What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-02-07 16:31:00 | Microsoft Identifies 3,000+ Publicly Disclosed ASP.NET Machine Keys Vulnerable to Code Injection (lien direct) | Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers\' pathway.
The tech giant\'s threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET
Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers\' pathway. The tech giant\'s threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET |
Threat | ★★★ | |
|
2025-02-07 16:02:00 | India\\'s RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud (lien direct) | India\'s central bank, the Reserve Bank of India (RBI), said it\'s introducing an exclusive "bank.in" internet domain for banks in the country to combat digital financial fraud.
"This initiative aims to reduce cyber security threats and malicious activities like phishing; and, streamline secure financial services, thereby enhancing trust in digital banking and payment services," the RBI said in a
India\'s central bank, the Reserve Bank of India (RBI), said it\'s introducing an exclusive "bank.in" internet domain for banks in the country to combat digital financial fraud. "This initiative aims to reduce cyber security threats and malicious activities like phishing; and, streamline secure financial services, thereby enhancing trust in digital banking and payment services," the RBI said in a |
★★★ | ||
|
2025-02-07 10:49:00 | Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware (lien direct) | Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp\'s Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack.
The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a
Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp\'s Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a |
Ransomware Vulnerability Threat | ★★★ | |
|
2025-02-06 20:04:00 | Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (lien direct) | Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT.
The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China.
"This actor has increasingly targeted key roles
Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT. The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China. "This actor has increasingly targeted key roles |
Malware Threat | ★★★ | |
|
2025-02-06 19:33:00 | Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023 (lien direct) | Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023.
The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%.
"The number of ransomware events increased into H2, but on-chain payments declined,
Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023. The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%. "The number of ransomware events increased into H2, but on-chain payments declined, |
Ransomware | ★★ | |
|
2025-02-06 17:02:00 | SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images (lien direct) | A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple\'s and Google\'s respective app stores to steal victims\' mnemonic phrases associated with cryptocurrency wallets.
The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server,
A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple\'s and Google\'s respective app stores to steal victims\' mnemonic phrases associated with cryptocurrency wallets. The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server, |
Malware | ★★★ | |
|
2025-02-06 16:50:00 | The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025 (lien direct) | Privileged Access Management (PAM) has emerged as a cornerstone of modern cybersecurity strategies, shifting from a technical necessity to a critical pillar in leadership agendas. With the PAM market projected to reach $42.96 billion by 2037 (according to Research Nester), organizations invest heavily in PAM solutions.
Why is PAM climbing the ranks of leadership priorities? While Gartner
Privileged Access Management (PAM) has emerged as a cornerstone of modern cybersecurity strategies, shifting from a technical necessity to a critical pillar in leadership agendas. With the PAM market projected to reach $42.96 billion by 2037 (according to Research Nester), organizations invest heavily in PAM solutions. Why is PAM climbing the ranks of leadership priorities? While Gartner |
Technical | ★★★ | |
|
2025-02-06 16:35:00 | North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials (lien direct) | The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC).
The attacks commence with phishing emails containing a Windows shortcut (LNK) file that\'s disguised as a Microsoft Office or PDF document.
The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC). The attacks commence with phishing emails containing a Windows shortcut (LNK) file that\'s disguised as a Microsoft Office or PDF document. |
Malware | ★★★ | |
|
2025-02-06 16:30:00 | Top 3 Ransomware Threats Active in 2025 (lien direct) | You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything."
And the worst part is that even after paying, there\'s no guarantee you\'ll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get
You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything." And the worst part is that even after paying, there\'s no guarantee you\'ll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get |
Ransomware | ★★★ | |
|
2025-02-06 13:10:00 | Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (lien direct) | Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices.
The vulnerabilities are listed below -
CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote
Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote |
Vulnerability | ★★★ | |
|
2025-02-05 20:25:00 | Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign (lien direct) | The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems.
According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of
The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems. According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of |
Malware | APT 38 | ★★★ |
|
2025-02-05 18:33:00 | Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts (lien direct) | Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments.
Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks.
"Originally sourced from public
Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments. Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks. "Originally sourced from public |
Tool | ★★★ | |
|
2025-02-05 18:16:00 | Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks (lien direct) | A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan.
"This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector," Seqrite Labs researcher Subhajeet Singha said in a technical report
A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan. "This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector," Seqrite Labs researcher Subhajeet Singha said in a technical report |
Threat Technical | ★★★ | |
|
2025-02-05 17:46:00 | New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack (lien direct) | Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems.
The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0.
"A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code
Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0. "A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code |
Vulnerability | ★★★ | |
|
2025-02-05 16:30:00 | Navigating the Future: Key IT Vulnerability Management Trends (lien direct) | As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws.
Staying informed on these trends can help MSPs and IT teams
As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws. Staying informed on these trends can help MSPs and IT teams |
Vulnerability | ★★★ | |
|
2025-02-05 15:10:00 | AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks (lien direct) | A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels.
"AsyncRAT is a remote access trojan (RAT) that exploits the async/await pattern for efficient, asynchronous communication," Forcepoint X-Labs researcher Jyotika Singh said in an analysis.
"It allows attackers to control infected systems
A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels. "AsyncRAT is a remote access trojan (RAT) that exploits the async/await pattern for efficient, asynchronous communication," Forcepoint X-Labs researcher Jyotika Singh said in an analysis. "It allows attackers to control infected systems |
Malware | ★★ | |
|
2025-02-05 10:35:00 | CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25 (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The list of vulnerabilities is as follows -
CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized |
Vulnerability | ★★★ | |
|
2025-02-04 19:46:00 | Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access (lien direct) | Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems.
The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) was published to
Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) was published to |
★★★ | ||
|
2025-02-04 17:58:00 | Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections (lien direct) | A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware.
The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09.
"The vulnerability was
A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09. "The vulnerability was |
Malware Tool Vulnerability | ★★★ | |
|
2025-02-04 17:41:00 | North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (lien direct) | The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process.
"Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update some required piece of software such as VCam or
The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process. "Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update some required piece of software such as VCam or |
Malware Threat | ★★★ | |
|
2025-02-04 16:30:00 | Watch Out For These 8 Cloud Security Shifts in 2025 (lien direct) | As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud.
But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let\'s take a
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let\'s take a |
Prediction Cloud | ★★★ | |
|
2025-02-04 15:02:00 | Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks (lien direct) | Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek\'s Artificial Intelligence (AI) platform, citing security risks.
"Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security," according to a statement released by Taiwan\'s Ministry of Digital Affairs, per Radio Free Asia.
"DeepSeek
Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek\'s Artificial Intelligence (AI) platform, citing security risks. "Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security," according to a statement released by Taiwan\'s Ministry of Digital Affairs, per Radio Free Asia. "DeepSeek |
★★★ | ||
|
2025-02-04 14:28:00 | AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access (lien direct) | A security vulnerability has been disclosed in AMD\'s Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions.
The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity.
"Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local
A security vulnerability has been disclosed in AMD\'s Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions. The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity. "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local |
Vulnerability | ★★★ | |
|
2025-02-04 10:38:00 | Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (lien direct) | Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions.
The flaws are listed below -
CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability
CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service |
Vulnerability | ★★★ | |
|
2025-02-04 10:21:00 | Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (lien direct) | Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild.
The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver.
Successful exploitation of the flaw could lead
Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver. Successful exploitation of the flaw could lead |
Vulnerability Mobile | ★★★ | |
|
2025-02-04 09:59:00 | Microsoft SharePoint Connector Flaw Could\\'ve Enabled Credential Theft Across Power Platform (lien direct) | Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user\'s credentials and stage follow-on attacks.
This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf
Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user\'s credentials and stage follow-on attacks. This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf |
Vulnerability Threat | ★★★ | |
|
2025-02-03 19:27:00 | 768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023 (lien direct) | As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year.
Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before
As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before |
Vulnerability Threat | ★★★ | |
|
2025-02-03 18:00:00 | PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages (lien direct) | The maintainers of the Python Package Index (PyPI) registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security.
"Maintainers can now archive a project to let users know that the project is not expected to receive any more updates," Facundo Tuesca, senior engineer at Trail of Bits, said.
In doing so, the idea is to
The maintainers of the Python Package Index (PyPI) registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security. "Maintainers can now archive a project to let users know that the project is not expected to receive any more updates," Facundo Tuesca, senior engineer at Trail of Bits, said. In doing so, the idea is to |
★★★ | ||
|
2025-02-03 17:29:00 | [27 February] (lien direct) | This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices to stopping sneaky tricks online, simple steps are making a big difference.
Let\'s take a
This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices to stopping sneaky tricks online, simple steps are making a big difference. Let\'s take a |
Tool Legislation | ★★★ | |
|
2025-02-03 17:09:00 | Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions (lien direct) | Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote.
"Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials," Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published last week.
The
Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote. "Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials," Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published last week. The |
Malware | ★★★ | |
|
2025-02-03 16:30:00 | What Is Attack Surface Management? (lien direct) | Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what\'s exposed and where attackers are most likely to strike.
With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker\'s perspective has never been more important.
In this
Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what\'s exposed and where attackers are most likely to strike. With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker\'s perspective has never been more important. In this |
Cloud | ★★★ | |
|
2025-02-03 11:00:00 | Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware (lien direct) | A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer (aka AMOS), and Angel Drainer.
"Specializing in identity fraud, cryptocurrency theft, and information-stealing malware, Crazy Evil employs a
A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer (aka AMOS), and Angel Drainer. "Specializing in identity fraud, cryptocurrency theft, and information-stealing malware, Crazy Evil employs a |
Malware | ★★★ | |
|
2025-02-01 13:44:00 | U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network (lien direct) | U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan.
The action, which took place on January 29, 2025, has been codenamed Operation Heart Blocker.
The vast array of sites in question peddled phishing toolkits and fraud-enabling tools and
U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan. The action, which took place on January 29, 2025, has been codenamed Operation Heart Blocker. The vast array of sites in question peddled phishing toolkits and fraud-enabling tools and |
Tool Legislation | ★★★ | |
|
2025-02-01 12:10:00 | BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key (lien direct) | BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company\'s Remote Support SaaS instances by making use of a compromised API key.
The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged
BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company\'s Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged |
Vulnerability Threat Cloud | ★★★ | |
|
2025-02-01 10:59:00 | Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists (lien direct) | Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members.
The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024.
In a statement to The Guardian, the encrypted messaging app said it has reached
Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members. The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024. In a statement to The Guardian, the encrypted messaging app said it has reached |
★★ | ||
|
2025-02-01 08:52:00 | Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts (lien direct) | Cybersecurity researchers have discovered a malvertising campaign that\'s targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials.
"These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft\'s advertising platform," Jérôme Segura, senior
Cybersecurity researchers have discovered a malvertising campaign that\'s targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials. "These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft\'s advertising platform," Jérôme Segura, senior |
★★ | ||
|
2025-01-31 18:40:00 | CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors.
The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two other issues, was reported to CISA
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two other issues, was reported to CISA |
Vulnerability | ★★ | |
|
2025-01-31 16:45:00 | Top 5 AI-Powered Social Engineering Attacks (lien direct) | Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There\'s no brute-force \'spray and pray\' password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems.
Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There\'s no brute-force \'spray and pray\' password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems. |
Vulnerability | ★★★ | |
|
2025-01-31 16:34:00 | Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns (lien direct) | Italy\'s data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek\'s service within the country, citing a lack of information on its use of users\' personal data.
The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data.
In particular, it wanted
Italy\'s data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek\'s service within the country, citing a lack of information on its use of users\' personal data. The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data. In particular, it wanted |
★★★ | ||
|
2025-01-31 16:15:00 | Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (lien direct) | Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps.
The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period by working with
Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps. The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period by working with |
Mobile | ★★★ | |
|
2025-01-31 11:19:00 | Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft (lien direct) | Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information.
The list of identified flaws, which impact versions 8.x of the software, is below -
CVE-2025-22218 (CVSS score: 8.5) - A malicious actor with View Only Admin
Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information. The list of identified flaws, which impact versions 8.x of the software, is below - CVE-2025-22218 (CVSS score: 8.5) - A malicious actor with View Only Admin |
Threat | ★★★ | |
|
2025-01-30 21:55:00 | Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations (lien direct) | Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations.
"Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities," Google Threat
Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations. "Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities," Google Threat |
Threat | ★★★★ | |
|
2025-01-30 18:45:00 | Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown (lien direct) | An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP.
The effort has targeted the following domains -
www.cracked.io
www.nulled.to
www.mysellix.io
www.sellix.io
www.starkrdp.io
Visitors to these websites are now greeted by a seizure banner that says they were confiscated
An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP. The effort has targeted the following domains - www.cracked.io www.nulled.to www.mysellix.io www.sellix.io www.starkrdp.io Visitors to these websites are now greeted by a seizure banner that says they were confiscated |
Legislation | ★★★ | |
|
2025-01-30 18:03:00 | Lightning AI Studio Vulnerability Allowed RCE via Hidden URL Parameter (lien direct) | Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could allow for remote code execution.
The vulnerability, rated a CVSS score of 9.4, enables "attackers to potentially execute arbitrary commands with root privileges" by exploiting a hidden URL parameter, application security firm Noma said in a
Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could allow for remote code execution. The vulnerability, rated a CVSS score of 9.4, enables "attackers to potentially execute arbitrary commands with root privileges" by exploiting a hidden URL parameter, application security firm Noma said in a |
Vulnerability | ★★★ | |
|
2025-01-30 16:00:00 | SOC Analysts - Reimagining Their Role Using AI (lien direct) | The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts (and sometimes IT teams who are doubling as SecOps) must try and triage thousands of security alerts-often false positives-just to identify a handful of real threats. This relentless, 24/7 work leads to alert fatigue, desensitization, and increased risk of missing critical security incidents.
The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts (and sometimes IT teams who are doubling as SecOps) must try and triage thousands of security alerts-often false positives-just to identify a handful of real threats. This relentless, 24/7 work leads to alert fatigue, desensitization, and increased risk of missing critical security incidents. |
★★★ | ||
|
2025-01-30 15:39:00 | DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked (lien direct) | Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data.
The ClickHouse database "allows full control over database operations, including the ability to access internal data," Wiz security researcher Gal
Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data. The ClickHouse database "allows full control over database operations, including the ability to access internal data," Wiz security researcher Gal |
★★★ | ||
|
2025-01-30 12:51:00 | Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits (lien direct) | Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances.
"When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week.
The
Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. "When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week. The |
★★★ | ||
|
2025-01-30 12:11:00 | New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (lien direct) | A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks.
The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor
A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks. The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor |
Vulnerability Threat | ★★★ | |
|
2025-01-29 22:26:00 | Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks (lien direct) | The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns.
"Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API," SecurityScorecard\'s
The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API," SecurityScorecard\'s |
Threat | APT 38 | ★★★ |
|
2025-01-29 17:16:00 | AI in Cybersecurity: What\\'s Effective and What\\'s Not – Insights from 200 Experts (lien direct) | Curious about the buzz around AI in cybersecurity? Wonder if it\'s just a shiny new toy in the tech world or a serious game changer? Let\'s unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity.
Join Ravid Circus, a seasoned pro in cybersecurity and AI, as we peel back the layers of AI in cybersecurity through a revealing
Curious about the buzz around AI in cybersecurity? Wonder if it\'s just a shiny new toy in the tech world or a serious game changer? Let\'s unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity. Join Ravid Circus, a seasoned pro in cybersecurity and AI, as we peel back the layers of AI in cybersecurity through a revealing |
★★★ |
To see everything:
Our RSS (filtrered)
