What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-02-18 20:39:00 | Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (lien direct) | The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems.
This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor\'s malicious payload into an external process, waitfor.exe,
The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems. This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor\'s malicious payload into an external process, waitfor.exe, |
Threat | ★★★ | |
|
2025-02-18 18:30:00 | New FrigidStealer Malware Targets macOS Users via Fake Browser Updates (lien direct) | Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer.
The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher).
TA2727 is a "threat actor that uses fake
Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer. The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher). TA2727 is a "threat actor that uses fake |
Malware Threat Mobile | ★★★ | |
|
2025-02-18 17:48:00 | Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication (lien direct) | Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices.
Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3.
"An Authentication Bypass Using an Alternate Path or
Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices. Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3. "An Authentication Bypass Using an Alternate Path or |
Vulnerability | ★★★ | |
|
2025-02-18 16:30:00 | Debunking the AI Hype: Inside Real Hacker Tactics (lien direct) | Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs\' Red Report 2025 which analyzed over one million malware samples, there\'s been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a
Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs\' Red Report 2025 which analyzed over one million malware samples, there\'s been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a |
Malware Threat | ★★★ | |
|
2025-02-18 15:22:00 | Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign (lien direct) | The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024.
The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug, which has been assessed to be a subset within the APT41
The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024. The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug, which has been assessed to be a subset within the APT41 |
Threat Prediction | APT 41 | ★★★ |
|
2025-02-18 12:34:00 | New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials (lien direct) | Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services.
"This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP\'s configuration and cause the MFP
Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services. "This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP\'s configuration and cause the MFP |
Vulnerability | ★★★ | |
|
2025-02-18 10:56:00 | Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers (lien direct) | Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar.
MageCart is the name given to a malware that\'s capable of stealing sensitive payment information from online shopping sites. The attacks are known to
Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that\'s capable of stealing sensitive payment information from online shopping sites. The attacks are known to |
Malware Threat | ★★ | |
|
2025-02-17 22:00:00 | Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (lien direct) | Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild.
"Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X.
"These enhanced features add to
Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X. "These enhanced features add to |
Malware Threat | ★★ | |
|
2025-02-17 17:06:00 | South Korea Suspends DeepSeek AI Downloads Over Privacy Violations (lien direct) | South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations.
Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The web service remains
South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations. Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The web service remains |
Mobile | ★★ | |
|
2025-02-17 16:30:00 | CISO\\'s Expert Guide To CTEM And Why It Matters (lien direct) | Cyber threats evolve-has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity.
This concise report makes a clear business case for why CTEM\'s comprehensive approach is the best overall strategy for shoring up a business\'s cyber defenses in the face of evolving attacks. It also
Cyber threats evolve-has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity. This concise report makes a clear business case for why CTEM\'s comprehensive approach is the best overall strategy for shoring up a business\'s cyber defenses in the face of evolving attacks. It also |
Threat | ★★★ | |
|
2025-02-17 14:49:00 | ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More (lien direct) | Welcome to this week\'s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights.
⚡ Threat of the Week
Russian Threat Actors Leverage Device Code Phishing to Hack
Welcome to this week\'s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights. ⚡ Threat of the Week Russian Threat Actors Leverage Device Code Phishing to Hack |
Hack Threat Cloud Technical | ★★ | |
|
2025-02-17 14:34:00 | New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations (lien direct) | Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications.
Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin.
"The malware is compiled in Golang and once executed it acts like a backdoor," security researcher Leandro Fróes said in an analysis
Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin. "The malware is compiled in Golang and once executed it acts like a backdoor," security researcher Leandro Fróes said in an analysis |
Malware Threat | ★★ | |
|
2025-02-15 15:56:00 | Android\\'s New Feature Blocks Fraudsters from Sideloading Apps During Calls (lien direct) | Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress.
Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority.
Users who attempt
Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority. Users who attempt |
Mobile | ★★ | |
|
2025-02-15 00:12:00 | New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (lien direct) | Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account.
"If executed at scale, this attack could be used to gain access to thousands of accounts," Datadog Security Labs researcher Seth Art said in a report
Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account. "If executed at scale, this attack could be used to gain access to thousands of accounts," Datadog Security Labs researcher Seth Art said in a report |
★★★ | ||
|
2025-02-14 23:58:00 | Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks (lien direct) | The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers.
The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that\'s associated with a profile named "
The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that\'s associated with a profile named " |
Malware Threat | APT 38 | ★★ |
|
2025-02-14 16:30:00 | AI-Powered Social Engineering: Ancillary Tools and Techniques (lien direct) | Social engineering is advancing fast, at the speed of generative AI. This is offering bad actors multiple new tools and techniques for researching, scoping, and exploiting organizations. In a recent communication, the FBI pointed out: \'As technology continues to evolve, so do cybercriminals\' tactics.\'
This article explores some of the impacts of this GenAI-fueled acceleration. And examines what
Social engineering is advancing fast, at the speed of generative AI. This is offering bad actors multiple new tools and techniques for researching, scoping, and exploiting organizations. In a recent communication, the FBI pointed out: \'As technology continues to evolve, so do cybercriminals\' tactics.\' This article explores some of the impacts of this GenAI-fueled acceleration. And examines what |
Tool | ★★★ | |
|
2025-02-14 15:57:00 | Microsoft: Russian-Linked Hackers Using \\'Device Code Phishing\\' to Hijack Accounts (lien direct) | Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024.
The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas
Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024. The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas |
Threat | ★★★ | |
|
2025-02-14 15:47:00 | RansomHub Becomes 2024\\'s Top Ransomware Group, Hitting 600+ Organizations Globally (lien direct) | The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network\'s domain controller as part of their post-compromise strategy.
"RansomHub has targeted over 600 organizations globally, spanning sectors
The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network\'s domain controller as part of their post-compromise strategy. "RansomHub has targeted over 600 organizations globally, spanning sectors |
Ransomware Threat | ★★★ | |
|
2025-02-14 10:33:00 | PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (lien direct) | Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7.
The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql.
"An
Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. "An |
Tool Vulnerability Threat | ★★★ | |
|
2025-02-13 20:43:00 | Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners (lien direct) | A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network (CDN) with an aim to steal credit card information and commit financial fraud.
"The attacker targets victims searching for documents on search engines, resulting in access to malicious PDF that contains a CAPTCHA image embedded with a phishing link, leading them to
A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network (CDN) with an aim to steal credit card information and commit financial fraud. "The attacker targets victims searching for documents on search engines, resulting in access to malicious PDF that contains a CAPTCHA image embedded with a phishing link, leading them to |
★★★ | ||
|
2025-02-13 19:56:00 | North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks (lien direct) | A nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors.
The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked under the names APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, TA427, and Velvet
A nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors. The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked under the names APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, TA427, and Velvet |
Threat | APT 43 | ★★★ |
|
2025-02-13 17:55:00 | Fast Deployments, Secure Code: Watch this Learn to Sync Dev and Sec Teams (lien direct) | Ever felt like your team is stuck in a constant battle? Developers rush to add new features, while security folks worry about vulnerabilities. What if you could bring both sides together without sacrificing one for the other?
We invite you to our upcoming webinar, "Opening the Fast Lane for Secure Deployments." This isn\'t another tech talk full of buzzwords-it\'s a down-to-earth session that
Ever felt like your team is stuck in a constant battle? Developers rush to add new features, while security folks worry about vulnerabilities. What if you could bring both sides together without sacrificing one for the other? We invite you to our upcoming webinar, "Opening the Fast Lane for Secure Deployments." This isn\'t another tech talk full of buzzwords-it\'s a down-to-earth session that |
Vulnerability | ★★★ | |
|
2025-02-13 17:28:00 | RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (lien direct) | An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting as a ransomware player in an individual capacity.
"During the attack in late 2024, the attacker deployed a distinct toolset that had
An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting as a ransomware player in an individual capacity. "During the attack in late 2024, the attacker deployed a distinct toolset that had |
Ransomware Tool Threat | ★★★ | |
|
2025-02-13 16:30:00 | AI and Security - A New Puzzle to Figure Out (lien direct) | AI is everywhere now, transforming how businesses operate and how users engage with apps, devices, and services. A lot of applications now have some Artificial Intelligence inside, whether supporting a chat interface, intelligently analyzing data or matching user preferences. No question AI benefits users, but it also brings new security challenges, especially Identity-related security
AI is everywhere now, transforming how businesses operate and how users engage with apps, devices, and services. A lot of applications now have some Artificial Intelligence inside, whether supporting a chat interface, intelligently analyzing data or matching user preferences. No question AI benefits users, but it also brings new security challenges, especially Identity-related security |
★★★ | ||
|
2025-02-13 15:09:00 | Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software (lien direct) | Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass.
The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box.
"An authentication bypass in the Palo Alto Networks PAN-OS software enables an
Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box. "An authentication bypass in the Palo Alto Networks PAN-OS software enables an |
Vulnerability Threat | ★★★ | |
|
2025-02-13 14:41:00 | FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (lien direct) | Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts.
The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university,
Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university, |
Malware Threat | ★★★ | |
|
2025-02-12 22:32:00 | Microsoft Uncovers Sandworm Subgroup\\'s Global Cyber Attacks Spanning 15+ Countries (lien direct) | A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe.
"This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations," the
A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe. "This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations," the |
APT 44 | ★★★ | |
|
2025-02-12 19:34:00 | Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability (lien direct) | Cybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container\'s isolation protections and gain complete access to the underlying host.
The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions -
NVIDIA Container Toolkit (All
Cybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container\'s isolation protections and gain complete access to the underlying host. The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions - NVIDIA Container Toolkit (All |
Vulnerability Threat | ★★★ | |
|
2025-02-12 16:50:00 | How to Steer AI Adoption: A CISO Guide (lien direct) | CISOs are finding themselves more involved in AI teams, often leading the cross-functional effort and AI strategy. But there aren\'t many resources to guide them on what their role should look like or what they should bring to these meetings.
We\'ve pulled together a framework for security leaders to help push AI teams and committees further in their AI adoption-providing them with the
CISOs are finding themselves more involved in AI teams, often leading the cross-functional effort and AI strategy. But there aren\'t many resources to guide them on what their role should look like or what they should bring to these meetings. We\'ve pulled together a framework for security leaders to help push AI teams and committees further in their AI adoption-providing them with the |
★★★ | ||
|
2025-02-12 16:13:00 | North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack (lien direct) | The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them.
"To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds rapport with a target before sending a
The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them. "To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds rapport with a target before sending a |
Threat | ★★★ | |
|
2025-02-12 15:08:00 | Microsoft\\'s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (lien direct) | Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild.
Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge
Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge |
Vulnerability | ★★★ | |
|
2025-02-12 11:27:00 | Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now (lien direct) | Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution.
The list of vulnerabilities is below -
CVE-2024-38657 (CVSS score: 9.1) - External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy
Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution. The list of vulnerabilities is below - CVE-2024-38657 (CVSS score: 9.1) - External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy |
Vulnerability Cloud | ★★★ | |
|
2025-02-11 20:43:00 | Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (lien direct) | Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content.
"Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for
Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content. "Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for |
Spam Malware Mobile | ★★★ | |
|
2025-02-11 19:00:00 | 4 Ways to Keep MFA From Becoming too Much of a Good Thing (lien direct) | Multi-factor authentication (MFA) has quickly become the standard for securing business accounts. Once a niche security measure, adoption is on the rise across industries. But while it\'s undeniably effective at keeping bad actors out, the implementation of MFA solutions can be a tangled mess of competing designs and ideas. For businesses and employees, the reality is that MFA sometimes feels
Multi-factor authentication (MFA) has quickly become the standard for securing business accounts. Once a niche security measure, adoption is on the rise across industries. But while it\'s undeniably effective at keeping bad actors out, the implementation of MFA solutions can be a tangled mess of competing designs and ideas. For businesses and employees, the reality is that MFA sometimes feels |
★★★ | ||
|
2025-02-11 17:22:00 | Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions (lien direct) | Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system.
Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer that provides availability, scalability, performance, and security for business-critical
Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system. Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer that provides availability, scalability, performance, and security for business-critical |
★★★ | ||
|
2025-02-11 16:55:00 | Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks (lien direct) | Gcore\'s latest DDoS Radar report analyzes attack data from Q3–Q4 2024, revealing a 56% YoY rise in the total number of DDoS attacks with the largest attack peaking at a record 2 Tbps. The financial services sector saw the most dramatic increase, with a 117% rise in attacks, while gaming remained the most-targeted industry. This period\'s findings emphasize the need for robust, adaptive DDoS
Gcore\'s latest DDoS Radar report analyzes attack data from Q3–Q4 2024, revealing a 56% YoY rise in the total number of DDoS attacks with the largest attack peaking at a record 2 Tbps. The financial services sector saw the most dramatic increase, with a 117% rise in attacks, while gaming remained the most-targeted industry. This period\'s findings emphasize the need for robust, adaptive DDoS |
★★★ | ||
|
2025-02-11 15:37:00 | Protecting Your Software Supply Chain: Assessing the Risks Before Deployment (lien direct) | Imagine you\'re considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization\'s environment. Just as you wouldn\'t buy a car without knowing its
Imagine you\'re considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization\'s environment. Just as you wouldn\'t buy a car without knowing its |
★★★ | ||
|
2025-02-11 15:25:00 | Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (lien direct) | Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025.
NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim\'s host, allowing them to monitor the device\'s screen in real-time, control the keyboard and mouse, upload and download
Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025. NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim\'s host, allowing them to monitor the device\'s screen in real-time, control the keyboard and mouse, upload and download |
Threat | ★★★ | |
|
2025-02-11 12:33:00 | 8Base Ransomware Data Leak Sites Seized in International Law Enforcement Operation (lien direct) | Source: The Nation
A coordinated law enforcement operation has taken down the dark web data leak and negotiation sites associated with the 8Base ransomware gang.
Visitors to the data leak site are now greeted with a seizure banner that says: "This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor
Source: The Nation A coordinated law enforcement operation has taken down the dark web data leak and negotiation sites associated with the 8Base ransomware gang. Visitors to the data leak site are now greeted with a seizure banner that says: "This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor |
Ransomware Legislation | ★★★ | |
|
2025-02-11 10:02:00 | Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (lien direct) | Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild.
Assigned the CVE identifier CVE-2025-24200, the vulnerability has been described as an authorization issue that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack.
This
Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild. Assigned the CVE identifier CVE-2025-24200, the vulnerability has been described as an authorization issue that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack. This |
Vulnerability Threat | ★★★ | |
|
2025-02-10 20:46:00 | Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (lien direct) | Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites.
Website security company Sucuri said the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, contains an obfuscated backdoor capable of providing attackers with persistent
Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites. Website security company Sucuri said the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, contains an obfuscated backdoor capable of providing attackers with persistent |
Malware Threat | ★★★ | |
|
2025-02-10 17:43:00 | [10 February] (lien direct) | In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket-each one seems minor until it becomes the entry point for an attack.
This week, we\'ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The question
In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket-each one seems minor until it becomes the entry point for an attack. This week, we\'ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The question |
Tool Cloud | ★★★ | |
|
2025-02-10 16:30:00 | Don\\'t Overlook These 6 Critical Okta Security Configurations (lien direct) | Given Okta\'s role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture.
With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for
Given Okta\'s role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for |
★★★ | ||
|
2025-02-10 15:14:00 | DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (lien direct) | Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware.
"It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit," Trend Micro researchers Ted Lee and
Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware. "It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit," Trend Micro researchers Ted Lee and |
Malware Threat Prediction | ★★★ | |
|
2025-02-10 14:39:00 | Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities (lien direct) | Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions.
The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting
Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting |
Vulnerability | ★★★ | |
|
2025-02-10 10:44:00 | XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (lien direct) | Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems.
The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime
Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime |
Vulnerability Threat | ★★★ | |
|
2025-02-08 11:47:00 | Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection (lien direct) | Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection.
"The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file," ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. "
Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file," ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. " |
★★★ | ||
|
2025-02-07 20:28:00 | DeepSeek App Transmits Sensitive User and Device Data Without Encryption (lien direct) | A new audit of DeepSeek\'s mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks.
The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and
A new audit of DeepSeek\'s mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and |
Mobile | ★★★ | |
|
2025-02-07 18:22:00 | CISA Warns of Active Exploitation in Trimble Cityworks Vulnerability Leading to IIS RCE (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution.
"This could
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution. "This could |
Vulnerability | ★★★ | |
|
2025-02-07 16:40:00 | AI-Powered Social Engineering: Reinvented Threats (lien direct) | The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It\'s the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution.
This article explores how these changes are impacting business, and how cybersecurity leaders can respond.
Impersonation attacks:
The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It\'s the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution. This article explores how these changes are impacting business, and how cybersecurity leaders can respond. Impersonation attacks: |
★★★ |
To see everything:
Our RSS (filtrered)
