The presence of credentials in leaked "stealer logs" indicates his device was infected. Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department
Published: 2025-05-08T18:27:52
The verdict is a major victory for opponents of exploit sellers. A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a softwar
Published: 2025-05-07T00:26:14
Fake image-generating app allowed man to download 1.1TB of Disney-owned data. A California man has pleaded guilty to hacking an employee of The Walt Disney Company by tricking the person into running a malicious
Published: 2025-05-06T00:05:55
Mike Waltz needs to find a new app. A messaging service used by former National Security Advisor Mike Waltz has temporarily shut down while the company investigates an apparent hack. The messaging app is used to
Published: 2025-05-05T21:37:21
Attack that started in April and remains ongoing runs malicious code on visitors' devices. Hundreds of e-commerce sites, at least one owned by a large multinational company, were backdoored by malware that execu
Published: 2025-05-05T19:05:13
Hackers can run their code on AirPlay devices thanks to a collection of bugs known as AirBorne. Apple’s AirPlay feature enables iPhones and MacBooks to seamlessly play music or show photos and videos on other Ap
Published: 2025-04-30T17:52:06
Support for the underlying OS is another story Microsoft has pledged to support and issue security fixes for M365 apps on Windows 10 into late 2028. That's well past a cut-off point of October 14 this year, when Redmond's support for Windows 10 offic
Published: 2025-05-12T22:03:45
Some see an action to benefit Elon. The White House sees an agency obsessed with DEI The head of the US Copyright Office has reportedly been fired, the day after agency concluded that builders of AI models use of copyrighted material went beyond exis
Published: 2025-05-12T06:32:12
Linux giant finds Chinese environment to be perilous beneath pretty exterior SUSE has kicked the Deepin Desktop Environment (DDE) out of its community-driven Linux distro, openSUSE, and the reasons it gives for doing so are revealing.
Published: 2025-05-09T12:33:15
Apple is known for prioritizing privacy and security, but there are additional measures you can turn to if you feel you need them. iPhones, iPads, and Macs have what's known as a Lockdown Mode that takes protecting your data to a whole new level. It's clear that this isn't for everyone: Apple describes it as […] 
Apple is known for prioritizing privacy and security, but there are additional measures you can turn to if you feel you need them. iPhones, iPads, and Macs have what's known as a Lockdown Mode that takes protecting your data to a whole new level. I...
Published: 2025-05-10T10:00:00
A brochure shared on Reddit provides new details on Eufy's first smart display. The Eufy Smart Display E10 hasn t been officially announced by Anker yet, but it's already received FCC certification and was recently demonstrated at a private event in New York. The smart display's manual has also leaked. According to the brochure, the Smart […] 
A brochure shared on Reddit provides new details on Eufy’s first smart display. The Eufy Smart Display E10 hasn’t been officially announced by Anker yet, but it’s already received FCC certification and was recently demonstrated at a private e...
Published: 2025-05-09T10:57:32
NSO Group, the Israeli spyware-maker behind Pegasus, must pay Meta $167.25 million for hacking 1,400 users across WhatsApp. A federal jury in California made the decision on Tuesday after the court found the NSO Group liable for the attacks last year. Meta sued NSO Group in 2019 after Citizen Lab found a vulnerability that allowed […] 
NSO Group, the Israeli spyware-maker behind Pegasus, must pay Meta $167.25 million for hacking 1,400 users across WhatsApp. A federal jury in California made the decision on Tuesday after the court found the NSO Group liable for the attacks last ye...
Published: 2025-05-06T18:33:39
A hacker has obtained direct messages and contact information from TeleMessage, the Israeli software company that offers modified versions of Signal, WhatsApp, Telegram, and other apps to the US government, according to a report from 404Media. Last week, a photo of former National Security Advisor Mike Waltz appeared to show him using a Signal clone […] 
A hacker has obtained direct messages and contact information from TeleMessage, the Israeli software company that offers modified versions of Signal, WhatsApp, Telegram, and other apps to the US government, according to a report from 404Media. Last...
Published: 2025-05-05T12:35:13
After supporting passwordless Windows logins for years and even allowing users to delete passwords from their accounts, Microsoft is making its biggest move yet toward a future with no passwords. Now it will ask people signing up for new accounts to only use more secure methods like passkeys, push notifications, and security keys instead, by […] 
After supporting passwordless Windows logins for years and even allowing users to delete passwords from their accounts, Microsoft is making its biggest move yet toward a future with no passwords. Now it will ask people signing up for new accounts t...
Published: 2025-05-01T18:53:05
In an unprecedented display of diplomatic aggression, French authorities publicly accused Russia of sponsoring several high-profile cyber attacks on French entities for over a decade to gather intelligence and destabilize the country. The incidents include everything from a faked Islamic State takeover of a French television broadcast signal in 2015 to the leak of President […] 
In an unprecedented display of diplomatic aggression, French authorities publicly accused Russia of sponsoring several high-profile cyber attacks on French entities for over a decade to gather intelligence and destabilize the country. The incidents...
Published: 2025-04-29T19:15:07
Cybersecurity firm Oligo has detailed a set of vulnerabilities its researchers found in Apple's AirPlay protocol and software development kit that could serve as a point of entry to infect other devices on your network, Wired reports. Oligo's researc
Published: 2025-04-29T13:32:29
The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed. [...]
Published: 2025-05-12T17:26:46
A new campaign employing ClickFix attacks has been spotted targeting both Windows and Linux systems using instructions that make infections on either operating system possible. [...]
Published: 2025-05-12T14:10:29
A T rkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq. [...]
Published: 2025-05-12T13:34:44
Moldovan authorities have detained a 45-year-old suspect linked to DoppelPaymer ransomware attacks targeting Dutch organizations in 2021. [...]
Published: 2025-05-12T11:18:57
99% of enterprise users have browser extensions but over half carry high-risk permissions. LayerX's 2025 report reveals how everyday extensions expose sensitive data, and what security teams must do now. [...]
Published: 2025-05-12T10:36:25
The website of iClicker, a popular student engagement platform, was compromised in a ClickFix attack that used a fake CAPTCHA prompt to trick students and instructors into installing malware on their devices. [...]
Published: 2025-05-11T10:16:26
Fake AI-powered video generation tools are being used to distribute a new information-stealing malware family called 'Noodlophile,' under the guise of generated media content. [...]
Published: 2025-05-10T10:17:27
Written by: Wesley Shields Google Threat Intelligence Group (GTIG) has identified a new piece of malware called LOSTKEYS, attributed to the Russian government-backed threat group COLDRIVER (also known as UNC4057, Star Blizzard, and Callisto). LOSTKE...
Published: 2025-05-07T14:00:00
Background UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. In early operations, UNC3944 larg
Published: 2025-05-06T14:00:00
Written by: Casey Charrier, James Sadowski, Clement Lecigne, Vlad Stolyarov Executive Summary Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 202
Published: 2025-04-29T05:00:00
Market cap down by more than 1B since April 22 Marks & Spencer has confirmed that customer data was stolen as part of its cyberattack, fueling conjecture that ransomware was involved.
Published: 2025-05-13T10:45:17
EUVD comes into play not a moment too soon The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the future of its own tracking systems.
Published: 2025-05-13T10:00:09
'MarbledDust' gang has honed the skills it uses to assist Ankara Turkish spies exploited a zero-day bug in a messaging app to collect info on the Kurdish army in Iraq, according to Microsoft, which says the attacks began more than a year ago.
Published: 2025-05-13T07:29:05
Support for the underlying OS is another story Microsoft has pledged to support and issue security fixes for M365 apps on Windows 10 into late 2028. That's well past a cut-off point of October 14 this year, when Redmond's support for Windows 10 officially ends unless you buy an extended support package.
Published: 2025-05-12T22:03:45
Cripes, we were only joking when we called Elon's social network the new state media The US government's Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity will appear on its website. Routine updates, guidance, and other notifications will instead be shared via email, RSS, and X.
Published: 2025-05-12T19:04:26
Today's complex IT environments demand a new approach Partner content For many organizations, managing IT assets is like trying to complete a jigsaw puzzle without all the pieces. Despite massive investments in security tools and controls, many companies still have critical gaps in their ecosystems that leave them vulnerable to breaches.
Published: 2025-05-12T18:42:11
Intruders claim they stole GlobalX's flight records and manifests GlobalX, a charter airline used for deportations by the US government, has admitted someone broke into its network infrastructure.
Published: 2025-05-12T17:03:14
Providers argue that if end users prioritized security, they'd get it CYBERUK Intervention is required to ensure the security market holds vendors to account for shipping insecure wares imposing costs on those whose failures lead to cyberattacks and having to draft in cleanup crews. The security market must properly incentivize security vendors to do security better.
Published: 2025-05-12T09:33:07
We need to make taking IT systems 'off the books' a problem for corporate types Opinion It's been a devastating few weeks for UK retail giants. Marks and Spencer, the Co-Op, and now uber-posh Harrods have had massive disruptions due to ransomware attacks taking systems down for prolonged periods.
Published: 2025-05-12T08:30:12
PLUS: Celsius scammer sent to slammer; Death-by-hacking victim warns you're never safe; and more Infosec in brief Good cybersecurity habits don't appear to qualify anyone to work at DOGE, as one Musk minion seemingly fell victim to infostealer malware.
Published: 2025-05-12T04:30:11
Rapid7 threat hunter wrote a PoC. No, he's not releasing it RSAC If Rapid7's Christiaan Beek decided to change careers and become a ransomware criminal, he knows exactly how he'd innovate: CPU ransomware.
Published: 2025-05-11T20:22:08
The FBI also issued a list of end-of-life routers you need to replace Earlier this week, the FBI urged folks to bin aging routers vulnerable to hijacking, citing ongoing attacks linked to TheMoon malware. In a related move, the US Department of Justice unsealed indictments against four foreign nationals accused of running a long-running proxy-for-hire network that exploited outdated routers to funnel criminal traffic.
Published: 2025-05-10T14:02:08
France's share of MOD cash is growing while the US's shrinks The UK's Ministry of Defence (MOD) is gradually shifting its spending from the US to Europe, according to research from Tussell.
Published: 2025-05-10T10:46:12
Weapons-grade fuel for fraud Insight Partners, a mega venture capital firm with more than $90 billion in funds under management, fears network intruders got their hands on internal sensitive data about employees, portfolio companies, investors, and more.
Published: 2025-05-09T17:30:14
Linux giant finds Chinese environment to be perilous beneath pretty exterior SUSE has kicked the Deepin Desktop Environment (DDE) out of its community-driven Linux distro, openSUSE, and the reasons it gives for doing so are revealing.
Published: 2025-05-09T12:33:15
Ubuntu 25.10 fitted with Rust-written admin tool by default for memory safety's sake Canonical's Ubuntu 25.10 is set to make sudo-rs, a Rust-based rework of the classic sudo utility, the default part of a push to cut memory-related security bugs and lock down core system components.
Published: 2025-05-08T06:38:08
Now individual school districts extorted by fiends An education tech provider that paid a ransom to prevent the leak of stolen student and teacher data is now watching its school district customers get individually extorted by either the same ransomware crew that hit it or someone connected to the crooks.
Published: 2025-05-08T00:43:29
CEO: Neural net tech 'flattens our hiring curve, helps us innovate' CrowdStrike the Texas antivirus slinger famous for crashing millions of Windows machines last year plans to cut five percent of its staff, or about 500 workers, in pursuit of "greater efficiencies," according to CEO and co-founder George Kurtz.
Published: 2025-05-07T23:28:26
Judge allows aspects of passenger lawsuit to proceed A federal judge has cleared the runway for a class action from disgruntled passengers against Delta Air Lines as turbulence from last year's CrowdStrike debacle continues to buffet the carrier.
Published: 2025-05-07T18:27:06
We were shocked SHOCKED by the answer Mirror, mirror on the wall, who is the slurpiest mobile browser of them all? The answer, according to VPN vendor Surfshark, is Chrome.
Published: 2025-05-07T17:38:05
Lead dev likens flood to 'effectively being DDoSed' Curl project founder Daniel Stenberg is fed up with of the deluge of AI-generated "slop" bug reports and recently introduced a checkbox to screen low-effort submissions that are draining maintainers' time.
Published: 2025-05-07T10:30:09
Prime Minister bemoans bullying, addiction, and inappropriate content but isn't planning a rapid vote New Zealand's government has signaled its support for a bill to ban social media for children under 16, but without explicitly making it a government initiative.
Published: 2025-05-07T04:05:06
Don't f&#k with Zuck A California jury has awarded Meta more than $167 million in damages from Israeli surveillanceware slinger NSO Group, after the latter exploited a flaw in WhatsApp to allow its government customers to spy on supposedly secure communications.
Published: 2025-05-06T23:50:26
What was the plan, showing her his big iron? A now-former manager at Computacenter claims he was unfairly fired after alerting management that a colleague was repeatedly giving his girlfriend unauthorized access to Deutsche Bank's server rooms.
Published: 2025-05-06T20:44:00
(If only that would keep folks off unsanctioned chat app side quests) The US Department of Defense (DoD) is overhauling its "outdated" software procurement systems, and insists it's putting security at the forefront of decision-making processes.
Published: 2025-05-06T18:27:10
Because who needs cybersecurity when there's culture wars to win President Trump's dream 2026 budget would gut the US govt's Cybersecurity and Infrastructure Security Agency, aka CISA, by $491 million - about 17 percent and accuses the organization of abandoning its core mission in favor of policing online speech.
Published: 2025-05-06T00:05:20
No, really? That's a shocking surprise Updated An unidentified miscreant is said to have obtained US government communications from TeleMessage, a messaging and archiving app based on the open-source Signal app and used by ousted national security advisor Michael Waltz.
Published: 2025-05-05T20:54:29
Hails DOGE operatives for computer skills during interview in which he also flubbed some tech investment figures US President Donald Trump has said TikTok will be very strongly protected as the made-in-China social network has a warm spot in my heart .
Published: 2025-05-05T06:58:12
PLUS: China spring cleans its AIs; South Korea fines Meta, probes Broadcom; and more! Asia in brief India's ambition to become a global semiconductor manufacturing player went backwards last week after two big players changed their plans.
Published: 2025-05-05T03:56:09
PLUS: AirPlay exploits; Six-year old backdoor opens; Raytheon settles federal charges; and more! Infosec In Brief Microsoft has decided to push its consumer customers to dump passwords in favor of passkeys.
Published: 2025-05-04T23:58:12
With North Korean IT workers storming the gates, too RSAC Another RSA Conference has come and gone, with almost 44,000 attendees this year spread across San Francisco's Moscone Center and the surrounding facilities, according to event organizers.
Published: 2025-05-04T18:47:10
El Reg checks out shop in SF On Thursday, six stores across America opened their doors with a curious proposition: Come on in, let a metal orb scan your irises, and walk out with a new online profile that promises you're an individual human and a few bucks in crypto for your troubles.
Published: 2025-05-04T12:43:11
25-year-old fella pleads guilty to stealing, dumping 1.1TB of data from the House of Mouse When someone stole more than a terabyte of data from Disney last year, it was believed to be the work of Russian hacktivists protesting for artist rights. We now know it was actually a 25-year-old California resident.
Published: 2025-05-02T16:03:55
Real-time video deepfakes? Not convincing yet RSAC Spam messages predate the web itself, and generative AI has given it a fluency upgrade, churning out slick, localized scams and letting crooks hit regions and dialects they used to ignore.
Published: 2025-05-02T15:06:08
UK starts prosecution days after FBI vowed to clamp down on the crime Three young Brits are accused of stateside swatting offences and will appear in a UK court today to face their charges after a joint investigation by the FBI and Merseyside cops.
Published: 2025-05-02T13:06:12
Experts suggest the obvious: There is an ongoing coordinated attack on UK retail sector Harrods, a globally recognized purveyor of all things luxury, is the third major UK retailer to confirm an attempted cyberattack on its systems in under two weeks.
Published: 2025-05-02T10:25:12
House Oversight probes missing Musk disclosures, background checks, data mess at NLRB Elon Musk is backing away from his Trump-blessed government gig, but now House Democrats want to see the permission slip that got him in the door.
Published: 2025-05-01T22:33:00
This time criminals targeted partner's third-party software It's more bad news from Ascension Health which is informing some of its patients, potentially for the second time in the space of a year, that their medical data was compromised during a major cyberattack.
Published: 2025-05-01T19:22:07
Will the personal assistant shop for groceries? Or get hijacked by a teen? RSAC If Amazon's Alexa+ works as intended, it could show how an AI assistant helps with everyday tasks like making dinner reservations or arranging an oven repair. Or things could go terribly wrong: it might turn on the oven and turn dinner plans into a house fire.
Published: 2025-05-01T17:09:08
President's campaign continues against man he claims covered up evidence of electoral fraud in 2020 Chris Krebs, former CISA director and current political punching bag for the US President, says his Global Entry membership was revoked.
Published: 2025-05-01T13:15:12
No MFA? No problem as long as you show you ve learned your lesson The UK's data protection overlord is not going to pursue any further investigation into the British Library's 2023 ransomware attack.
Published: 2025-05-01T10:15:14
For now it's a potential bug-finder and friend to defenders RSAC Former NSA cyber-boss Rob Joyce thinks today's artificial intelligence is dangerously close to becoming a top-tier vulnerability exploit developer.
Published: 2025-04-30T23:31:58
Cybersecurity is national security, says Jen Easterly RSAC America's top cyber-defense agency is "being undermined" by personnel and budget cuts under the Trump administration, some of which are being driven by an expectation of perfect loyalty to the President rather than the nation.
Published: 2025-04-30T18:58:14
Feds say $970K scheme defrauded 13+ companies A Maryland man has pleaded guilty to fraud after landing a job with a contractor working on US government software, and then outsourcing the work to a self-described North Korean developer in China.
Published: 2025-04-30T18:03:10
No specific law against it yet, but that's set to change A spate of high-profile swatting incidents in the US recently forced the FBI into action with its latest awareness campaign about the occasionally deadly practice.
Published: 2025-04-30T15:10:12
Go ahead, please do Bash static analysis Shell scripting may finally get a proper bug-checker. A group of academics has proposed static analysis techniques aimed at improving the correctness and reliability of Unix shell programs.
Published: 2025-04-30T09:27:06
A cloud security platform that manages the attack surface and security vulnerabilities in AWS Sponsored post You d be na ve to believe that the cloud is secure by default, and while most hosting services provide basic defenses, it's not always clear what level of protection these provide.
Published: 2025-04-30T08:00:10
Google dumped io_uring after $1M in bug bounties A proof-of-concept program has been released to demonstrate a so-called monitoring "blind spot" in how some Linux antivirus and other endpoint protection tools use the kernel's io_uring interface.
Published: 2025-04-29T18:51:55
As Big Tech gets used to the pain, smaller vendors urged to up their game Google says that despite a small dip in the number of exploited zero-day vulnerabilities in 2024, the number of attacks using these novel bugs continues on an upward trend overall.
Published: 2025-04-29T17:02:12
Former Rear Admiral calls for National Guard online deployment and corporates to be held accountable RSAC Russia used to be considered America's biggest adversary online, but over the past couple of years China has taken the role, and is proving highly effective at it.
Published: 2025-04-29T15:02:07
As AI-driven fraud becomes increasingly common, more people feel the need to verify every interaction they have online.
Published: 2025-05-12T10:00:00
Plus: A DOGE operative’s laptop reportedly gets infected with malware, Grok AI is used to “undress” women on X, a school software company’s ransomware nightmare returns, and more.
Published: 2025-05-10T10:30:00
A CBP spokesperson tells WIRED that the agency plans to expand its program for real-time face recognition at the border, potentially aiding Trump administration efforts to track people who self-deport.
Published: 2025-05-09T17:12:18
CBP’s acting commissioner has rescinded four Biden-era policies that aimed to protect vulnerable people in the agency’s custody, including mothers, infants, and the elderly.
Published: 2025-05-08T22:00:54
CBP says it has “disabled” its use of TeleMessage following reports that the app, which has not cleared the US government’s risk assessment program, was hacked.
Published: 2025-05-07T21:03:10
In the wake of SignalGate, a knockoff version of Signal used by a high-ranking member of the Trump administration was hacked. Today on Uncanny Valley, we discuss the platforms used for government communications.
Published: 2025-05-07T18:08:53
A new analysis of TM Signal’s source code appears to show that the app sends users’ message logs in plaintext. At least one top Trump administration official used the app.
Published: 2025-05-06T20:24:44
Now the US director of national intelligence, Gabbard failed to follow basic cybersecurity practices on several of her personal accounts, leaked records reviewed by WIRED reveal.
Published: 2025-05-06T19:27:19
Customs and Border Protection has called for tech companies to pitch real-time face recognition technology that can capture everyone in a vehicle not just those in the front seats.
Published: 2025-05-06T09:00:00
The communications app TeleMessage, which was spotted on former US national security adviser Mike Waltz's phone, has suspended “all services” as it investigates reports of at least one breach.
Published: 2025-05-05T21:24:04
The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm.
Published: 2025-05-05T10:00:00
Plus: France blames Russia for a series of cyberattacks, the US is taking steps to crack down on a gray market allegedly used by scammers, and Microsoft pushes the password one step closer to death.
Published: 2025-05-03T10:30:00
A photo taken this week showed Mike Waltz using an app that looks like but is not Signal to communicate with top officials. "I don't even know where to start with this," says one expert.
Published: 2025-05-02T19:46:40
People are using ChatGPT’s new image generator to take part in viral social media trends. But using it also puts your privacy at risk unless you take a few simple steps to protect yourself.
Published: 2025-05-01T13:56:35
For years, North Korea has been secretly placing young IT workers inside Western companies. With AI, their schemes are now more devious and effective than ever.
Published: 2025-05-01T07:00:00
A new study found that code generated by AI is more likely to contain made-up information that can be used to trick software into interacting with malicious code.
Published: 2025-04-30T19:08:33
WhatsApp's AI tools will use a new “Private Processing” system designed to allow cloud access without letting Meta or anyone else see end-to-end encrypted chats. But experts still see risks.
Published: 2025-04-29T17:15:00
Researchers reveal a collection of bugs known as AirBorne that would allow any hacker on the same Wi-Fi network as a third-party AirPlay-enabled device to surreptitiously run their own code on it.
Published: 2025-04-29T12:30:00
Records reviewed by WIRED show law enforcement agencies are eager to take advantage of the data trails generated by a flood of new internet-connected vehicle features.
Published: 2025-04-28T10:30:00
The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now leverage large language models (LLMs) to impersonate trusted individuals and automate these social engineering tactics at scale. Let’s review the status of these rising attacks, what’s fueling them, and how to actually prevent, not detect, them. The Most Powerful Person on the
Published: 2025-05-13T16:30:00
The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor's targeting beyond Russia. Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the "trajectory of the Russian invasion." "The group's interest in Ukraine follows historical targeting
Published: 2025-05-13T16:27:00
Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a series of ransomware attacks targeting Dutch companies in 2021. "He is wanted internationally for committing several cybercrimes (ransomware attacks, blackmail, and money laundering) against companies based in the Netherlands," officials said in a statement Monday. In conjunction with the
Published: 2025-05-13T12:03:00
A T rkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. "These exploits have resulted in a collection of related user data from targets in Iraq," the Microsoft Threat Intelligence team said. "The targets of the attack are associated with the Kurdish
Published: 2025-05-13T10:38:00
ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution. DriverHub is a tool that's designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by communicating with a
Published: 2025-05-12T19:33:00
What do a source code editor, a smart billboard, and a web server have in common? They’ve all become launchpads for attacks because cybercriminals are rethinking what counts as “infrastructure.” Instead of chasing high-value targets directly, threat actors are now quietly taking over the overlooked: outdated software, unpatched IoT devices, and open-source packages. It's not just clever it’s
Published: 2025-05-12T17:40:00
Detecting leaked credentials is only half the battle. The real challenge and often the neglected half of the equation is what happens after detection. New research from GitGuardian's State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets discovered in public repositories remain valid for years after detection, creating an expanding attack
Published: 2025-05-12T16:30:00
Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile. "Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms often advertised via legitimate-looking Facebook groups and viral social media campaigns,"
Published: 2025-05-12T12:56:00
Google has agreed to pay the U.S. state of Texas nearly $1.4 billion to settle two lawsuits that accused the company of tracking users' personal location and maintaining their facial recognition data without consent. The $1.375 billion payment dwarfs the fines the tech giant has paid to settle similar lawsuits brought by other U.S. states. In November 2022, it paid $391 million to a group of 40
Published: 2025-05-10T12:24:00
Germany's Federal Criminal Police Office (aka Bundeskriminalamt or BKA) has seized the online infrastructure and shutdown linked to the eXch cryptocurrency exchange over allegations of money laundering and operating a criminal trading platform. The operation was carried out on April 30, 2025, authorities said, adding they also confiscated 8 terabytes worth of data and cryptocurrency assets
Published: 2025-05-10T12:17:00
A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal proxy network that's powered by thousands of infected Internet of Things (IoT) and end-of-life (EoL) devices, enlisting them into a botnet for providing anonymity to malicious actors. In conjunction with the domain seizure, Russian nationals, Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich
Published: 2025-05-09T21:58:00
The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files. NTT Security Holdings, which detailed the new findings, said the attackers have "actively and continuously" updated the malware, introducing versions v3 and v4 in
Published: 2025-05-09T21:55:00
Cybersecurity researchers are warning of a new campaign that's targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025. "The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entice users into clicking hyperlinks and accessing malicious content hosted in Dropbox," Cisco Talos
Published: 2025-05-09T17:10:00
AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks like data leaks, identity theft, and malicious misuse. If your company is exploring or already using AI agents, you need to ask: Are they secure? AI agents work with sensitive data and make real-time decisions. If they’re not
Published: 2025-05-09T16:41:00
Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence (AI)-powered source code editor. "Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor's
Published: 2025-05-09T16:27:00
The Vulnerability Treadmill The reactive nature of vulnerability management, combined with delays from policy and process, strains security teams. Capacity is limited and patching everything immediately is a struggle. Our Vulnerability Operation Center (VOC) dataset analysis identified 1,337,797 unique findings (security issues) across 68,500 unique customer assets. 32,585 of them were distinct
Published: 2025-05-09T16:27:00
Google on Thursday announced it's rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android. The tech giant said it will begin using Gemini Nano, its on-device large language model (LLM), to improve Safe Browsing in Chrome 137 on desktops. "The on-device approach provides instant insight on risky websites and allows us to offer
Published: 2025-05-09T12:43:00
A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver. Forescout Vedere Labs, in a report published Thursday, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers to a critical SAP NetWeaver flaw
Published: 2025-05-09T09:59:00
Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin. "FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io
Published: 2025-05-08T20:53:00
61% of security leaders reported suffering a breach due to failed or misconfigured controls over the past 12 months. This is despite having an average of 43 cybersecurity tools in place. This massive rate of security failure is clearly not a security investment problem. It is a configuration problem. Organizations are beginning to understand that a security control installed or deployed is not
Published: 2025-05-08T19:30:00
SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution. The vulnerabilities are listed below - CVE-2025-32819 (CVSS score: 8.8) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges to bypass the path traversal checks and delete an
Published: 2025-05-08T19:26:00
Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. "NETXLOADER is a new .NET-based loader that plays a critical role in cyber attacks," Trend Micro researchers Jacob Santos, Raymart Yambot, John Rainier Navato, Sarah Pearl
Published: 2025-05-08T19:17:00
The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed against government agencies and public institutions in Japan and Taiwan. The activity, detected by Trend Micro in March 2025, involved the use of spear-phishing lures to deliver an updated version of a backdoor called ANEL. "The ANEL file from
Published: 2025-05-08T16:02:00
The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures. "LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker," the Google Threat
Published: 2025-05-08T12:27:00
Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system. "This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an
Published: 2025-05-08T10:27:00
Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world. In connection with the operation, Polish authorities have arrested four individuals aged between 19 and 22 and the United States has seized nine domains that are associated with the now-defunct platforms. "The suspects are believed to
Published: 2025-05-07T19:24:00
A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82. "This is due to the create_wp_connection() function missing a capability check and
Published: 2025-05-07T19:14:00
Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is
Published: 2025-05-07T17:01:00
Security Service Edge (SSE) platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices. But there's a problem: they stop short of where the most sensitive user activity actually happens the browser. This isn’t a small omission. It’s a structural
Published: 2025-05-07T16:26:00
Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by
Published: 2025-05-07T16:14:00
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan. The package in question is discordpydebug, which was uploaded to PyPI on March 21, 2022. It has been downloaded 11,574 times and continues to be available on the open-source registry.
Published: 2025-05-07T13:07:00
A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting over 1,400 individuals globally. WhatsApp originally filed the lawsuit against NSO Group in 2019,
Published: 2025-05-07T11:52:00
Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral them into a Mirai botnet for conducting distributed denial-of-service (DDoS) attacks. The activity, first observed by the Akamai Security Intelligence and Response Team (SIRT) in early April 2025, involves the exploitation of two operating system command
Published: 2025-05-06T21:03:00
Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems (TDSes). The activity clusters have been codenamed Reckless Rabbit and Ruthless Rabbit by DNS threat intelligence firm Infoblox. The attacks have been observed to lure victims with bogus
Published: 2025-05-06T19:06:00
It wasn't ransomware headlines or zero-day exploits that stood out most in this year's Verizon 2025 Data Breach Investigations Report (DBIR) it was what fueled them. Quietly, yet consistently, two underlying factors played a role in some of the worst breaches: third-party exposure and machine credential abuse. According to the 2025 DBIR, third-party involvement in breaches doubled
Published: 2025-05-06T16:55:00
Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data. "While these 'plug-and-play' options greatly simplify the setup process, they often prioritize ease of use over security," Michael Katchinskiy and Yossi Weizman from the Microsoft Defender for Cloud Research team
Published: 2025-05-06T16:35:00
Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role managing authentication, enforcing policy, and connecting users across distributed environments. That prominence also
Published: 2025-05-06T15:30:00
Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild. The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local code execution without requiring any additional execution privileges. "The most severe of
Published: 2025-05-06T11:16:00
A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0. "Langflow contains a missing
Published: 2025-05-06T09:54:00
Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple's AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology. The shortcomings have been collectively codenamed AirBorne by Israeli cybersecurity company Oligo. "These vulnerabilities can be chained by
Published: 2025-05-05T22:36:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog, a little over a week after it was publicly disclosed. The vulnerability in question is CVE-2025-34028 (CVSS score: 10.0), a path traversal bug that affects 11.38 Innovation Release, from versions
Published: 2025-05-05T21:31:00
What if attackers aren't breaking in they're already inside, watching, and adapting? This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are returning under new names. The real danger isn’t just the breach it’s not knowing who’s still lurking in your
Published: 2025-05-05T16:59:00
Let’s be honest: if you're one of the first (or the first) security hires at a small or midsize business, chances are you're also the unofficial CISO, SOC, IT Help Desk, and whatever additional roles need filling. You’re not running a security department. You are THE security department. You're getting pinged about RFPs in one area, and reviewing phishing alerts in another, all while sifting
Published: 2025-05-05T16:30:00
The threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued development efforts to fine-tune and diversify their arsenal. "TerraStealerV2 is designed to collect browser credentials, cryptocurrency wallet data, and browser extension information," Recorded Future Insikt Group said. "TerraLogger, by contrast
Published: 2025-05-05T11:09:00
Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system's primary disk and render it unbootable. The names of the packages are listed below - github[.]com/truthfulpharm/prototransform github[.]com/blankloggia/go-mcp github[.]com/steelpoor/tlsproxy "Despite appearing legitimate,
Published: 2025-05-03T20:01:00
An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years. The activity, which lasted from at least May 2023 to February 2025, entailed "extensive espionage operations and suspected network prepositioning a tactic often used to maintain persistent access for future
Published: 2025-05-03T15:03:00
The U.S. Department of Justice (DoJ) on Thursday announced charges against a 36-year-old Yemeni national for allegedly deploying the Black Kingdom ransomware against global targets, including businesses, schools, and hospitals in the United States. Rami Khaled Ahmed of Sana'a, Yemen, has been charged with one count of conspiracy, one count of intentional damage to a protected computer, and one
Published: 2025-05-03T12:36:00
Ireland's Data Protection Commission (DPC) on Friday fined popular video-sharing platform TikTok 530 million ($601 million) for infringing data protection regulations in the region by transferring European users' data to China. "TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency requirements," the DPC said in a statement. "
Published: 2025-05-02T17:55:00
Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform’s Community Edition. A recent standout is a workflow that automates monitoring for security advisories from CISA and other vendors, enriches advisories with CrowdStrike
Published: 2025-05-02T16:00:00
The malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver. "MintsLoader operates through a multi-stage infection chain involving obfuscated JavaScript and PowerShell scripts," Recorded Future's Insikt Group said in a report shared with The Hacker News. "The malware employs sandbox and virtual machine evasion techniques, a domain
Published: 2025-05-02T14:27:00
A 45-year-old foreign man has been arrested in Moldova for allegedly participating in ransomware attacks on Dutch companies in 2021. Moldovan police arrested a 45-year-old foreign man as a result of a joint international operation involving Moldovan and Dutch authorities. He is internationally wanted for multiple cybercrime, including ransomware attacks, blackmail, and money laundering, targeting […]
Published: 2025-05-13T12:03:51
A T rkiye-linked group used an Output Messenger zero-day to spy on Kurdish military targets in Iraq, collecting user data since April 2024. Since April 2024, the threat actor Marbled Dust (aka Sea Turtle, Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) has exploited a zero-day flaw (CVE-2025-27920) in Output Messenger to target Kurdish military-linked users […]
Published: 2025-05-13T10:34:00
Apple released security updates to address easily exploitable vulnerabilities impacting iOS and macOS devices. Apple released urgent iOS and macOS security updates to patch critical flaws that could allow attackers to execute malicious code just by opening a crafted image, video, or website: Apple’s iOS 18.5 update addressed multiple critical flaws in AppleJPEG, CoreMedia, and […]
Published: 2025-05-13T05:32:41
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TeleMessage TM SGNL flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a TeleMessage TM SGNL flaw, tracked as CVE-2025-47729 (CVSS score of 1.9), to its Known Exploited Vulnerabilities (KEV) catalog. “The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of […]
Published: 2025-05-12T20:09:22
Expert found two flaws in DriverHub, pre-installed on Asus motherboards, which allow remote code execution via crafted HTTP requests. Security researcher ‘MrBruh’ discovered two vulnerabilities, tracked as CVE-2025-3462 (CVSS score of 8.4) and CVE-2025-3463 (CVSS score of 9.4), in DriverHub, a driver that is pre-installed on Asus motherboards. A remote attacker can exploit the flaws to gain arbitrary code […]
Published: 2025-05-12T17:57:11
Threat actors use fake AI tools to trick users into installing the information stealer Noodlophile, Morphisec researchers warn. Morphisec researchers observed attackers exploiting AI hype to spread malware via fake AI tools promoted in viral posts and Facebook groups. Users seeking free AI video tools unknowingly download Noodlophile Stealer, a new malware that steals browser […]
Published: 2025-05-12T13:37:33
Germany’s BKA shut down eXch crypto exchange, seizing its infrastructure over money laundering and illegal trading platform charges. On April 30, 2025, Germany’s Federal Criminal Police (BKA) shut down the eXch crypto exchange (eXch.cx), seizing its infrastructure over money laundering and illegal trading allegations. ZIT, BKA, and Dutch FIOD led the operation, expecting the evidence […]
Published: 2025-05-12T06:27:02
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape iClicker site hack targeted students with malware via fake CAPTCHA New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms Backdoor found in popular ecommerce components Stealthy Linux backdoor leveraging residential proxies and NHAS reverse SSH […]
Published: 2025-05-11T18:28:01
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Ascension reveals personal data of 437,329 patients exposed in cyberattack Operation Moonlander dismantled the botnet behind Anyproxy and […]
Published: 2025-05-11T18:02:14
Google will pay the U.S. state of Texas $1.4B to settle lawsuits over unauthorized location tracking and facial recognition data retention. Google will pay nearly $1.4 billion to the state of Texas to settle two lawsuits over tracking users’ locations and storing biometric data without consent. The $1.375 billion settlement far exceeds previous fines over […]
Published: 2025-05-11T16:39:07