A safe and proper rewrite should take years not months. The so-called Department of Government Efficiency (DOGE) is starting to put together a team to migrate the Social Security Administration’s (SSA) computer
Published: 2025-03-29T14:08:49
Alleged breaches affect Oracle Cloud and Oracle Health. Oracle isn’t commenting on recent reports that it has experienced two separate data breaches that have exposed sensitive personal information belonging to
Published: 2025-03-28T19:41:14
Hacking LLMs has always been more art than science. A new attack on Gemini could change that. In the growing canon of AI security, the indirect prompt injection has emerged as the most powerful means for attacke
Published: 2025-03-28T11:00:58
Miscreants warming to Delphi, Haskell, and the like to evade detection Malware authors looking to evade analysis are turning to less popular programming languages like Delphi or Haskell.
Published: 2025-03-29T10:50:05
Similar issue in Windows 11 resolved as of Wednesday Microsoft is warning that a faulty patch pushed out in February is causing Windows Server 2025 Remote Desktop sessions to freeze under certain circumstances.
Published: 2025-03-28T11:37:06
MORSE to pay -- .. .-.. .-.. .. --- -. ... for failing to meet cyber-grade A US defense contractor will cough up $4.6 million to settle complaints it failed to meet cybersecurity requirements on military contracts and knowingly submitted false claims
Published: 2025-03-26T20:07:11
Now the only nonsense printed out will come from the user Months after releasing a patch that left some printers spouting gibberish, Microsoft is issuing another update to deal with it.
Published: 2025-03-26T14:45:13
Last week, National Security Advisor Michael Waltz inadvertently invited a journalist to a Signal chat discussing a planned military strike. Today, a new Washington Post report says that he has also discussed sensitive military positions and powerful weapons systems relating to an ongoing conflict, using his personal Gmail account. Waltz, along with other members of […] 
Last week, National Security Advisor Michael Waltz inadvertently invited a journalist to a Signal chat discussing a planned military strike. Today, a new Washington Post report says that he has also discussed “sensitive military positions and power...
Published: 2025-04-01T18:59:13
Google is updating Gmail to allow enterprise users to send encrypted messages to any inbox in just a few clicks. Google says it's developed a new encryption model that, unlike the current encryption feature on Gmail, doesn t require senders or recipients to use custom software or exchange encryption certificates. The feature is rolling out in […] 
Google is updating Gmail to allow enterprise users to send encrypted messages to any inbox in just a few clicks. Google says it’s developed a new encryption model that, unlike the current encryption feature on Gmail, doesn’t require senders or reci...
Published: 2025-04-01T09:00:00
A concert on Monday night at New York's Radio City Music Hall was a special occasion for Frank Miller: his parents wedding anniversary. He didn t end up seeing the show and before he could even get past security, he was informed that he was in fac
Published: 2025-03-28T13:10:41
Vivaldi and Proton have teamed up to make it easier for Vivaldi browser users to privately explore the web without downloading a virtual private network (VPN). Starting today, the free version of Proton VPN is now integrated directly into Vivaldi's browser, and can be accessed by logging into a Vivaldi account. The feature is currently […] 
Vivaldi and Proton have teamed up to make it easier for Vivaldi browser users to privately explore the web without downloading a virtual private network (VPN). Starting today, the free version of Proton VPN is now integrated directly into Vivaldi’s...
Published: 2025-03-27T06:44:51
On March 24th, The Atlantic's editor-in-chief Jeffrey Goldberg published a damning story about being added to the Houthi PC Small Group on Signal by Trump's national security adviser Mike Waltz. In it, he described inadvertently becoming privy to h
Published: 2025-03-26T10:58:12
Getting added to the wrong group chat is a common problem, but what if that group chat is describing an upcoming military strike? That's what happened to The Atlantic editor-in-chief Jeffrey Goldberg, who was added to a Signal group chat formed by hi
Published: 2025-03-24T17:45:00
Connor Moucka, accused of stealing large amounts of customer data from companies that used Snowflake's cloud storage services, has agreed to be extradited to the US to face charges, Cyberscoop reports. Around 165 companies were affected by the Snowflake breaches, including AT&T and Ticketmaster. Alexander Connor Moucka, who was arrested in Canada on October 30th […] 
Connor Moucka, accused of stealing large amounts of customer data from companies that used Snowflake’s cloud storage services, has agreed to be extradited to the US to face charges, Cyberscoop reports. Around 165 companies were affected by the Snow...
Published: 2025-03-24T17:39:05
Google is taking down 10,000 fake business listings from Google Maps and suing a network of scammers who set them up, CBS News reports. The company's lawsuit alleges that a man connected to a broader scam network created fake business profiles on Google Maps and sold them for profit. Google was tipped off by a […] 
Google is taking down 10,000 fake business listings from Google Maps and suing a network of scammers who set them up, CBS News reports. The company’s lawsuit alleges that a man connected to a broader scam network created fake business profiles on G...
Published: 2025-03-20T17:32:57
The European Union’s Digital Markets Act (DMA) has come into force, and it’s meant that some of the world’s biggest tech companies are having to make major changes to how they operate. The law, which is designed to increase competition in the EU’s digital markets, designates some large online companies and their services as “gatekeepers.” […] 
The European Union’s Digital Markets Act (DMA) has come into force, and it’s meant that some of the world’s biggest tech companies are having to make major changes to how they operate. The law, which is designed to increase compet...
Published: 2025-03-19T12:15:59
Google’s latest acquisition is its most expensive yet — and perhaps its riskiest, too. On Tuesday, the search giant announced that it acquired the cloud security startup Wiz for $32 billion. It’s a major bet that Wiz can help beef up Google’s cloud business, which makes far less money than the offerings built by its […] 
Google’s latest acquisition is its most expensive yet — and perhaps its riskiest, too. On Tuesday, the search giant announced that it acquired the cloud security startup Wiz for $32 billion. It’...
Published: 2025-03-19T09:00:00
A RAR file, a fake summons, and a Nietzsche quote all part of a multi-stage malware chain delivering DCRat & Rhadamanthys. Acronis TRU breaks down how attackers use VBS, batch, and PowerShell scripts to slip past defenses. [...]
Published: 2025-04-01T13:30:00
Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. [...]
Published: 2025-04-01T09:35:33
Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. [...]
Published: 2025-04-01T08:46:21
A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). [...]
Published: 2025-03-31T14:49:00
Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. [...]
Published: 2025-03-31T13:06:04
The US Air Force has announced that it will go ahead with the production of the F-47 Next Generation Air Dominance (NGAD) fighter. Expected to enter service by the end of the decade, it will replace the F-22 Raptor as America's air supremacy fighter....
Published: 2025-03-24T00:21:08
Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you ... 
Published: 2025-03-27T16:39:49
Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets b... 
Published: 2025-03-21T19:12:04
Copilot told us that half a century is 25 years. It feels much longer Microsoft will officially hit the half-century mark on Friday as the Windows giant turns 50 years old. What do you consider the highs and lows of the company's journey to dominance?
Published: 2025-04-01T15:32:08
The UK government must be thrilled Google will soon offer end-to-end encrypted (E2EE) email for all users, even those who do not use Google Workspace, and says it'll do so without imposing any undue stress on IT admins.
Published: 2025-04-01T13:00:13
Tech secretary reveals landmark legislation's full details for first time The UK's technology secretary revealed the full breadth of the government's Cyber Security and Resilience (CSR) Bill for the first time this morning, pledging 100,000 ($129,000) daily fines for failing to act against specific threats under consideration.
Published: 2025-04-01T11:37:23
Not exactly Snowden levels of skill A student at Britain's top eavesdropping government agency has pleaded guilty to taking sensitive information home on the first day of his trial.
Published: 2025-04-01T08:51:54
Resurge an apt name for malware targeting hardware maker that has security bug after security bug Owners of Ivanti's Connect Secure, Policy Secure, and ZTA Gateway products have a new strain of malware to fend off, according to the US Cybersecurity and Infrastructure Security Agency, aka CISA.
Published: 2025-04-01T01:09:08
Indiana Uni rm -rf online profiles while agents haul boxes of evidence A tenured computer security professor at Indiana University and his university-employed wife have not been seen publicly since federal agents raided their homes late last week.
Published: 2025-03-31T23:16:39
1990s incident response in 2025 Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly it may be scrubbing the web of evidence, too.
Published: 2025-03-31T21:30:00
Explanation leaves a 'lot of questions unanswered,' says infosec researcher A digital burglar is claiming to have nabbed a trove of "highly sensitive" data from Check Point - something the American-Israeli security biz claims is a huge exaggeration.
Published: 2025-03-31T16:35:09
Think AWS has security covered? Think again. Discover real-world examples of what it doesn't secure and how to protect your environment Advertorial AWS customers might assume that security is taken care of for them - however, this is a dangerous misconception.
Published: 2025-03-31T10:00:09
PLUS: Indonesia crimps social media, allows iPhones; India claims rocket boost; In-flight GenAI for Japan Airlines Asia In Brief China last week commenced a crackdown on inappropriate collection and subsequent use of personal information.
Published: 2025-03-31T00:30:14
PLUS: OpenAI bumps bug bounties bigtime; INTERPOL arrests 300 alleged cyber-scammers; And more! Infosec in brief Oracle Health appears to have fallen victim to an info stealing attack that has led to patient data stored by American hospitals being plundered.
Published: 2025-03-30T22:45:12
Miscreants warming to Delphi, Haskell, and the like to evade detection Malware authors looking to evade analysis are turning to less popular programming languages like Delphi or Haskell.
Published: 2025-03-29T10:50:05
Department director admits Welsh capital's council still trying to get heads around threat of dark web leaks Cardiff City Council's director of children's services says data was leaked or stolen from the organization, although she did not clarify how or what was pilfered.
Published: 2025-03-28T12:28:14
Single click on a phishing link in Google browser blew up sandbox on Windows Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability, seemingly used by snoops to target certain folks in Russia.
Published: 2025-03-28T06:34:11
WOW! DID! SOMEONE! REALLY! STEAL! DATA! ON! 400K! USERS?! A cyber-crime ring calling itself Arkana has made a cringe music video to boast of an alleged theft of subscriber account data from Colorado-based cableco WideOpenWest (literally, WOW!)
Published: 2025-03-28T01:17:11
Crew also cooked up two fresh SparrowDoor backdoor variants, says ESET The China-aligned FamousSparrow crew has resurfaced after a long period of presumed inactivity, compromising a US financial-sector trade group and a Mexican research institute. The gang also likely targeted a governmental institution in Honduras, along with other yet-to-be-identified victims.
Published: 2025-03-27T22:06:58
Researchers say 'proactive' approach is needed to combat global cybercrime Here's one you don't see every day: A cybersecurity vendor is admitting to breaking into a notorious ransomware crew's infrastructure and gathering data it relayed to national agencies to help victims.
Published: 2025-03-27T16:32:09
Screenshot shows company head unhappy, claiming 'real CVE is pending' CrushFTP's CEO is not happy with VulnCheck after the CVE numbering authority (CNA) released an unofficial ID for the critical vulnerability in its file transfer tech disclosed almost a week ago.
Published: 2025-03-27T13:20:10
As if living in Croydon wasn't bad enough The Metropolitan Police has confirmed its first permanent installation of live facial recognition (LFR) cameras is coming this summer and the lucky location will be the South London suburb of Croydon.
Published: 2025-03-27T10:27:31
Data stolen included checklist for medics on how to get into vulnerable people's homes The UK's data protection watchdog is dishing out a 3.07 million ($3.95 million) fine to Advanced Computer Software Group, whose subsidiary's security failings led to a ransomware attack affecting NHS care.
Published: 2025-03-27T09:30:06
So F-18 launch times, weapons, drone support aren't classified now ... who knew? Updated The Atlantic's editor-in-chief who was inadvertently added to a Signal group in which the US Secretary of Defense, Vice President, and others discussed secret military plans has now publicly released the messages.
Published: 2025-03-26T21:16:32
MORSE to pay -- .. .-.. .-.. .. --- -. ... for failing to meet cyber-grade A US defense contractor will cough up $4.6 million to settle complaints it failed to meet cybersecurity requirements on military contracts and knowingly submitted false claims for payment.
Published: 2025-03-26T20:07:11
Victims' details at risk after criminals download 9,000 files from court database Australian police are currently investigating the theft of "sensitive" data from a New South Wales court system after they confirmed approximately 9,000 files were stolen.
Published: 2025-03-26T17:29:05
Bad news about the Linux system monitor may be on the way Updated Veteran sysadmin and tech blogger Rachel Kroll posted a cryptic warning yesterday about a popular Linux system monitoring tool. Maybe it's better to be safe than sorry.
Published: 2025-03-26T15:31:09
Who knew social media stars had a role to play in building national cyber resilience? The world's biggest brands have benefited from influencer marketing for years now the UK's National Cyber Security Centre (NCSC) has hopped on the bandwagon to preach two-factor authentication (2FA) to the masses.
Published: 2025-03-26T11:00:13
Customers come forward claiming info was swiped from prod Oracle Cloud's denial of a digital break-in is now in clear dispute. A infosec researcher working on validating claims that the cloud provider's login servers were compromised earlier this year says some customers have confirmed data allegedly stolen and leaked from the database giant is genuine.
Published: 2025-03-25T17:35:42
16,000 stolen records pertain to former and active mail subscribers Infosec veteran Troy Hunt of HaveIBeenPwned fame is notifying thousands of people after phishers scooped up his Mailchimp mailing list.
Published: 2025-03-25T12:28:08
Just an FYI, like Generative AI assistants packaged up as browser extensions harvest personal data with minimal safeguards, researchers warn.
Published: 2025-03-25T08:31:12
There's only one rule don't attack Russia, duh Check Point has spotted a fresh ransomware-as-a-service crew in town: VanHelsing, touting a cross-platform locker targeting Microsoft Windows, Linux, and VMware ESXi systems, among others. But so far, only Windows machines have fallen victim, we're told.
Published: 2025-03-25T07:32:07
Time to update your firmware, if you can, to one with the security fixes, cough cough DrayTek router owners in the UK and beyond had a pretty miserable weekend after some ISPs began to notice a bunch of their customers' gateways going offline.
Published: 2025-03-25T06:37:06
How many K8s systems are sat on the internet front porch like that ... Oh, thousands, apparently Cloudy infosec outfit Wiz has discovered serious vulnerabilities in the admission controller component of Ingress-Nginx Controller that could allow the total takeover of Kubernetes clusters and thinks more than 6,000 deployments of the software are at risk on the internet.
Published: 2025-03-25T03:12:10
Kari, are you OK, are you OK, Kari? Updated An organization that bankrolls various internet security projects has asked a Washington DC court to prevent the Trump administration from cancelling its federal funding and expressed fears that if the cash stops flowing, the tools it supports could become harder to access.
Published: 2025-03-25T00:46:04
Massive OPSEC fail from the side who brought you 'lock her up' Updated Senior Trump administration officials used the messaging app Signal to discuss detailed plans to attack Houthi rebels in Yemen and accidentally added a journalist to the group in which they chatted.
Published: 2025-03-24T23:02:47
Be vewy vewy quiet, I'm hunting rackets The FCC is investigating whether Chinese manufacturers black-listed on its so-called Covered List - including Huawei - are still somehow doing business in America, either by misreading the rules or willfully ignoring them.
Published: 2025-03-24T21:24:43
Ex-US Air Force officer says companies shouldn't wait for govt mandates Interview Former US Air Force cyber officer Sarah Cleveland worries about the threat of a major supply-chain attack from China or another adversarial nation. So she installed solar panels on her house: "Because what if the electric grid goes down?"
Published: 2025-03-24T20:32:11
Looking to sort through large volumes of security info? Redmond has your backend Microsoft's Security Copilot is getting some degree of agency, allowing the underlying AI model to interact more broadly with the company's security software to automate various tasks.
Published: 2025-03-24T16:00:09
CEO steps down after multiple failed attempts to take the DNA testing company private Beleaguered DNA testing biz 23andMe hit by a massive cyber attack in 2023 is filing for bankruptcy protection in the US following years of financial uncertainty.
Published: 2025-03-24T14:01:09
It's been a very busy week for Digicash Donald's administration Analysis Is the US retreating from its hardline stance on crypto? On Friday, the US Treasury Department lifted sanctions imposed on notorious crypto mixer Tornado Cash, once accused of washing billions in illicit crypto for criminals and nation-states alike.
Published: 2025-03-24T11:45:14
Throw a spanner in the works, best get good at fixing things. Now, where did you put that spanner? Opinion Never attribute to malice that which is adequately explained by stupidity. This works well in sane times, less so when "but it's both" is the default. Apply it to Microsoft's decision to make bug reports include not only a working example but a video of the same, and the meter oscillates wildly. What were they thinking? What did they expect?
Published: 2025-03-24T09:30:12
PLUS: Russian bug-buyers seeks Telegram flaws; Another WordPress security mess; NIST backlog grows; and more! Infosec In Brief Organized crime networks are now reliant on digital tech for most of their activities according to Europol, the European agency that fights international crime on the continent and beyond.
Published: 2025-03-24T05:29:13
PLUS: Zoho's Ulaa anointed India's most patriotic browser; Typhoon-like gang targets Taiwan; Japan debates offensive cyber-ops; and more Asia In Brief China's Cyberspace Administration and Ministry of Public Security has outlawed the use of facial recognition without consent.
Published: 2025-03-23T23:29:34
Despite evidence to the contrary as alleged pilfered info goes on sale Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information stolen.
Published: 2025-03-23T21:09:14
Plus AI in the infosec world, why CISA should know its place, and more Interview Russia appears to be having second thoughts on how aggressively, or at least how visibly, it attempts to influence American elections, according to a former head of the NSA.
Published: 2025-03-23T13:04:07
Made up revenue and pretended to use non-existent data The former CEO of Kubient, an advertising tech company that developed a cloudy product capable of detecting fraudulent ads, has been jailed for fraud.
Published: 2025-03-21T07:32:07
Plus: Customer info stolen from 'parental control' software slinger SpyX; F-35 kill switch denied Infosec newsbytes Israeli spyware maker Paragon Solutions pitches its tools as helping governments and law enforcement agencies to catch criminals and terrorists, but a fresh Citizen Lab report claims its software has been used to target journalists, activists, and other civilians.
Published: 2025-03-21T06:26:06
Feds want book thrown at Paige Thompson, who pinched 100M customer records Paige Thompson, the perpetrator of the Capital One data theft, may be sent back behind bars after an appeals court ruled her sentence of time served plus five years of probation was too lenient.
Published: 2025-03-21T01:06:58
So much for that vacation A US Department of Defense electrical engineer has turned his world upside down after printing 155 pages from 20 documents, all of which were marked top secret and classified, from his DoD workspace, brought them home with him and was collared on his way to Mexico.
Published: 2025-03-20T23:02:20
Palming off the blame using an unknown best practice didn't go down well either In patching the latest critical remote code execution (RCE) bug in Backup and Replication, software shop Veeam is attracting criticism from researchers for the way it handles uncontrolled deserialization vulnerabilities.
Published: 2025-03-20T18:33:14
How to avoid another SolarWinds, Log4j, and XZ Utils situation Organizations concerned about software supply chain attacks should focus on role-based access control, system monitoring, and boundary protection, according to a new preprint paper on the topic.
Published: 2025-03-20T13:31:13
Wow, a government project that could be on time for once ... cos it's gonna be wayyyy more than a decade The UK's National Cyber Security Centre (NCSC) today started the post-quantum cryptography (PQC) countdown clock by claiming organizations have ten years to migrate to a safer future.
Published: 2025-03-20T13:15:05
Xiaofeng Wang, a longtime computer science professor at Indiana University, has disappeared along with his wife, and their profiles on the school's website were wiped ahead of recent FBI raids.
Published: 2025-03-31T19:42:00
An unsecured database used by a generative AI app revealed prompts and tens of thousands of explicit images some of which are likely illegal. The company deleted its websites after WIRED reached out.
Published: 2025-03-31T10:00:00
Plus: Alleged Snowflake hacker will be extradited to US, internet restrictions create an information vacuum in Myanmar, and London gets its first permanent face recognition cameras.
Published: 2025-03-29T10:30:00
WIRED has found four new Venmo accounts that appear to be associated with Trump officials who were in an infamous Signal chat. One made a payment with a note consisting solely of an eggplant emoji.
Published: 2025-03-27T21:47:31
Scandal surrounding the Trump administration’s Signal group chat has led to a landmark week for the encrypted messaging app’s adoption its “largest US growth moment by a massive margin.”
Published: 2025-03-27T18:31:30
A WIRED review shows national security adviser Mike Waltz, White House chief of staff Susie Wiles, and other top officials left sensitive information exposed via Venmo until WIRED asked about it.
Published: 2025-03-26T20:44:21
The Trump cabinet’s shocking leak of its plans to bomb Yemen raises myriad confidentiality and legal issues. The security of the encrypted messaging app Signal is not one of them.
Published: 2025-03-26T18:54:49
DNA-testing company 23andMe has filed for bankruptcy, which means the future of the company’s vast trove of customer data is unknown. Here’s what that means for your genetic data.
Published: 2025-03-24T20:51:59
Crossing into the United States has become increasingly dangerous for digital privacy. Here are a few steps you can take to minimize the risk of Customs and Border Protection accessing your data.
Published: 2025-03-24T18:10:05
The ad hoc addition to the otherwise tightly controlled White House information environment could create blind spots and security exposures while setting potentially dangerous precedent.
Published: 2025-03-24T17:24:31
Companies in the EU are starting to look for ways to ditch Amazon, Google, and Microsoft cloud services amid fears of rising security risks from the US. But cutting ties won’t be easy.
Published: 2025-03-24T06:00:00
Amid growing concerns over Big Tech firms aligning with Trump administration policies, people are starting to move their digital lives to services based overseas. Here's what you need to know.
Published: 2025-03-21T10:30:00
Chinese ecommerce giants like Temu and AliExpress sell drone accessories like those used by soldiers in the Russia-Ukraine conflict.
Published: 2025-03-20T09:00:00
Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm Wiz said the activity is a variant of an intrusion set that was first flagged by Aqua Security in August 2024 that involved the use of a malware strain dubbed PG_MEM. The campaign has been attributed to a threat actor Wiz tracks as
Published: 2025-04-01T22:38:00
On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to send end-to-end encrypted (E2EE) to any user in any email inbox in a few clicks. The feature is rolling out starting today in beta, allowing users to send E2EE emails to Gmail users within an organization, with plans to send E2EE emails to any Gmail inbox in the coming weeks and to any email inbox
Published: 2025-04-01T21:04:00
A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android. Lucid's unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms. "Its scalable,
Published: 2025-04-01T19:48:00
Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems. The vulnerabilities in question are listed below - CVE-2025-24085 (CVSS score: 7.3) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate
Published: 2025-04-01T16:58:00
Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly 24,000 unique IP addresses attempting to access these portals. "This pattern suggests a coordinated effort to probe network defenses and identify exposed or vulnerable systems, potentially as a precursor to targeted exploitation," threat
Published: 2025-04-01T16:47:00
Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors such as government, technology, logistics, manufacturing, telecommunications, IT services, and retail in the Asia-Pacific (APAC) and Latin American (LATAM) regions. "The first sighting of its activity was in the second quarter of 2023; back then, it was
Published: 2025-04-01T16:33:00
Are your security tokens truly secure? Explore how Reflectiz helped a giant retailer to expose a Facebook pixel that was covertly tracking sensitive CSRF tokens due to human error misconfigurations. Learn about the detection process, response strategies, and steps taken to mitigate this critical issue. Download the full case study here. By implementing Reflectiz's recommendations, the
Published: 2025-04-01T16:33:00
Apple has been hit with a fine of 150 million ($162 million) by France's competition watchdog over the implementation of its App Tracking Transparency (ATT) privacy framework. The Autorit de la concurrence said it's imposing a financial penalty against Apple for abusing its dominant position as a distributor of mobile applications for iOS and iPadOS devices between April 26, 2021 and July 25,
Published: 2025-04-01T11:17:00
The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. "The threat actor deploys payloads primarily by means of
Published: 2025-03-31T22:11:00
Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites. mu-plugins, short for must-use plugins, refers to plugins in a special directory ("wp-content/mu-plugins") that are automatically executed by WordPress without the need to enable them explicitly via the
Published: 2025-03-31T17:34:00
Every week, someone somewhere slips up and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversights and the unexpected
Published: 2025-03-31T16:55:00
If you're using AWS, it's easy to assume your cloud security is handled - but that's a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains the customer’s responsibility. Think of AWS security like protecting a building: AWS provides strong walls and a solid roof, but it's up to the customer to handle the locks, install the alarm systems,
Published: 2025-03-31T16:30:00
Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. "The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme Venere said in a report published last week. "The PowerShell downloader contacts geo-fenced servers located in Russia and Germany to
Published: 2025-03-31T15:00:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure (ICS) appliances. "RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that
Published: 2025-03-30T10:37:00
Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging,"
Published: 2025-03-29T12:58:00
In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract
Published: 2025-03-29T09:22:00
Cybersecurity researchers have disclosed 46 new security flaws in products from three solar power system vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids. The vulnerabilities have been collectively codenamed SUN:DOWN by Forescout Vedere Labs. "The new vulnerabilities can
Published: 2025-03-28T18:51:00
Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary payloads. The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader. "The purpose of the malware is to download and execute second-stage payloads while evading
Published: 2025-03-28T17:27:00
Long gone are the days when a simple backup in a data center was enough to keep a business secure. While backups store information, they do not guarantee business continuity during a crisis. With IT disasters far too common and downtime burning through budgets, modern IT environments require solutions that go beyond storage and enable instant recovery to minimize downtime and data loss. This is
Published: 2025-03-28T15:45:00
An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps. "PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected Android devices," Sophos security researcher Pankaj Kohli said in a Thursday analysis. PJobRAT, first
Published: 2025-03-28T13:36:00
Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. "Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers," Sonatype researcher Ax Sharma said. "However, [...] the latest
Published: 2025-03-28T11:36:00
Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape. "Following the recent Chrome sandbox escape (
Published: 2025-03-28T11:14:00
Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat. "The threat actor behind
Published: 2025-03-27T22:28:00
A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in
Published: 2025-03-27T19:40:00
An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as
Published: 2025-03-27T18:01:00
Whether it’s CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more. A new report, Understanding SaaS Security Risks: Why
Published: 2025-03-27T16:55:00
Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim’s system. Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need to know to avoid them. 1.
Published: 2025-03-27T15:30:00
An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date. "The threat actor has slightly revamped their interface but is still relying on an iframe injection to display a full-screen overlay in the visitor's browser," c/side security analyst Himanshu
Published: 2025-03-27T13:43:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2019-9874 (CVSS score: 9.8) - A deserialization vulnerability in the Sitecore.Security.AntiCSRF
Published: 2025-03-27T11:53:00
A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation. SnapCenter is an enterprise-focused software that's used to manage data protection across applications, databases, virtual machines, and file systems, offering the ability to backup, restore, and clone data resources. The vulnerability, tracked as
Published: 2025-03-27T11:36:00
The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely shared by Chinese state-sponsored actors. "FamousSparrow
Published: 2025-03-26T22:29:00
The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. "In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload,
Published: 2025-03-26T19:23:00
The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor's tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt. RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating
Published: 2025-03-26T19:13:00
Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the open-source ecosystem. The packages in question are ethers-provider2 and ethers-providerz, with the former downloaded 73 times to date since it was published on
Published: 2025-03-26T17:30:00
“A boxer derives the greatest advantage from his sparring partner ” Epictetus, 50 135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, and BANG lands a right hand on Blue down the center. This wasn’t Blue’s first day and despite his solid defense in front of the mirror, he feels the pressure.
Published: 2025-03-26T16:55:00
Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia. The vulnerability, tracked as CVE-2025-2783 (CVSS score: 8.3), has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo
Published: 2025-03-26T16:40:00
When people think of cybersecurity threats, they often picture external hackers breaking into networks. However, some of the most damaging breaches stem from within organizations. Whether through negligence or malicious intent, insiders can expose your organization to significant cybersecurity risks. According to Verizon's 2024 Data Breach Investigations Report, 57% of companies experience over
Published: 2025-03-26T15:45:00
Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security. Atlantis AIO "has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession," the cybersecurity company said in an analysis. Credential stuffing is a
Published: 2025-03-26T14:23:00
Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS). "VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control," Broadcom said in an
Published: 2025-03-26T09:50:00
A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin. "Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia," Silent Push said in a report shared with The
Published: 2025-03-25T19:09:00
A major telecommunications company located in Asia was allegedly breached by Chinese state-sponsored hackers who spent over four years inside its systems, according to a new report from incident response firm Sygnia. The cybersecurity company is tracking the activity under the name Weaver Ant, describing the threat actor as stealthy and highly persistent. The name of the telecom provider was not
Published: 2025-03-25T17:24:00
Organizations now use an average of 112 SaaS applications a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on average per deployment. And that’s just one major SaaS provider.
Published: 2025-03-25T16:30:00
Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft's .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users. "These threats disguise themselves as legitimate apps, targeting users to steal sensitive information," McAfee Labs researcher Dexter Shin said. .NET
Published: 2025-03-25T14:40:00
Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025. The coordinated effort "aims to disrupt and dismantle cross-border criminal networks which cause significant harm to individuals and businesses," INTERPOL said, adding it
Published: 2025-03-25T12:03:00
A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of
Published: 2025-03-25T00:25:00
Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to
Published: 2025-03-24T21:49:00
A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025, demanding ransoms as high as $500,000. "The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%," Check Point said
Published: 2025-03-24T19:36:00
A quiet tweak in a popular open-source tool opened the door to a supply chain breach what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control while hiding in plain sight. And over 300 Android apps joined the chaos, running ad fraud at scale behind
Published: 2025-03-24T17:05:00
Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that's designed to invoke a
Published: 2025-03-24T16:40:00
If given the choice, most users are likely to favor a seamless experience over complex security measures, as they don’t prioritize strong password security. However, balancing security and usability doesn’t have to be a zero-sum game. By implementing the right best practices and tools, you can strike a balance between robust password security and a frictionless user experience (UX). This article
Published: 2025-03-24T16:30:00
Microsoft’s offensive security team discovered a critical code execution vulnerability impacting Canon printer drivers. Researchers at Microsoft’s Offensive Research and Security Engineering (MORSE) team have discovered a critical code execution vulnerability, tracked as CVE-2025-1268 (CVSS score of 9.4), impacting Canon printer drivers. The vulnerability is an out-of-bounds issue that resides in certain printer drivers for […]
Published: 2025-04-01T18:32:12
Attackers exploit CrushFTP CVE-2025-2825 flaw, enabling unauthenticated access to unpatched devices using public proof-of-concept code. Threat actors are exploiting a critical authentication bypass vulnerability, tracked as CVE-2025-2825, in the CrushFTP file transfer software. Attackers are using exploits based on publicly available proof-of-concept exploit code. The vulnerability impacts CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0, it […]
Published: 2025-04-01T14:09:54
France fines Apple 150M for abusing its dominance in ATT consent practices on iOS and iPadOS from 2021 to 2023. France’s Autorit de la concurrence fined Apple 150M for abusing its dominance in App Tracking Transparency (ATT) consent practices on iOS and iPadOS between April 26, 2021 and July 25, 2023. Apple launched ATT with […]
Published: 2025-04-01T11:30:59
Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks. In February, Sucuri warned of threat actors exploiting WordPress mu-plugins, which auto-load without activation, to maintain persistence and evade detection by hiding backdoors in the plugin directory. “Unlike regular plugins, must-use plugins are automatically loaded on every page load, […]
Published: 2025-04-01T07:45:44
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco Smart Licensing Utility vulnerability, tracked as CVE-2024-20439, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, Cisco disclosed two vulnerabilities in its Smart Licensing Utility: CVE-2024-20439, […]
Published: 2025-03-31T19:56:01
Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, ACTINIUM, Callisto) targets Ukraine with a phishing campaign. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related […]
Published: 2025-03-31T13:52:32
CoffeeLoader is a sophisticated malware that uses numerous techniques to bypass security solutions, Zscaler ThreatLabz warns. Zscaler ThreatLabz discovered CoffeeLoader, a malware family active since September 2024, that uses multiple techniques to evade endpoint security while downloading second-stage payloads. The advanced techniques used by the malware include GPU-based packing, call stack spoofing, sleep obfuscation, and […]
Published: 2025-03-31T13:35:30
Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Infoblox researchers discovered a new phishing-as-a-service (PhaaS) platform that generated multiple phishing kits, called Morphing Meerkat, using DNS mail exchange (MX) records to deliver fake login pages and targeting over 100 brands. Threat actors are exploiting DNS techniques […]
Published: 2025-03-31T08:30:57
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a Malware Analysis Report (MAR) on a new malware called RESURGE. The malicious code has been used in attacks targeting the flaw CVE-2025-0282 in Ivanti Connect […]
Published: 2025-03-30T23:11:20
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Microsoft Trusted Signing service abused to code-sign malware Shedding light on the ABYSSWORKER driver VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI Raspberry Robin: Copy […]
Published: 2025-03-30T14:12:33