Category: hacking

Auto Added by WPeMatico

DragonForce, LockBit, and Qilin formed a ransomware alliance to boost attack effectiveness, marking a major shift in the cyber threat landscape. Ransomware groups DragonForce, LockBit, and Qilin formed a strategic alliance to enhance their attack capabilities, signaling an evolving cyber threat landscape. The alliance aims at sharing tools and infrastructure to enhance attack effectiveness. The…

DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape

October 8, 2025

DraftKings thwarts credential stuffing attack, but urges password reset and MFA

October 8, 2025

DraftKings warns of credential stuffing using stolen logins; No evidence of data loss, but users must reset passwords and enable MFA. A credential stuffing campaign is targeting the American sports gambling company DraftKings. Credential stuffing is a type of cyberattack where hackers use stolen usernames and passwords, usually obtained from previous data breaches, to try…

DraftKings thwarts credential stuffing attack, but urges password reset and MFA

October 8, 2025

DraftKings thwarts credential stuffing attack, but urges password reset and MFA

October 8, 2025

Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution

October 8, 2025

Redis warns of CVE-2025-49844, a Lua script flaw enabling RCE via use-after-free. Attackers need authenticated access to exploit it. Redis disclosed a critical RCE bug, tracked as CVE-2025-49844 (also known as “RediShell”, with a CVSS score of 10.0), where a malicious Lua script can exploit the garbage collector to trigger a use-after-free vulnerability and enable…

Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution

October 8, 2025

Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution

October 8, 2025

U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog

October 7, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Synacor Zimbra Collaboration Suite (ZCS) flaw, tracked as CVE-2025-27915, to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2025-27915 is a stored XSS flaw in Zimbra Collaboration Suite (versions 9.0–10.1)…

U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog

October 7, 2025

GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns

October 7, 2025

Storm-1175 exploits GoAnywhere MFT flaw CVE-2025-10035 in Medusa attacks, allowing easy remote code execution via License Servlet bug. A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability (CVE-2025-10035) in Medusa ransomware attacks for nearly a month. The vulnerability CVE-2025-10035 is a deserialization issue in the License Servlet of…

GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns

October 7, 2025

CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025

October 7, 2025

CrowdStrike links Oracle EBS flaw CVE-2025-61882 (CVSS 9.8) to Cl0p, enabling unauthenticated RCE, first exploited on August 9, 2025. CrowdStrike researchers attributed with moderate confidence the exploitation of Oracle E-Business Suite flaw CVE-2025-61882 (CVSS 9.8) to the Cl0p group, also known as Graceful Spider. The critical bug allows unauthenticated remote code execution, with the first…

From mischief to malware: ICO warns schools about student hackers

September 17, 2025

Recent research released by the ICO say that school pupils should be considered as an “insider threat” by schools. Read more in my article on the Fortra blog.

HybridPetya ransomware bypasses UEFI Secure Boot echoing Petya/NotPetya

September 13, 2025

HybridPetya ransomware bypasses UEFI Secure Boot to infect EFI partitions, echoing the infamous Petya/NotPetya attacks of 2016–2017. ESET researchers discovered a new ransomware called HybridPetya on the platform VirusTotal. The malware echoes the infamous Petya/NotPetya malware, supporting additional capabilities, such as compromising UEFI-based systems and exploiting CVE‑2024‑7344 to bypass UEFI Secure Boot on outdated systems. “Interestingly, the…

Cisco fixes high-severity IOS XR flaws enabling image bypass and DoS

September 12, 2025

Cisco addressed multiple high-severity IOS XR vulnerabilities that can allow ISO image verification bypass and trigger DoS conditions. Cisco addressed multiple vulnerabilities in IOS XR software as part of its semiannual Software Security Advisory Bundled Publication published on September 10, 2025. Below are the vulnerabilities addressed by the network giant: The following table identifies Cisco…

Samsung fixed actively exploited zero-day

September 12, 2025

Samsung fixed the remote code execution flaw CVE-2025-21043 that was exploited in zero-day attacks against Android devices. Samsung addressed the remote code execution vulnerability, tracked as CVE-2025-21043, that was exploited in zero-day attacks against Android users. The vulnerability is an out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1. A remote attacker can exploit…

UK train operator LNER (London North Eastern Railway) discloses a data breach

September 12, 2025

LNER warns of a data breach via a third-party supplier, exposing customer contact details and other personal information. UK train operator LNER (London North Eastern Railway) reported a data breach through a third-party supplier, compromising customer contact details and other personal information. LNER (London North Eastern Railway) is a British train operator running passenger services…

Apple issues spyware warnings as CERT-FR confirms attacks

September 12, 2025

Apple warned users of a spyware campaign; France’s cyber agency confirmed targeted iCloud-linked devices may be compromised. Apple warned customers last week about new spyware attacks, the French national Computer Emergency Response Team (CERT-FR) said. The agency confirmed at least four such alerts since early 2025. Apple sent spyware alerts on March 5, April 29,…

U.S. CISA adds Dassault Systèmes DELMIA Apriso flaw to its Known Exploited Vulnerabilities catalog

September 12, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dassault Systèmes DELMIA Apriso flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Dassault Systèmes DELMIA Apriso flaw, tracked as CVE-2025-5086 (CVSS score of 9.0), to its Known Exploited Vulnerabilities (KEV) catalog. Dassault Systèmes DELMIA Apriso is a Manufacturing Operations Management (MOM) software platform…

Akira Ransomware exploits year-old SonicWall flaw with multiple vectors

September 11, 2025

Researchers warn that Akira ransomware group is exploiting a year-old SonicWall firewall flaw, likely using three attack vectors for initial access. The Akira ransomware group is exploiting a year-old SonicWall firewall vulnerability, tracked as CVE-2024-40766 (CVSS score of 9.3), likely using three attack vectors for initial access, according to Rapid7. “Evidence collected during Rapid7’s investigations…

Google fixes critical Chrome flaw, researcher earns $43K

September 11, 2025

Google addressed a critical use-after-free vulnerability in its Chrome browser that could potentially lead to code execution. A researcher earned $43000 from Google for reporting a critical Chrome vulnerability, tracked as CVE-2025-10200, in the Serviceworker component. A use-after-free (UAF) occurs when a program accesses memory after it has been freed. This can cause crashes, data…

Critical flaw SessionReaper in Commerce and Magento platforms lets attackers hijack customer accounts

September 10, 2025

Adobe fixed a critical flaw in its Commerce and Magento Open Source platforms that allows an attacker to take over customer accounts. Adobe addressed a critical vulnerability, tracked as CVE-2025-54236 (aka SessionReaper, CVSS score of 9.1) in its Commerce and Magento Open Source platforms. The vulnerability is an improper input validation flaw. “The bug, dubbed…

SAP September 2025 Patch Day fixed 4 critical flaws

September 9, 2025

SAP issues 21 new and 4 updated security notes, fixing critical NetWeaver flaws enabling RCE and privilege escalation. SAP this week issued 21 new and four updated security notes as part of the company’s September Patch Day, including four notes that address critical vulnerabilities in NetWeaver. Onapsis Research Labs supported SAP in patching two critical…

Supply chain attack targets npm, +2 Billion weekly npm downloads exposed

September 9, 2025

Multiple popular npm packages were compromised in a supply chain attack after a maintainer fell for a phishing email targeting 2FA credentials. A supply chain attack compromised multiple popular npm packages with 2B weekly downloads after a maintainer fell for a phishing email mimicking npm, targeting 2FA credentials. Threat actors targeted Josh Junon’s (Qix) to…

LunaLock Ransomware threatens victims by feeding stolen data to AI models

September 9, 2025

LunaLock, a new ransomware gang, introduced a unique cyber extortion technique, threatening to turn stolen art into AI training data. A new ransomware group, named LunaLock, appeared in the threat landscape with a unique cyber extortion technique, threatening to turn stolen art into AI training data. Recently, the LunaLock group targeted the website Artists&Clients and…

Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack

September 8, 2025

Hackers breached Salesloft’s GitHub in March, stole tokens, and used them in a mass attack on several major tech customers. Salesloft revealed that the threat actor UNC6395 breached its GitHub account in March, stealing authentication tokens that were later used in a large-scale attack against several major tech customers. Salesforce data theft attacks impacted major…

Canadian investment platform Wealthsimple disclosed a data breach

September 8, 2025

Wealthsimple reported a data breach affecting some customers due to a supply chain attack via a third-party software package. Canadian investment platform Wealthsimple disclosed a data breach that impacted some customers. The company discovered the security breach on August 30, which stemmed from a supply chain attack via a trusted third-party software package. “On August 30th,…

Venezuela’s President Maduro said his Huawei Mate X6 cannot be hacked by US cyber spies

September 8, 2025

Venezuela’s President Maduro shows Huawei Mate X6 gift from China’s President Xi Jinping, hailing it as “unhackable” by U.S. spies. Last week, Venezuelan President Nicolás Maduro showcased a Huawei Mate X6 smartphone, reportedly gifted by China’s President Xi Jinping, claiming that US cyber spies cannot hack it. Venezuelan President Maduro said that his device is…

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 61

September 7, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Operation HanKook Phantom: North Korean APT37 targeting South Korea Three Lazarus RATs coming for your cheese Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide Android Droppers: The Silent…

Security Affairs newsletter Round 540 by Pierluigi Paganini – INTERNATIONAL EDITION

September 7, 2025

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Qantas cuts executive bonuses by 15% after a July data breach MeetC2 – A serverless C2…

Qantas cuts executive bonuses by 15% after a July data breach

September 6, 2025

Qantas cuts executive bonuses by 15% after a July cyberattack exposed data of 5.7M people, despite reporting $1.5B profit last fiscal year. Qantas cuts executive bonuses by 15% after a July cyberattack that exposed data of 5.7M people, despite posting $1.5B profit in the last fiscal year. This case study demonstrates that a security breach…

MeetC2 – A serverless C2 framework that leverages Google Calendar APIs as a communication channel

September 6, 2025

MeetC2 is a PoC C2 tool using Google Calendar to mimic cloud abuse, helping teams test detection, logging, and response. Background: Modern adversaries increasingly hide command-and-control (C2) traffic inside cloud services. We built this proof of concept (PoC) to study and demonstrate those techniques in a controlled way, emulating those tactics so red and blue teams…

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

September 5, 2025

Experts warn of an actively exploited vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), in SAP S/4HANA software. A critical command injection vulnerability, tracked as CVE-2025-42957 (CVSS score of 9.9), in SAP S/4HANA is under active exploitation. An attacker can exploit this flaw to fully compromise SAP systems, altering databases, creating superuser accounts, and stealing password hashes. “SAP…

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

September 5, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Sitecore, Android, and Linux to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2025-38352 Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability CVE-2025-48543 Android Runtime…

Deeper Network Promo Deeper Network Promo

Breaking News, Global Security News, Google, hacking, Laws and regulations

France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules

September 5, 2025

France’s data watchdog fined Google $379M (€325 million) and Shein $175M (€150 million) for breaching cookie rules. The French data watchdog, the National Commission on Informatics and Liberty (CNIL), fined Google $379 million (€325 million) and Shein $175 million (€150 million) for violating cookie rules. “The two fines imposed on GOOGLE and SHEIN by the restricted committee – the CNIL…

$10M reward for Russia’s FSB officers accused of hacking US Critical infrastructure

September 4, 2025

US offers $10M for Russian FSB officers Tyukov, Gavrilov & Akulov, accused of attacking US critical infrastructure and over 500 energy firms worldwide. The US Department of State is offering up to $10M for info on FSB officers Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov, accused of hacking US infrastructure and over…

Severe Hikvision HikCentral product flaws: What You Need to Know

September 4, 2025

Hikvision HikCentral flaw allows unauthenticated users to gain admin rights, risking full control over configs, logs, and critical monitoring. Security researchers warn of three vulnerabilities impacting Hikvision HikCentral, which is a centralized management software used across many industries for video surveillance, access control, and integrated security operations. The three vulnerabilities are: CVE-2025-39245 – Base score:…

U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog

September 4, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2023-50224 (CVSS score of 6.5) TP-Link TL-WR841N Authentication Bypass by…

Crooks turn HexStrike AI into a weapon for fresh vulnerabilities

September 3, 2025

Threat actors abuse HexStrike AI, a new offensive security tool meant for red teaming and bug bounties, to exploit fresh vulnerabilities. Check Point researchers warn that threat actors are abusing AI-based offensive security tool HexStrike AI to quickly exploit recently disclosed security flaws. HexStrike AI combines professional security tools with autonomous AI agents to deliver comprehensive security testing capabilities.…

Google addressed two Android flaws actively exploited in targeted attacks

September 3, 2025

Google addressed 120 Android vulnerabilities in September 2025, including two flaws actively exploited in targeted attacks. Google has released security updates to address 120 Android vulnerabilities as part of Android Security Bulletin – September 2025. Two of these vulnerabilities have been exploited in targeted attacks. “There are indications that the following may be under limited, targeted…

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

September 3, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2020-24363 TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability CVE-2025-55177 Meta Platforms WhatsApp…

Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft

September 3, 2025

Jaguar Land Rover shut down systems after a cyberattack, disrupting production and retail, but says customer data likely remains safe. Jaguar Land Rover shut down systems to mitigate a cyberattack that disrupted production and retail operations. The attack occurred over the weekend, and it also impacted systems at the Solihull production plant. UK dealers reported…

Cloudflare blocked a record 11.5 Tbps DDoS attack

September 2, 2025

Cloudflare blocked a record 11.5 Tbps DDoS attack, a UDP flood from Google Cloud, part of weeks-long assault waves. Cloudflare announced on X that it had blocked the largest ever DDoS attack, peaking at 11.5 Tbps. The UDP flood, mainly from Google Cloud, was part of a wave of attacks that lasted several weeks. Cloudflare…

Palo Alto Networks disclose a data breach linked to Salesloft Drift incident

September 2, 2025

Palo Alto Networks hit by Drift-linked supply-chain attack, exposing Salesforce customer data and support cases via stolen OAuth tokens. Palo Alto Networks is another victim of the Salesloft Drift incident, which allowed attackers to access its Salesforce account, as per BleepingComputer. The company discloses a breach after attackers used stolen OAuth tokens from Salesloft Drift,…

Von der Leyen’s plane hit by suspected Russian GPS Jamming in Bulgaria, landed Safely

September 2, 2025

Von der Leyen’s plane faced suspected Russian GPS jamming in Bulgaria, but the EU chief landed safely, says European Commission. The EU confirmed that Ursula von der Leyen’s plane experienced GPS jamming while flying to Bulgaria. The European authorities suspect Russian interference, though the aircraft landed safely. Bulgarian officials provided the information, and the EU…

North Korea’s APT37 deploys RokRAT in new phishing campaign against academics

September 1, 2025

ScarCruft (APT37) launches Operation HanKook Phantom, a phishing campaign using RokRAT to target academics, ex-officials, and researchers. Cybersecurity firm Seqrite Labs uncovered a phishing campaign, tracked as dubbed Operation HanKook Phantom, by the North Korea-linked group APT37 (aka Ricochet Chollima, ScarCruft, Reaper, and Group123). Threat actors are using a fake “National Intelligence Research Society Newsletter…

Security Affairs newsletter Round 539 by Pierluigi Paganini – INTERNATIONAL EDITION

August 31, 2025

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Lab Dookhtegan hacking group disrupts communications on dozens of Iranian ships New zero-click exploit allegedly used…

Amazon blocks APT29 campaign targeting Microsoft device code authentication

August 31, 2025

Amazon stopped a Russia-linked APT29 watering hole attack that hijacked Microsoft device code authentication via compromised sites. Amazon announced that it had disrupted an opportunistic watering hole campaign orchestrated by the Russia-linked cyber espionage group APT29 (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes). Amazon experts labeled the attacks as an opportunistic watering hole campaign using compromised…

Lab Dookhtegan hacking group disrupts communications on dozens of Iranian ships

August 30, 2025

Lab Dookhtegan hacking group allegedly disrupted communications of 60 Iranian ships run by sanctioned firms NITC and IRISL. The hacking group Lab Dookhtegan allegedly disrupted the communications of 60 Iranian ships. The attack hit at least 39 tankers and 25 cargo ships operated by Iranian maritime companies National Iranian Oil Tanker Company and Iran Shipping Lines, which…

New zero-click exploit allegedly used to hack WhatsApp users

August 29, 2025

WhatsApp warns users targeted by advanced spyware, sending threat notifications to affected individuals from the past 90 days. A new zero-click exploit used to hack WhatsApp users, reported Donncha Ó Cearbhaill, Head of Security Lab at @AmnestyTech. WhatsApp has just sent out a round of threat notifications to individuals they believe were targeted by an…

The Secret to Hacking SaaS? Forget Passwords — Go for Tokens

August 29, 2025

Google has warned that the recent Salesloft OAuth breach, attributed to threat group UNC6395, is not limited to Salesforce as initially reported. Instead, the attack affects all third-party SaaS integrations connected to Salesloft via OAuth, massively expanding the potential impact radius. Between August 8–18, 2025, attackers stole and abused OAuth tokens from Salesloft and Drift,…

US and Dutch Police dismantle VerifTools fake ID marketplace

August 29, 2025

US and Dutch authorities shut down VerifTools, a major fake ID marketplace selling documents to bypass KYC checks and access accounts. Law enforcement in the US and the Netherlands dismantled VerifTools, a major fake ID marketplace selling ID documents to bypass KYC checks and gain unauthorized access to online accounts. Authorities seized two marketplace domains…

Experts warn of actively exploited FreePBX zero-day

August 29, 2025

Sangoma warns of an actively exploited FreePBX zero-day affecting systems with publicly exposed admin control panels. The Sangoma FreePBX Security Team addressed an actively exploited FreePBX zero-day vulnerability, tracked as CVE-2025-57819 (CVSS score of 10.0), impacting systems with an internet-facing administrator control panel (ACP). FreePBX is an open-source telephony software platform that provides a web-based graphical…

200 Swedish municipalities impacted by a major cyberattack on IT provider

August 28, 2025

Cyberattack on Miljödata disrupted services in over 200 Swedish municipalities, with concerns over stolen sensitive data. A cyberattack on Miljödata, an IT supplier serving 80% of Swedish municipalities, including Skellefteå, Mönsterås and Kalmar, disrupted services in over 200 municipalities and raised concerns of stolen sensitive data. The Swedish Privacy Agency confirmed that it has already received around 70…

200 Swedish municipalities impacted by a major cyberattack on IT provider

August 28, 2025

200 Swedish municipalities impacted by a major cyberattack on IT provider

August 28, 2025

200 Swedish municipalities impacted by a major cyberattack on IT provider

August 28, 2025

200 Swedish municipalities impacted by a major cyberattack on IT provider

August 28, 2025

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

August 28, 2025

NSA and allies warn that Chinese APT actors, including Salt Typhoon, are targeting critical infrastructure worldwide. The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and allies warn Chinese APT actors, linked to Salt Typhoon, are targeting global telecom, government, transport, lodging, and military sectors. “The National Security Agency (NSA) and…

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

August 28, 2025

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

August 28, 2025

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

August 28, 2025

UNC6395 targets Salesloft in Drift OAuth token theft campaign

August 28, 2025

Hackers breached Salesloft to steal OAuth/refresh tokens for Drift AI chat; GTIG and Mandiant link the campaign to threat actor UNC6395. Google Threat Intelligence Group and Mandiant researchers investigate a large-scale data theft campaign carried out to hack the sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat…

UNC6395 targets Salesloft in Drift OAuth token theft campaign

August 28, 2025

UNC6395 targets Salesloft in Drift OAuth token theft campaign

August 28, 2025

UNC6395 targets Salesloft in Drift OAuth token theft campaign

August 28, 2025

How To Become A Certified Ethical Hacker

August 27, 2025

Learn how to become a certified ethical hacker and secure a rewarding career in cybersecurity in this post. Cybersecurity has become a critical concern for organizations worldwide in today’s digital age. With the rise in cyber threats and data breaches, the demand for skilled professionals to protect systems and networks has never been greater. Pursuing…

How To Become A Certified Ethical Hacker

August 27, 2025

How To Become A Certified Ethical Hacker

August 27, 2025

Deeper Network Promo Deeper Network Promo

Breaking News, citrix, Exploits, Global Security News, hacking, Security

Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775

August 27, 2025

Over 28,200 Citrix NetScaler ADC/Gateway instances remain exposed to critical RCE flaw CVE-2025-7775, already under active exploitation. Experts at the Shadowserver Foundation warn that more than 28,200 Citrix instances are vulnerable to the vulnerability CVE-2025-7775, which is under active exploitation. CVE-2025-7775 (CVSS score: 9.2) is a memory overflow vulnerability leading to Remote Code Execution and/or Denial-of-Service.…

Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775

August 27, 2025

Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775

August 27, 2025

Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775

August 27, 2025

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

August 27, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler flaw, tracked as CVE-2025-7775, to its Known Exploited Vulnerabilities (KEV) catalog. This week, Citrix addressed three security flaws (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424) in NetScaler ADC and NetScaler Gateway, including one (CVE-2025-7775) that it…

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

August 27, 2025

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

August 27, 2025

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

August 27, 2025

ESET warns of PromptLock, the first AI-driven ransomware

August 27, 2025

ESET found PromptLock, the first AI-driven ransomware, using OpenAI’s gpt-oss:20b via Ollama to generate and run malicious Lua scripts. In a series of messages published on X, ESET Research announced the discovery of the first known AI-powered ransomware, named PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to…

ESET warns of PromptLock, the first AI-driven ransomware

August 27, 2025

ESET warns of PromptLock, the first AI-driven ransomware

August 27, 2025

ESET warns of PromptLock, the first AI-driven ransomware

August 27, 2025

New Linux backdoor Plague bypasses auth via malicious PAM module

August 2, 2025

A stealthy Linux backdoor named Plague, hidden as a malicious PAM module, allows attackers to bypass auth and maintain persistent SSH access. Nextron Systems researchers discovered a new stealthy Linux backdoor called Plague, hidden as a malicious PAM (Pluggable Authentication Module) module. It silently bypasses authentication and grants persistent SSH access. A Pluggable Authentication Module…

Meta Offers $1M bounty at Pwn2Own Ireland 2025 for WhatsApp exploits

August 1, 2025

Meta backs Pwn2Own Ireland 2025 in Cork, offering up to $1M for WhatsApp exploits; targets include phones and wearables, Oct 21–24 via Zero Day Initiative. Meta is sponsoring ZDI’s Pwn2Own Ireland 2025 hacking competition, where participants can earn big prizes for smartphone, WhatsApp and wearable device exploits. Participants can earn up to $1 million for…

ToolShell under siege: Check Point analyzes Chinese APT Storm-2603

August 1, 2025

Storm-2603 group exploits SharePoint flaws and uses a custom C2 framework, AK47 C2, with HTTP- and DNS-based variants named AK47HTTP and AK47DNS. Check Point Research is tracking a ToolShell campaign exploiting four Microsoft SharePoint flaws, linking it to China-nexus groups APT27, APT31, and a new cluster, Storm-2603. The researchers pointed out that Storm-2603’s goals remain…

CISA released Thorium platform to support malware and forensic analysis

August 1, 2025

CISA releases Thorium, an open-source tool for malware and forensic analysis, now available to analysts in government, public, and private sectors. CISA has released Thorium, a new open-source platform designed to support malware and forensic analysis. The platform was designed in collaboration with Sandia National Laboratories, the US Agency presented it as a scalable, open-source platform…

Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

July 31, 2025

Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) targeting foreign embassies in Moscow. The threat actor uses an adversary-in-the-middle (AiTM) method at the ISP level to deploy custom malware called ApolloShadow. This…

Attackers actively exploit critical zero-day in Alone WordPress Theme

July 31, 2025

Hackers exploit a critical vulnerability, tracked as CVE-2025-5394 (CVSS score of 9.8), in the Alone WordPress theme to hijack sites. Threat actors are actively exploiting a critical flaw, tracked as CVE-2025-5394 (CVSS score of 9.8), in the “Alone – Charity Multipurpose Non-profit WordPress Theme” to compromise websites. On May 30th, 2025, security researcher Thái An…

Dahua Camera flaws allow remote hacking. Update firmware now

July 31, 2025

Critical flaws in Dahua cameras let hackers take control remotely. The vendor has released patches, users should update firmware asap. Bitdefender cybersecurity experts discovered serious vulnerabilities in Dahua smart cameras that could have allowed hackers to take full control of the devices remotely. Fortunately, the vulnerabilities have been patched, but users are urged to update…

Apple fixed a zero-day exploited in attacks against Google Chrome users

July 30, 2025

Apple addressed a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. Apple released security updates to address a high-severity vulnerability, tracked as CVE-2025-6558 (CVSS score of 8.8), that has been exploited in zero-day attacks targeting Google Chrome users. The vulnerability is an insufficient validation of untrusted input in ANGLE and…

PyPI maintainers alert users to email verification phishing attack

July 30, 2025

PyPI warns of phishing emails from noreply@pypj[.]org posing as “[PyPI] Email verification” to redirect users to fake package sites. PyPI warns of an active phishing attack using fake “[PyPI] Email verification” messages from noreply@pypj[.]org, aiming to lure users to spoofed PyPI sites. PyPI, short for the Python Package Index, is the official repository for Python…

Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

July 30, 2025

Hackers exploited a SAP NetWeaver bug to deploy upgraded Auto-Color Linux malware in an attack on U.S. chemicals firm. Cybersecurity firm Darktrace reported that threat actors exploited a SAP NetWeaver flaw, tracked as CVE-2025-31324, to deploy Auto-Color Linux malware in a U.S. chemicals firm attack. “In April 2025, Darktrace identified an Auto-Color backdoor malware attack…

Orange reports major cyberattack, warns of service disruptions

July 29, 2025

Orange, France’s largest telecom provider, reported a cyberattack on one of its internal systems, impacting its operations in Europe and Africa. Orange is a leading French multinational telecommunications operator providing services to individuals, businesses, and governments across Europe, Africa, and the Middle East. Formerly known as France Télécom until rebranding in 2013, the company now…

Hackers leak images and comments from women dating safety app Tea

July 29, 2025

The dating safety app Tea was hacked, leaking images, posts, and comments of thousands of users who shared anonymous “red flag” reports on men. Tea is a women-only dating safety app launched in 2023 that lets users assess and review potential partners using real-time safety tools, not matchmaking. The app has over 1.6 million members…

Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

July 29, 2025

A cyberattack claimed by Ukrainian group Silent Crow and Belarusian Cyber-Partisans crippled Aeroflot ’s systems, canceling over 100 flights. On July 28, 2025, a cyberattack claimed by Ukrainian group Silent Crow and Belarusian Cyber-Partisans crippled the systems of Russian state-owned carrier Aeroflot. Over 100 flights were cancelled following the attack, which also caused delays. The…

Seychelles Commercial Bank Reported Cybersecurity Incident

July 29, 2025

Seychelles Commercial Bank on Friday said it had recently identified and contained a cybersecurity incident. A hacker claims to have stolen and sold the personal data of clients of Seychelles Commercial Bank. The bank, which provides personal and corporate services on Seychelles, one of the world’s smallest countries, notified customers of a hack, but said…

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

July 28, 2025

Microsoft found a macOS flaw letting attackers access private data from protected areas like Downloads and Apple Intelligence caches. Microsoft Threat Intelligence researchers discovered a macOS vulnerability that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC). Apple’s Transparency, Consent, and Control framework in macOS is designed…

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

July 28, 2025

U.S. U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2025-20281 Cisco Identity Services Engine Injection Vulnerability…

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

July 28, 2025

Critical vulnerability in Post SMTP plugin risks full site takeover, over 400k sites use it, and nearly half remain unpatched. A critical vulnerability, tracked as CVE-2025-24000 (CVSS of 8.8) in the Post SMTP WordPress plugin, used by 400k sites, allows full site takeover. The plugin Post SMTP is an email delivery plugin that allows site owners…

Scattered Spider targets VMware ESXi in using social engineering

July 28, 2025

Scattered Spider targets VMware ESXi in North America using social engineering, mainly fake IT help desk calls instead of software exploits. The cybercrime group Scattered Spider (aka 0ktapus, Muddled Libra, Octo Tempest, and UNC3944) is targeting VMware ESXi hypervisors in retail, airline, and transportation sectors across North America. According to Google’s Mandiant team, the group…

Breaking News, cyber crime, Exploits, Global Security News, hacking, malware, Security

Breaking News, cyber crime, Exploits, Global Security News, hacking, malware, Security

Breaking News, Cybercrime, Global Security News, hacking, Security

Breaking News, Cybercrime, Global Security News, hacking, Security

Breaking News, Cybercrime, Global Security News, hacking, Security

Breaking News, Exploits, Global Security News, hacking, hacking news, Security

Breaking News, Exploits, Global Security News, hacking, hacking news, Security

Breaking News, Exploits, Global Security News, hacking, hacking news, Security

Breaking News, CISA, Exploits, Global Security News, hacking, hacking news, Security

Breaking News, CISA, Exploits, Global Security News, hacking, hacking news, Security

Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, hacking, Security

Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, hacking, Security

Breaking News, cyber crime, Exploits, Global Security News, hacking, Security

Global Security News, Guest blog, hacking, Law & order, Security threats

Breaking News, Exploits, Global Security News, hacking, hacking news, HybridPetya, malware

Breaking News, cisco, Exploits, Global Security News, hacking, hacking news, Security

Android, Breaking News, Exploits, Global Security News, hacking, Mobile, Security

Breaking News, cyber crime, data breach, Global Security News, hacking

Breaking News, Exploits, Global Security News, hacking, intelligence, malware, Mobile

Breaking News, CISA, Exploits, Global Security News, hacking, Security

Breaking News, cyber crime, Exploits, Global Security News, hacking, malware, Security

Breaking News, Chrome, Exploits, Global Security News, Google, hacking, Security

Adobe, Breaking News, Exploits, Global Security News, hacking, Security

Breaking News, Exploits, Global Security News, hacking, information security news, IT Information Security, Security

Breaking News, cyber crime, Global Security News, hacking, malware, Security

Breaking News, cyber crime, Cybercrime, Global Security News, hacking, malware

Breaking News, cyber crime, Cybercrime, data breach, Global Security News, hacking

Breaking News, Cybercrime, data breach, Global Security News, hacking

Asia Pacific, Breaking News, china, Global Security News, hacking, intelligence, Security

Breaking News, Cybercrime, Exploits, Global Security News, hacking, hacking news, information security news

Breaking News, Cybercrime, data breach, Exploits, Global Security News, hacking, Security

Breaking News, cyber crime, Cybercrime, data breach, Global Security News, hacking

Breaking News, Global Security News, hacking, information security news, IT Information Security, Security

Breaking News, Exploits, Global Security News, hacking, hacking news, Security

Breaking News, Exploits, Global Security News, hacking, Security

Breaking News, Global Security News, Google, hacking, Laws and regulations

Breaking News, Cyber warfare, Exploits, Global Security News, hacking, internet of things, Laws and regulations

Breaking News, Exploits, Global Security News, hacking, hacking news, internet of things, Security

Breaking News, CISA, Exploits, Global Security News, hacking, hacking news, Security

AI, Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, hacking

Android, Breaking News, Exploits, Global Security News, Google, hacking, Security

Breaking News, CISA, Exploits, Global Security News, hacking, hacking news, Security

Breaking News, Cybercrime, Global Security News, hacking, hacking news, Security

Breaking News, CloudFlare, cyber crime, Global Security News, hacking, Security

Breaking News, data breach, Exploits, Global Security News, hacking, information security news, IT Information Security

Breaking News, Cyber warfare, Europe, Global Security News, gps, GPS jamming, hacking

APT, Global Security News, hacking, malware, Security

Breaking News, Cybercrime, data breach, Exploits, Global Security News, hacking, hacking news

Amazon, APT, Breaking News, Global Security News, hacking, intelligence

Breaking News, Global Security News, hacking, hacking news, information security news