Today's cybersecurity headlines are brought to you by ThreatPerspective
| Follow @EthHackingNews |
| Follow @EthHackingNews |
Prompt injections are the Achilles' heel of AI assistants. Google offers a potential fix. In the AI world, a vulnerability called a "prompt injection" has haunted developers since chatbots went mainstream in 202
Published: 2025-04-16T11:15:44
Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours The time from vulnerability disclosure to proof-of-concept (PoC) exploit code can now be as short as a few hours, thanks to generative AI models.
Published: 2025-04-21T20:31:26
Copilot vibe coding for OS development? Why not Canny Windows users who've spotted a mysterious folder on hard drives after applying last week's security patches for the operating system can rest assured it's perfectly benign. In fact, it's recomme
Published: 2025-04-14T23:16:07
Attackers are sending phishing emails that appear to be from no-reply@google.com, presented as an urgent subpoena alert about law enforcement seeking information from the target's Google Account. Bleeping Computer reports that the scam utilizes G
Published: 2025-04-21T10:28:13
The government will continue funding the Common Vulnerabilities and Exposures (CVE) program. In a statement to The Verge, US Cybersecurity and Infrastructure Agency (CISA) spokesperson Jared Auchey said it executed the option period on the contract to ensure there will be no lapse in critical CVE services last night. On Tuesday, MITRE, the government-funded organization […] 
The government will continue funding the Common Vulnerabilities and Exposures (CVE) program. In a statement to The Verge, US Cybersecurity and Infrastructure Agency (CISA) spokesperson Jared Auchey said it “executed the option period on the contrac...
Published: 2025-04-16T11:12:40
Funding is about to run out for the Common Vulnerabilities and Exposures (CVE) program a system used by major companies like Microsoft, Google, Apple, Intel, and AMD to identify and track publicly disclosed cybersecurity vulnerabilities. The program helps engineers identify how bad an exploit is and how to prioritize applying patches or other mitigations. […] 
Funding is about to run out for the Common Vulnerabilities and Exposures (CVE) program a system used by major companies like Microsoft, Google, Apple, Intel, and AMD to identify and track publicly disclosed cybersecurity vulnerabilities. The prog...
Published: 2025-04-15T16:41:52
4chan appears to be down following a major hack that reportedly exposed its source code. A user on a competing messaging board claimed responsibility for the attack on Monday night and claimed to have reopened the site's /qa/ board. 4chan is, obviously, also notorious for trying to trick outsiders about things happening on the site, […] 
4chan appears to be down following a major hack that reportedly exposed its source code. A user on a competing messaging board claimed responsibility for the attack on Monday night and claimed to have reopened the site’s /qa/ board. 4chan is, obvio...
Published: 2025-04-15T11:45:15
Android is launching a new security feature that will force devices to reboot themselves if you haven’t unlocked them for a while, making it harder for other people to access the data inside. The feature included in the latest Google Play services update says that Android phones will automatically restart if locked for 3 consecutive […] 
Android is launching a new security feature that will force devices to reboot themselves if you haven’t unlocked them for a while, making it harder for other people to access the data inside. The feature included in the latest Google Play ser...
Published: 2025-04-15T07:43:17
Car rental giant Hertz is alerting customers that personal information including credit card details and Social Security numbers may have been stolen in a data breach that impacted one of the firm’s vendors. In a notice posted to its website, Hertz says that company data was acquired by an unauthorized third-party during a cyberattack exploiting […] 
Car rental giant Hertz is alerting customers that personal information including credit card details and Social Security numbers may have been stolen in a data breach that impacted one of the firm’s vendors. In a notice posted to its website,...
Published: 2025-04-15T05:58:37
The recommended Ripple cryptocurrency NPM JavaScript library named "xrpl.js" was compromised to steal XRP wallet seeds and private keys and transfer them to an attacker-controlled server, allowing threat actors to steal all the funds stored in the w
Published: 2025-04-22T12:45:04
In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google's systems, passing all verifications but pointing to a fraudulent page that collected logins. [...]
Published: 2025-04-20T13:31:13
ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia utilizing the tactic to breach networks. [...]
Published: 2025-04-20T10:14:24
Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID's "leaked credentials" detection app called MACE. [...]
Published: 2025-04-19T18:04:34
A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data. [...]
Published: 2025-04-19T11:17:28
Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. [...]
Published: 2025-04-19T10:05:15
The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. [...]
Published: 2025-04-18T13:44:40
by Anjeanette Damon, ProPublica, and Perla Trevizo, ProPublica and The Texas Tribune, and photography by Cengiz Yar, ProPublica
Published: 2025-04-16T06:00:00
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organizati... 
Published: 2025-04-16T03:59:18
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The Wh... 
Published: 2025-04-15T03:27:51
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operat... 
Published: 2025-04-10T15:31:58
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire R... 
Published: 2025-04-09T03:09:36
The bureau isn't being forthcoming when it comes to recently procured cyber tools.... 
Published: 2025-04-22T13:20:32
Retailer tight-lipped on details as digital hiccup disrupts customer orders UK high street mainstay Marks & Spencer told the London Stock Exchange this afternoon it has been managing a "cyber incident" for "the past few days."
Published: 2025-04-22T16:07:09
What used to be a serious issue mainly in Southeast Asia is now the world's problem Scam call centers are metastasizing worldwide "like a cancer," according to the United Nations, which warns the epidemic has reached a global inflection point as syndicates scale up and spread out.
Published: 2025-04-22T15:15:11
10 other certificates 'were mis-issued and have now been revoked' Certificate issuer SSL.com's domain validation system had an unfortunate bug that was exploited by miscreants to obtain, without authorization, digital certs for legit websites.
Published: 2025-04-22T02:23:39
Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours The time from vulnerability disclosure to proof-of-concept (PoC) exploit code can now be as short as a few hours, thanks to generative AI models.
Published: 2025-04-21T20:31:26
It's now hitting govt, enterprise targets On March 11 - Patch Tuesday - Microsoft rolled out its usual buffet of bug fixes. Just eight days later, miscreants had weaponized one of the vulnerabilities, using it against government and private sector targets in Poland and Romania.
Published: 2025-04-21T17:43:10
AI-spoofed Mark joins fellow billionaires as the voice of the street here's how it was probably done Video Crosswalk buttons in various US cities were hijacked over the past week or so to rather than robotically tell people it's safe to walk or wait instead emit the AI-spoofed voices of Jeff Bezos, Elon Musk, and Mark Zuckerberg.
Published: 2025-04-19T13:03:11
Using LLMs to pick programs, people, contracts to cut is bad enough but doing it with Musk's Grok? Yikes A group of 48 House Democrats is concerned that Elon Musk's cost-trimmers at DOGE are being careless in their use of AI to help figure out where to slash, creating security risks and giving the oligarch's artificial intelligence lab an inside track to train its models on government info.
Published: 2025-04-18T19:06:55
Some in the infosec world definitely want to see Big Red crucified CISA the US government's Cybersecurity and Infrastructure Security Agency has issued an alert for those who missed Oracle grudgingly admitting some customer data was stolen from the database giant's public cloud infrastructure.
Published: 2025-04-18T16:28:12
MITRE, EUVD, GCVE WTF? Comment The splintering of the global system for identifying and tracking security bugs in technology products has begun.
Published: 2025-04-18T09:54:07
Illegitimi non carborundum? Nice password, Mr Ex-CISA Chris Krebs, the former head of the US Cybersecurity and Infrastructure Security Agency (CISA) and a longtime Trump target, has resigned from SentinelOne following a recent executive order that targeted him and revoked the security clearances of everybody at the company.
Published: 2025-04-17T18:56:10
Truck-mounted demonstration weapon costs 10p a pop, says MOD British soldiers have successfully taken down drones with a radio-wave weapon.
Published: 2025-04-17T10:45:14
Ignored infosec rules, exfiltrated data then the mysterious login attempts from a Russian IP address began claim Democratic lawmakers are calling for an investigation after a tech staffer at the US National Labor Relations Board (NLRB) blew the whistle on the cost-trimming DOGE's activities at the employment watchdog which the staffer claims included being granted superuser status in contravention of standard operating procedures, exfiltrating data, and seemingly leaking credentials to someone with a Russian IP address.
Published: 2025-04-17T02:46:12
Microsoft rewards those who patch early with bricks hurled through its operating system Keeping with its rich history of updates that break Windows in unexpected ways, Microsoft has warned that two recent patches for Windows 11 24H2 are triggering blue screen crashes.
Published: 2025-04-16T21:16:10
Extraordinary rendition of data, or just dropped it out of a helicopter? CIA Director John Ratcliffe's smartphone has almost no trace left of the infamous Signalgate chat the one in which he and other top US national security officials discussed a secret upcoming military operation in a group Signal conversation a journalist was inadvertently added to.
Published: 2025-04-16T20:58:16
From noise to clarity: Why CISOs are shifting to adversarial exposure validation Partner content A vast majority of security teams are overwhelmed by the large number of security alerts and vulnerabilities.
Published: 2025-04-16T19:01:09
Uncertainty is the new certainty In an 11th-hour reprieve, the US government last night agreed to continue funding the globally used Common Vulnerabilities and Exposures (CVE) program.
Published: 2025-04-16T16:54:25
DPP Law is appealing against data watchdog's conclusions A law firm is appealing against a 60,000 fine from the UK's data watchdog after 32 GB of personal information was stolen from its systems.
Published: 2025-04-16T14:45:07
Vintage phishing varietal has improved with age Russia never stops using proven tactics, and its Cozy Bear, aka APT 29, cyber-spies are once again trying to lure European diplomats into downloading malware with a phony invitation to a lux event.
Published: 2025-04-16T12:29:09
It involves a number close to three or six depending on the pickle you're in Ransomware operators jack up their ransom demands by a factor of 2.8x if they detect a victim has cyber-insurance, a study highlighted by the Netherlands government has confirmed.
Published: 2025-04-16T06:25:12
Because vulnerability management has nothing to do with national security, right? Updated US government funding for the world's CVE program the centralized Common Vulnerabilities and Exposures database of product security flaws ends Wednesday.
Published: 2025-04-16T00:00:47
800K? Make that double, and we'll need a double, too, for the pain A Texas firm that provides backend IT and other services for American insurers has admitted twice as many people had their info stolen from it than previously disclosed.
Published: 2025-04-15T20:43:14
Source code, moderator info, IP addresses, more allegedly swiped and leaked Thousands of 4chan users reported outages Monday night amid rumors on social media that the edgy anonymous imageboard had been ransacked by an intruder, with someone on a rival forum claiming to have leaked its source code, moderator identities, and users' IP addresses.
Published: 2025-04-15T18:56:37
Beijing claims NSA went for gold in offensive cyber, got caught in the act China's state-run press has taken its turn in trying to highlight alleged foreign cyber offensives, accusing the US National Security Agency of targeting the 2025 Asian Winter Games.
Published: 2025-04-15T18:02:13
Login green-lit for lone staffer if he's trained, papered up, won't pull an Elez A federal judge has partly lifted an injunction against Elon Musk's Trump-blessed cost-trimming DOGE unit, allowing one staff member to access sensitive US Treasury payment systems. This access includes personally identifiable financial information tied to millions of Americans.
Published: 2025-04-15T17:41:38
Let the espionage and access resale campaigns begin (again) A cyberspy crew or individual with ties to China's Ministry of State Security has infected global organizations with a remote access trojan (RAT) that's "even better" than Cobalt Strike, using this stealthy backdoor to enable its espionage and access resale campaigns.
Published: 2025-04-15T14:00:15
Stopping users shooting themselves in the foot with last century's tech Microsoft has twisted the knife into ActiveX once again, setting Microsoft 365 to disable all controls without so much as a prompt.
Published: 2025-04-15T12:25:08
Car hire biz takes your privacy seriously, though Car hire giant Hertz has confirmed that customer information was stolen during the zero-day data raids on Cleo file transfer products last year.
Published: 2025-04-15T11:31:11
That would put America on the same level as China for espionage The European Commission is giving staffers visiting the US on official business burner laptops and phones to avoid espionage attempts, according to the Financial Times.
Published: 2025-04-15T07:36:11
Copilot vibe coding for OS development? Why not Canny Windows users who've spotted a mysterious folder on hard drives after applying last week's security patches for the operating system can rest assured it's perfectly benign. In fact, it's recommended you leave the directory there.
Published: 2025-04-14T23:16:07
IT admins, get ready to grumble CA/Browser Forum a central body of web browser makers, security certificate issuers, and friends has voted to cut the maximum lifespan of new SSL/TLS certs to just 47 days by March 15, 2029.
Published: 2025-04-14T21:31:31
What's the goal here, Homeland Insecurity or something? As drastic cuts to the US govt's Cybersecurity and Infrastructure Security Agency loom, Rep Eric Swalwell (D-CA), the ranking member of the House's cybersecurity subcommittee, has demanded that CISA brief the subcommittee "prior to any significant changes to CISA's workforce or organizational structure."
Published: 2025-04-14T18:56:06
UK holds onto oversight by a whisker, but it's utterly barefaced on the other side of the pond Opinion The UK government's attempts to worm into Apple's core end-to-end encryption were set back last week when the country's Home Office failed in its bid to keep them secret on national security grounds.
Published: 2025-04-14T09:26:13
Brit retailer says troubled breakup with tech platform of former US owner nearing conclusion Exclusive Two of the top team behind Asda's 1 billion ($1.31 billion) tech divorce from US retail giant Walmart which has seen a number of setbacks are departing the company.
Published: 2025-04-14T08:24:13
PLUS: Chinese robodogs include backdoor; OpenAI helps spammer; A Dutch data disaster; And more! Infosec In Brief Fortinet last week admitted that attackers have found new ways to exploit three flaws it thought it had fixed last year.
Published: 2025-04-14T05:35:53
PLUS: India's new electronics subsidies; Philippines unplugs a mobile carrier; Alibaba Cloud expands Asia In Brief Chinese officials admitted to directing cyberattacks on US infrastructure at a meeting with their American counterparts, according to The Wall Street Journal.
Published: 2025-04-14T03:30:22
Military units, government nerds appear to join the fray, with physical infra in sights Feature From triggering a water tank overflow in Texas to shutting down Russian state news services on Vladimir Putin's birthday, self-styled hacktivists have been making headlines.
Published: 2025-04-13T20:49:10
Hallucinated package names fuel 'slopsquatting' The rise of LLM-powered code generation tools is reshaping how developers write software - and introducing new risks to the software supply chain in the process.
Published: 2025-04-12T11:14:13
Redmond hopes you ve forgotten or got over why everyone hated it the first time After temporarily shelving its controversial Windows Recall feature amid a wave of backlash, Microsoft is back at it - now quietly slipping the screenshotting app into the Windows 11 Release Preview channel for Copilot+ PCs, signaling its near-readiness for general availability.
Published: 2025-04-11T23:13:44
Issues at the very top continue to worsen The UK government's latest annual data breach survey shows the number of ransomware attacks on the isles is on the increase and many techies are forced to constantly informally request company directors for defense spending because there's no security people on the board.
Published: 2025-04-11T08:33:14
Former policy boss claims Facebook cared little about national security as it chased the mighty Yuan Facebook's former director of global public policy told a Senate committee that Meta CEO Mark Zuckerberg was willing to do almost anything to get the social network into China - including, she alleged, offering up Americans' data.
Published: 2025-04-11T01:10:43
Props for the transparency though US sensor maker Sensata has told regulators that a ransomware attack caused an operational disruption, and that it's still working to fully restore affected systems.
Published: 2025-04-10T18:03:14
Scammers are already cashing in with fake invoices for import costs World War Fee As the trade war between America and China escalates, some infosec and policy experts fear Beijing will strike back in cyberspace.
Published: 2025-04-10T11:00:11
Officials teased more details to come later this year Following the 2024 takedown of several major malware operations under Operation Endgame, law enforcement has continued its crackdown into 2025, detaining five individuals linked to the Smokeloader botnet.
Published: 2025-04-10T08:35:14
TL;DR: Move along, still nothing to see here - an idea that leaves infosec pros aghast Oracle's letter to customers about an intrusion into part of its public cloud empire - while insisting Oracle Cloud Infrastructure was untouched - has sparked a mix of ridicule and outrage in the infosec community.
Published: 2025-04-10T06:17:06
Alleges cybersecurity agency was weaponized to suppress debunked theories Updated The Trump administration on Wednesday ordered a criminal investigation into alleged censorship conducted by the USA's Cybersecurity and Infrastructure Security Agency, aka CISA, plus revocation of any security clearances held by the agency's ex-head Chris Krebs and anyone else at SentinelOne, the cybersecurity company where he now works.
Published: 2025-04-10T01:35:26
Can't Redmond ask its whizz-bang Copilot AI to fix it? Updated Those keen to get their Microsoft PCs patched up as soon as possible have been getting an unpleasant shock when they try to get in using Windows Hello.
Published: 2025-04-09T21:53:06
It worked for in 2018 with Chris Krebs. Will it work again? Uncle Sam's Cybersecurity and Infrastructure Security Agency, aka CISA, has been "actively hiding information" about American telecommunications networks' weak security for years, according to Senator Ron Wyden.
Published: 2025-04-09T21:13:53
OCC mum on who broke into email, but Treasury fingered China in similar hack months ago A US banking regulator says sensitive financial oversight data was accessed by one or more system intruders for more than a year in what's been described as "a major information security incident."
Published: 2025-04-09T20:36:29
How Chocolate Factory hopes to double down on enterprise-sec Cloud Next Google will today reveal a new unified security platform that analysts think can help it battle Microsoft for a bigger chunk of the enterprise infosec market.
Published: 2025-04-09T12:00:16
Lawsuit claims sick cyber-voyeurism went undetected for years, using hundreds of PCs, due to lax infosec A now-former pharmacist at the University of Maryland Medical Center (UMMC) has been accused of compromising the US healthcare organization's IT systems to ogle female clinicians using webcams at their workplace and at their homes.
Published: 2025-04-09T02:34:04
Customs and Border Protection has broad authority to search travelers’ devices when they cross into the United States. Here’s what you can do to protect your digital life while at the US border.
Published: 2025-04-21T10:30:00
Plus: A US judge rules against police cell phone “tower dumps,” China names alleged NSA agents it says were involved in cyberattacks, and Customs and Border Protection reveals its social media spying tools.
Published: 2025-04-19T09:30:00
In a document published Thursday, ICE explained the functions that it expects Palantir to include in a prototype of a new program to give the agency “near real-time” data about people self-deporting.
Published: 2025-04-18T15:13:45
The New Jersey attorney general claims Discord’s features to keep children under 13 safe from sexual predators and harmful content are inadequate.
Published: 2025-04-17T15:00:00
Massive Blue is helping cops deploy AI-powered social media bots to talk to people they suspect are anything from violent sex criminals all the way to vaguely defined “protesters.”
Published: 2025-04-17T10:30:00
The CVE Program is the primary way software vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it.
Published: 2025-04-16T20:10:04
A lawsuit over the Trump administration’s infamous Houthi Signal group chat has revealed what steps departments took to preserve the messages and how little they actually saved.
Published: 2025-04-15T21:27:40
Though the exact details of the situation have not been confirmed, community infighting seems to have spilled out in a breach of the notorious image board.
Published: 2025-04-15T19:14:57
Microsoft held off on releasing the privacy-unfriendly feature after a swell of pushback last year. Now it’s trying again, with a few improvements that skeptics say still aren't enough.
Published: 2025-04-14T20:35:28
From crypto kingpins to sophisticated scammers, these are the lesser-known hacking groups that should be on your radar.
Published: 2025-04-14T10:00:00
Allegedly responsible for the theft of $1.5 billion in cryptocurrency from a single exchange, North Korea’s TraderTraitor is one of the most sophisticated cybercrime groups in the world.
Published: 2025-04-14T10:00:00
For the past decade, this group of FSB hackers including “traitor” Ukrainian intelligence officers has used a grinding barrage of intrusion campaigns to make life hell for their former countrymen and cybersecurity defenders.
Published: 2025-04-14T10:00:00
Millions of scam text messages are sent every month. The Chinese cybercriminals behind many of them are expanding their operations and quickly innovating.
Published: 2025-04-14T10:00:00
Despite their hacktivist front, CyberAv3ngers is a rare state-sponsored hacker group bent on putting industrial infrastructure at risk and has already caused global disruption.
Published: 2025-04-14T10:00:00
Though less well-known than groups like Volt Typhoon and Salt Typhoon, Brass Typhoon, or APT 41, is an infamous, longtime espionage actor that foreshadowed recent telecom hacks.
Published: 2025-04-14T10:00:00
After a series of setbacks, the notorious Black Basta ransomware gang went underground. Researchers are bracing for its probable return in a new form.
Published: 2025-04-14T10:00:00
An email sent by the Department of Homeland Security instructs people in the US on a temporary legal status to leave the country. But who the email actually applies to and who actually received it is far from clear.
Published: 2025-04-13T01:35:06
Plus: The Department of Homeland Security begins surveilling immigrants' social media, President Donald Trump targets former CISA director who refuted his claims of 2020 election fraud, and more.
Published: 2025-04-12T10:30:00
Some misconfigured AI chatbots are pushing people’s chats to the open web revealing sexual prompts and conversations that include descriptions of child sexual abuse.
Published: 2025-04-11T10:30:00
The Israeli spyware maker, still on the US Commerce Department’s “blacklist,” has hired a new lobbying firm with direct ties to the Trump administration, a WIRED investigation has found.
Published: 2025-04-09T18:19:55
Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that's based on Apache Airflow. "This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their access to the default Cloud Build service account, which
Published: 2025-04-22T19:36:00
As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for more than 70% of modern malware attacks. Keep Aware’s recent State of Browser Security report highlights major concerns security leaders face with employees using the web browser for most of their work.
Published: 2025-04-22T16:30:00
In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and redirect message recipients to fraudulent sites that harvest their credentials. "The first thing to note is that this is a valid, signed email it really was sent from no-reply@google.com," Nick Johnson
Published: 2025-04-22T16:20:00
Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it's also in the process of migrating the Entra ID signing service as well. The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and United States government clouds to
Published: 2025-04-22T13:08:00
The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025. "Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company," the Symantec Threat Hunter Team said in a new report
Published: 2025-04-22T09:59:00
Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC). "In some systems, initial access was gained through
Published: 2025-04-21T22:12:00
A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to
Published: 2025-04-21T20:43:00
The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture. The solution is more complex. For this article, we’ll focus on the device threat vector. The risk they pose is significant, which is why device
Published: 2025-04-21T16:55:00
Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps like a misconfigured pipeline, a trusted browser feature,
Published: 2025-04-21T15:40:00
Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week. "Net
Published: 2025-04-21T12:31:00
The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool
Published: 2025-04-20T10:28:00
Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - node-telegram-utils (132 downloads) node-telegram-bots-api (82 downloads) node-telegram-util (73 downloads) According to supply chain
Published: 2025-04-19T20:41:00
ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0. "An improper authentication control vulnerability exists in certain ASUS router firmware series,"
Published: 2025-04-19T14:22:00
Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim Khodjibaev, Chetan
Published: 2025-04-18T20:45:00
A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical write-up of the campaign. The
Published: 2025-04-18T17:33:00
Your employees didn’t mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal until it is. If this sounds familiar, you're not alone. Most security teams are already behind in detecting how AI tools are quietly reshaping their SaaS environments. And
Published: 2025-04-18T15:15:00
Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence," Cisco Talos researcher Joey Chen said in a Thursday analysis.
Published: 2025-04-18T12:40:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure
Published: 2025-04-18T09:59:00
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement
Published: 2025-04-17T20:52:00
Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater),
Published: 2025-04-17T17:02:00
Talking about AI: Definitions Artificial Intelligence (AI) AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing various technologies and methodologies, including Machine Learning (ML) and Deep Learning. Machine
Published: 2025-04-17T16:56:00
A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0. "The vulnerability allows an attacker with network access to an Erlang/OTP SSH server
Published: 2025-04-17T16:02:00
Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords? How blockchain works Blockchain is a secure way to maintain, encrypt, and exchange digital records of transactions.
Published: 2025-04-17T16:00:00
Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing a rogue installer from fraudulent websites that masquerade as legitimate software like Binance or
Published: 2025-04-17T14:27:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection
Published: 2025-04-17T11:14:00
Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-31200 (CVSS score: 7.5) - A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio
Published: 2025-04-17T09:03:00
Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered in a binary named "schtasks.exe," which enables an administrator to create, delete, query, change,
Published: 2025-04-16T21:48:00
Google on Wednesday revealed that it suspended over 39.2 million advertiser accounts in 2024, with a majority of them identified and blocked by its systems before it could serve harmful ads to users. In all, the tech giant said it stopped 5.1 billion bad ads, restricted 9.1 billion ads, and blocked or restricted ads on 1.3 billion pages last year. It also suspended over 5 million accounts for
Published: 2025-04-16T18:18:00
Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to spoofed Microsoft login pages. "Attackers weaponize Gamma, a relatively new AI-based presentation tool, to deliver a link to a fraudulent Microsoft SharePoint login portal," Abnormal Security researchers Callie Hinman Baron and Piotr Wojtyla
Published: 2025-04-16T17:14:00
Introduction Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these interconnected systems to launch attacks. By first infiltrating a third-party vendor with undetected
Published: 2025-04-16T16:56:00
Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. "The controller could open a reverse shell," Trend Micro researcher Fernando Merc's said in a technical report published earlier in
Published: 2025-04-16T16:07:00
Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and
Published: 2025-04-16T16:00:00
Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024. While using malware-laced apps to steal financial information is not a new phenomenon, the new findings from Russian antivirus vendor Doctor Web point to
Published: 2025-04-16T13:04:00
The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures (CVE) program will expire Wednesday, an unprecedented development that could shake up one of the foundational pillars of the global cybersecurity ecosystem. The 25-year-old CVE program is a valuable tool for vulnerability management, offering a de facto standard to
Published: 2025-04-16T10:36:00
The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. "Threat actors are increasingly using open source tools in their arsenals for cost-effectiveness and obfuscation to save money and, in this case, plausibly blend in with the pool of
Published: 2025-04-15T19:36:00
A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS score of 10.0, indicating maximum severity. It affects all versions of Roller up to and including 6.1.4.
Published: 2025-04-15T19:14:00
Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’ excessive permissions are a growing risk to organizations. LayerX today announced the release of the Enterprise Browser Extension Security Report 2025, This report is the first and only report to merge
Published: 2025-04-15T18:55:00
Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens. The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency eXchange Trading),
Published: 2025-04-15T18:50:00
The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as Slow Pisces, which is also known as Jade Sleet, PUKCHONG,
Published: 2025-04-15T14:40:00
A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks
Published: 2025-04-15T10:09:00
Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, nearly a year after it paused its efforts due to data protection concerns from Irish regulators. "This training will better support millions of people and businesses in Europe, by teaching our generative AI models to better
Published: 2025-04-15T09:40:00
Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. "The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients into clicking a malicious link," Morphisec Labs researcher Nadav Lorber said in a report shared with The
Published: 2025-04-14T21:39:00
Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online accounts. The technique has been codenamed precision-validating phishing by Cofense, which it said employs real-time email validation so that only a select set of high-value targets are served the fake login screens. "This tactic not
Published: 2025-04-14T18:54:00
Attackers aren’t waiting for patches anymore they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week’s events show a hard truth: it’s not enough to react after an attack. You have to assume that any system you trust today could fail tomorrow. In a world
Published: 2025-04-14T16:49:00
AI is changing cybersecurity faster than many defenders realize. Attackers are already using AI to automate reconnaissance, generate sophisticated phishing lures, and exploit vulnerabilities before security teams can react. Meanwhile, defenders are overwhelmed by massive amounts of data and alerts, struggling to process information quickly enough to identify real threats. AI offers a way to
Published: 2025-04-14T16:00:00
A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT. The activity, detected by SEQRITE in December 2024, targeted Indian entities under railway, oil and gas, and external affairs ministries, marking an expansion of the hacking crew's
Published: 2025-04-14T12:25:00
Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched. The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762. "A threat actor used a known
Published: 2025-04-11T23:25:00
The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday. Paper Werewolf, also known
Published: 2025-04-11T18:39:00
What are IABs? Initial Access Brokers (IABs) specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core expertise: exploiting vulnerabilities through methods like social engineering and brute-force attacks. By selling access, they significantly mitigate the
Published: 2025-04-11T16:00:00
Palo Alto Networks has revealed that it's observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat hunters warned of a surge in suspicious login scanning activity targeting its appliances. "Our teams are observing evidence of activity consistent with password-related attacks, such as brute-force login attempts, which does not indicate exploitation of a
Published: 2025-04-11T14:23:00
Abilene, Texas, shut down systems after a cyberattack caused server issues. IT staff and experts are investigating the security incident. Abilene, Texas, shut down systems after a cyberattack caused server issues. The incident occurred on April 18, 2025, emergency services remained operational, and no financial irregularities were found. “On April 18, 2025, City officials received […]
Published: 2025-04-22T08:45:14
Japan ’s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. Japan ’s Financial Services Agency (FSA) reported that the damage caused by unauthorized access to and transactions on internet trading services is increasing. “There has been a sharp increase in the number of cases of unauthorized […]
Published: 2025-04-22T08:06:04
Researchers spotted a new North Korea-linked group Kimsuky ‘s campaign, exploiting a patched Microsoft Remote Desktop Services flaw to gain initial access. While investigating a security breach, the AhnLab SEcurity intelligence Center (ASEC) researchers discovered a North Korea-linked group Kimsuky ‘s campaign, tracked as Larva-24005. Attackers exploited an RDP vulnerability to gain initial access to […]
Published: 2025-04-21T18:25:20
‘SuperCard X’ – a new MaaS – targets Androids via NFC relay attacks, enabling fraudulent POS and ATM transactions with stolen card data. Cleafy researchers discovered a new malware-as-a-service (MaaS) called SuperCard X targeting Android devices with NFC relay attacks for fraudulent cash-outs. Attackers promote the MaaS through Telegram channels, analysis shows SuperCard X builds […]
Published: 2025-04-21T09:24:17
Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. Check Point Research team reported that Russia-linked cyberespionage group APT29 (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) is behind a sophisticated phishing campaign targeting European diplomatic entities, using a new WINELOADER variant and a previously unknown malware called GRAPELOADER. “While the […]
Published: 2025-04-21T08:11:41
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft? BPFDoor’s Hidden Controller Used Against Asia, Middle East […]
Published: 2025-04-20T16:23:58
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers exploited SonicWall SMA appliances since January 2025 ASUS routers with AiCloud vulnerable to auth bypass exploit U.S. […]
Published: 2025-04-20T09:53:17
Threat actors are actively exploiting a remote code execution flaw in SonicWall Secure Mobile Access (SMA) appliances since January 2025. Arctic Wolf researchers warn that threat actors actively exploit a vulnerability, tracked as CVE-2021-20035 (CVSS score of 7.1), in SonicWall Secure Mobile Access (SMA) since at least January 2025. The vulnerability is an OS Command […]
Published: 2025-04-19T17:37:08
ASUS warns of an authentication bypass vulnerability in routers with AiCloud enabled that could allow unauthorized execution of functions on the device. ASUS warns of an authentication bypass vulnerability, tracked as CVE-2025-2492 (CVSS v4 score: 9.2), which impacts routers with AiCloud enabled. A remote attacker can trigger the flaw to perform unauthorized execution of functions on the […]
Published: 2025-04-18T19:26:02
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple products and Microsoft Windows NTLM vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions of the flaws: This week Apple released out of band […]
Published: 2025-04-18T11:19:58
A global assault on encryption and privacy has intensified, with governments pushing for law enforcement access to encrypted data and social media companies required to provide backdoors. As this struggle unfolds, experts warn about the erosion of individual freedoms and the creation of a surveillance state.
Published: Sat Apr 19 05:15:27 2025 by llama3.2 3B Q4_K_M
A prankster's dream hack has brought America's cities to a standstill as they're forced to listen to AI-generated voices of the rich and famous while crossing the street - all thanks to a vulnerability in Polara's pedestrian signal system that was conveniently left open by its manufacturer. Find out how this vulnerability was exploited to create an AI-spooked America, one intersection at a time.
Published: Sat Apr 19 08:47:27 2025 by llama3.2 3B Q4_K_M
Rogue npm packages have been discovered that mimic popular libraries but harbor malicious code. These packages can plant SSH backdoors on Linux systems, granting attackers persistent remote access. The discovery highlights the growing concern for Linux system security and serves as a stark reminder of the importance of vigilance in the cybersecurity landscape.
Published: Sat Apr 19 13:02:12 2025 by llama3.2 3B Q4_K_M
A new Android malware, dubbed 'SuperCard X', has emerged with remarkable technical sophistication, specifically designed to target NFC-enabled devices via relay attacks. By exploiting vulnerabilities in user behavior, this malicious entity can siphon sensitive payment card information, paving the way for point-of-sale and ATM transactions. With its evasive tactics and customizability, SuperCard X poses a significant threat to Android users worldwide.
Published: Sat Apr 19 16:27:09 2025 by llama3.2 3B Q4_K_M
A newly disclosed critical vulnerability in Erlang/OTP SSH allows unauthenticated attackers to remotely execute code on impacted devices, putting telecom, database, and high-availability systems at risk. Public exploits are now available for the CVE-2025-32433 bug, which was fixed in versions 25.3.2.10 and 26.2.4. With over 600,000 IP addresses running Erlang/OTP, threat actors will soon begin scanning for vulnerable systems, prompting experts to urge immediate patching of devices running the daemon.
Published: Sat Apr 19 16:49:51 2025 by llama3.2 3B Q4_K_M
Microsoft Entra lockouts have left Windows administrators reeling after a new security feature was introduced with a flawed implementation that triggered widespread false positives. The issue has already affected numerous organizations worldwide, with some reports suggesting that up to 1/3 of all accounts were impacted.
Published: Sat Apr 19 18:00:43 2025 by llama3.2 3B Q4_K_M
A new variant of WINELOADER malware has been linked to a phishing campaign targeting diplomatic entities across Europe, as part of an APT29 (Cozy Bear or Midnight Blizzard) attack. GRAPELOADER is a newly observed initial-stage tool used for fingerprinting, persistence, and payload delivery.
Published: Sun Apr 20 01:22:06 2025 by llama3.2 3B Q4_K_M
The start of a new year brings with it a wave of fresh security concerns, as several high-profile exploits and malware variants have emerged in January 2025. This article provides an overview of the key developments in the world of cyber threats and highlights the need for increased vigilance from consumers to protect themselves from emerging threats.
Published: Sun Apr 20 06:45:42 2025 by llama3.2 3B Q4_K_M
Discover the latest cybersecurity incidents and malware variants reported in the Security Affairs Malware Newsletter Round 42. Find out how attackers are using innovative techniques to evade detection and compromise devices running on various operating systems.
Published: Sun Apr 20 12:15:04 2025 by llama3.2 3B Q4_K_M
Phishers have abused Google OAuth to spoof Google's systems, using a technique called DKIM replay phishing attack to trick recipients into accessing legitimate-looking support portals that asked for Google account credentials. This attack has been similar to one targeting PayPal users in March and highlights the importance of vigilance in detecting phishing attempts.
Published: Mon Apr 21 09:36:24 2025 by llama3.2 3B Q4_K_M
State-sponsored hackers are embracing a new social engineering tactic called ClickFix, which involves creating fake websites that impersonate legitimate platforms. These attacks can lead to the installation of malware on devices, compromising sensitive information. In this article, we explore the rise of ClickFix and provide guidance on how individuals and organizations can protect themselves from these sophisticated threats.
Published: Mon Apr 21 09:45:21 2025 by llama3.2 3B Q4_K_M
Google phishers are using Google's own tools to create convincing phishing emails that can bypass traditional security checks. Learn more about this sophisticated scheme and how you can protect yourself from falling victim to these scams.
Published: Mon Apr 21 10:54:56 2025 by llama3.2 3B Q4_K_M
Pete Hegseth's use of Signal for sensitive information has raised serious concerns about the lack of accountability within the US government, particularly when it comes to its handling of classified information. The incident highlights the need for greater transparency and oversight to prevent similar breaches in the future.
Published: Mon Apr 21 11:03:18 2025 by llama3.2 3B Q4_K_M
The SuperCard X Android malware has emerged as a significant threat to contactless payments, enabling cybercriminals to conduct fraudulent cashouts through NFC relay attacks. This highly sophisticated malware-as-a-service (MaaS) platform combines social engineering tactics with malicious application installation and NFC data interception to achieve its objectives.
Published: Mon Apr 21 11:11:56 2025 by llama3.2 3B Q4_K_M
In a recent development, cybersecurity researchers have identified a new malicious campaign attributed to the state-sponsored threat actor known as Kimsuky. The campaign exploits the now-patched BlueKeep vulnerability in Microsoft Remote Desktop Services, gaining initial access into compromised systems through phishing emails and other vectors. This article delves deeper into the details of this threat, exploring its implications for cybersecurity professionals and offering insights into how to protect against similar attacks.
Published: Mon Apr 21 12:37:39 2025 by llama3.2 3B Q4_K_M
A recent incident involving a newly discovered vulnerability in Windows has highlighted the ongoing threat landscape in the world of cybersecurity, emphasizing the importance of staying vigilant in the face of new threats and having robust security measures in place to protect against sophisticated attacks.
Published: Mon Apr 21 14:09:18 2025 by llama3.2 3B Q4_K_M
A North Korea-linked group known as Kimsuky has been linked to a sophisticated attack campaign that exploited a patched Microsoft Remote Desktop Services flaw to gain unauthorized access to compromised systems. The group's use of multiple vectors in their attack campaign highlights their sophistication and persistence as a threat actor, and underscores the need for organizations to prioritize cybersecurity measures to mitigate these threats.
Published: Mon Apr 21 14:53:17 2025 by llama3.2 3B Q4_K_M
AI models have been demonstrated to generate exploit code at lightning-fast speeds, posing significant challenges for cybersecurity defenders as attackers harness the power of generative AI models to develop and deploy new threats. The implications are far-reaching, necessitating a fundamental shift in the way enterprises approach cybersecurity defense.
Published: Mon Apr 21 16:11:22 2025 by llama3.2 3B Q4_K_M
A critical flaw in SSL.com's domain validation system has been discovered by a researcher, enabling certificate mis-issuance for legitimate websites. The vulnerability was exploited by the researcher to obtain certificates for domains like aliyun.com, which could have led to man-in-the-middle attacks and phishing. SSL.com has since acknowledged the issue and taken steps to rectify it.
Published: Mon Apr 21 21:43:03 2025 by llama3.2 3B Q4_K_M
Lotus Panda, a China-linked cyber espionage group, has been linked to a series of attacks on government ministries, air traffic control organizations, telecoms operators, and construction companies in an unnamed Southeast Asian country. The attackers used custom-made tools, including loaders, credential stealers, and reverse SSH, to breach these targets.
Published: Mon Apr 21 23:53:01 2025 by llama3.2 3B Q4_K_M
Microsoft has taken significant steps to strengthen its cybersecurity protections following a major breach in 2023, known as Storm-0558. The company has moved the MSA signing service to Azure confidential VMs and announced plans to migrate the Entra ID signing service to the same platform. These measures come as part of Microsoft's Secure Future Initiative, which aims to mitigate attack vectors used by attackers in the breach. By using hardened identity SDKs, phishing-resistant MFA, and other security measures, Microsoft is committed to protecting its customers' sensitive data and preventing similar breaches in the future.
Published: Tue Apr 22 04:14:21 2025 by llama3.2 3B Q4_K_M
Japan's Financial Services Agency (FSA) has issued a warning about the growing threat of unauthorized trading via stolen credentials from fake security firms' sites. With hundreds of millions of yen in damages reported, the agency is urging users to prioritize their online security and take proactive steps to protect themselves from these types of attacks.
Published: Tue Apr 22 04:39:22 2025 by llama3.2 3B Q4_K_M
Abilene, Texas, takes systems offline following a sophisticated cyberattack that has brought its municipal services to a halt. The incident highlights the vulnerability of government agencies to cyber threats and underscores the need for robust cybersecurity protocols.
Published: Tue Apr 22 06:08:16 2025 by llama3.2 3B Q4_K_M
A new report from Keep Aware highlights the growing threat of employees' personal use of their browser to enterprise cybersecurity. With 70% of phishing campaigns impersonating Microsoft, OneDrive, or Office 365, and malware reassembly in the browser becoming a major concern, security teams must take action to protect their organizations. Learn more about the challenges of browser security and how to address them in this detailed report.
Published: Tue Apr 22 07:19:03 2025 by llama3.2 3B Q4_K_M
Phishers have developed an extremely sophisticated method of exploiting Google's infrastructure to send phishing emails that bypass traditional email security measures. This attack utilizes Google Sites as a lookalike page, making it challenging for victims to distinguish between legitimate and malicious messages.
Published: Tue Apr 22 07:30:32 2025 by llama3.2 3B Q4_K_M
The FBI has claimed that it lost records related to its purchasing of powerful hacking tools, sparking concerns about the agency's transparency and accountability. As a major player in investigating and preventing cybercrimes, the lack of information about its cyber capabilities and tools is concerning.
Published: Tue Apr 22 08:39:33 2025 by llama3.2 3B Q4_K_M
The vulnerability landscape has taken a hit in recent weeks, with several high-profile discoveries leaving experts scrambling to patch and protect against. A new vulnerability in Google Cloud Platform (GCP) that could enable an attacker to elevate their privileges in the Cloud Composer workflow orchestration service stands out as particularly concerning.
In this article, we will delve deeper into the details of ConfusedComposer, explore its potential impact, and discuss the broader implications for cloud security. We'll also examine other recent discoveries in the field, including vulnerabilities in Microsoft Azure, Microsoft Entra ID, and AWS EC2 instances.
Published: Tue Apr 22 10:08:07 2025 by llama3.2 3B Q4_K_M
The United Nations Office on Drugs and Crime has warned about the growing epidemic of scam call centers, which are metastasizing worldwide like a cancer, threatening global cybersecurity and human trafficking.
Published: Tue Apr 22 11:23:14 2025 by llama3.2 3B Q4_K_M
| Follow @EthHackingNews |