shop Users


CTM360 has exposed a complex scam campaign targeting TikTok Shop users, using phishing, malware, and social engineering tactics to deceive unsuspecting victims. The "ClickTok" campaign aims to steal cryptocurrency wallets and drain funds by exploiting users' trusting nature and capitalizing on their vulnerabilities.

Published: Mon Aug 4 11:12:51 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

PlayPraetor Android RAT: A Global Cyber Threat Expanding Across Spanish and French-Speaking Regions



A new Android malware campaign known as PlayPraetor has been identified by researchers, infecting over 11,000 devices across Spanish and French-speaking regions. The malware uses real-time control via Android Accessibility Services and targets nearly 200 banking apps and crypto wallets. With its multi-tenant C2 setup and fake Google Play Store URLs, this campaign is expanding rapidly into a major global cyber threat.

Published: Mon Aug 4 09:51:57 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Protecting Against Man-in-the-Middle Attacks: A Comprehensive Guide to Securing Your Communications

Man-in-the-middle (MITM) attacks have become a significant threat in today's digital landscape, with their ability to intercept sensitive information and steal data making them a formidable foe. This comprehensive guide provides a step-by-step approach to protecting against MITM attacks, including encrypting everything, securing the network, authenticating and validating, monitoring endpoints and traffic, and educating users about these risks.

Published: Mon Aug 4 07:35:48 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Threats Lurk in Plain Sight: The Rise of Malicious Python Packages and Cybersecurity Threats

Threats lurk in plain sight, from malicious Python packages to fake OAuth apps and AI-powered attacks. Stay informed about the latest cybersecurity threats and learn how to protect yourself.

Published: Mon Aug 4 07:28:10 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Devastating Aftermath of a Ransomware Attack: Einhaus Group's Descent into Insolvency

Einhaus Group, a German mobile phone repair and insurance business, has collapsed following a costly ransomware attack in 2023, highlighting the devastating impact that these cyberattacks can have on businesses.

Published: Mon Aug 4 07:18:59 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Ransomware Gangs Wreak Havoc on Microsoft SharePoint Servers: A Growing Concern for Global Organizations


Ransomware gangs are targeting Microsoft SharePoint servers, compromising at least 148 organizations worldwide. The attack uses zero-day exploits and state-backed hacking groups, making it challenging for organizations to detect and respond to. Stay informed and take proactive measures to protect your organization from these types of attacks.

Published: Mon Aug 4 07:07:12 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Shadow IT Menace: How Democratization of IT Security Exposes Organizations to Hidden Threats

Shadow IT has become a major concern for organizations, with employees being able to install unauthorized apps at will. The lack of visibility into the application stack and the rise of Shadow AI have created new vulnerabilities that need to be addressed. Learn more about how to prevent this phenomenon and ensure long-term security in our latest article.

Published: Mon Aug 4 05:58:17 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Military's Slot Machine Empire: A Web of Risk and Reward

The US Military's Slot Machine Empire: A Web of Risk and Reward

Published: Mon Aug 4 05:47:52 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Erosion of Data Sovereignty: How Cloud Computing's Ambiguous Security Can Lead to a Balkanized World


The erosion of data sovereignty raises critical questions about cloud computing's role in our interconnected world. Will a balkanized world of services emerge, driven by national and bloc interests? Or will a strong international framework for guaranteeing data sovereignty prevail? The future of data security hangs in the balance as we navigate this complex and ever-changing landscape.

Published: Mon Aug 4 05:25:21 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Mozilla Sounds Alarm: Phishing Campaign Targets Add-on Developers

Mozilla has issued a warning to browser extension developers, alerting them to an active phishing campaign targeting accounts on its official AMO (addons.mozilla.org) repository. The threat actor is impersonating the AMO team, claiming that targeted developer accounts require updates to maintain access to development features.

Published: Mon Aug 4 05:14:59 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Nation-state group CL-STA-0969 exposes vulnerabilities in Southeast Asian telecoms


Nation-state group CL-STA-0969 targeted Southeast Asian telecoms in 2024, exposing vulnerabilities in critical infrastructure. This attack highlights the ever-evolving nature of cyber threats and underscores the need for proactive threat intelligence and vigilant security measures.

Published: Mon Aug 4 04:06:50 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Lovense Flaws Expose Emails and Allow Account Takeover: A Cautionary Tale of Negligence and Unchecked Vulnerabilities


Lovense recently faced significant security concerns after vulnerabilities exposed users' emails and allowed account takeovers. The company's negligence in addressing these issues has raised questions about its commitment to security and transparency. Learn more about this critical vulnerability and its implications for Lovense and the broader cybersecurity community.

Published: Mon Aug 4 03:59:38 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Rise of Malicious Android Apps: The PlayPraetor Trojan and its Threat to Global Cybersecurity

PlayPraetor, a sophisticated Android Trojan malware, has already infected over 11,000 devices across multiple countries, posing significant risks to global cybersecurity. Experts warn that its impact could be felt globally, making it essential for users to be aware of the risks and take steps to protect themselves.

Published: Mon Aug 4 03:52:18 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

EXPOSING THE WEAKNESSES IN CHINA'S GREAT FIREWALL: A RESEARCH PAPER THAT SHED LIGHT ON THE COUNTRY'S IMPERFECT CYBERSECURITY MEASURES


A recent research paper reveals that China's Great Firewall has imperfections in its censorship controls, leaving the country vulnerable to attacks that can degrade its apparatus or cut access to offshore DNS resolvers. The findings of this study have significant implications for global cybersecurity efforts, particularly in the context of international relations and national security.

Published: Mon Aug 4 03:45:07 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Lazarus Group's Latest Deception: A New Era of Malware-Laden Open Source Software


Lazarus Group has turned to creating malware-laden open source software as part of its latest cybercrime campaign, targeting unsuspecting developers and organizations that rely on these seemingly innocuous tools. This new strategy represents a significant departure from the group's past tactics, which have primarily focused on disrupting critical infrastructure and extorting money through ransomware attacks. As this threat continues to evolve, it is essential that developers, policymakers, and industry leaders collaborate to enhance software supply chain security and promote awareness about the risks associated with relying on open source software.

Published: Sun Aug 3 20:28:00 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Abusing Link-Wrapping Services: The Rise of Microsoft 365 Phishing Attacks

Attackers are exploiting link-wrapping services used by reputable companies to steal Microsoft 365 logins through sophisticated phishing attacks. The malicious activity highlights the continuous need for vigilance in cybersecurity measures.

Published: Sun Aug 3 18:18:12 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A New Era of Cyber Threats: The SonicWall VPN Vulnerability and the Rise of Zero-Day Attacks



A new wave of sophisticated attacks has struck various sectors, including the US and European embassies, using advanced malware techniques such as APT campaigns and zero-day exploits. As AI technology advances, we can expect to see even more sophisticated threats emerge.

Recent Akira Ransomware attack on SonicWall VPNs highlights the growing need for robust cybersecurity measures, while a new Linux backdoor called Plague uses malicious PAM modules to bypass authentication. Meanwhile, China's allegations against Nvidia over alleged backdoors in H20 Chips have added fuel to ongoing debates about technology security and AI risks.

Staying informed about emerging vulnerabilities and risks is crucial to develop strategies to counter these threats. Cybersecurity experts emphasize the importance of prioritizing cybersecurity efforts and investing in robust security measures to stay ahead of the rapidly evolving threat landscape.

Published: Sun Aug 3 10:00:38 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Akira Ransomware's Targeting of Fully Patched SonicWall VPNs: A Zero-Day Vulnerability Exposed


Akira ransomware has targeted fully patched SonicWall VPNs in a likely zero-day attack, compromising devices with MFA and rotated credentials. Organizations are advised to disable the VPN service, enforce MFA, remove unused accounts, and conduct regular password updates to protect against this emerging threat.

Published: Sun Aug 3 09:51:30 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Silent Push CEO Reveals the Ongoing Battle Against Cybercrime: A Cat-and-Mouse Game Between Law Enforcement and Sophisticated Scammers

Cybercrime has become a lucrative business for organized crime groups, with estimated losses exceeding billions of dollars worldwide. In this article, we explore the ongoing battle against cybercrime with Silent Push CEO Ken Bagnall. Learn how one firm is working to disrupt these sophisticated scams and the cat-and-mouse game that ensues between law enforcement and scammers.

Published: Sun Aug 3 06:41:28 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Global Landscape of Cyber Threats: The Complexities of a Digital Age


A comprehensive look at the current state of cyber threats, including AI-generated malware, zero-day exploits, spear phishing attacks, and the need for increased cybersecurity awareness and education. This article provides an in-depth analysis of the complexities of a digital age.

Published: Sun Aug 3 05:26:01 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New Linux Backdoor "Plague" Exploits Authentication Mechanisms to Maintain Stealth and Persistence

A new Linux backdoor known as "Plague" has been discovered, exploiting authentication mechanisms to maintain stealth and persistence. With advanced obfuscation capabilities and antidebug features, Plague poses a significant threat to Linux infrastructure. Follow our coverage of this developing story for the latest updates.

Published: Sat Aug 2 19:02:27 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

China's Digital Shield: Nvidia Under Fire Over Alleged Backdoors in H20 Chips Amid Rising Tech Tensions

China has summoned NVIDIA over alleged backdoors in its H20 chips, citing national cybersecurity laws and raising concerns about tracking capabilities. The move is a significant escalation of tensions between China and the United States over tech trade and security, with implications for global digital security and the future of AI innovation.

Published: Sat Aug 2 17:55:02 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Unveiling the Shadowy World of CL-STA-0969: A State-Sponsored Threat Actor Weaving a Web of Deception

CL-STA-0969, a state-sponsored threat actor, has been quietly infiltrating telecommunications networks across Southeast Asia, leaving behind a trail of covert malware installations and sophisticated defense evasion techniques. According to recent findings from Palo Alto Networks Unit 42, CL-STA-0969 has conducted a 10-month espionage campaign, showcasing its remarkable capabilities in breaching network security and establishing remote control over compromised systems.

Published: Sat Aug 2 12:42:01 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New 'Plague' PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft

Researchers have identified a previously undocumented Linux backdoor dubbed "Plague" that has managed to evade detection for over a year. This malicious PAM module bypasses system authentication and gains persistent SSH access, making it exceptionally hard to detect using traditional tools.

Published: Sat Aug 2 10:31:55 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

CISA Condemns Critical National Infrastructure Organization for Shoddy Security Practices

CISA has issued a scathing report condemning a critical national infrastructure organization for its abysmal security practices, including storing credentials in plaintext and failing to implement adequate logging mechanisms. The agency recommends a range of measures to improve the organization's security posture, underscoring the importance of robust cybersecurity practices in protecting sensitive data and preventing catastrophic failures.

Published: Sat Aug 2 04:09:32 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Sophisticated Attack on Solana Users: The Rise of AI-Generated Malware


A sophisticated attack on Solana users has been uncovered, using AI-generated malware to drain wallets of funds. The attackers used an open C2 server to manage multiple infected hosts and share stolen funds with each other. This attack highlights the need for improved security measures and better detection capabilities in the face of AI-powered threats.

Published: Fri Aug 1 17:40:30 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Micrsoft's Recall: A Double-Edged Sword for Personal Security and Data Protection


Microsoft's Recall app is supposed to protect users from unwanted screenshot captures, but recent tests reveal significant vulnerabilities that can expose sensitive information. While it does offer some degree of protection, the feature's limitations and shortcomings cast serious doubts on its overall efficacy as a security tool.

Published: Fri Aug 1 16:31:57 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

OpenAI's Controversial Removal of ChatGPT Search Indexing Option Sparks Concerns Over User Privacy

OpenAI has removed its feature that allowed users to make their ChatGPT interactions indexable by search engines, citing concerns over potential risks associated with allowing users to unwittingly expose sensitive information. The decision has sparked debate among experts and users alike, with implications for AI development and deployment.

Published: Fri Aug 1 16:18:04 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Unsettling Implications of Microsoft's China-Based SharePoint Support


ProPublica reveals how Microsoft used China-based engineers to support its popular SharePoint software, potentially exposing sensitive data to Chinese hackers. The company has since announced plans to stop supporting on-premises versions of the product and is urging customers to switch to the online version, citing cybersecurity concerns.

Published: Fri Aug 1 16:10:28 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Australia's Intelligence Community Laments the 'Reckless Invitation' of Foreign Intelligence Services on LinkedIn

Australia's intelligence community is sounding the alarm over the growing threat of foreign espionage on professional networking sites, particularly LinkedIn. With nation-states spying at unprecedented levels, ASIO is seeing more Australians targeted – more aggressively – than ever before. The use of these platforms creates a "reckless invitation" for foreign intelligence services to access sensitive information. In this article, we delve into the world of espionage and explore the measures that can be taken to protect Australia's national security.

Published: Fri Aug 1 14:47:22 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Exposing the Shadowy World of Microsoft Exchange Zero-Days: A Web of Intrigue and Espionage

A new series of zero-day exploits targeting Microsoft Exchange has revealed a complex web of espionage and cybercrime, raising concerns about cybersecurity and national security.

Published: Fri Aug 1 14:21:40 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Critical Flaw in Cursor AI Code Editor Allows Remote Code Execution via Prompt Injection

Researchers have disclosed a critical flaw in Cursor, an AI code editor that allows attackers to run commands via prompt injection, potentially leading to remote code execution under user privileges.

Published: Fri Aug 1 13:10:19 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

SonicWall Firewall Devices Under Siege: A Surge of Akira Ransomware Attacks


SonicWall firewall devices have been hit by a surge of Akira ransomware attacks, potentially exploiting a previously unknown security vulnerability. The recent spate of attacks on SonicWall SSL VPN connections has raised concerns among cybersecurity experts, who warn that the vulnerabilities exploited in these attacks could have far-reaching consequences for organizations worldwide.

Published: Fri Aug 1 13:02:59 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Meta Unveils $1 Million Bounty for WhatsApp Exploits at Pwn2Own Ireland 2025

Meta is offering up to $1 million in bounties for WhatsApp exploits at Pwn2Own Ireland 2025, with the goal of incentivizing security researchers to discover and report vulnerabilities in the popular messaging app.

Published: Fri Aug 1 11:54:58 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

New Wave of Malicious OAuth Apps Target Microsoft 365 Accounts


Threat actors are using fake OAuth apps with phishing kits like Tycoon to breach Microsoft 365 accounts by tricking users into granting unauthorized access to their credentials. This new attack vector exploits the trust placed in legitimate applications and services, making it essential for users to remain vigilant and take steps to protect themselves against these types of attacks.

Published: Fri Aug 1 11:46:35 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

CurXecute: Unveiling the AI-Powered Cursor IDE Vulnerability and the Perilous Realm of Prompt- Injection Attacks


CurXecute: A Prominent Vulnerability in Ai-Powered Code Editor Cursor
Learn how to minimize the impact of CurXecute and ensure user safety in our comprehensive guide.

Published: Fri Aug 1 10:34:21 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Ai-Generated Malicious Npm Package Drains Solana Funds from 1,500+ Before Takedown: A Threat to the Cybersecurity of Software Supply Chains

AI-Generated Malicious Npm Package Drains Solana Funds from 1,500+ Before Takedown: A Threat to the Cybersecurity of Software Supply Chains. A new and alarming threat has emerged in the form of a malicious npm package generated using artificial intelligence (AI) that has drained funds from over 1,500 users on the Solana blockchain.

Published: Fri Aug 1 08:24:03 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Data Breach at a Florida Prison: A Cautionary Tale of Leaked Information and Potential Consequences

A Data Breach at a Florida Prison Raises Concerns About Inmate Safety and Visitor Security

Published: Fri Aug 1 08:16:02 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Storm-2603 APT Group: Unpacking the Tools and Tactics of a Sophisticated Chinese Threat Actor


The Storm-2603 APT group has been identified by Check Point as a sophisticated threat actor linked to Chinese-based APT groups APT27 and APT31. This group has been responsible for deploying various forms of malware, including ransomware variants such as Warlock and LockBit Black. Their use of custom C2 frameworks and evasion techniques has raised concerns among cybersecurity experts.

Published: Fri Aug 1 07:08:16 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Data Paradox: How Legacy Data is Limiting AI's Potential in Cybersecurity

As AI-powered threats continue to evolve, cybersecurity teams are discovering that the quality of their data feeds is the key to unlocking the full potential of these advanced technologies. By recognizing the importance of high-quality data and adopting industry-standard security models, organizations can enhance their defenses against increasingly sophisticated attacks.

Published: Fri Aug 1 06:57:18 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Unveiling of Storm-2603: A Sophisticated Ransomware Actor Leveraging DNS-Controlled Backdoors

Storm-2603's attack is a sobering reminder of the evolving threat landscape, highlighting the need for organizations to stay vigilant against complex and sophisticated attacks that are increasingly being deployed by nation-state actors.

Published: Fri Aug 1 05:45:38 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cybercrooks' Cunning Plan: How a Raspberry Pi Became a Bank's Worst Nightmare

Cybercrooks used a Raspberry Pi to steal cash from an Indonesian ATM in a sophisticated attack that highlights the potential risks posed by even small devices. The attackers deployed a backdoor known as Tinyshell, which allowed them to bypass traditional network defenses and withdraw money remotely.

Published: Fri Aug 1 05:37:58 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

CISA Unveils Thorium: A Scalable Platform for Enhanced Malware Analysis and Forensic Capabilities


CISA has released Thorium, an open-source platform designed to support malware analysis, digital forensics, and incident response efforts. The platform offers full control through a RESTful API and can be accessed via web browser or command-line utility for quick and flexible use. With its ability to integrate various tools and provide scalable data handling, Thorium is poised to enhance cybersecurity capabilities across the globe.

Published: Fri Aug 1 04:29:40 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Blurred Lines of National Security: The Growing Threat of Foreign Intelligence Services on LinkedIn

As the threat of foreign intelligence services on LinkedIn grows, national security agencies must adapt their approaches to counter this increasingly sophisticated threat. With billions of dollars at stake, it is clear that the Australian government must take immediate action to protect its sensitive information and intellectual property.

Published: Fri Aug 1 02:15:30 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Microsoft Discovers Sophisticated Russian State-Sponsored Hacking Operation Targeting Foreign Embassies

Microsoft has discovered a highly sophisticated state-sponsored hacking operation targeting foreign embassies in Moscow with custom malware that uses an adversary-in-the-middle attack to gain access to sensitive systems. The operation is believed to be conducted by the Russian government-backed group Secret Blizzard.

Published: Thu Jul 31 17:48:59 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Russia-Linked APT Group Secret Blizzard Exploits Critical Vulnerabilities to Target Foreign Embassies in Moscow


Russia-linked APT group Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware, exploiting critical vulnerabilities to gain long-term access to sensitive information. Microsoft researchers have confirmed that the threat actor has the capability to deploy custom-built malware at the ISP level, making it nearly impossible for devices to detect or block the malicious code.

Published: Thu Jul 31 16:40:58 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Illumina Settlement: A Cautionary Tale of Cybersecurity Negligence


Biotech firm Illumina settles false claims case for $9.8M after allegations of selling genetic testing systems with known security vulnerabilities to US government.

Published: Thu Jul 31 15:09:03 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Great Chip Debate: Beijing's Scrutiny of Nvidia's AI Chips

Beijing has summoned Nvidia over alleged backdoors in its high-performance computing chips, sparking concerns about the role of cybersecurity in China's tech sector. The controversy highlights ongoing tensions between Washington and Beijing over trade, security, and technology policy.

Published: Thu Jul 31 14:00:26 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Achievements in Cloud Computing: Microsoft's Upgrade to Azure AI Speech

Microsoft has upgraded its Azure AI Speech service, enabling users to generate voice replicas with just a few seconds of sampled speech. The new model boasts more realistic voices and improved prosody accuracy, but experts warn about the potential misuse of this technology.

Published: Thu Jul 31 13:50:00 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Microsoft Pledge: A New Era of Incentivizing .NET Vulnerability Research

Microsoft has expanded its .NET bug bounty program to offer up to $40,000 for critical vulnerabilities, marking a significant step forward in the company's efforts to bolster its cybersecurity posture. The changes reflect Microsoft's commitment to fostering a culture of collaboration and incentivizing top talent in AI research.

Published: Thu Jul 31 13:41:56 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Attacking the Unprotected: The Vulnerability in Alone WordPress Theme Exposed

Thousands of WordPress sites have been left vulnerable to attacks after a critical zero-day vulnerability was discovered in the Alone WordPress theme. The vulnerability allows attackers to hijack websites and gain control over them. WordPress site administrators are urged to update to the latest version, monitor suspicious activity, and scan logs for signs of exploitation.

Published: Thu Jul 31 12:32:43 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Shadowy Realm of ISP-Based Espionage: How Turla's Sophisticated Hacking Technique is Exposing Global Targets

The Kremlin's most devious hacking group, Turla, has exposed global targets by leveraging Russia's network infrastructure to redirect them towards a fake update prompt for their browser's cryptographic certificates, rendering sensitive data vulnerable to surveillance. As experts warn of similar threats around the world, individuals are urged to take necessary precautions to protect themselves against this evolving threat landscape.

Published: Thu Jul 31 12:25:36 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Russia's Shadow Network: How Kremlin Backed Group Secret Blizzard Exploits Local ISPs to Spy on Foreign Diplomats


Microsoft has warned that a Kremlin-backed group, known as Secret Blizzard or VENOMOUS BEAR, Turla, WRAITH, ATG26, is abusing local internet service providers' networks to spy on diplomats from foreign embassies in Moscow. This campaign involves the use of an adversary-in-the-middle (AiTM) position at the ISP/telco level to gain access to these diplomatic missions.

Published: Thu Jul 31 12:13:13 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Temporary Reprieve from Connectivity: A Glimpse into the Mysterious Realm of Digital Disruptions

Users affected by a recent temporary outage are advised to refresh their pages periodically as administrators work to resolve the issue. The incident highlights the need for proactive measures in mitigating potential disruptions to digital services.

Published: Thu Jul 31 12:02:13 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Russian Hackers Utilize ISP Access to Launch Sophisticated AiTM Attacks on Embassies


In a concerning development, Microsoft has warned that Russian hackers are using ISP access to launch sophisticated AiTM attacks on embassies in Moscow, posing a significant threat to diplomatic missions. The attackers, linked to Russia's Federal Security Service (FSB), have been exploiting their adversary-in-the-middle position at the ISP level to infect systems with custom ApolloShadow malware. This is the first time Microsoft has confirmed Secret Blizzard's capability to conduct espionage at the ISP level.

Published: Thu Jul 31 11:57:46 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

CISA Unveils Thorium: A Scalable Open-Source Platform for Enhanced Malware and Forensic Analysis


CISA has released its open-source Thorium platform for malware and forensic analysis, offering enhanced efficiency, scalability, and collaboration capabilities to cybersecurity teams worldwide. Developed in partnership with Sandia National Laboratories, Thorium boasts advanced features that automate numerous tasks involved in cyberattack investigations, empowering security professionals to tackle complex threats with greater ease. By making this technology publicly available, CISA underscores its commitment to openness and collaboration within the cybersecurity community.

Published: Thu Jul 31 11:49:49 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Unveiling the Shadows: China's Sophisticated Web of Offensive Cyber Tools

China has long been accused of engaging in cyber espionage, but new evidence suggests that its efforts are far more sophisticated than previously thought, with a complex network of patents and tools designed to facilitate targeted intelligence gathering operations.

Published: Thu Jul 31 10:23:42 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Precedence of Malicious Activity: A New Indicator in Cybersecurity Threat Assessment


Spikes in malicious activity precede new CVEs in 80% of cases, reveals a recent study by GreyNoise, a threat monitoring firm that analyzed data from its 'Global Observation Grid' (GOG) to identify patterns in attacker behavior. The study found that spikes in malicious activity are often a precursor to the disclosure of new security vulnerabilities (CVEs), and defenders can use this knowledge to prepare for potential attacks.



Published: Thu Jul 31 10:11:59 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

ClickFix Attacks: The Silent Manipulation of User Clipboard

ClickFix attacks are silent clipboard manipulation tactics used by threat actors to gain unauthorized access to devices through social engineering tactics. The attack has an initial version called ClickFix and its subsequent iteration called FileFix, which can lead to severe impacts on the compromised device, including data theft and remote control. Learn how to prevent these types of attacks with our article about ClickFix.

Published: Thu Jul 31 10:02:32 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Trusted Platform Module-Backed Full Disk Encryption Coming to Ubuntu 25.10

Canonical's upcoming release of Ubuntu 25.10 will feature a significant improvement in full disk encryption capabilities, courtesy of the Trusted Platform Module (TPM). By utilizing modern PCs' TPM 2.0 chips, users can enjoy enhanced security and peace of mind without having to enter their encryption keys during boot-up. However, this feature is currently restricted to compatible hardware running Windows 11.

Published: Thu Jul 31 09:53:23 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

NHS Disability Equipment Provider on Brink of Collapse Amidst Ongoing Cybersecurity Threats


A major supplier of healthcare equipment to the UK's National Health Service (NHS) is on the brink of collapse, 16 months after falling victim to a devastating cyberattack. The company, NRS Healthcare, has been struggling to recover from the attack, which had a minimal impact on its financial statements during the fiscal year that ended March 31, 2024. However, the company's financial situation is expected to worsen in the following fiscal year, with costs related to the recovery of the cyber incident anticipated to have a significant toll.

Published: Thu Jul 31 08:45:06 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Decline of Traditional SIEMs: A New Era for Modern Security Operations


The world of cybersecurity is undergoing a significant transformation, with traditional SIEM systems facing an unprecedented decline. This article delves into the intricacies of this issue, exploring its far-reaching consequences and discussing potential solutions that can help organizations navigate this turbulent landscape.

Published: Thu Jul 31 06:16:42 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Ignored No More: The Critical Role of Internet Exchange Points in Global Connectivity


The importance of internet exchange points in global connectivity has been long overlooked by governments and policymakers. Despite their critical role, many IXPs operate in the shadows, with significant vulnerabilities that can have far-reaching consequences for global connectivity. In this article, we explore the significance of IXPs, the challenges they face, and what needs to be done to prioritize their protection.

Published: Thu Jul 31 02:56:53 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Ransomware Evolution: The Rise of FunkSec and the Impact on Cybersecurity

Researchers have released a decryptor for the FunkSec ransomware, allowing victims to recover their encrypted files for free. The decryptor was developed by Avast researchers in collaboration with law enforcement agencies. This move highlights the importance of community-driven efforts in combating cyber threats.

Published: Thu Jul 31 01:44:51 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Dahua Camera Vulnerabilities: A Growing Concern for Home and Business Surveillance


Dahua Camera Vulnerabilities: A Growing Concern for Home and Business Surveillance

Recent discoveries by Bitdefender researchers have revealed critical flaws in Dahua smart cameras, allowing hackers to remotely take control of these devices. In this article, we delve into the details of these vulnerabilities and provide essential information on how users can protect their home and business surveillance systems.

Published: Thu Jul 31 01:38:09 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Cyber-Scam Origins of a Tense Border Conflict: Thailand and Cambodia's Ongoing Standoff



In a tense standoff, Thailand and Cambodia are locked in a bitter dispute over access to an ancient Hindu temple, which has escalated into a full-blown skirmish. The situation is further complicated by reports of cyber-scams operating in the region, with Thailand's government citing these activities as one factor contributing to the current tensions.

The Thai-Cambodian conflict highlights the complex and often fraught relationship between neighboring countries in Southeast Asia. While cooperation and diplomacy are necessary to address issues such as border disputes and resource management, the recent clashes underscore the need for greater understanding and communication between these nations.

Published: Wed Jul 30 22:24:37 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Facial Recognition Conundrum: A National Security Dilemma or a Passenger's Right to Privacy?

The US government's plans to extend facial recognition at airports have sparked controversy, with many passengers objecting to the practice due to concerns about privacy. As Congress continues to audit the system, it raises fundamental questions about the balance between security and individual rights.

Published: Wed Jul 30 20:12:01 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Novel Approach to Bank Heists: How Hackers Exploited a 4G-Enabled Raspberry Pi to Compromise ATM Networks



In a shocking revelation, researchers have uncovered how hackers used a 4G-enabled Raspberry Pi to compromise an ATM network. The audacious plan employed novel techniques such as Linux bind mount and process masquerading to disguise malware, making it challenging for forensic analysts to detect. This latest attempt by the financially motivated threat group UNC2891 highlights the ever-evolving nature of cyber threats and underscores the importance of staying vigilant in protecting sensitive financial information.

Published: Wed Jul 30 18:52:27 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Dark Web Threat: SafePay Ransomware's 3.5TB Data Breach of Ingram Micro


SafePay ransomware threatens to leak 3.5TB of sensitive data belonging to IT giant Ingram Micro, sparking widespread concern among cybersecurity experts and business leaders alike. The incident highlights the increasing sophistication and brazenness of ransomware attacks in recent times, emphasizing the need for companies to remain vigilant and proactive in protecting themselves against these types of threats.

Published: Wed Jul 30 15:29:56 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Hackers Exploit Python Devs' Trust in Phishing Attacks Using Fake PyPI Site

Python developers are being targeted by hackers using fake PyPI sites to trick them into logging in with their credentials. To protect themselves, users need to remain vigilant and take steps to prevent falling victim to these phishing attacks.

Published: Wed Jul 30 15:23:01 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

ShinyHunters: The Cloud-Based Extortion Group Behind a Wave of High-Profile Data Breaches



ShinyHunters, a cloud-based extortion group, has been linked to a string of high-profile data breaches at major corporations such as Qantas, Allianz Life, LVMH, and Adidas. By impersonating IT support staff and using social engineering attacks, ShinyHunters is attempting to extort companies over email, threatening to release stolen information unless their demands are met. As experts continue to unravel the mysteries surrounding this group, one thing is clear: these threat actors are a force to be reckoned with.

Published: Wed Jul 30 15:14:01 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Lax Security of Artificial Intelligence: A Growing Concern for Enterprises

IBM's Cost of a Data Breach Report 2025 highlights the growing concern of lax AI security among enterprises, with nearly one-third experiencing operational disruption due to an AI-related breach. Most organizations lack adequate governance in place to mitigate AI risk, leaving them vulnerable to attacks and data breaches.

Published: Wed Jul 30 15:02:14 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Looming Shadow of Zero-Day Exploits: Apple Fixes Vulnerability in Google Chrome Users

Apple has issued a critical security update to address a high-severity vulnerability in Google Chrome users, with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) adding the flaw to its Known Exploited Vulnerabilities (KEV) catalog. The fix addresses an insufficient validation of untrusted input in ANGLE and GPU, allowing remote attackers to potentially perform a sandbox escape via crafted HTML pages.

Published: Wed Jul 30 13:44:58 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Hackers Leverage Facebook Ads to Spread Malware via Fake Cryptocurrency Trading Apps

Researchers have discovered a malicious campaign using Facebook ads to spread the JSCEAL malware, which can capture sensitive data from cryptocurrency wallets and banking websites. The attack chain employs novel anti-analysis mechanisms, including script-based fingerprinting, making it challenging for security tools to detect and analyze the malware.

Published: Wed Jul 30 13:34:48 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Deliberate and Coordinated Digital Assault: The St Paul Cyberattack and Its Implications for State and Local Governments



A recent cyberattack on the city of Saint Paul, Minnesota, has sent shockwaves through government circles, with officials scrambling to respond to the attack and assess its impact. The attack, which was first detected by city officials on Friday, persisted through the weekend, causing significant disruptions and impairing the city's ability to provide vital services. In a dramatic turn of events, Governor Tim Walz has activated the state's National Guard and declared a state of emergency in response to the attack, marking a significant escalation in the government's efforts to address the growing threat of cyberattacks.

Published: Wed Jul 30 13:27:09 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Hacking the Banking System: How LightBasin's Advanced Attack Bypassed Security Measures with a 4G Raspberry Pi


Hackers successfully infiltrated a bank's network by embedding a 4G Raspberry Pi device in an ATM machine, exploiting vulnerabilities to carry out a sophisticated heist. This incident highlights the evolving nature of cyber attacks and the increasing reliance on modern technologies for nefarious purposes.



Published: Wed Jul 30 13:11:24 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Hackers Exploit Critical Vulnerability in WordPress Alone Theme, Leaving Websites Open to Remote Code Execution

Hackers are exploiting a critical vulnerability in the WordPress Alone theme, allowing them to achieve remote code execution and perform full site takeovers on vulnerable websites. Update to version 7.8.5 of the theme immediately to prevent further exploitation.

Published: Wed Jul 30 13:00:53 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Apple Patches Security Flaw Exploited in Chrome Zero-Day Attacks: A Detailed Analysis

Apple has released security updates to address a high-severity vulnerability in Google Chrome that has been exploited in zero-day attacks targeting Chrome users. The update resolves a critical flaw in the ANGLE graphics abstraction layer, allowing attackers to execute arbitrary code within the browser's GPU process.

Published: Wed Jul 30 11:40:10 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Internet's Age Verification Dilemma: A Global Crisis of Trust


The world of online safety is facing an unprecedented crisis as governments and tech giants struggle to implement effective age verification systems. With the UK's Online Safety Act sparking chaos across the globe, experts warn of a "privacy nightmare" and potential catastrophe for user trust.

Published: Wed Jul 30 11:32:40 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Palo Alto Networks' $25 Billion Acquisition: The Future of Identity Security


Palo Alto Networks has acquired CyberArk for $25 billion, solidifying its position as a leader in identity security. This acquisition marks a significant shift in the cybersecurity landscape, as both companies recognize the growing threat of protecting both human and machine identities with AI and ML. The deal is expected to close in the second half of Palo Alto Networks' fiscal 2026.

Published: Wed Jul 30 10:21:18 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

PyPI Maintainers Warn Users of Email Verification Phishing Attack

PyPI maintainers have warned users about an email verification phishing attack aimed at exploiting the trust that users have in the Python Package Index. The attackers are using fake websites to mimic the look and feel of the real PyPI site and lure victims into divulging sensitive information.

Published: Wed Jul 30 09:07:45 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Critical Dahua Camera Flaws Leave Vulnerable Devices Open to Hijacking via Remote Exploits



Critical security flaws have been discovered in Dahua smart cameras, leaving vulnerable devices open to remote hijacking via exploits. The flaws were identified as buffer overflow vulnerabilities that could be exploited over the local network and even remotely. Users are advised to take immediate action to address these vulnerabilities by installing firmware updates or patches.

Summary: A recent discovery of security flaws in Dahua smart cameras has raised concerns about potential exploitation via remote hijacking. The affected devices, running versions with built timestamps before April 16, 2025, are vulnerable to buffer overflow exploits over the local network and even remotely. Users are advised to prioritize firmware security and take immediate action to address these vulnerabilities.



Published: Wed Jul 30 09:01:09 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Ingram Micro's Cybersecurity Breach: A Ransomware Attack of Global Proportions

Ingrham Micro suffered a devastating ransomware attack, compromising sensitive data and disrupting critical business processes. The SafePay ransomware group has threatened to leak 3.5 TB of Ingram Micro's data unless their demands are met.

Published: Wed Jul 30 08:53:37 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

FBI Seizes $2.4 Million Worth of Cryptocurrency from Chaos Ransomware Affiliate Targeting Texas Firms

The FBI has seized approximately $2.4 million worth of cryptocurrency from an affiliate of the Chaos ransomware group, which has been linked to multiple attacks on firms located in Texas and other regions.

Published: Wed Jul 30 07:36:21 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Cybersecurity Landscape: A Delicate Balance Between Vulnerability Exposure and Malicious Exploitation


A recent series of high-profile vulnerabilities has highlighted the importance of cybersecurity awareness and the need for ongoing education and training in this rapidly evolving field. As technology continues to advance at an unprecedented pace, it is crucial that organizations prioritize their efforts in developing robust cybersecurity protocols to protect against emerging threats.

Published: Wed Jul 30 07:28:01 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Shedding Light on Shadowy Cyber Contracting Ecosystem: Chinese Firms Linked to Silk Typhoon



A new report from SentinelOne has shed light on the shadowy cyber contracting ecosystem, revealing that several Chinese firms linked to Silk Typhoon have been identified as behind over a dozen technology patents. These patents cover forensics and intrusion tools used by state-sponsored hacking groups, highlighting an important deficiency in threat actor attribution space: tracking campaigns and clusters of activity to named actors. The findings underscore the need for more robust attribution methodologies that can identify not only individuals but also companies they work for, capabilities those companies have, and how those fortify state initiatives.



Published: Wed Jul 30 07:15:36 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Google Unveils Enhanced Cybersecurity Measures: DBSC Open Beta and Patch Transparency via Project Zero

Google has launched Device Bound Session Credentials (DBSC) open beta to enhance session security and introduced Reporting Transparency as part of its efforts to bridge the upstream patch gap. These enhancements are designed to bolster user safety by mitigating potential risks associated with AI systems and promoting a more secure digital landscape for users.

Published: Wed Jul 30 04:53:16 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Auto-Color Malware Threat: Unpacking the Exploitation of SAP NetWeaver Flaws

Darktrace reported detecting an Auto-Color backdoor malware attack taking place on a US-based chemicals company. The attackers exploited a critical SAP NetWeaver flaw to deploy the malware. Darktrace's rapid detection and response prevented the malware from fully activating, but highlights the ongoing threat posed by advanced persistent threats.

Published: Wed Jul 30 03:44:34 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Lull Between the Storms: Scattered Spider's Deterrent Effect on Cybersecurity Threats

Scattered Spider's Drop in Activity Presents a Critical Window of Opportunity for Organizations to Reinforce Their Security Posture

Published: Wed Jul 30 03:35:02 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Exploiting SAP Vulnerabilities: The Auto-Color Malware Threat

Recently discovered Auto-Color malware has been found to exploit a now-patched critical SAP NetWeaver vulnerability, compromising Linux systems and enabling remote access. This sophisticated attack highlights the ongoing threat posed by remote access trojans (RATs) and emphasizes the need for timely patching and robust cybersecurity measures.

Published: Wed Jul 30 03:27:40 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Cybersecurity Showdown: CISA's Secret Report and Senator Wyden's Hold


In a highly publicized battle over cybersecurity transparency, US Senator Ron Wyden (D-OR) continues to hold up the nomination of Sean Plankey as the next head of CISA due to concerns over the agency's handling of a secret report on telecommunications network vulnerabilities. Despite efforts from lawmakers and experts alike, it remains unclear when or if CISA will release this critical information.

Published: Tue Jul 29 18:04:09 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

AI Job Displacement: A Comprehensive Analysis by Microsoft Researchers

A new study by Microsoft researchers suggests that while AI may displace some jobs, many occupations will see changes in their nature or scope rather than complete displacement. The study analyzed over 200,000 interactions with Bing Copilot, highlighting areas where AI can augment work rather than replace it.

Published: Tue Jul 29 17:44:50 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Orange's Cybersecurity Crisis: A Growing Concern for Europe and Africa


Orange, one of France's largest telecommunications operators, has faced a major cyberattack that has disrupted its services across Europe and Africa. The attack, which occurred on July 25, was reported to have been contained by Orange's cybersecurity team in collaboration with Orange Cyberdefense. There is currently no evidence to suggest that any customer or Orange data has been stolen during the attack, but the incident highlights the growing threat of cyberattacks in the region and the need for robust cybersecurity measures and international cooperation.

Published: Tue Jul 29 16:34:08 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

FBI Issues Joint Advisory on Emerging Threat: Scattered Spider Malware


The FBI has issued a warning about an emerging threat known as Scattered Spider malware, which has been observed using advanced social engineering tactics to gain unauthorized access to organizations' networks. To mitigate this threat, organizations are advised to maintain offline backups of sensitive data and store them separately from source systems, turn on and enforce phishing-resistant multifactor authentication (MFA), and implement application controls to manage software execution. The recent arrests of at least seven Scattered Spider members have led some experts to believe that the group's activities may be slowing down, but other threat actors are already employing similar tactics, making it crucial for organizations not to let their guard down entirely.

Published: Tue Jul 29 16:26:40 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Hacking a Haven: The Exploitation of Tea, A Women's Dating Safety App

Tea, a popular women-only dating safety app, has been hacked, exposing thousands of users' personal data, including images, posts, and comments. The breach occurred in July 2025 and affected around 72,000 images and 1.1 million user messages. Tea is working to strengthen its security measures and prevent similar breaches in the future.

Published: Tue Jul 29 15:03:10 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Widespread Phishing Campaign Targeting PyPI Users: A Cautionary Tale of Social Engineering

PyPI users are being targeted by an ongoing phishing campaign that's designed to redirect them to fake sites and harvest their credentials. Learn more about this sophisticated attack and how you can protect yourself.

Published: Tue Jul 29 14:49:29 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Critical Flaw in AI-Powered Vibe Coding Platform Base44 Allows Unauthorized Access to Private Applications


A critical security flaw has been discovered in Base44, a popular AI-powered vibe coding platform, which could allow unauthorized access to private applications built using the platform. The vulnerability was responsibly disclosed on July 9, 2025, and patched within 24 hours. This discovery underscores the importance of robust security measures when using AI tools in enterprise environments.

Published: Tue Jul 29 14:42:14 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Hacking the Fabric: How Hackers Exploited a SAP NetWeaver Vulnerability to Deploy the Auto-Color Linux Malware


Hackers have successfully exploited a critical SAP NetWeaver vulnerability to deploy the highly advanced Auto-Color Linux malware. This malicious software has demonstrated an uncanny ability to evade detection and persist on compromised machines, highlighting the need for organizations to prioritize security updates and patch management.

Published: Tue Jul 29 14:25:08 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Aeroflot's Cybercalamity: A Glimpse into the Devastating Consequences of a High-Profile Breach


Russian airline Aeroflot grounds dozens of flights after suffering a devastating cyberattack that exposed sensitive information and brought its operations to a grinding halt. The attack, attributed to Ukrainian and Belarusian hacktivist collectives, resulted in the cancellation of over 60 flights and severe delays on numerous others. In this article, we will delve into the details of the Aeroflot cyberattack, exploring the implications of the breach and the actions being taken by the airline to mitigate its effects.

Published: Tue Jul 29 14:17:26 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Cyberattacked Capital: Minnesota Activates National Guard to Counter St. Paul Hack

Minnesota Governor Tim Walz has activated the National Guard in response to a crippling cyberattack that struck St. Paul on Friday, leaving some services unavailable and prompting concerns about the city's cybersecurity. The attack is believed to have originated from an external source, with officials working closely with state and federal partners to address the issue.

Published: Tue Jul 29 14:10:07 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cisco ISE and PaperCut NG/MF Vulnerabilities: A Growing Threat Landscape



Cisco Identity Services Engine (ISE) and PaperCut NG/MF vulnerabilities have been added to the Known Exploited Vulnerabilities (KEV) catalog, highlighting the growing threat landscape in cybersecurity. These critical flaws allow unauthenticated remote attackers to execute code as root on affected systems, emphasizing the importance of keeping software up-to-date and patched. Organizations must review the KEV catalog and address these vulnerabilities to protect their networks against attacks exploiting the flaws in the catalog.

Published: Tue Jul 29 11:47:59 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Seychelles Commercial Bank's Cybersecurity Incident: A Breach of Trust in the Financial Hub


Seychelles Commercial Bank's cybersecurity incident highlights the importance of robust security measures for financial institutions. The breach has raised concerns about the potential implications for national security and has sparked a debate about the need for enhanced security measures at banks like SCB. Read more to find out how this incident is being investigated and what steps are being taken to prevent similar breaches in the future.

Published: Tue Jul 29 11:37:52 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Devastating Cyberattack on Russian Airline Aeroflot: The Silent Crow and Belarusian Cyber-Partisans' Daring Strike


Pro-Ukraine hacktivists, claiming to be members of the group Silent Crow, have carried out a devastating cyberattack on Russia's state-owned airline, Aeroflot. The attack, which was carried out in collaboration with the Belarusian Cyber-Partisans, crippled the airline's IT systems and caused the cancellation of over 100 flights. With the theft of sensitive information and destruction of Aeroflot's IT infrastructure, this cyberattack marks a significant escalation in Russia's critical infrastructure vulnerabilities.

Published: Tue Jul 29 11:31:30 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Evolving Landscape of JavaScript Security: A Threat Landscape Unveiled

JavaScript security has reached a critical juncture, with attackers evolving their tactics to exploit everything from prototype pollution to AI-generated code. A new guide provides comprehensive analysis and practical defenses for modern JavaScript injection attacks.

Published: Tue Jul 29 11:23:23 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cybercriminals Are Using Fake Apps to Steal Personal Data Across Asia's Mobile Networks

Cybercriminals are using fake apps to steal personal data across Asia's mobile networks, targeting Android and iOS platforms with malicious dating, social networking, cloud storage, and car service apps. The SarangTrap campaign involves over 250 malicious Android applications and more than 80 malicious domains, disguising them as legitimate dating and social media applications to trick users into installing the apps.

Published: Tue Jul 29 11:15:39 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Browser: The New Cyber Battleground


The browser has become the new battleground in the fight against cybercrime, with phishing and social engineering campaigns posing a significant threat to organizations. Learn more about how attackers are exploiting vulnerabilities in the browser to compromise identities and what security teams can do to stay ahead of these threats.

Published: Tue Jul 29 11:07:28 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Emergence of Chaos RaaS: A New Threat Actor in the Ransomware Landscape


A new threat actor has emerged in the ransomware landscape, dubbed Chaos RaaS (Ransomware-as-a-Service). This group is believed to be comprised of former members of the BlackSuit crew and has been linked to similarities in tradecraft employed by the recently seized BlackSuit group. With its advanced evasion and anti-analysis techniques, Chaos RaaS demands $300,000 from U.S. victims in exchange for a decryptor and security recommendations. This new threat actor is just one example of the evolving ransomware landscape, with threats continuing to adapt and evolve as law enforcement efforts combat them.

Published: Tue Jul 29 10:56:59 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Rise of Circumvention Technologies: How the UK's Online Safety Act is Fuelling a Global Wave of Age Verification Laws


A new wave of age verification laws has sparked a surge in VPN downloads in the UK, mirroring trends observed in countries that have implemented similar regulations. As governments around the world seek to enforce content restrictions, digital rights advocates warn about the risks of limiting free expression online and creating new avenues for surveillance and censorship.

Published: Tue Jul 29 10:47:27 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Raspberry Pi RP2350 Microcontroller Update: A Step Forward for Retro Computing and Security

The Raspberry Pi team has released an update to their RP2350 microcontroller with bug fixes, hardening measures, and a GPIO tweak designed to delight retro computing enthusiasts. The new A4 stepping offers improved security features and increased voltage tolerance, making it more accessible for users in various domains.

Published: Tue Jul 29 10:25:17 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Phishing Attack Tactics: How Attackers are Evading Passkey-Based Authentication


Phishing Attack Tactics: How Attackers are Evading Passkey-Based Authentication

In recent times, attackers have been employing various tactics to evade the security measures put in place by organizations to protect their systems from phishing attacks. The threat posed by phishing attacks is exacerbated by the fact that many organizations have multiple possible entry points for their accounts. In this article, we will explore how attackers are using passkey-based authentication methods and what organizations can do to stay ahead of these threats.



Published: Tue Jul 29 10:15:37 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

FBI Uncovers $2.4 Million Bitcoin Heist from New Chaos Ransomware Operation


The Federal Bureau of Investigation (FBI) has made a significant breakthrough in its ongoing efforts to combat cybercrime, seizing approximately 20 Bitcoins worth over $2.3 million from a cryptocurrency address linked to the new Chaos ransomware operation. This latest development marks a substantial blow to the group's financial resources and highlights the importance of international cooperation in combating cybercrime.

Published: Tue Jul 29 10:04:03 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cybersecurity Alert: French Telecom Giant Orange Discovers Breached System on Its Network


French telecom giant Orange discloses cyberattack, citing potential data breach due to isolated system compromise; incident bears resemblance to worldwide breaches linked to China's Salt Typhoon group.



Published: Tue Jul 29 09:55:28 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Battle Against Cookie-Stealing Malware: Google's New Security Update to Protect Workspace Accounts


Google has announced a new security update aimed at preventing the theft of session cookies, which can be used by hackers to gain unauthorized access to users' accounts. The update, dubbed "Device Bound Session Credentials" (DBSC), is designed to protect Google Workspace accounts from token-stealing attacks. By binding session cookies to the user's device, DBSC makes it more difficult for hackers to exfiltrate cookies that keep users logged into their Workspace accounts.

Published: Tue Jul 29 09:47:03 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

U.S. CISA Adds Cisco ISE and PaperCut NG/MF Flaws to Known Exploited Vulnerabilities Catalog, Leaving Enterprise Networks Exposed

U.S. CISA has added three critical vulnerabilities in Cisco Identity Services Engine (ISE) and two in PaperCut NG/MF to its Know Exploited Vulnerabilities (KEV) catalog, leaving enterprise networks exposed to attacks exploiting these flaws.

Published: Tue Jul 29 01:38:51 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Apple's TCC Vulnerability: A Growing Concern for User Data Security


A recent discovery by Microsoft highlights a vulnerability in Apple’s Transparency, Consent, and Control (TCC) framework on macOS, allowing attackers to bypass protections that are designed to protect user data. This vulnerability could expose sensitive information from protected directories such as the Downloads folder or Photos folders, leading to serious security concerns for users of Apple devices.

Published: Tue Jul 29 01:31:43 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Hackers Expose Vulnerability in Open-Source Ecosystems: A Growing Concern for Cybersecurity

Hackers have published 10 malicious npm packages through Toptal's GitHub account, compromising millions of downloads and raising concerns over the security of open-source software. The attack highlights the ongoing trend of bad actors abusing trust in open-source communities to slip malware into developer workflows.

Published: Tue Jul 29 01:24:29 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cybersecurity Threat Landscape Shifts as China Continues to Utilize Sophisticated Malware Tactics

Recent vulnerability in PaperCut NG/MF print management software highlights the need for organizations to stay informed about the latest threats and take proactive measures to protect themselves against sophisticated cyber attacks.

Published: Tue Jul 29 01:16:08 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Great Cybersecurity Quagmire: Threat-Intel Overload and Security Talent Shortage

Threat-intel data feeds are overwhelming security teams worldwide, causing many to struggle with making sense of the information and leaving companies vulnerable to attacks. The shortage of skilled analysts is exacerbating this problem, with manufacturers facing particular challenges in terms of staying ahead of emerging threats.

Published: Tue Jul 29 01:08:25 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Microsoft Highlights Apple Bug Patched in March as SharePoint Exploits Continue to Plague Redmond

Microsoft has highlighted a previously unknown bug in macOS that was patched by Apple in March, which poses significant risks to user privacy. The vulnerability allows attackers to extract sensitive information cached by Apple Intelligence, including precise geolocation data and search history. As companies like Microsoft continue to struggle with their own security challenges, this incident serves as a reminder of the ongoing importance of robust cybersecurity practices and cooperation between industry players.

Published: Tue Jul 29 01:00:53 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

CISA Warnings: PaperCut RCE Bug Exploited in Attacks, Patching Urgently Advised


CISA flags PaperCut RCE bug as exploited in attacks, patch now. A high-severity vulnerability in the PaperCut NG/MF print management software has been identified by CISA. The vulnerability allows threat actors to gain remote code execution via a cross-site request forgery (CSRF) attack. Over 100 million users are affected by this widely used software. Organizations must prioritize patching this actively exploited security bug as soon as possible.

Published: Mon Jul 28 19:47:12 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cisco Identity Services Engine (ISE) Vulnerability Leaves Millions Exposed to Remote Code Execution Attacks


A critical remote code execution (RCE) vulnerability in Cisco's Identity Services Engine (ISE) software has left millions of systems exposed to attacks. The vulnerability, identified as CVE-2025-20281, allows attackers to execute arbitrary commands on the system with root privileges, effectively granting them complete control over the affected system. With no workarounds available yet, organizations must prioritize patching this vulnerability and implementing robust security controls to protect themselves from malicious actors.

Published: Mon Jul 28 19:35:47 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The UK's Online Age-Gate Apocalypse: How VPNs Are Becoming the Go-To Solution for Bypassing the Nation's Strict Digital Safety Rules

UK residents are finding ways to bypass the country's strict new digital safety rules by using VPNs, which could have significant implications for online freedoms and content availability.

Published: Mon Jul 28 19:27:13 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Privacy Nightmare of Tea: A Critical Examination of a Women-Focused Dating App


In a shocking turn of events, popular dating app Tea has been hacked, compromising sensitive user data and raising serious concerns about privacy, security, and digital literacy. As one of the top-grossing apps on Apple's App Store, Tea has a responsibility to its users to provide a secure platform that protects their personal data.

Published: Mon Jul 28 19:15:02 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Aeroflot's IT System Collapse: A Strategic Cyberattack or a Technological Failure?

Aeroflot's IT system collapse has raised concerns about the country's cybersecurity and the potential consequences of such an attack. Pro-Ukrainian hacker groups claim responsibility, citing a year-long operation aimed at destroying Aeroflot's network infrastructure.

Published: Mon Jul 28 15:50:30 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Cybersecurity Landscape Evolves: As Adversaries Shift Gears, Defenders Must Adapt


The cybersecurity landscape has undergone significant changes in recent months, with adversaries adopting more sophisticated tactics and defenders being forced to adapt. In this article, we explore the evolving threat environment, including the emergence of North Korean-backed malware campaigns, state-sponsored spyware attacks, and AI-powered security threats. We discuss the importance of defensive measures, holistic approaches to security, and proactive communication between organizations and governments in the face of these emerging threats.

Published: Mon Jul 28 11:31:47 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Majority of Allianz Life's Customers Affected by Cyberattack


The majority of Allianz Life's customers have been affected by a cyberattack, with the company offering 24 months' worth of identity protection services. The attack bears hallmarks of Scattered Spider, a group known for targeting cloud-based CRM systems.

Published: Mon Jul 28 11:22:02 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Alarming Reality of Exposed APIs: A Threat to Modern Applications

Experts warn that exposed APIs pose a significant threat to modern applications and underscore the urgent need for proactive measures to secure these interfaces. With Autoswagger’s free and open-source tool, developers can identify potential vulnerabilities in their APIs and take steps to mitigate them.

Published: Mon Jul 28 11:14:58 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Faltering Naval Security: France's Warship Builder Faces Cyber Attack

France's state-owned defense firm Naval Group is investigating a large-scale cyberattack after 1TB of allegedly stolen data was leaked on a hacking forum. The company has launched its own technical investigations in collaboration with external cybersecurity experts and French authorities to determine the origin of the leaked data.

Published: Mon Jul 28 11:03:44 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Escalation Nation: The Rise of UNC3944's Sophisticated VMware Attacks


A new cybercrime group, UNC3944, has emerged with a sophisticated attack vector that combines social engineering tactics with advanced technical expertise. Using stolen personal data to impersonate employees, the attackers have breached major corporations in North America, exploiting vulnerabilities in VMware ESXi hypervisors and deploying ransomware to exfiltrate sensitive data. With significant implications for organizations, it's essential to take immediate action to protect against this new threat.

Published: Mon Jul 28 08:55:01 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Critical Post SMTP Plugin Flaw Exposes 200K+ Sites to Full Takeover: A Security Breach of Epic Proportions


A critical vulnerability has been discovered in a popular WordPress plugin, exposing over 400,000 sites to full takeover. The Post SMTP plugin flaw allows Subscriber+ users to access sensitive information without proper privilege checks, leaving them vulnerable to exploitation. In light of this issue, site owners are urged to update their plugins immediately to ensure the security and integrity of their websites.

Published: Mon Jul 28 08:47:31 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

The Evolution of Email Security: A Modern Approach to Detection, Response, and Containment


Email security has been stuck in the antivirus era for far too long. The time has come for a shift in mindset from asking "Did the gateway block the bad thing?" to "How quickly can we see, contain, and undo the damage when an attacker inevitably gets in?"
The traditional approach of relying on Secure Email Gateways (SEGs) is no longer sufficient in today's complex threat landscape. A modern, EDR-like approach to email security is needed to detect, respond, and contain threats effectively.


Published: Mon Jul 28 08:41:31 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Aeroflot's IT Nightmare: A Year-Long Compromise Exposed

Aeroflot, Russia's largest airline, has been hit by a high-profile cyberattack that has left thousands of passengers facing flight cancellations and delays. The attack is attributed to hacktivists from Belarus-based groups, who claimed responsibility for the disruption. As Aeroflot works to restore normal operations, questions remain about the authenticity of the attackers' claims and the extent of the breach.

Published: Mon Jul 28 08:31:32 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

A Stealthy Cyberespionage Operation: The China-linked Group Fire Ant's Exploitation of VMware and F5 Flaws


In a major breach, a China-linked cyberespionage group called Fire Ant has been exploiting vulnerabilities in VMware and F5 software since early 2025. The attackers used layered attack chains to access restricted networks thought to be isolated, demonstrating a high degree of persistence and operational maneuverability. Read more about this new report from cybersecurity firm Sygnia on how Fire Ant's use of stealthy attack chains and sophisticated tooling highlights the ongoing efforts of cyber espionage groups in accessing secure systems.

Published: Mon Jul 28 05:20:43 2025 by llama3.2 3B Q4_K_M



Ethical Hacking News

Scattered Spider: The VMware-Targeting Ransomware Group Leaving a Trail of Destruction Across North America

Scattered Spider, a notorious ransomware group, has been targeting VMware ESXi hypervisors across North America, leaving a trail of destruction in its wake. With its highly effective social engineering tactics and campaign-driven approach, this group is pushing the cybersecurity landscape to its limits.

Published: Mon Jul 28 05:11:46 2025 by llama3.2 3B Q4_K_M





Sign up for our newsletter!








© Ethical Hacking News 2025. All rights reserved.

Privacy | Terms of Use | Contact Us