Today's Core Dump is brought to you by ThreatPerspective

Biz & IT Ars Technica

New Android spyware is targeting Russian military personnel on the front lines

Trojanized mapping app steals users' locations, contacts, and more. Russian military personnel are being targeted with recently discovered Android malware that steals their contacts and tracks their location. Th

Published: 2025-04-24T20:02:40



Biz & IT Ars Technica

Researchers claim breakthrough in fight against AI’s frustrating security hole

Prompt injections are the Achilles' heel of AI assistants. Google offers a potential fix. In the AI world, a vulnerability called a "prompt injection" has haunted developers since chatbots went mainstream in 202

Published: 2025-04-16T11:15:44



The Register - Software

Securing Generative AI: A strategic framework for security leaders

Navigate the complexities of GenAI adoption with a comprehensive framework that integrates governance, technology, and adaptive security measures Partner content As generative AI (GenAI) technologies rapidly evolve, security leaders face the challen

Published: 2025-04-24T19:00:12



The Register - Software

Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year

Cybercriminals are targeting software shops, accountants, lawyers The percentage of confirmed data breaches involving third-party relationships doubled last year as cybercriminals increasingly exploited weak links in supply chains and partner ecosyst

Published: 2025-04-24T09:28:08



The Register - Software

Today's LLMs craft exploits from patches at lightning speed

Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours The time from vulnerability disclosure to proof-of-concept (PoC) exploit code can now be as short as a few hours, thanks to generative AI models.

Published: 2025-04-21T20:31:26



Security The Verge

Signalgate: Pete Hegseth's problematic passion for groupchats

Trump administration senior officials are facing harsh criticism after it was revealed that they had used the personal messaging app Signal to discuss highly classified military intelligence in a group chat. The chat, in which Defense Secretary Pete Hegseth laid out plans for an upcoming military strike in Yemen, inadvertently added Jeffrey Goldberg, the editor-in-chief of The […] Trump administration senior officials are facing harsh criticism after it was revealed that they had used the personal messaging app Signal to discuss highly classified military intelligence in a group chat. The chat, in which Defense Secretar...

Published: 2025-04-25T13:37:50



Security The Verge

WhatsApp now lets you block people from exporting your entire chat history

WhatsApp is launching a new Advanced Chat Privacy feature that aims to prevent people from taking conversations outside the app. When the setting is turned on, you can block others from exporting your chat history and automatically downloading photos and videos sent in the app. The feature will prevent people from using messages for Meta […] WhatsApp is launching a new “Advanced Chat Privacy” feature that aims to prevent people from taking conversations outside the app. When the setting is turned on, you can block others from exporting your chat history and automatically downloading ph...

Published: 2025-04-23T13:59:22



Security The Verge

Beware of this sneaky Google phishing scam

Attackers are sending phishing emails that appear to be from no-reply@google.com, presented as an urgent subpoena alert about law enforcement seeking information from the target's Google Account. Bleeping Computer reports that the scam utilizes G

Published: 2025-04-21T10:28:13



Security The Verge

Trump administration decides to fund CVE cybersecurity tracker after all

The government will continue funding the Common Vulnerabilities and Exposures (CVE) program. In a statement to The Verge, US Cybersecurity and Infrastructure Agency (CISA) spokesperson Jared Auchey said it executed the option period on the contract to ensure there will be no lapse in critical CVE services last night. On Tuesday, MITRE, the government-funded organization […] The government will continue funding the Common Vulnerabilities and Exposures (CVE) program. In a statement to The Verge, US Cybersecurity and Infrastructure Agency (CISA) spokesperson Jared Auchey said it “executed the option period on the contrac...

Published: 2025-04-16T11:12:40



Security The Verge

The CVE program for tracking security flaws is about to lose federal funding

Funding is about to run out for the Common Vulnerabilities and Exposures (CVE) program a system used by major companies like Microsoft, Google, Apple, Intel, and AMD to identify and track publicly disclosed cybersecurity vulnerabilities. The program helps engineers identify how bad an exploit is and how to prioritize applying patches or other mitigations. […] Funding is about to run out for the Common Vulnerabilities and Exposures (CVE) program a system used by major companies like Microsoft, Google, Apple, Intel, and AMD to identify and track publicly disclosed cybersecurity vulnerabilities. The prog...

Published: 2025-04-15T16:41:52



Security The Verge

4chan's cesspool of the internet is down after apparently being hacked

4chan appears to be down following a major hack that reportedly exposed its source code. A user on a competing messaging board claimed responsibility for the attack on Monday night and claimed to have reopened the site's /qa/ board. 4chan is, obviously, also notorious for trying to trick outsiders about things happening on the site, […] 4chan appears to be down following a major hack that reportedly exposed its source code. A user on a competing messaging board claimed responsibility for the attack on Monday night and claimed to have reopened the site’s /qa/ board. 4chan is, obvio...

Published: 2025-04-15T11:45:15



Security The Verge

Android phones will soon reboot if they re locked for a few days

Android is launching a new security feature that will force devices to reboot themselves if you haven’t unlocked them for a while, making it harder for other people to access the data inside. The feature included in the latest Google Play services update says that Android phones will automatically restart if locked for 3 consecutive […] Android is launching a new security feature that will force devices to reboot themselves if you haven’t unlocked them for a while, making it harder for other people to access the data inside. The feature included in the latest Google Play ser...

Published: 2025-04-15T07:43:17



Security The Verge

Hertz says hackers stole customer credit card and driver's license data

Car rental giant Hertz is alerting customers that personal information including credit card details and Social Security numbers may have been stolen in a data breach that impacted one of the firm’s vendors. In a notice posted to its website, Hertz says that company data was acquired by an unauthorized third-party during a cyberattack exploiting […] SAN DIEGO, CALIFORNIA   FEBRUARY 28: A Hertz logo is displayed outside a rental shop on February 28, 2025 in San Diego, California. (Photo by Kevin Carter/Getty Images) Car rental giant Hertz is alerting customers that personal information including credit card details and Social Security numbers may have been stolen in a data breach that impacted one of the firm’s vendors. In a notice posted to its website,...

Published: 2025-04-15T05:58:37



BleepingComputer

Craft CMS RCE exploit chain used in zero-day attacks to steal data

Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. [...]

Published: 2025-04-25T15:44:35



BleepingComputer

Marks & Spencer pauses online orders after cyberattack

British retailer giant Marks & Spencer (M&S) has suspended online orders while working to recover from a recently disclosed cyberattack. [...]

Published: 2025-04-25T11:05:09



BleepingComputer

Mobile provider MTN says cyberattack compromised customer data

African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries. [...]

Published: 2025-04-25T10:57:05



BleepingComputer

Windows "inetpub" security fix can be abused to block future updates

A recent Windows security update that creates an 'inetpub' folder has introduced a new weakness allowing attackers to prevent the installation of future updates. [...]

Published: 2025-04-25T10:23:39



BleepingComputer

Baltimore City Public Schools data breach affects over 31,000 people

Baltimore City Public Schools notified tens of thousands of employees and students of a data breach following an incident in February when unknown attackers hacked into its network. [...]

Published: 2025-04-25T10:06:23



BleepingComputer

SAP fixes suspected Netweaver zero-day exploited in attacks

SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. [...]

Published: 2025-04-25T09:01:48



BleepingComputer

FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches

The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide. [...]

Published: 2025-04-25T05:34:59



BleepingComputer

Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts

Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. [...]

Published: 2025-04-24T16:24:49



BleepingComputer

Lazarus hackers breach six companies in watering hole attacks

In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. [...]

Published: 2025-04-24T15:13:32



BleepingComputer

Frederick Health data breach impacts nearly 1 million patients

A ransomware attack in January at Frederick Health Medical Group, a major healthcare provider in Maryland, has led to a data breach affecting nearly one million patients. [...]

Published: 2025-04-24T12:19:14



ProPublica

Trump Is Spending Billions on Border Security. Some Residents Living There Lack Basic Resources.

by Anjeanette Damon, ProPublica, and Perla Trevizo, ProPublica and The Texas Tribune, and photography by Cengiz Yar, ProPublica

Published: 2025-04-16T06:00:00



Krebs on Security

Funding Expires for Key Cyber Vulnerability Database

A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organizati...

Published: 2025-04-16T03:59:18



Krebs on Security

Trump Revenge Tour Targets Cyber Leaders, Elections

President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The Wh...

Published: 2025-04-15T03:27:51



Krebs on Security

China-based SMS Phishing Triad Pivots to Banks

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operat...

Published: 2025-04-10T15:31:58



The Register - Security

Signalgate lessons learned: If creating a culture of security is the goal, America is screwed

Infosec is a team sport unless you're in the White House Opinion Just when it seems they couldn't be that careless, US officials tasked with defending the nation go and do something else that puts American critical infrastructure, national security, and troops' lives in danger.

Published: 2025-04-25T23:58:09



The Register - Security

Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member

What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future Kent Landfield, a founding member of the Common Vulnerabilities and Exposures (CVE) program and member of the board, learned through social media that the system he helped create was just hours away from losing funding.

Published: 2025-04-25T22:19:09



The Register - Security

More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans

GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures Ivanti VPN users should stay alert as IP scanning for the vendor's Connect Secure and Pulse Secure systems surged by 800 percent last week, according to threat intel biz GreyNoise.

Published: 2025-04-25T19:00:12



The Register - Security

Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions

Where have we heard this before? Feb security update needs its own fix More than one month after complaints starting flying, Microsoft has fixed a Windows bug that caused some Remote Desktop sessions to freeze.

Published: 2025-04-25T18:00:08



The Register - Security

M&S stops online orders as 'cyber incident' issues worsen

One step forward and one step back as earlier hopes of progress dashed by latest update Marks & Spencer has paused online orders for customers via its website and app as the UK retailer continues to wrestle with an ongoing "cyber incident."

Published: 2025-04-25T16:13:39



The Register - Security

Emergency patch for potential SAP zero-day that could grant full system control

German software giant paywalls details, but experts piece together the clues SAP's latest out-of-band patch is for a perfect 10/10 bug in NetWeaver that experts suspect could have already been exploited as a zero-day.

Published: 2025-04-25T15:31:11



The Register - Security

Claims assistance firm fined for cold-calling people who put themselves on opt-out list

Third-party data supplier also in hot water with Brit regulator over consent issues Britain's data privacy watchdog has slapped a fine of 90k ($120k) on a business that targeted people with intrusive marketing phone calls, despite them being registered with the official "Do Not Call" opt-out service.

Published: 2025-04-25T09:29:05



The Register - Security

Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry

Because coding phishing sites from scratch is a real pain in the neck Darcula, a cybercrime outfit that offers a phishing-as-a-service kit to other criminals, this week added AI capabilities to its kit that help would-be vampires spin up phishing sites in multiple languages more efficiently.

Published: 2025-04-25T06:18:14



The Register - Security

SSNs and more on 5.5M+ patients feared stolen from Yale Health

At least it wasn't Harvard Yale New Haven Health has notified more than 5.5 million people that their private details were likely stolen by miscreants who broke into the healthcare system's network last month.

Published: 2025-04-24T20:32:57



The Register - Security

Microsoft mystery folder fix might need a fix of its own

This one weird trick can stop Windows updates dead in their tracks Turns out Microsoft's latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now hijacked by a security researcher to break Windows updates.

Published: 2025-04-24T18:01:06



The Register - Security

Assassin's Creed maker faces GDPR complaint for forcing single-player gamers online

Collecting data from solo players is a Far Cry from being necessary, says noyb For anyone who's ever been frustrated by the need to go online to play a single-player video game, the European privacy specialists at noyb have heard you, and they've filed a complaint against Ubisoft in Austria dealing specifically with the issue.

Published: 2025-04-24T15:59:07



The Register - Security

M&S takes systems offline as 'cyber incident' lingers

Customers told to expect further delays as contactless payments still down UK high street retailer Marks & Spencer says contactless payments are still down following its "cyber incident" and order delays are likely to continue.

Published: 2025-04-24T10:18:42



The Register - Security

Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year

Cybercriminals are targeting software shops, accountants, lawyers The percentage of confirmed data breaches involving third-party relationships doubled last year as cybercriminals increasingly exploited weak links in supply chains and partner ecosystems.

Published: 2025-04-24T09:28:08



The Register - Security

Booby-trapped Alpine Quest Android app geolocates Russian soldiers

Back of the nyet! Russian soldiers are being targeted with an Android app specially altered to pinpoint their location and scan their phones for files, with the ability to exfiltrate sensitive documents if instructed.

Published: 2025-04-24T07:24:15



The Register - Security

Ransomware scum and other crims bilked victims out of a 'staggering' $16.6B last year, says FBI

Biggest threat to America's critical infrastructure? Ransomware Digital scammers and extortionists bilked businesses and individuals in the US out of a "staggering" $16.6 billion last year, according to the FBI the highest losses recorded since bureau's Internet Crime Complaint Center (IC3) started tracking them 25 years ago.

Published: 2025-04-24T00:51:47



The Register - Security

Blue Shield says it shared health info on up to 4.7M patients with Google Ads

Tech giants don't need smartphone mics to target adverts your insurer just gives your data away, anyway US health insurance giant Blue Shield of California handed sensitive health information belonging to as many as 4.7 million members to Google's advertising empire, likely without these individuals' knowledge or consent.

Published: 2025-04-23T22:18:35



The Register - Security

Ripple NPM supply chain attack hunts for private keys

A mystery thief and a critical CVE involved in crypto cash grab Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency.

Published: 2025-04-23T18:28:06



The Register - Security

We re calling it now: Agentic AI will win RSAC buzzword Bingo

All aboard the hype train The security industry loves its buzzwords, and this is always on full display at the annual RSA Conference event in San Francisco. Don't believe us? Take a lap on the expo floor, and you'll be bombarded with enough acronyms and over-the-top claims to send you straight to the nearest bar, which will likely serve specialty cocktails with names like The Great CASB and Firewall Fizz.

Published: 2025-04-23T17:41:00



The Register - Security

Who needs phishing when your login's already in the wild?

Stolen credentials edge out email tricks for cloud break-ins because they're so easy to get Criminals used stolen credentials more frequently than email phishing to gain access into their victims' IT systems last year, marking the first time that compromised login details claimed the number two spot in Mandiant's list of most common initial infection vectors.

Published: 2025-04-23T13:00:07



The Register - Security

Ex-NSA chief warns AI devs: Don't repeat infosec's early-day screwups

Bake in security now or pay later, says Mike Rogers AI engineers should take a lesson from the early days of cybersecurity and bake safety and security into their models during development, rather than trying to bolt it on after the fact, according to former NSA boss Mike Rogers.

Published: 2025-04-23T10:34:14



The Register - Security

America's cyber defenses are being dismantled from the inside

The CVE system nearly dying shows that someone has lost the plot Opinion We almost lost the Common Vulnerabilities and Exposures (CVE) database system, but that's only the tip of the iceberg of what President Trump and company are doing to US cybersecurity efforts.

Published: 2025-04-23T08:27:06



The Register - Security

RIP, Google Privacy Sandbox

Chrome will keep third-party cookies, a win for web giant's ad rivals After six years of work, Google's Privacy Sandbox, technology for delivering ads while protecting privacy, looks like dust in the wind.

Published: 2025-04-22T20:20:21



The Register - Security

Two CISA officials jump ship, both proud of pushing for Secure by Design software

As cyber-agency faces cuts, makes noises about switching up program Two top officials have resigned from Uncle Sam's Cybersecurity and Infrastructure Security Agency, aka CISA, furthering fears of a brain drain amid White House cuts to the federal workforce.

Published: 2025-04-22T19:30:56



The Register - Security

Fog ransomware channels Musk with demands for work recaps or a trillion bucks

In effect: 'Ha ha the government is borked and so are you' Ransomware scumbags - potentially those behind the Fog gang - are channeling their inner Elon Musk with their latest ransom note, spotted by researchers at Trend Micro.

Published: 2025-04-22T18:02:13



The Register - Security

A pot of $250K is now available to ransomware researchers, but it feeds a commercial product

Security bods can earn up to $10K per report Ransomware threat hunters can now collect rewards of $10,000 for each piece of intel they file under a new bug bounty that aims to squash extortionists.

Published: 2025-04-22T17:08:09



The Register - Security

This is not just any 'cyber incident' this is an M&S 'cyber incident'

Retailer tight-lipped on details as digital hiccup disrupts customer orders UK high street mainstay Marks & Spencer told the London Stock Exchange this afternoon it has been managing a "cyber incident" for "the past few days."

Published: 2025-04-22T16:07:09



The Register - Security

UN says Asian scam call center epidemic expanding globally amid political heat

What used to be a serious issue mainly in Southeast Asia is now the world's problem Scam call centers are metastasizing worldwide "like a cancer," according to the United Nations, which warns the epidemic has reached a global inflection point as syndicates scale up and spread out.

Published: 2025-04-22T15:15:11



The Register - Security

Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps

10 other certificates 'were mis-issued and have now been revoked' Certificate issuer SSL.com's domain validation system had an unfortunate bug that was exploited by miscreants to obtain, without authorization, digital certs for legit websites.

Published: 2025-04-22T02:23:39



The Register - Security

Today's LLMs craft exploits from patches at lightning speed

Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours The time from vulnerability disclosure to proof-of-concept (PoC) exploit code can now be as short as a few hours, thanks to generative AI models.

Published: 2025-04-21T20:31:26



The Register - Security

Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days

It's now hitting govt, enterprise targets On March 11 - Patch Tuesday - Microsoft rolled out its usual buffet of bug fixes. Just eight days later, miscreants had weaponized one of the vulnerabilities, using it against government and private sector targets in Poland and Romania.

Published: 2025-04-21T17:43:10



The Register - Security

Hacking US crosswalks to talk like Zuck is as easy as 1234

AI-spoofed Mark joins fellow billionaires as the voice of the street here's how it was probably done Video Crosswalk buttons in various US cities were hijacked over the past week or so to rather than robotically tell people it's safe to walk or wait instead emit the AI-spoofed voices of Jeff Bezos, Elon Musk, and Mark Zuckerberg.

Published: 2025-04-19T13:03:11



The Register - Security

Dems fret over DOGE feeding sensitive data into random AI

Using LLMs to pick programs, people, contracts to cut is bad enough but doing it with Musk's Grok? Yikes Updated A group of 48 House Democrats is concerned that Elon Musk's cost-trimmers at DOGE are being careless in their use of AI to help figure out where to slash, creating security risks and giving the oligarch's artificial intelligence lab an inside track to train its models on government info.

Published: 2025-04-18T19:06:55



The Register - Security

Oracle hopes talk of cloud data theft dies off. CISA just resurrected it for Easter

Some in the infosec world definitely want to see Big Red crucified CISA the US government's Cybersecurity and Infrastructure Security Agency has issued an alert for those who missed Oracle grudgingly admitting some customer data was stolen from the database giant's public cloud infrastructure.

Published: 2025-04-18T16:28:12



The Register - Security

CVE fallout: The splintering of the standard vulnerability tracking system has begun

MITRE, EUVD, GCVE WTF? Comment The splintering of the global system for identifying and tracking security bugs in technology products has begun.

Published: 2025-04-18T09:54:07



The Register - Security

Krebs throws himself on the grenade, resigns from SentinelOne after Trump revokes clearances

Illegitimi non carborundum? Nice password, Mr Ex-CISA Chris Krebs, the former head of the US Cybersecurity and Infrastructure Security Agency (CISA) and a longtime Trump target, has resigned from SentinelOne following a recent executive order that targeted him and revoked the security clearances of everybody at the company.

Published: 2025-04-17T18:56:10



The Register - Security

Brit soldiers tune radio waves to fry drone swarms for pennies

Truck-mounted demonstration weapon costs 10p a pop, says MOD British soldiers have successfully taken down drones with a radio-wave weapon.

Published: 2025-04-17T10:45:14



The Register - Security

Whistleblower describes DOGE IT dept rampage at America's labor watchdog

Ignored infosec rules, exfiltrated data then the mysterious login attempts from a Russian IP address began claim Democratic lawmakers are calling for an investigation after a tech staffer at the US National Labor Relations Board (NLRB) blew the whistle on the cost-trimming DOGE's activities at the employment watchdog which the staffer claims included being granted superuser status in contravention of standard operating procedures, exfiltrating data, and seemingly leaking credentials to someone with a Russian IP address.

Published: 2025-04-17T02:46:12



The Register - Security

Free Blue Screens of Death for Windows 11 24H2 users

Microsoft rewards those who patch early with bricks hurled through its operating system Keeping with its rich history of updates that break Windows in unexpected ways, Microsoft has warned that two recent patches for Windows 11 24H2 are triggering blue screen crashes.

Published: 2025-04-16T21:16:10



The Register - Security

Signalgate chats vanish from CIA chief phone

Extraordinary rendition of data, or just dropped it out of a helicopter? CIA Director John Ratcliffe's smartphone has almost no trace left of the infamous Signalgate chat the one in which he and other top US national security officials discussed a secret upcoming military operation in a group Signal conversation a journalist was inadvertently added to.

Published: 2025-04-16T20:58:16



The Register - Security

Identifying the cyber risks that matter

From noise to clarity: Why CISOs are shifting to adversarial exposure validation Partner content A vast majority of security teams are overwhelmed by the large number of security alerts and vulnerabilities.

Published: 2025-04-16T19:01:09



The Register - Security

CVE program gets last-minute funding from CISA and maybe a new home

Uncertainty is the new certainty In an 11th-hour reprieve, the US government last night agreed to continue funding the globally used Common Vulnerabilities and Exposures (CVE) program.

Published: 2025-04-16T16:54:25



The Register - Security

Law firm 'didn't think' data theft was a breach, says ICO. Now it's nursing a 60K fine

DPP Law is appealing against data watchdog's conclusions A law firm is appealing against a 60,000 fine from the UK's data watchdog after 32 GB of personal information was stolen from its systems.

Published: 2025-04-16T14:45:07



The Register - Security

Russians lure European diplomats into malware trap with wine-tasting invite

Vintage phishing varietal has improved with age Russia never stops using proven tactics, and its Cozy Bear, aka APT 29, cyber-spies are once again trying to lure European diplomats into downloading malware with a phony invitation to a lux event.

Published: 2025-04-16T12:29:09



The Register - Security

Guess what happens when ransomware fiends find 'insurance' 'policy' in your files

It involves a number close to three or six depending on the pickle you're in Ransomware operators jack up their ransom demands by a factor of 2.8x if they detect a victim has cyber-insurance, a study highlighted by the Netherlands government has confirmed.

Published: 2025-04-16T06:25:12



The Register - Security

Uncle Sam kills funding for CVE program. Yes, that CVE program

Because vulnerability management has nothing to do with national security, right? Updated US government funding for the world's CVE program the centralized Common Vulnerabilities and Exposures database of product security flaws ends Wednesday.

Published: 2025-04-16T00:00:47



The Register - Security

Now 1.6M people had SSNs, life chapter and verse stolen from insurance IT biz

800K? Make that double, and we'll need a double, too, for the pain A Texas firm that provides backend IT and other services for American insurers has admitted twice as many people had their info stolen from it than previously disclosed.

Published: 2025-04-15T20:43:14



The Register - Security

4chan, the 'internet's litter box,' appears to have been pillaged by rival forum

Source code, moderator info, IP addresses, more allegedly swiped and leaked Thousands of 4chan users reported outages Monday night amid rumors on social media that the edgy anonymous imageboard had been ransacked by an intruder, with someone on a rival forum claiming to have leaked its source code, moderator identities, and users' IP addresses.

Published: 2025-04-15T18:56:37



The Register - Security

China names alleged US snoops over Asian Winter Games attacks

Beijing claims NSA went for gold in offensive cyber, got caught in the act China's state-run press has taken its turn in trying to highlight alleged foreign cyber offensives, accusing the US National Security Agency of targeting the 2025 Asian Winter Games.

Published: 2025-04-15T18:02:13



The Register - Security

All right, you can have one: DOGE access to Treasury IT OK'd judge

Login green-lit for lone staffer if he's trained, papered up, won't pull an Elez A federal judge has partly lifted an injunction against Elon Musk's Trump-blessed cost-trimming DOGE unit, allowing one staff member to access sensitive US Treasury payment systems. This access includes personally identifiable financial information tied to millions of Americans.

Published: 2025-04-15T17:41:38



The Register - Security

Chinese snoops use stealth RAT to backdoor US orgs still active last week

Let the espionage and access resale campaigns begin (again) A cyberspy crew or individual with ties to China's Ministry of State Security has infected global organizations with a remote access trojan (RAT) that's "even better" than Cobalt Strike, using this stealthy backdoor to enable its espionage and access resale campaigns.

Published: 2025-04-15T14:00:15



Security Latest

Protecting Your Phone and Your Privacy at the US Border

In this episode of Uncanny Valley, our hosts explain how to prepare for travel to and from the United States and how to stay safe.

Published: 2025-04-24T21:28:33



Security Latest

Gmail’s New Encrypted Messages Feature Opens a Door for Scams

Google is rolling out an end-to-end encrypted email feature for business customers, but it could spawn phishing attacks, particularly in non-Gmail inboxes.

Published: 2025-04-24T16:00:00



Security Latest

The Tech That Safeguards the Conclave’s Secrecy

Following the death of Pope Francis, the Vatican is preparing to organize a new conclave in less than 20 days. This is how they’ll tamp down on leaks.

Published: 2025-04-23T06:00:00



Security Latest

How to Protect Yourself From Phone Searches at the US Border

Customs and Border Protection has broad authority to search travelers’ devices when they cross into the United States. Here’s what you can do to protect your digital life while at the US border.

Published: 2025-04-21T10:30:00



Security Latest

Florida Man Enters the Encryption Wars

Plus: A US judge rules against police cell phone “tower dumps,” China names alleged NSA agents it says were involved in cyberattacks, and Customs and Border Protection reveals its social media spying tools.

Published: 2025-04-19T09:30:00



Security Latest

ICE Is Paying Palantir $30 Million to Build ‘ImmigrationOS’ Surveillance Platform

In a document published Thursday, ICE explained the functions that it expects Palantir to include in a prototype of a new program to give the agency “near real-time” data about people self-deporting.

Published: 2025-04-18T15:13:45



Security Latest

New Jersey Sues Discord for Allegedly Failing to Protect Children

The New Jersey attorney general claims Discord’s features to keep children under 13 safe from sexual predators and harmful content are inadequate.

Published: 2025-04-17T15:00:00



Security Latest

This ‘College Protester’ Isn’t Real. It’s an AI-Powered Undercover Bot for Cops

Massive Blue is helping cops deploy AI-powered social media bots to talk to people they suspect are anything from violent sex criminals all the way to vaguely defined “protesters.”

Published: 2025-04-17T10:30:00



Security Latest

‘Stupid and Dangerous’: CISA Funding Chaos Threatens Essential Cybersecurity Program

The CVE Program is the primary way software vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it.

Published: 2025-04-16T20:10:04



Security Latest

Here’s What Happened to Those SignalGate Messages

A lawsuit over the Trump administration’s infamous Houthi Signal group chat has revealed what steps departments took to preserve the messages and how little they actually saved.

Published: 2025-04-15T21:27:40



Security Latest

Suspected 4chan Hack Could Expose Longtime, Anonymous Admins

Though the exact details of the situation have not been confirmed, community infighting seems to have spilled out in a breach of the notorious image board.

Published: 2025-04-15T19:14:57



Security Latest

Microsoft’s Recall AI Tool Is Making an Unwelcome Return

Microsoft held off on releasing the privacy-unfriendly feature after a swell of pushback last year. Now it’s trying again, with a few improvements that skeptics say still aren't enough.

Published: 2025-04-14T20:35:28



Security Latest

The Most Dangerous Hackers You’ve Never Heard Of

From crypto kingpins to sophisticated scammers, these are the lesser-known hacking groups that should be on your radar.

Published: 2025-04-14T10:00:00



Security Latest

TraderTraitor: The Kings of the Crypto Heist

Allegedly responsible for the theft of $1.5 billion in cryptocurrency from a single exchange, North Korea’s TraderTraitor is one of the most sophisticated cybercrime groups in the world.

Published: 2025-04-14T10:00:00



Security Latest

Gamaredon: The Turncoat Spies Relentlessly Hacking Ukraine

For the past decade, this group of FSB hackers including “traitor” Ukrainian intelligence officers has used a grinding barrage of intrusion campaigns to make life hell for their former countrymen and cybersecurity defenders.

Published: 2025-04-14T10:00:00



Security Latest

Smishing Triad: The Scam Group Stealing the World’s Riches

Millions of scam text messages are sent every month. The Chinese cybercriminals behind many of them are expanding their operations and quickly innovating.

Published: 2025-04-14T10:00:00



Security Latest

CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide

Despite their hacktivist front, CyberAv3ngers is a rare state-sponsored hacker group bent on putting industrial infrastructure at risk and has already caused global disruption.

Published: 2025-04-14T10:00:00



Security Latest

Brass Typhoon: The Chinese Hacking Group Lurking in the Shadows

Though less well-known than groups like Volt Typhoon and Salt Typhoon, Brass Typhoon, or APT 41, is an infamous, longtime espionage actor that foreshadowed recent telecom hacks.

Published: 2025-04-14T10:00:00



Security Latest

Black Basta: The Fallen Ransomware Gang That Lives On

After a series of setbacks, the notorious Black Basta ransomware gang went underground. Researchers are bracing for its probable return in a new form.

Published: 2025-04-14T10:00:00



Security Latest

Homeland Security Email Tells a US Citizen to ‘Immediately’ Self-Deport

An email sent by the Department of Homeland Security instructs people in the US on a temporary legal status to leave the country. But who the email actually applies to and who actually received it is far from clear.

Published: 2025-04-13T01:35:06



The Hacker News

North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures

North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. "In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co) to spread

Published: 2025-04-25T19:35:00



The Hacker News

New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution.  "The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue," ReliaQuest said in a report published this week. The cybersecurity

Published: 2025-04-25T16:11:00



The Hacker News

Why NHIs Are Security's Most Dangerous Blind Spot

When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of Non-Human Identities (NHIs).  At the top of mind when NHIs are mentioned, most security teams immediately think of Service Accounts.

Published: 2025-04-25T16:00:00



The Hacker News

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions. The vulnerabilities, flagged by cybersecurity vendor OPSWAT, are listed below - CVE-2025-27610 (CVSS score: 7.5) - A path traversal

Published: 2025-04-25T14:27:00



The Hacker News

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS). The malware, along with a web shell, were "installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks against organizations in Japan around December 2024," JPCERT/CC researcher Yuma

Published: 2025-04-25T14:13:00



The Hacker News

Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware

At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea's software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in

Published: 2025-04-24T19:41:00



The Hacker News

Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools

Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring. This causes a "major blind spot in Linux runtime security tools," ARMO said. "This mechanism allows a user application to perform various actions without using system calls," the company said in

Published: 2025-04-24T18:28:00



The Hacker News

Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign

The Evolving Healthcare Cybersecurity Landscape  Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted and the convergence of IT and medical systems creating an expanded attack surface, traditional security approaches are proving inadequate. According to recent statistics, the healthcare sector

Published: 2025-04-24T18:26:00



The Hacker News

159 CVEs Exploited in Q1 2025 28.3% Within 24 Hours of Disclosure

As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. "We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure," VulnCheck said in a report shared with The Hacker News. This translates to 45 security flaws that have been weaponized

Published: 2025-04-24T18:25:00



The Hacker News

Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals

The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. "This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes," Netcraft said in a fresh report shared with The Hacker News.

Published: 2025-04-24T16:57:00



The Hacker News

Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely

A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028, carries a CVSS score of 9.0 out of a maximum of 10.0. "A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute arbitrary code without

Published: 2025-04-24T15:30:00



The Hacker News

WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads

WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation in traditional chats and groups. "This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp said in a statement. The optional feature

Published: 2025-04-24T09:33:00



The Hacker News

DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack

Multiple threat activity clusters with ties to North Korea (aka Democratic People's Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. "The focus on Web3 and cryptocurrency appears to be primarily financially motivated due to the heavy sanctions that have been placed on North Korea," Google-owned Mandiant said in

Published: 2025-04-23T22:39:00



The Hacker News

Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign

The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering campaign aimed at Israel in October 2024. Google-owned Mandiant described UNC2428 as a threat actor aligned with Iran that engages in cyber espionage-related operations. The intrusion set is said to have distributed the malware through a "complex

Published: 2025-04-23T18:38:00



The Hacker News

Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices

Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software. "The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it in various ways, including through one of the Russian Android app catalogs," Doctor Web said in an

Published: 2025-04-23T17:52:00



The Hacker News

Three Reasons Why the Browser is Best for Stopping Phishing Attacks

Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before.  Attackers are increasingly leveraging identity-based techniques over software exploits, with phishing and stolen credentials (a byproduct of phishing) now the primary

Published: 2025-04-23T16:30:00



The Hacker News

Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp

Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly targeted social engineering operations, per Volexity, are a shift from previously documented attacks that leveraged a technique known as device code

Published: 2025-04-23T16:19:00



The Hacker News

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users' private keys. The malicious activity has been found to affect five different versions of the package: 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The issue has been addressed in versions 4.2.5 and 2.14.3.

Published: 2025-04-23T12:47:00



The Hacker News

Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito

Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. "We've made the decision to maintain our current approach to offering users third-party cookie choice in Chrome, and will not be rolling out a new standalone prompt for third-party cookies," Anthony Chavez, vice president of Privacy

Published: 2025-04-23T10:49:00



The Hacker News

Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals

Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy miners like XMRig to illicitly profit off the compute resources. This involves deploying a malware strain

Published: 2025-04-22T22:16:00



The Hacker News

GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages

Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that's based on Apache Airflow. "This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their access to the default Cloud Build service account, which

Published: 2025-04-22T19:36:00



The Hacker News

5 Major Concerns With Employees Using The Browser

As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for more than 70% of modern malware attacks. Keep Aware’s recent State of Browser Security report highlights major concerns security leaders face with employees using the web browser for most of their work.

Published: 2025-04-22T16:30:00



The Hacker News

Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials

In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and redirect message recipients to fraudulent sites that harvest their credentials. "The first thing to note is that this is a valid, signed email it really was sent from no-reply@google.com," Nick Johnson

Published: 2025-04-22T16:20:00



The Hacker News

Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach

Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it's also in the process of migrating the Entra ID signing service as well. The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and United States government clouds to

Published: 2025-04-22T13:08:00



The Hacker News

Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware

The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025. "Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company," the Symantec Threat Hunter Team said in a new report

Published: 2025-04-22T09:59:00



The Hacker News

Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan

Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC). "In some systems, initial access was gained through

Published: 2025-04-21T22:12:00



The Hacker News

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to

Published: 2025-04-21T20:43:00



The Hacker News

5 Reasons Device Management Isn't Device Trust

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we’ll focus on the device threat vector. The risk they pose is significant, which is why device

Published: 2025-04-21T16:55:00



The Hacker News

THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More

Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps like a misconfigured pipeline, a trusted browser feature,

Published: 2025-04-21T15:40:00



The Hacker News

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week.  "Net

Published: 2025-04-21T12:31:00



The Hacker News

APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures

The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool

Published: 2025-04-20T10:28:00



The Hacker News

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - node-telegram-utils (132 downloads) node-telegram-bots-api (82 downloads) node-telegram-util (73 downloads) According to supply chain

Published: 2025-04-19T20:41:00



The Hacker News

ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware

ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0. "An improper authentication control vulnerability exists in certain ASUS router firmware series,"

Published: 2025-04-19T14:22:00



The Hacker News

Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States

Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim Khodjibaev, Chetan

Published: 2025-04-18T20:45:00



The Hacker News

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical write-up of the campaign. The

Published: 2025-04-18T17:33:00



The Hacker News

[Webinar] AI Is Already Inside Your SaaS Stack Learn How to Prevent the Next Silent Breach

Your employees didn’t mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal until it is. If this sounds familiar, you're not alone. Most security teams are already behind in detecting how AI tools are quietly reshaping their SaaS environments. And

Published: 2025-04-18T15:15:00



The Hacker News

Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence," Cisco Talos researcher Joey Chen said in a Thursday analysis. 

Published: 2025-04-18T12:40:00



The Hacker News

CVE-2025-24054 Under Active Attack Steals NTLM Credentials on File Download

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure

Published: 2025-04-18T09:59:00



The Hacker News

Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates

The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement

Published: 2025-04-17T20:52:00



The Hacker News

State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns

Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater),

Published: 2025-04-17T17:02:00



The Hacker News

Artificial Intelligence What's all the fuss?

Talking about AI: Definitions Artificial Intelligence (AI) AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing various technologies and methodologies, including Machine Learning (ML) and Deep Learning. Machine

Published: 2025-04-17T16:56:00



The Hacker News

Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution

A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0. "The vulnerability allows an attacker with network access to an Erlang/OTP SSH server

Published: 2025-04-17T16:02:00



The Hacker News

Blockchain Offers Security Benefits But Don't Neglect Your Passwords

Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords? How blockchain works  Blockchain is a secure way to maintain, encrypt, and exchange digital records of transactions.

Published: 2025-04-17T16:00:00



The Hacker News

Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing a rogue installer from fraudulent websites that masquerade as legitimate software like Binance or

Published: 2025-04-17T14:27:00



The Hacker News

CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection

Published: 2025-04-17T11:14:00



The Hacker News

Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks

Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-31200 (CVSS score: 7.5) - A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio

Published: 2025-04-17T09:03:00



The Hacker News

New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs

Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered in a binary named "schtasks.exe," which enables an administrator to create, delete, query, change,

Published: 2025-04-16T21:48:00



The Hacker News

Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024

Google on Wednesday revealed that it suspended over 39.2 million advertiser accounts in 2024, with a majority of them identified and blocked by its systems before it could serve harmful ads to users. In all, the tech giant said it stopped 5.1 billion bad ads, restricted 9.1 billion ads, and blocked or restricted ads on 1.3 billion pages last year. It also suspended over 5 million accounts for

Published: 2025-04-16T18:18:00



The Hacker News

Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins

Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to spoofed Microsoft login pages. "Attackers weaponize Gamma, a relatively new AI-based presentation tool, to deliver a link to a fraudulent Microsoft SharePoint login portal," Abnormal Security researchers Callie Hinman Baron and Piotr Wojtyla

Published: 2025-04-16T17:14:00



The Hacker News

From Third-Party Vendors to U.S. Tariffs: The New Cyber Risks Facing Supply Chains

Introduction Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these interconnected systems to launch attacks. By first infiltrating a third-party vendor with undetected

Published: 2025-04-16T16:56:00



Security Affairs

JPCERT warns of DslogdRAT malware deployed in Ivanti Connect Secure

Researchers identified a new malware, named DslogdRAT, deployed after exploiting a now-patched flaw in Ivanti Connect Secure (ICS). JPCERT/CC researchers reported that a new malware, dubbed DslogdRAT, and a web shell were deployed by exploiting a zero-day vulnerability during attacks on Japanese organizations in December 2024. The vulnerability, tracked as CVE-2025-0282 (CVSS score: 9.0), is a […]

Published: 2025-04-25T17:56:11



Security Affairs

SAP NetWeaver zero-day allegedly exploited by an initial access broker

A zero-day in SAP NetWeaver is potentially being exploited, putting thousands of internet-facing applications at risk. Researchers warn that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is potentially being exploited. Thousands of internet-facing applications are potentially at risk. The flaw in SAP NetWeaver Visual Composer Metadata Uploader stems from a lack […]

Published: 2025-04-25T15:48:27



Security Affairs

Operation SyncHole: Lazarus APT targets supply chains in South Korea

The North Korea-linked Lazarus Group targeted at least six firms in South Korea in a cyber espionage campaign called Operation SyncHole. Kaspersky researchers reported that the North Korea-linked APT group Lazarus targeted at least six firms in South Korea in a cyber espionage campaign tracked as Operation SyncHole. The campaign has been active since at […]

Published: 2025-04-25T10:49:11



Security Affairs

Interlock ransomware gang started leaking data allegedly stolen from leading kidney dialysis firm DaVita

The Interlock ransomware gang claimed responsibility for the attack on the leading kidney dialysis company DaVita and leaked alleged stolen data. DaVita Inc. provides kidney dialysis services through a network of 2,675 outpatient centers in the United States, serving 200,800 patients, and 367 outpatient centers in 11 other countries, serving 49,400 patients. DaVita specializes in treating end-stage renal […]

Published: 2025-04-25T07:13:10



Security Affairs

Yale New Haven Health (YNHHS) data breach impacted 5.5 million patients

Yale New Haven Health (YNHHS) announced that threat actors stole the personal data of 5.5 million patients in a cyberattack. Yale New Haven Health (YNHHS) disclosed a data breach that exposed personal information of 5.5 million patients following a cyberattack that occurred earlier this month. Yale New Haven Health System (YNHHS) is a nonprofit healthcare […]

Published: 2025-04-24T17:41:19



Security Affairs

Crooks exploit the death of Pope Francis

Crooks exploit the death of Pope Francis, using public curiosity and emotion to launch scams and spread malware, an old tactic during global events. After Pope Francis’ death, cybercriminals launched scams and malware attacks, exploiting public curiosity, grief, and confusion. Cybercriminals are ready to exploit any event of global interest, it has already happened in […]

Published: 2025-04-24T12:11:58



Security Affairs

WhatsApp introduces Advanced Chat Privacy to protect sensitive communications

WhatsApp adds Advanced Chat Privacy feature that allows users to block others from sharing chat content outside the app. WhatsApp announced the availability of a new feature called “Advanced Chat Privacy” for both individual and group chats that enhances content protection. The feature blocks chat exports, auto-media downloads, and the use of messages in AI […]

Published: 2025-04-24T10:22:00



Security Affairs

Android spyware hidden in mapping software targets Russian soldiers

A new Android spyware was discovered in a fake Alpine Quest app, reportedly used by Russian soldiers for war zone planning. Doctor Web researchers uncovered a new spyware, tracked as Android.Spy.1292.origin, targeting Russian military personnel. The malicious code was hidden in a trojanized Alpine Quest app and spread via Russian Android catalogs. The malware steals […]

Published: 2025-04-24T05:28:53



Security Affairs

Crypto mining campaign targets Docker environments with new evasion technique

New malware campaign targets Docker environments using unknown methods to secretly mine cryptocurrency, researchers warn. Researchers from Darktrace and Cado Security have spotted a malware campaign that targets Docker environments with a novel technique to mine cryptocurrency. The malware campaign targets Docker environments to deploy a malicious node connected to Teneo, a decentralized infrastructure network. […]

Published: 2025-04-23T18:15:48



Security Affairs

The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack

The xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack aimed at stealing users’ private keys. Threat actors compromised the Ripple cryptocurrency npm JavaScript library xrpl.js to harvest users’ private keys. xrpl.js is the recommended library for integrating a JavaScript/TypeScript app with the XRP, it has more than 140.000 weekly downloads. Hundreds of thousands of […]

Published: 2025-04-23T09:39:10








© Segmentation Fault . All rights reserved.

Privacy | Terms of Use | Contact Us