The presence of credentials in leaked "stealer logs" indicates his device was infected. Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department
Published: 2025-05-08T18:27:52
The verdict is a major victory for opponents of exploit sellers. A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a softwar
Published: 2025-05-07T00:26:14
Fake image-generating app allowed man to download 1.1TB of Disney-owned data. A California man has pleaded guilty to hacking an employee of The Walt Disney Company by tricking the person into running a malicious
Published: 2025-05-06T00:05:55
Mike Waltz needs to find a new app. A messaging service used by former National Security Advisor Mike Waltz has temporarily shut down while the company investigates an apparent hack. The messaging app is used to
Published: 2025-05-05T21:37:21
Attack that started in April and remains ongoing runs malicious code on visitors' devices. Hundreds of e-commerce sites, at least one owned by a large multinational company, were backdoored by malware that execu
Published: 2025-05-05T19:05:13
Hackers can run their code on AirPlay devices thanks to a collection of bugs known as AirBorne. Apple’s AirPlay feature enables iPhones and MacBooks to seamlessly play music or show photos and videos on other Ap
Published: 2025-04-30T17:52:06
A look back at GPT-4's legacy as OpenAI pulls the pioneering 2023 AI model from ChatGPT. One of the most influential and by some counts, notorious AI models yet released will soon fade into history. OpenAI annou
Published: 2025-04-30T11:30:40
Linux giant finds Chinese environment to be perilous beneath pretty exterior SUSE has kicked the Deepin Desktop Environment (DDE) out of its community-driven Linux distro, openSUSE, and the reasons it gives for doing so are revealing.
Published: 2025-05-09T12:33:15
A brochure shared on Reddit provides new details on Eufy's first smart display. The Eufy Smart Display E10 hasn t been officially announced by Anker yet, but it's already received FCC certification and was recently demonstrated at a private event in New York. The smart display's manual has also leaked. According to the brochure, the Smart […] 
A brochure shared on Reddit provides new details on Eufy’s first smart display. The Eufy Smart Display E10 hasn’t been officially announced by Anker yet, but it’s already received FCC certification and was recently demonstrated at a private e...
Published: 2025-05-09T10:57:32
NSO Group, the Israeli spyware-maker behind Pegasus, must pay Meta $167.25 million for hacking 1,400 users across WhatsApp. A federal jury in California made the decision on Tuesday after the court found the NSO Group liable for the attacks last year. Meta sued NSO Group in 2019 after Citizen Lab found a vulnerability that allowed […] 
NSO Group, the Israeli spyware-maker behind Pegasus, must pay Meta $167.25 million for hacking 1,400 users across WhatsApp. A federal jury in California made the decision on Tuesday after the court found the NSO Group liable for the attacks last ye...
Published: 2025-05-06T18:33:39
A hacker has obtained direct messages and contact information from TeleMessage, the Israeli software company that offers modified versions of Signal, WhatsApp, Telegram, and other apps to the US government, according to a report from 404Media. Last week, a photo of former National Security Advisor Mike Waltz appeared to show him using a Signal clone […] 
A hacker has obtained direct messages and contact information from TeleMessage, the Israeli software company that offers modified versions of Signal, WhatsApp, Telegram, and other apps to the US government, according to a report from 404Media. Last...
Published: 2025-05-05T12:35:13
After supporting passwordless Windows logins for years and even allowing users to delete passwords from their accounts, Microsoft is making its biggest move yet toward a future with no passwords. Now it will ask people signing up for new accounts to only use more secure methods like passkeys, push notifications, and security keys instead, by […] 
After supporting passwordless Windows logins for years and even allowing users to delete passwords from their accounts, Microsoft is making its biggest move yet toward a future with no passwords. Now it will ask people signing up for new accounts t...
Published: 2025-05-01T18:53:05
In an unprecedented display of diplomatic aggression, French authorities publicly accused Russia of sponsoring several high-profile cyber attacks on French entities for over a decade to gather intelligence and destabilize the country. The incidents include everything from a faked Islamic State takeover of a French television broadcast signal in 2015 to the leak of President […] 
In an unprecedented display of diplomatic aggression, French authorities publicly accused Russia of sponsoring several high-profile cyber attacks on French entities for over a decade to gather intelligence and destabilize the country. The incidents...
Published: 2025-04-29T19:15:07
Cybersecurity firm Oligo has detailed a set of vulnerabilities its researchers found in Apple's AirPlay protocol and software development kit that could serve as a point of entry to infect other devices on your network, Wired reports. Oligo's researc
Published: 2025-04-29T13:32:29
Trump administration senior officials are facing harsh criticism after it was revealed that they had used the personal messaging app Signal to discuss highly classified military intelligence in a group chat. The chat, in which Defense Secretary Pete Hegseth laid out plans for an upcoming military strike in Yemen, inadvertently added Jeffrey Goldberg, the editor-in-chief of The […] 
Trump administration senior officials are facing harsh criticism after it was revealed that they had used the personal messaging app Signal to discuss highly classified military intelligence in a group chat. The chat, in which Defense Secretar...
Published: 2025-04-25T13:37:50
The FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxies sold on the 5Socks and Anyproxy networks. [...]
Published: 2025-05-08T18:15:39
Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. [...]
Published: 2025-05-08T16:53:18
Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. [...]
Published: 2025-05-08T16:14:09
A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. [...]
Published: 2025-05-08T14:51:14
Ransomware operations are using legitimate Kickidler employee monitoring software for reconnaissance, tracking their victims' activity, and harvesting credentials after breaching their networks. [...]
Published: 2025-05-08T12:05:18
Venture capital firm Insight Partners has confirmed that sensitive data for employees and limited partners was stolen in a January 2025 cyberattack. [...]
Published: 2025-05-08T11:01:39
Since the start of the year, the Russian state-backed ColdRiver hacking group has been using new LostKeys malware to steal files in espionage attacks targeting Western governments, journalists, think tanks, and non-governmental organizations. [...]
Published: 2025-05-08T09:39:15
SonicWall has urged its customers to patch three security vulnerabilities affecting its Secure Mobile Access (SMA) appliances, one of them tagged as exploited in attacks [...]
Published: 2025-05-08T07:19:58
The LockBit ransomware gang has suffered a data breach after its dark web affiliate panels were defaced and replaced with a message linking to a MySQL database dump. [...]
Published: 2025-05-07T20:06:32
PowerSchool is warning that the hacker behind its December cyberattack is now individually extorting schools, threatening to release the previously stolen student and teacher data if a ransom is not paid. [...]
Published: 2025-05-07T14:25:39
Written by: Wesley Shields Google Threat Intelligence Group (GTIG) has identified a new piece of malware called LOSTKEYS, attributed to the Russian government-backed threat group COLDRIVER (also known as UNC4057, Star Blizzard, and Callisto). LOSTKE...
Published: 2025-05-07T14:00:00
Background UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. In early operations, UNC3944 larg
Published: 2025-05-06T14:00:00
Written by: Casey Charrier, James Sadowski, Clement Lecigne, Vlad Stolyarov Executive Summary Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 202
Published: 2025-04-29T05:00:00
Linux giant finds Chinese environment to be perilous beneath pretty exterior SUSE has kicked the Deepin Desktop Environment (DDE) out of its community-driven Linux distro, openSUSE, and the reasons it gives for doing so are revealing.
Published: 2025-05-09T12:33:15
Ubuntu 25.10 fitted with Rust-written admin tool by default for memory safety's sake Canonical's Ubuntu 25.10 is set to make sudo-rs, a Rust-based rework of the classic sudo utility, the default part of a push to cut memory-related security bugs and lock down core system components.
Published: 2025-05-08T06:38:08
Now individual school districts extorted by fiends An education tech provider that paid a ransom to prevent the leak of stolen student and teacher data is now watching its school district customers get individually extorted by either the same ransomware crew that hit it or someone connected to the crooks.
Published: 2025-05-08T00:43:29
CEO: Neural net tech 'flattens our hiring curve, helps us innovate' CrowdStrike the Texas antivirus slinger famous for crashing millions of Windows machines last year plans to cut five percent of its staff, or about 500 workers, in pursuit of "greater efficiencies," according to CEO and co-founder George Kurtz.
Published: 2025-05-07T23:28:26
Judge allows aspects of passenger lawsuit to proceed A federal judge has cleared the runway for a class action from disgruntled passengers against Delta Air Lines as turbulence from last year's CrowdStrike debacle continues to buffet the carrier.
Published: 2025-05-07T18:27:06
We were shocked SHOCKED by the answer Mirror, mirror on the wall, who is the slurpiest mobile browser of them all? The answer, according to VPN vendor Surfshark, is Chrome.
Published: 2025-05-07T17:38:05
Lead dev likens flood to 'effectively being DDoSed' Curl project founder Daniel Stenberg is fed up with of the deluge of AI-generated "slop" bug reports and recently introduced a checkbox to screen low-effort submissions that are draining maintainers' time.
Published: 2025-05-07T10:30:09
Prime Minister bemoans bullying, addiction, and inappropriate content but isn't planning a rapid vote New Zealand's government has signaled its support for a bill to ban social media for children under 16, but without explicitly making it a government initiative.
Published: 2025-05-07T04:05:06
Don't f&#k with Zuck A California jury has awarded Meta more than $167 million in damages from Israeli surveillanceware slinger NSO Group, after the latter exploited a flaw in WhatsApp to allow its government customers to spy on supposedly secure communications.
Published: 2025-05-06T23:50:26
What was the plan, showing her his big iron? A now-former manager at Computacenter claims he was unfairly fired after alerting management that a colleague was repeatedly giving his girlfriend unauthorized access to Deutsche Bank's server rooms.
Published: 2025-05-06T20:44:00
(If only that would keep folks off unsanctioned chat app side quests) The US Department of Defense (DoD) is overhauling its "outdated" software procurement systems, and insists it's putting security at the forefront of decision-making processes.
Published: 2025-05-06T18:27:10
Because who needs cybersecurity when there's culture wars to win President Trump's dream 2026 budget would gut the US govt's Cybersecurity and Infrastructure Security Agency, aka CISA, by $491 million - about 17 percent and accuses the organization of abandoning its core mission in favor of policing online speech.
Published: 2025-05-06T00:05:20
No, really? That's a shocking surprise Updated An unidentified miscreant is said to have obtained US government communications from TeleMessage, a messaging and archiving app based on the open-source Signal app and used by ousted national security advisor Michael Waltz.
Published: 2025-05-05T20:54:29
Hails DOGE operatives for computer skills during interview in which he also flubbed some tech investment figures US President Donald Trump has said TikTok will be very strongly protected as the made-in-China social network has a warm spot in my heart .
Published: 2025-05-05T06:58:12
PLUS: China spring cleans its AIs; South Korea fines Meta, probes Broadcom; and more! Asia in brief India's ambition to become a global semiconductor manufacturing player went backwards last week after two big players changed their plans.
Published: 2025-05-05T03:56:09
PLUS: AirPlay exploits; Six-year old backdoor opens; Raytheon settles federal charges; and more! Infosec In Brief Microsoft has decided to push its consumer customers to dump passwords in favor of passkeys.
Published: 2025-05-04T23:58:12
With North Korean IT workers storming the gates, too RSAC Another RSA Conference has come and gone, with almost 44,000 attendees this year spread across San Francisco's Moscone Center and the surrounding facilities, according to event organizers.
Published: 2025-05-04T18:47:10
El Reg checks out shop in SF On Thursday, six stores across America opened their doors with a curious proposition: Come on in, let a metal orb scan your irises, and walk out with a new online profile that promises you're an individual human and a few bucks in crypto for your troubles.
Published: 2025-05-04T12:43:11
25-year-old fella pleads guilty to stealing, dumping 1.1TB of data from the House of Mouse When someone stole more than a terabyte of data from Disney last year, it was believed to be the work of Russian hacktivists protesting for artist rights. We now know it was actually a 25-year-old California resident.
Published: 2025-05-02T16:03:55
Real-time video deepfakes? Not convincing yet RSAC Spam messages predate the web itself, and generative AI has given it a fluency upgrade, churning out slick, localized scams and letting crooks hit regions and dialects they used to ignore.
Published: 2025-05-02T15:06:08
UK starts prosecution days after FBI vowed to clamp down on the crime Three young Brits are accused of stateside swatting offences and will appear in a UK court today to face their charges after a joint investigation by the FBI and Merseyside cops.
Published: 2025-05-02T13:06:12
Experts suggest the obvious: There is an ongoing coordinated attack on UK retail sector Harrods, a globally recognized purveyor of all things luxury, is the third major UK retailer to confirm an attempted cyberattack on its systems in under two weeks.
Published: 2025-05-02T10:25:12
House Oversight probes missing Musk disclosures, background checks, data mess at NLRB Elon Musk is backing away from his Trump-blessed government gig, but now House Democrats want to see the permission slip that got him in the door.
Published: 2025-05-01T22:33:00
This time criminals targeted partner's third-party software It's more bad news from Ascension Health which is informing some of its patients, potentially for the second time in the space of a year, that their medical data was compromised during a major cyberattack.
Published: 2025-05-01T19:22:07
Will the personal assistant shop for groceries? Or get hijacked by a teen? RSAC If Amazon's Alexa+ works as intended, it could show how an AI assistant helps with everyday tasks like making dinner reservations or arranging an oven repair. Or things could go terribly wrong: it might turn on the oven and turn dinner plans into a house fire.
Published: 2025-05-01T17:09:08
President's campaign continues against man he claims covered up evidence of electoral fraud in 2020 Chris Krebs, former CISA director and current political punching bag for the US President, says his Global Entry membership was revoked.
Published: 2025-05-01T13:15:12
No MFA? No problem as long as you show you ve learned your lesson The UK's data protection overlord is not going to pursue any further investigation into the British Library's 2023 ransomware attack.
Published: 2025-05-01T10:15:14
For now it's a potential bug-finder and friend to defenders RSAC Former NSA cyber-boss Rob Joyce thinks today's artificial intelligence is dangerously close to becoming a top-tier vulnerability exploit developer.
Published: 2025-04-30T23:31:58
Cybersecurity is national security, says Jen Easterly RSAC America's top cyber-defense agency is "being undermined" by personnel and budget cuts under the Trump administration, some of which are being driven by an expectation of perfect loyalty to the President rather than the nation.
Published: 2025-04-30T18:58:14
Feds say $970K scheme defrauded 13+ companies A Maryland man has pleaded guilty to fraud after landing a job with a contractor working on US government software, and then outsourcing the work to a self-described North Korean developer in China.
Published: 2025-04-30T18:03:10
No specific law against it yet, but that's set to change A spate of high-profile swatting incidents in the US recently forced the FBI into action with its latest awareness campaign about the occasionally deadly practice.
Published: 2025-04-30T15:10:12
Go ahead, please do Bash static analysis Shell scripting may finally get a proper bug-checker. A group of academics has proposed static analysis techniques aimed at improving the correctness and reliability of Unix shell programs.
Published: 2025-04-30T09:27:06
A cloud security platform that manages the attack surface and security vulnerabilities in AWS Sponsored post You d be na ve to believe that the cloud is secure by default, and while most hosting services provide basic defenses, it's not always clear what level of protection these provide.
Published: 2025-04-30T08:00:10
Google dumped io_uring after $1M in bug bounties A proof-of-concept program has been released to demonstrate a so-called monitoring "blind spot" in how some Linux antivirus and other endpoint protection tools use the kernel's io_uring interface.
Published: 2025-04-29T18:51:55
As Big Tech gets used to the pain, smaller vendors urged to up their game Google says that despite a small dip in the number of exploited zero-day vulnerabilities in 2024, the number of attacks using these novel bugs continues on an upward trend overall.
Published: 2025-04-29T17:02:12
Former Rear Admiral calls for National Guard online deployment and corporates to be held accountable RSAC Russia used to be considered America's biggest adversary online, but over the past couple of years China has taken the role, and is proving highly effective at it.
Published: 2025-04-29T15:02:07
Top voices warn that political retaliation puts democracy and national defense at risk The Electronic Frontier Foundation (EFF) and numerous infosec leaders are lobbying US President Donald Trump to drop his enduring investigation into Chris Krebs, claiming that targeting the former CISA boss amounts to bullying.
Published: 2025-04-29T13:15:08
Artificial intelligence is helping Beijing's goons break in faster and stay longer RSAC The biggest threat to US critical infrastructure, according to FBI Deputy Assistant Director Cynthia Kaiser, can be summed up in one word: "China."
Published: 2025-04-29T11:34:15
FBI and others list how to spot NK infiltrators, but AI will make it harder RSAC Concerned a new recruit might be a North Korean stooge out to steal intellectual property and then hit an org with malware? There is an answer, for the moment at least.
Published: 2025-04-29T09:15:12
They re sorry/not sorry for testing if bots can change minds by pretending to be a trauma counselor or a victim of sexual abuse Researchers from the University of Zurich have admitted to secretly posting AI-generated material to popular Subreddit r/changemyview in the name of science.
Published: 2025-04-29T06:47:19
Who could possibly be behind this attack on an ethnic minority China despises? Researchers at Canada's Citizen Lab have spotted a phishing campaign and supply chain attack directed at Uyghur people living outside China, and suggest it's an example of Beijing's attempts to target the ethnic minority group.
Published: 2025-04-29T03:15:15
Florida man altered allergen info, DoSed former colleagues Former Disney employee Michael Scheuer was sentenced to 36 months in prison and fined almost $688,000 for screwing up a software application the entertainment giant used to cook up its restaurant menus.
Published: 2025-04-29T00:26:03
Sometimes, silence is the best option Updated An Oklahoma City cybersecurity professional accused of installing spyware on a hospital PC confirmed on LinkedIn key details of the drama.
Published: 2025-04-28T23:28:54
Whistleblowing, email is evidential mail, HR is not your friend, and more discussed by CxO panel RSAC Chief security officers should negotiate personal liability insurance and a golden parachute when they start a new job in case things go sideways and management tries to scapegoat them for a network breach.
Published: 2025-04-28T21:57:37
Homeland Security boss Noem added as last-minute keynote, mind you RSAC There's a notable absence from this year's RSA Conference that kicked off today in San Francisco: The NSA's State of the Hack panel.
Published: 2025-04-28T21:03:37
Think of artificial intelligence as your embedded ally Sponsored post AI is reshaping cybersecurity in real time, raising the stakes on both sides of the battlefield. For defenders, it brings speed, precision, and automation at scale, helping security teams detect threats earlier and respond faster than ever. But adversaries aren't standing still. They re using AI to sharpen their own tactics, accelerating attacks and probing defenses with unprecedented sophistication.
Published: 2025-04-28T19:11:28
It took a 1 year+ probe, plenty of client calls for VeriSource to understand just how much of a yikes it has on its hands Houston-based VeriSource Services' long-running probe into a February 2024 digital break-in shows the data of 4 million people not just a few hundred thousand as it first claimed - was accessed by an "unknown actor".
Published: 2025-04-28T13:40:05
Image board hints that rumors of a poorly maintained back end may be true Clearweb cesspit 4chan is back up and running, but says the damage caused by a cyberattack earlier this month was "catastrophic."
Published: 2025-04-28T12:27:12
Redmond reckons $1.50/core/month hotpatch service is worth it to avoid eight Patch Tuesday scrambles each year Microsoft has announced its preview of hotpatching for on-prem Windows Server 2025 will become a paid subscription service in July.
Published: 2025-04-28T06:37:01
PLUS: Microsoft fixes messes China used to attack it; Mitre adds ESXi advice; Employee-tracking screenshots leak; and more! Infosec in brief Samsung has warned that some of its Galaxy devices store passwords in plaintext.
Published: 2025-04-28T02:59:05
CBP’s acting commissioner has rescinded four Biden-era policies that aimed to protect vulnerable people in the agency’s custody, including mothers, infants, and the elderly.
Published: 2025-05-08T22:00:54
CBP says it has “disabled” its use of TeleMessage following reports that the app, which has not cleared the US government’s risk assessment program, was hacked.
Published: 2025-05-07T21:03:10
In the wake of SignalGate, a knockoff version of Signal used by a high-ranking member of the Trump administration was hacked. Today on Uncanny Valley, we discuss the platforms used for government communications.
Published: 2025-05-07T18:08:53
A new analysis of TM Signal’s source code appears to show that the app sends users’ message logs in plaintext. At least one top Trump administration official used the app.
Published: 2025-05-06T20:24:44
Now the US director of national intelligence, Gabbard failed to follow basic cybersecurity practices on several of her personal accounts, leaked records reviewed by WIRED reveal.
Published: 2025-05-06T19:27:19
Customs and Border Protection has called for tech companies to pitch real-time face recognition technology that can capture everyone in a vehicle not just those in the front seats.
Published: 2025-05-06T09:00:00
The communications app TeleMessage, which was spotted on former US national security adviser Mike Waltz's phone, has suspended “all services” as it investigates reports of at least one breach.
Published: 2025-05-05T21:24:04
The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm.
Published: 2025-05-05T10:00:00
Plus: France blames Russia for a series of cyberattacks, the US is taking steps to crack down on a gray market allegedly used by scammers, and Microsoft pushes the password one step closer to death.
Published: 2025-05-03T10:30:00
A photo taken this week showed Mike Waltz using an app that looks like but is not Signal to communicate with top officials. "I don't even know where to start with this," says one expert.
Published: 2025-05-02T19:46:40
People are using ChatGPT’s new image generator to take part in viral social media trends. But using it also puts your privacy at risk unless you take a few simple steps to protect yourself.
Published: 2025-05-01T13:56:35
For years, North Korea has been secretly placing young IT workers inside Western companies. With AI, their schemes are now more devious and effective than ever.
Published: 2025-05-01T07:00:00
A new study found that code generated by AI is more likely to contain made-up information that can be used to trick software into interacting with malicious code.
Published: 2025-04-30T19:08:33
WhatsApp's AI tools will use a new “Private Processing” system designed to allow cloud access without letting Meta or anyone else see end-to-end encrypted chats. But experts still see risks.
Published: 2025-04-29T17:15:00
Researchers reveal a collection of bugs known as AirBorne that would allow any hacker on the same Wi-Fi network as a third-party AirPlay-enabled device to surreptitiously run their own code on it.
Published: 2025-04-29T12:30:00
Records reviewed by WIRED show law enforcement agencies are eager to take advantage of the data trails generated by a flood of new internet-connected vehicle features.
Published: 2025-04-28T10:30:00
Plus: Cybercriminals stole a record-breaking fortune from US residents and businesses in 2024, and Google performs its final flip-flop in its yearslong quest to kill tracking cookies.
Published: 2025-04-26T10:30:00
In this episode of Uncanny Valley, our hosts explain how to prepare for travel to and from the United States and how to stay safe.
Published: 2025-04-24T21:28:33
Google is rolling out an end-to-end encrypted email feature for business customers, but it could spawn phishing attacks, particularly in non-Gmail inboxes.
Published: 2025-04-24T16:00:00
Cybersecurity researchers are warning of a new campaign that's targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025. "The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entice users into clicking hyperlinks and accessing malicious content hosted in Dropbox," Cisco Talos
Published: 2025-05-09T17:10:00
AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks like data leaks, identity theft, and malicious misuse. If your company is exploring or already using AI agents, you need to ask: Are they secure? AI agents work with sensitive data and make real-time decisions. If they’re not
Published: 2025-05-09T16:41:00
The Vulnerability Treadmill The reactive nature of vulnerability management, combined with delays from policy and process, strains security teams. Capacity is limited and patching everything immediately is a struggle. Our Vulnerability Operation Center (VOC) dataset analysis identified 1,337,797 unique findings (security issues) across 68,500 unique customer assets. 32,585 of them were distinct
Published: 2025-05-09T16:27:00
Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence (AI)-powered source code editor. "Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor's
Published: 2025-05-09T16:27:00
Google on Thursday announced it's rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android. The tech giant said it will begin using Gemini Nano, its on-device large language model (LLM), to improve Safe Browsing in Chrome 137 on desktops. "The on-device approach provides instant insight on risky websites and allows us to offer
Published: 2025-05-09T12:43:00
A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver. Forescout Vedere Labs, in a report published Thursday, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers to a critical SAP NetWeaver flaw
Published: 2025-05-09T09:59:00
Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin. "FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io
Published: 2025-05-08T20:53:00
61% of security leaders reported suffering a breach due to failed or misconfigured controls over the past 12 months. This is despite having an average of 43 cybersecurity tools in place. This massive rate of security failure is clearly not a security investment problem. It is a configuration problem. Organizations are beginning to understand that a security control installed or deployed is not
Published: 2025-05-08T19:30:00
SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution. The vulnerabilities are listed below - CVE-2025-32819 (CVSS score: 8.8) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges to bypass the path traversal checks and delete an
Published: 2025-05-08T19:26:00
Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. "NETXLOADER is a new .NET-based loader that plays a critical role in cyber attacks," Trend Micro researchers Jacob Santos, Raymart Yambot, John Rainier Navato, Sarah Pearl
Published: 2025-05-08T19:17:00
The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed against government agencies and public institutions in Japan and Taiwan. The activity, detected by Trend Micro in March 2025, involved the use of spear-phishing lures to deliver an updated version of a backdoor called ANEL. "The ANEL file from
Published: 2025-05-08T16:02:00
The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures. "LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker," the Google Threat
Published: 2025-05-08T12:27:00
Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system. "This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an
Published: 2025-05-08T10:27:00
Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world. In connection with the operation, Polish authorities have arrested four individuals aged between 19 and 22 and the United States has seized nine domains that are associated with the now-defunct platforms. "The suspects are believed to
Published: 2025-05-07T19:24:00
A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82. "This is due to the create_wp_connection() function missing a capability check and
Published: 2025-05-07T19:14:00
Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is
Published: 2025-05-07T17:01:00
Security Service Edge (SSE) platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices. But there's a problem: they stop short of where the most sensitive user activity actually happens the browser. This isn’t a small omission. It’s a structural
Published: 2025-05-07T16:26:00
Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by
Published: 2025-05-07T16:14:00
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan. The package in question is discordpydebug, which was uploaded to PyPI on March 21, 2022. It has been downloaded 11,574 times and continues to be available on the open-source registry.
Published: 2025-05-07T13:07:00
A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting over 1,400 individuals globally. WhatsApp originally filed the lawsuit against NSO Group in 2019,
Published: 2025-05-07T11:52:00
Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral them into a Mirai botnet for conducting distributed denial-of-service (DDoS) attacks. The activity, first observed by the Akamai Security Intelligence and Response Team (SIRT) in early April 2025, involves the exploitation of two operating system command
Published: 2025-05-06T21:03:00
Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems (TDSes). The activity clusters have been codenamed Reckless Rabbit and Ruthless Rabbit by DNS threat intelligence firm Infoblox. The attacks have been observed to lure victims with bogus
Published: 2025-05-06T19:06:00
It wasn't ransomware headlines or zero-day exploits that stood out most in this year's Verizon 2025 Data Breach Investigations Report (DBIR) it was what fueled them. Quietly, yet consistently, two underlying factors played a role in some of the worst breaches: third-party exposure and machine credential abuse. According to the 2025 DBIR, third-party involvement in breaches doubled
Published: 2025-05-06T16:55:00
Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data. "While these 'plug-and-play' options greatly simplify the setup process, they often prioritize ease of use over security," Michael Katchinskiy and Yossi Weizman from the Microsoft Defender for Cloud Research team
Published: 2025-05-06T16:35:00
Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role managing authentication, enforcing policy, and connecting users across distributed environments. That prominence also
Published: 2025-05-06T15:30:00
Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild. The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local code execution without requiring any additional execution privileges. "The most severe of
Published: 2025-05-06T11:16:00
A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0. "Langflow contains a missing
Published: 2025-05-06T09:54:00
Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple's AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology. The shortcomings have been collectively codenamed AirBorne by Israeli cybersecurity company Oligo. "These vulnerabilities can be chained by
Published: 2025-05-05T22:36:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog, a little over a week after it was publicly disclosed. The vulnerability in question is CVE-2025-34028 (CVSS score: 10.0), a path traversal bug that affects 11.38 Innovation Release, from versions
Published: 2025-05-05T21:31:00
What if attackers aren't breaking in they're already inside, watching, and adapting? This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are returning under new names. The real danger isn’t just the breach it’s not knowing who’s still lurking in your
Published: 2025-05-05T16:59:00
Let’s be honest: if you're one of the first (or the first) security hires at a small or midsize business, chances are you're also the unofficial CISO, SOC, IT Help Desk, and whatever additional roles need filling. You’re not running a security department. You are THE security department. You're getting pinged about RFPs in one area, and reviewing phishing alerts in another, all while sifting
Published: 2025-05-05T16:30:00
The threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued development efforts to fine-tune and diversify their arsenal. "TerraStealerV2 is designed to collect browser credentials, cryptocurrency wallet data, and browser extension information," Recorded Future Insikt Group said. "TerraLogger, by contrast
Published: 2025-05-05T11:09:00
Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system's primary disk and render it unbootable. The names of the packages are listed below - github[.]com/truthfulpharm/prototransform github[.]com/blankloggia/go-mcp github[.]com/steelpoor/tlsproxy "Despite appearing legitimate,
Published: 2025-05-03T20:01:00
An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years. The activity, which lasted from at least May 2023 to February 2025, entailed "extensive espionage operations and suspected network prepositioning a tactic often used to maintain persistent access for future
Published: 2025-05-03T15:03:00
The U.S. Department of Justice (DoJ) on Thursday announced charges against a 36-year-old Yemeni national for allegedly deploying the Black Kingdom ransomware against global targets, including businesses, schools, and hospitals in the United States. Rami Khaled Ahmed of Sana'a, Yemen, has been charged with one count of conspiracy, one count of intentional damage to a protected computer, and one
Published: 2025-05-03T12:36:00
Ireland's Data Protection Commission (DPC) on Friday fined popular video-sharing platform TikTok 530 million ($601 million) for infringing data protection regulations in the region by transferring European users' data to China. "TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency requirements," the DPC said in a statement. "
Published: 2025-05-02T17:55:00
Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform’s Community Edition. A recent standout is a workflow that automates monitoring for security advisories from CISA and other vendors, enriches advisories with CrowdStrike
Published: 2025-05-02T16:00:00
The malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver. "MintsLoader operates through a multi-stage infection chain involving obfuscated JavaScript and PowerShell scripts," Recorded Future's Insikt Group said in a report shared with The Hacker News. "The malware employs sandbox and virtual machine evasion techniques, a domain
Published: 2025-05-02T14:27:00
A year after Microsoft announced passkeys support for consumer accounts, the tech giant has announced a big change that pushes individuals signing up for new accounts to use the phishing-resistant authentication method by default. "Brand new Microsoft accounts will now be 'passwordless by default,'" Microsoft's Joy Chik and Vasu Jakkal said. "New users will have several passwordless options for
Published: 2025-05-02T12:10:00
Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name "WP-antymalwary-bot.php," comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code. "Pinging functionality that can report back to a command-and-control (C&C) server
Published: 2025-05-01T21:17:00
Security Operations Center (SOC) teams are facing a fundamentally new challenge — traditional cybersecurity tools are failing to detect advanced adversaries who have become experts at evading endpoint-based defenses and signature-based detection systems. The reality of these “invisible intruders” is driving a significant need for a multi-layered approach to detecting threats,
Published: 2025-05-01T16:55:00
Artificial intelligence (AI) company Anthropic has revealed that unknown threat actors leveraged its Claude chatbot for an "influence-as-a-service" operation to engage with authentic accounts across Facebook and X. The sophisticated activity, branded as financially-motivated, is said to have used its AI tool to orchestrate 100 distinct personas on the two social media platforms, creating a
Published: 2025-05-01T16:32:00
For over a decade, application security teams have faced a brutal irony: the more advanced the detection tools became, the less useful their results proved to be. As alerts from static analysis tools, scanners, and CVE databases surged, the promise of better security grew more distant. In its place, a new reality took hold one defined by alert fatigue and overwhelmed teams. According to OX
Published: 2025-05-01T15:14:00
Russian companies have been targeted as part of a large-scale phishing campaign that's designed to deliver a known malware called DarkWatchman. Targets of the attacks include entities in the media, tourism, finance and insurance, manufacturing, retail, energy, telecom, transport, and biotechnology sectors, Russian cybersecurity company F6 said. The activity is assessed to be the work of a
Published: 2025-05-01T14:57:00
Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. "This activity has affected a small number of customers we have in common with Microsoft, and we are working with those customers to provide assistance," the company
Published: 2025-05-01T13:41:00
SonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been exploited in the wild. The vulnerabilities in question are listed below - CVE-2023-44221 (CVSS score: 7.2) - Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to
Published: 2025-05-01T11:52:00
As the field of artificial intelligence (AI) continues to evolve at a rapid pace, fresh research has found how techniques that render the Model Context Protocol (MCP) susceptible to prompt injection attacks could be used to develop security tooling or identify malicious tools, according to a new report from Tenable. MCP, launched by Anthropic in November 2024, is a framework designed to connect
Published: 2025-04-30T21:29:00
How Many Gaps Are Hiding in Your Identity System? It’s not just about logins anymore. Today’s attackers don’t need to “hack” in they can trick their way in. Deepfakes, impersonation scams, and AI-powered social engineering are helping them bypass traditional defenses and slip through unnoticed. Once inside, they can take over accounts, move laterally, and cause long-term damage all without
Published: 2025-04-30T16:56:00
A China-aligned advanced persistent threat (APT) group called TheWizards has been linked to a lateral movement tool called Spellbinder that can facilitate adversary-in-the-middle (AitM) attacks. "Spellbinder enables adversary-in-the-middle (AitM) attacks, through IPv6 stateless address autoconfiguration (SLAAC) spoofing, to move laterally in the compromised network, intercepting packets and
Published: 2025-04-30T16:35:00
Everyone has cybersecurity stories involving family members. Here’s a relatively common one. The conversation usually goes something like this: “The strangest thing happened to my streaming account. I got locked out of my account, so I had to change my password. When I logged back in, all my shows were gone. Everything was in Spanish and there were all these Spanish shows I’ve never seen
Published: 2025-04-30T15:54:00
The FBI warns that attackers are using end-of-life routers to deploy malware and turn them into proxies sold on 5Socks and Anyproxy networks. The FBI released a FLASH alert warning about 5Socks and Anyproxy malicious services targeting end-of-life (EOL) routers. Attackers target EoL devices to deploy malware by exploiting vulnerabilities and create botnets for attacks […]
Published: 2025-05-09T11:43:40
Since early 2025, Russia-linked ColdRiver has used LostKeys malware to steal files in espionage attacks on Western governments and organizations. Google’s Threat Intelligence Group discovered LOSTKEYS, a new malware used by Russia-linked APT COLDRIVER, in recent attacks to steal files and gather system info. The ColdRiver APT (aka “Seaborgium“, “Callisto”, “Star Blizzard”, “TA446”) is a Russian cyberespionage group […]
Published: 2025-05-09T08:41:29
SonicWall addressed three SMA 100 flaws, including a potential zero-day, that could allow remote code execution if chained. SonicWall patches three SMA 100 vulnerabilities (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821), including a potential zero-day, that could be chained by a remote attacker to execute arbitrary code. The first flaw, tracked as CVE-2025-32819 (CVSS score of 8.8), is […]
Published: 2025-05-09T07:50:45
Lockbit ransomware group has been compromised, attackers stole and leaked data contained in the backend infrastructure of their dark web site. Hackers compromised the dark web leak site of the LockBit ransomware gang and defaced it, posting a message and a link to the dump of the MySQL database of its backend affiliate panel. “Don’t […]
Published: 2025-05-08T18:37:05
Cisco addressed a flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files. Cisco released software updates to address a vulnerability, tracked as CVE-2025-20188 (CVSS score 10), in IOS XE Wireless Controller. An unauthenticated, remote attacker can exploit the flaw to load arbitrary files to a vulnerable system. […]
Published: 2025-05-08T13:13:41
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds GoVision device flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: According to Binding Operational Directive […]
Published: 2025-05-08T08:04:03
Polish police arrested 4 people behind DDoS-for-hire platforms used in global attacks, offering takedowns for as little as 10 via six stresser services. Polish authorities arrested 4 people linked to 6 DDoS-for-hire platforms, Cfxapi, Cfxsecurity, neostress, jetstress, quickdown, and zapcut, used to launch attacks worldwide for as little as 10. The platforms were used to […]
Published: 2025-05-08T07:22:05
The Play ransomware gang exploited a high-severity Windows Common Log File System flaw in zero-day attacks to deploy malware. The Play ransomware gang has exploited a Windows Common Log File System flaw, tracked as CVE-2025-29824, in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. The vulnerability CVE-2025-29824, (CVSS score of 7.8) is a Use after […]
Published: 2025-05-07T18:43:23
F5 Labs researchers released a PoC tool to find servers vulnerable to the Apache Parquet vulnerability CVE-2025-30065. A working proof-of-concept exploit for the critical Apache Parquet vulnerability CVE-2025-30065 has been released by F5 Labs, allowing the identification of vulnerable servers. The tool, called “canary exploit,” is available on the security firm’s GitHub repository. Apache Parquet’s […]
Published: 2025-05-07T14:08:37
CISA, FBI, EPA, and DoE warn of cyberattacks on the U.S. Energy sector carried out by unsophisticated cyber actors targeting ICS/SCADA systems. The US cybersecurity agency CISA, the FBI, EPA, and the DoE issued a joint alert to warn of cyberattacks targeting US-based organizations in the oil and natural gas sector. Unsophisticated threat actors are […]
Published: 2025-05-07T10:44:38