Prompt injections are the Achilles' heel of AI assistants. Google offers a potential fix. In the AI world, a vulnerability called a "prompt injection" has haunted developers since chatbots went mainstream in 202
Published: 2025-04-16T11:15:44
Copilot vibe coding for OS development? Why not Canny Windows users who've spotted a mysterious folder on hard drives after applying last week's security patches for the operating system can rest assured it's perfectly benign. In fact, it's recomme
Published: 2025-04-14T23:16:07
Attackers are sending phishing emails that appear to be from no-reply@google.com, presented as an urgent subpoena alert about law enforcement seeking information from the target's Google Account. Bleeping Computer reports that the scam utilizes G
Published: 2025-04-21T10:28:13
The government will continue funding the Common Vulnerabilities and Exposures (CVE) program. In a statement to The Verge, US Cybersecurity and Infrastructure Agency (CISA) spokesperson Jared Auchey said it executed the option period on the contract to ensure there will be no lapse in critical CVE services last night. On Tuesday, MITRE, the government-funded organization […] 
The government will continue funding the Common Vulnerabilities and Exposures (CVE) program. In a statement to The Verge, US Cybersecurity and Infrastructure Agency (CISA) spokesperson Jared Auchey said it “executed the option period on the contrac...
Published: 2025-04-16T11:12:40
Funding is about to run out for the Common Vulnerabilities and Exposures (CVE) program a system used by major companies like Microsoft, Google, Apple, Intel, and AMD to identify and track publicly disclosed cybersecurity vulnerabilities. The program helps engineers identify how bad an exploit is and how to prioritize applying patches or other mitigations. […] 
Funding is about to run out for the Common Vulnerabilities and Exposures (CVE) program a system used by major companies like Microsoft, Google, Apple, Intel, and AMD to identify and track publicly disclosed cybersecurity vulnerabilities. The prog...
Published: 2025-04-15T16:41:52
4chan appears to be down following a major hack that reportedly exposed its source code. A user on a competing messaging board claimed responsibility for the attack on Monday night and claimed to have reopened the site's /qa/ board. 4chan is, obviously, also notorious for trying to trick outsiders about things happening on the site, […] 
4chan appears to be down following a major hack that reportedly exposed its source code. A user on a competing messaging board claimed responsibility for the attack on Monday night and claimed to have reopened the site’s /qa/ board. 4chan is, obvio...
Published: 2025-04-15T11:45:15
Android is launching a new security feature that will force devices to reboot themselves if you haven’t unlocked them for a while, making it harder for other people to access the data inside. The feature included in the latest Google Play services update says that Android phones will automatically restart if locked for 3 consecutive […] 
Android is launching a new security feature that will force devices to reboot themselves if you haven’t unlocked them for a while, making it harder for other people to access the data inside. The feature included in the latest Google Play ser...
Published: 2025-04-15T07:43:17
Car rental giant Hertz is alerting customers that personal information including credit card details and Social Security numbers may have been stolen in a data breach that impacted one of the firm’s vendors. In a notice posted to its website, Hertz says that company data was acquired by an unauthorized third-party during a cyberattack exploiting […] 
Car rental giant Hertz is alerting customers that personal information including credit card details and Social Security numbers may have been stolen in a data breach that impacted one of the firm’s vendors. In a notice posted to its website,...
Published: 2025-04-15T05:58:37
In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google's systems, passing all verifications but pointing to a fraudulent page that collected logins. [...]
Published: 2025-04-20T13:31:13
ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia utilizing the tactic to breach networks. [...]
Published: 2025-04-20T10:14:24
Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID's "leaked credentials" detection app called MACE. [...]
Published: 2025-04-19T18:04:34
A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data. [...]
Published: 2025-04-19T11:17:28
Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. [...]
Published: 2025-04-19T10:05:15
The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. [...]
Published: 2025-04-18T13:44:40
Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. [...]
Published: 2025-04-18T09:43:58
Hackers don't break in they log in. Credential-based attacks now fuel nearly half of all breaches. Learn how to scan your Active Directory for compromised passwords and stop attackers before they strike. [...]
Published: 2025-04-18T09:33:08
by Anjeanette Damon, ProPublica, and Perla Trevizo, ProPublica and The Texas Tribune, and photography by Cengiz Yar, ProPublica
Published: 2025-04-16T06:00:00
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organizati... 
Published: 2025-04-16T03:59:18
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The Wh... 
Published: 2025-04-15T03:27:51
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operat... 
Published: 2025-04-10T15:31:58
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire R... 
Published: 2025-04-09T03:09:36
The Secretary of Defense keeps getting caught using Signal, a remarkable feat.... 
Published: 2025-04-21T15:45:32
AI-spoofed Mark joins fellow billionaires as the voice of the street here's how it was probably done Video Crosswalk buttons in various US cities were hijacked over the past week or so to rather than robotically tell people it's safe to walk or wait instead emit the AI-spoofed voices of Jeff Bezos, Elon Musk, and Mark Zuckerberg.
Published: 2025-04-19T13:03:11
Using LLMs to pick programs, people, contracts to cut is bad enough but doing it with Musk's Grok? Yikes A group of 48 House Democrats is concerned that Elon Musk's cost-trimmers at DOGE are being careless in their use of AI to help figure out where to slash, creating security risks and giving the oligarch's artificial intelligence lab an inside track to train its models on government info.
Published: 2025-04-18T19:06:55
Some in the infosec world definitely want to see Big Red crucified CISA the US government's Cybersecurity and Infrastructure Security Agency has issued an alert for those who missed Oracle grudgingly admitting some customer data was stolen from the database giant's public cloud infrastructure.
Published: 2025-04-18T16:28:12
MITRE, EUVD, GCVE WTF? Comment The splintering of the global system for identifying and tracking security bugs in technology products has begun.
Published: 2025-04-18T09:54:07
Illegitimi non carborundum? Nice password, Mr Ex-CISA Chris Krebs, the former head of the US Cybersecurity and Infrastructure Security Agency (CISA) and a longtime Trump target, has resigned from SentinelOne following a recent executive order that targeted him and revoked the security clearances of everybody at the company.
Published: 2025-04-17T18:56:10
Truck-mounted demonstration weapon costs 10p a pop, says MOD British soldiers have successfully taken down drones with a radio-wave weapon.
Published: 2025-04-17T10:45:14
Ignored infosec rules, exfiltrated data then the mysterious login attempts from a Russian IP address began claim Democratic lawmakers are calling for an investigation after a tech staffer at the US National Labor Relations Board (NLRB) blew the whistle on the cost-trimming DOGE's activities at the employment watchdog which the staffer claims included being granted superuser status in contravention of standard operating procedures, exfiltrating data, and seemingly leaking credentials to someone with a Russian IP address.
Published: 2025-04-17T02:46:12
Microsoft rewards those who patch early with bricks hurled through its operating system Keeping with its rich history of updates that break Windows in unexpected ways, Microsoft has warned that two recent patches for Windows 11 24H2 are triggering blue screen crashes.
Published: 2025-04-16T21:16:10
Extraordinary rendition of data, or just dropped it out of a helicopter? CIA Director John Ratcliffe's smartphone has almost no trace left of the infamous Signalgate chat the one in which he and other top US national security officials discussed a secret upcoming military operation in a group Signal conversation a journalist was inadvertently added to.
Published: 2025-04-16T20:58:16
From noise to clarity: Why CISOs are shifting to adversarial exposure validation Partner content A vast majority of security teams are overwhelmed by the large number of security alerts and vulnerabilities.
Published: 2025-04-16T19:01:09
Uncertainty is the new certainty In an 11th-hour reprieve, the US government last night agreed to continue funding the globally used Common Vulnerabilities and Exposures (CVE) program.
Published: 2025-04-16T16:54:25
DPP Law is appealing against data watchdog's conclusions A law firm is appealing against a 60,000 fine from the UK's data watchdog after 32 GB of personal information was stolen from its systems.
Published: 2025-04-16T14:45:07
Vintage phishing varietal has improved with age Russia never stops using proven tactics, and its Cozy Bear, aka APT 29, cyber-spies are once again trying to lure European diplomats into downloading malware with a phony invitation to a lux event.
Published: 2025-04-16T12:29:09
It involves a number close to three or six depending on the pickle you're in Ransomware operators jack up their ransom demands by a factor of 2.8x if they detect a victim has cyber-insurance, a study highlighted by the Netherlands government has confirmed.
Published: 2025-04-16T06:25:12
Because vulnerability management has nothing to do with national security, right? Updated US government funding for the world's CVE program the centralized Common Vulnerabilities and Exposures database of product security flaws ends Wednesday.
Published: 2025-04-16T00:00:47
800K? Make that double, and we'll need a double, too, for the pain A Texas firm that provides backend IT and other services for American insurers has admitted twice as many people had their info stolen from it than previously disclosed.
Published: 2025-04-15T20:43:14
Source code, moderator info, IP addresses, more allegedly swiped and leaked Thousands of 4chan users reported outages Monday night amid rumors on social media that the edgy anonymous imageboard had been ransacked by an intruder, with someone on a rival forum claiming to have leaked its source code, moderator identities, and users' IP addresses.
Published: 2025-04-15T18:56:37
Beijing claims NSA went for gold in offensive cyber, got caught in the act China's state-run press has taken its turn in trying to highlight alleged foreign cyber offensives, accusing the US National Security Agency of targeting the 2025 Asian Winter Games.
Published: 2025-04-15T18:02:13
Login green-lit for lone staffer if he's trained, papered up, won't pull an Elez A federal judge has partly lifted an injunction against Elon Musk's Trump-blessed cost-trimming DOGE unit, allowing one staff member to access sensitive US Treasury payment systems. This access includes personally identifiable financial information tied to millions of Americans.
Published: 2025-04-15T17:41:38
Let the espionage and access resale campaigns begin (again) A cyberspy crew or individual with ties to China's Ministry of State Security has infected global organizations with a remote access trojan (RAT) that's "even better" than Cobalt Strike, using this stealthy backdoor to enable its espionage and access resale campaigns.
Published: 2025-04-15T14:00:15
Stopping users shooting themselves in the foot with last century's tech Microsoft has twisted the knife into ActiveX once again, setting Microsoft 365 to disable all controls without so much as a prompt.
Published: 2025-04-15T12:25:08
Car hire biz takes your privacy seriously, though Car hire giant Hertz has confirmed that customer information was stolen during the zero-day data raids on Cleo file transfer products last year.
Published: 2025-04-15T11:31:11
That would put America on the same level as China for espionage The European Commission is giving staffers visiting the US on official business burner laptops and phones to avoid espionage attempts, according to the Financial Times.
Published: 2025-04-15T07:36:11
Copilot vibe coding for OS development? Why not Canny Windows users who've spotted a mysterious folder on hard drives after applying last week's security patches for the operating system can rest assured it's perfectly benign. In fact, it's recommended you leave the directory there.
Published: 2025-04-14T23:16:07
IT admins, get ready to grumble CA/Browser Forum a central body of web browser makers, security certificate issuers, and friends has voted to cut the maximum lifespan of new SSL/TLS certs to just 47 days by March 15, 2029.
Published: 2025-04-14T21:31:31
What's the goal here, Homeland Insecurity or something? As drastic cuts to the US govt's Cybersecurity and Infrastructure Security Agency loom, Rep Eric Swalwell (D-CA), the ranking member of the House's cybersecurity subcommittee, has demanded that CISA brief the subcommittee "prior to any significant changes to CISA's workforce or organizational structure."
Published: 2025-04-14T18:56:06
UK holds onto oversight by a whisker, but it's utterly barefaced on the other side of the pond Opinion The UK government's attempts to worm into Apple's core end-to-end encryption were set back last week when the country's Home Office failed in its bid to keep them secret on national security grounds.
Published: 2025-04-14T09:26:13
Brit retailer says troubled breakup with tech platform of former US owner nearing conclusion Exclusive Two of the top team behind Asda's 1 billion ($1.31 billion) tech divorce from US retail giant Walmart which has seen a number of setbacks are departing the company.
Published: 2025-04-14T08:24:13
PLUS: Chinese robodogs include backdoor; OpenAI helps spammer; A Dutch data disaster; And more! Infosec In Brief Fortinet last week admitted that attackers have found new ways to exploit three flaws it thought it had fixed last year.
Published: 2025-04-14T05:35:53
PLUS: India's new electronics subsidies; Philippines unplugs a mobile carrier; Alibaba Cloud expands Asia In Brief Chinese officials admitted to directing cyberattacks on US infrastructure at a meeting with their American counterparts, according to The Wall Street Journal.
Published: 2025-04-14T03:30:22
Military units, government nerds appear to join the fray, with physical infra in sights Feature From triggering a water tank overflow in Texas to shutting down Russian state news services on Vladimir Putin's birthday, self-styled hacktivists have been making headlines.
Published: 2025-04-13T20:49:10
Hallucinated package names fuel 'slopsquatting' The rise of LLM-powered code generation tools is reshaping how developers write software - and introducing new risks to the software supply chain in the process.
Published: 2025-04-12T11:14:13
Redmond hopes you ve forgotten or got over why everyone hated it the first time After temporarily shelving its controversial Windows Recall feature amid a wave of backlash, Microsoft is back at it - now quietly slipping the screenshotting app into the Windows 11 Release Preview channel for Copilot+ PCs, signaling its near-readiness for general availability.
Published: 2025-04-11T23:13:44
Issues at the very top continue to worsen The UK government's latest annual data breach survey shows the number of ransomware attacks on the isles is on the increase and many techies are forced to constantly informally request company directors for defense spending because there's no security people on the board.
Published: 2025-04-11T08:33:14
Former policy boss claims Facebook cared little about national security as it chased the mighty Yuan Facebook's former director of global public policy told a Senate committee that Meta CEO Mark Zuckerberg was willing to do almost anything to get the social network into China - including, she alleged, offering up Americans' data.
Published: 2025-04-11T01:10:43
Props for the transparency though US sensor maker Sensata has told regulators that a ransomware attack caused an operational disruption, and that it's still working to fully restore affected systems.
Published: 2025-04-10T18:03:14
Scammers are already cashing in with fake invoices for import costs World War Fee As the trade war between America and China escalates, some infosec and policy experts fear Beijing will strike back in cyberspace.
Published: 2025-04-10T11:00:11
Officials teased more details to come later this year Following the 2024 takedown of several major malware operations under Operation Endgame, law enforcement has continued its crackdown into 2025, detaining five individuals linked to the Smokeloader botnet.
Published: 2025-04-10T08:35:14
TL;DR: Move along, still nothing to see here - an idea that leaves infosec pros aghast Oracle's letter to customers about an intrusion into part of its public cloud empire - while insisting Oracle Cloud Infrastructure was untouched - has sparked a mix of ridicule and outrage in the infosec community.
Published: 2025-04-10T06:17:06
Alleges cybersecurity agency was weaponized to suppress debunked theories Updated The Trump administration on Wednesday ordered a criminal investigation into alleged censorship conducted by the USA's Cybersecurity and Infrastructure Security Agency, aka CISA, plus revocation of any security clearances held by the agency's ex-head Chris Krebs and anyone else at SentinelOne, the cybersecurity company where he now works.
Published: 2025-04-10T01:35:26
Can't Redmond ask its whizz-bang Copilot AI to fix it? Updated Those keen to get their Microsoft PCs patched up as soon as possible have been getting an unpleasant shock when they try to get in using Windows Hello.
Published: 2025-04-09T21:53:06
It worked for in 2018 with Chris Krebs. Will it work again? Uncle Sam's Cybersecurity and Infrastructure Security Agency, aka CISA, has been "actively hiding information" about American telecommunications networks' weak security for years, according to Senator Ron Wyden.
Published: 2025-04-09T21:13:53
OCC mum on who broke into email, but Treasury fingered China in similar hack months ago A US banking regulator says sensitive financial oversight data was accessed by one or more system intruders for more than a year in what's been described as "a major information security incident."
Published: 2025-04-09T20:36:29
How Chocolate Factory hopes to double down on enterprise-sec Cloud Next Google will today reveal a new unified security platform that analysts think can help it battle Microsoft for a bigger chunk of the enterprise infosec market.
Published: 2025-04-09T12:00:16
Lawsuit claims sick cyber-voyeurism went undetected for years, using hundreds of PCs, due to lax infosec A now-former pharmacist at the University of Maryland Medical Center (UMMC) has been accused of compromising the US healthcare organization's IT systems to ogle female clinicians using webcams at their workplace and at their homes.
Published: 2025-04-09T02:34:04
A novel way to encourage upgrades? Microsoft would never stoop so low Patch Tuesday Patch Tuesday has arrived, and Microsoft has revealed one flaw in its products under active exploitation and 11 critical issues in its code to fix.
Published: 2025-04-08T23:43:27
What a MIME field A bug in WhatsApp for Windows can be exploited to execute malicious code by anyone crafty enough to persuade a user to open a rigged attachment - and, to be fair, it doesn't take much craft to pull that off.
Published: 2025-04-08T18:32:25
Despite arrests, eight-legged menace targeted more victims this year Despite several arrests last year, Scattered Spider's social engineering attacks are continuing into 2025 as the cybercrime collective targets high-profile organizations and adds another phishing kit to its arsenal along with a new version of Spectre RAT malware.
Published: 2025-04-08T12:45:15
How will 'gutting' civilian defense agency make American cybersecurity great again? Analysis Slashing staff at the US govt's Cybersecurity and Infrastructure Security Agency, aka CISA, and scrapping vital programs, isn't exactly boosting national security, say infosec and national security officials watching America's digital defenses unravel in real time.
Published: 2025-04-08T01:24:28
Reliability, honesty, accuracy. And then there's this lot Oracle has briefed some customers about a successful intrusion into its public cloud, as well as the theft of their data, after previously denying it had been compromised.
Published: 2025-04-08T00:07:19
Customs and Border Protection has broad authority to search travelers’ devices when they cross into the United States. Here’s what you can do to protect your digital life while at the US border.
Published: 2025-04-21T10:30:00
Plus: A US judge rules against police cell phone “tower dumps,” China names alleged NSA agents it says were involved in cyberattacks, and Customs and Border Protection reveals its social media spying tools.
Published: 2025-04-19T09:30:00
In a document published Thursday, ICE explained the functions that it expects Palantir to include in a prototype of a new program to give the agency “near real-time” data about people self-deporting.
Published: 2025-04-18T15:13:45
The New Jersey attorney general claims Discord’s features to keep children under 13 safe from sexual predators and harmful content are inadequate.
Published: 2025-04-17T15:00:00
Massive Blue is helping cops deploy AI-powered social media bots to talk to people they suspect are anything from violent sex criminals all the way to vaguely defined “protesters.”
Published: 2025-04-17T10:30:00
The CVE Program is the primary way software vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it.
Published: 2025-04-16T20:10:04
A lawsuit over the Trump administration’s infamous Houthi Signal group chat has revealed what steps departments took to preserve the messages and how little they actually saved.
Published: 2025-04-15T21:27:40
Though the exact details of the situation have not been confirmed, community infighting seems to have spilled out in a breach of the notorious image board.
Published: 2025-04-15T19:14:57
Microsoft held off on releasing the privacy-unfriendly feature after a swell of pushback last year. Now it’s trying again, with a few improvements that skeptics say still aren't enough.
Published: 2025-04-14T20:35:28
From crypto kingpins to sophisticated scammers, these are the lesser-known hacking groups that should be on your radar.
Published: 2025-04-14T10:00:00
For the past decade, this group of FSB hackers including “traitor” Ukrainian intelligence officers has used a grinding barrage of intrusion campaigns to make life hell for their former countrymen and cybersecurity defenders.
Published: 2025-04-14T10:00:00
Allegedly responsible for the theft of $1.5 billion in cryptocurrency from a single exchange, North Korea’s TraderTraitor is one of the most sophisticated cybercrime groups in the world.
Published: 2025-04-14T10:00:00
Millions of scam text messages are sent every month. The Chinese cybercriminals behind many of them are expanding their operations and quickly innovating.
Published: 2025-04-14T10:00:00
Despite their hacktivist front, CyberAv3ngers is a rare state-sponsored hacker group bent on putting industrial infrastructure at risk and has already caused global disruption.
Published: 2025-04-14T10:00:00
Though less well-known than groups like Volt Typhoon and Salt Typhoon, Brass Typhoon, or APT 41, is an infamous, longtime espionage actor that foreshadowed recent telecom hacks.
Published: 2025-04-14T10:00:00
After a series of setbacks, the notorious Black Basta ransomware gang went underground. Researchers are bracing for its probable return in a new form.
Published: 2025-04-14T10:00:00
An email sent by the Department of Homeland Security instructs people in the US on a temporary legal status to leave the country. But who the email actually applies to and who actually received it is far from clear.
Published: 2025-04-13T01:35:06
Plus: The Department of Homeland Security begins surveilling immigrants' social media, President Donald Trump targets former CISA director who refuted his claims of 2020 election fraud, and more.
Published: 2025-04-12T10:30:00
Some misconfigured AI chatbots are pushing people’s chats to the open web revealing sexual prompts and conversations that include descriptions of child sexual abuse.
Published: 2025-04-11T10:30:00
The Israeli spyware maker, still on the US Commerce Department’s “blacklist,” has hired a new lobbying firm with direct ties to the Trump administration, a WIRED investigation has found.
Published: 2025-04-09T18:19:55
A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to
Published: 2025-04-21T20:43:00
The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture. The solution is more complex. For this article, we’ll focus on the device threat vector. The risk they pose is significant, which is why device
Published: 2025-04-21T16:55:00
Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps like a misconfigured pipeline, a trusted browser feature,
Published: 2025-04-21T15:40:00
Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week. "Net
Published: 2025-04-21T12:31:00
The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool
Published: 2025-04-20T10:28:00
Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - node-telegram-utils (132 downloads) node-telegram-bots-api (82 downloads) node-telegram-util (73 downloads) According to supply chain
Published: 2025-04-19T20:41:00
ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0. "An improper authentication control vulnerability exists in certain ASUS router firmware series,"
Published: 2025-04-19T14:22:00
Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim Khodjibaev, Chetan
Published: 2025-04-18T20:45:00
A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical write-up of the campaign. The
Published: 2025-04-18T17:33:00
Your employees didn’t mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal until it is. If this sounds familiar, you're not alone. Most security teams are already behind in detecting how AI tools are quietly reshaping their SaaS environments. And
Published: 2025-04-18T15:15:00
Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence," Cisco Talos researcher Joey Chen said in a Thursday analysis.
Published: 2025-04-18T12:40:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure
Published: 2025-04-18T09:59:00
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement
Published: 2025-04-17T20:52:00
Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater),
Published: 2025-04-17T17:02:00
Talking about AI: Definitions Artificial Intelligence (AI) AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing various technologies and methodologies, including Machine Learning (ML) and Deep Learning. Machine
Published: 2025-04-17T16:56:00
A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0. "The vulnerability allows an attacker with network access to an Erlang/OTP SSH server
Published: 2025-04-17T16:02:00
Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords? How blockchain works Blockchain is a secure way to maintain, encrypt, and exchange digital records of transactions.
Published: 2025-04-17T16:00:00
Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing a rogue installer from fraudulent websites that masquerade as legitimate software like Binance or
Published: 2025-04-17T14:27:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection
Published: 2025-04-17T11:14:00
Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-31200 (CVSS score: 7.5) - A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio
Published: 2025-04-17T09:03:00
Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered in a binary named "schtasks.exe," which enables an administrator to create, delete, query, change,
Published: 2025-04-16T21:48:00
Google on Wednesday revealed that it suspended over 39.2 million advertiser accounts in 2024, with a majority of them identified and blocked by its systems before it could serve harmful ads to users. In all, the tech giant said it stopped 5.1 billion bad ads, restricted 9.1 billion ads, and blocked or restricted ads on 1.3 billion pages last year. It also suspended over 5 million accounts for
Published: 2025-04-16T18:18:00
Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to spoofed Microsoft login pages. "Attackers weaponize Gamma, a relatively new AI-based presentation tool, to deliver a link to a fraudulent Microsoft SharePoint login portal," Abnormal Security researchers Callie Hinman Baron and Piotr Wojtyla
Published: 2025-04-16T17:14:00
Introduction Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these interconnected systems to launch attacks. By first infiltrating a third-party vendor with undetected
Published: 2025-04-16T16:56:00
Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. "The controller could open a reverse shell," Trend Micro researcher Fernando Merc's said in a technical report published earlier in
Published: 2025-04-16T16:07:00
Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and
Published: 2025-04-16T16:00:00
Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024. While using malware-laced apps to steal financial information is not a new phenomenon, the new findings from Russian antivirus vendor Doctor Web point to
Published: 2025-04-16T13:04:00
The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures (CVE) program will expire Wednesday, an unprecedented development that could shake up one of the foundational pillars of the global cybersecurity ecosystem. The 25-year-old CVE program is a valuable tool for vulnerability management, offering a de facto standard to
Published: 2025-04-16T10:36:00
The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. "Threat actors are increasingly using open source tools in their arsenals for cost-effectiveness and obfuscation to save money and, in this case, plausibly blend in with the pool of
Published: 2025-04-15T19:36:00
A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS score of 10.0, indicating maximum severity. It affects all versions of Roller up to and including 6.1.4.
Published: 2025-04-15T19:14:00
Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’ excessive permissions are a growing risk to organizations. LayerX today announced the release of the Enterprise Browser Extension Security Report 2025, This report is the first and only report to merge
Published: 2025-04-15T18:55:00
Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens. The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency eXchange Trading),
Published: 2025-04-15T18:50:00
The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as Slow Pisces, which is also known as Jade Sleet, PUKCHONG,
Published: 2025-04-15T14:40:00
A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks
Published: 2025-04-15T10:09:00
Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, nearly a year after it paused its efforts due to data protection concerns from Irish regulators. "This training will better support millions of people and businesses in Europe, by teaching our generative AI models to better
Published: 2025-04-15T09:40:00
Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. "The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients into clicking a malicious link," Morphisec Labs researcher Nadav Lorber said in a report shared with The
Published: 2025-04-14T21:39:00
Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online accounts. The technique has been codenamed precision-validating phishing by Cofense, which it said employs real-time email validation so that only a select set of high-value targets are served the fake login screens. "This tactic not
Published: 2025-04-14T18:54:00
Attackers aren’t waiting for patches anymore they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week’s events show a hard truth: it’s not enough to react after an attack. You have to assume that any system you trust today could fail tomorrow. In a world
Published: 2025-04-14T16:49:00
AI is changing cybersecurity faster than many defenders realize. Attackers are already using AI to automate reconnaissance, generate sophisticated phishing lures, and exploit vulnerabilities before security teams can react. Meanwhile, defenders are overwhelmed by massive amounts of data and alerts, struggling to process information quickly enough to identify real threats. AI offers a way to
Published: 2025-04-14T16:00:00
A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT. The activity, detected by SEQRITE in December 2024, targeted Indian entities under railway, oil and gas, and external affairs ministries, marking an expansion of the hacking crew's
Published: 2025-04-14T12:25:00
Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched. The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762. "A threat actor used a known
Published: 2025-04-11T23:25:00
The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday. Paper Werewolf, also known
Published: 2025-04-11T18:39:00
What are IABs? Initial Access Brokers (IABs) specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core expertise: exploiting vulnerabilities through methods like social engineering and brute-force attacks. By selling access, they significantly mitigate the
Published: 2025-04-11T16:00:00
Palo Alto Networks has revealed that it's observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat hunters warned of a surge in suspicious login scanning activity targeting its appliances. "Our teams are observing evidence of activity consistent with password-related attacks, such as brute-force login attempts, which does not indicate exploitation of a
Published: 2025-04-11T14:23:00
Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware called SpyNote. These bogus websites masquerade as Google Play Store install pages for apps like the Chrome web browser, indicating an attempt to deceive unsuspecting users into installing the malware instead. "The threat actor utilized a
Published: 2025-04-11T13:43:00
A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites. "The
Published: 2025-04-11T10:28:00
Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for
Published: 2025-04-10T19:43:00
Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries and execute malicious code in what's seen as a sneakier attempt to stage a software supply chain attack. The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files to Microsoft Word documents. But, in
Published: 2025-04-10T18:28:00
Overview of the PlayPraetor Masquerading Party Variants CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is expected to be discovered in the coming days. As before, all the newly discovered play
Published: 2025-04-10T16:55:00
AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex actions together, and operate continuously without human intervention. They're no longer just tools,
Published: 2025-04-10T16:30:00
‘SuperCard X’ – a new MaaS – targets Androids via NFC relay attacks, enabling fraudulent POS and ATM transactions with stolen card data. Cleafy researchers discovered a new malware-as-a-service (MaaS) called SuperCard X targeting Android devices with NFC relay attacks for fraudulent cash-outs. Attackers promote the MaaS through Telegram channels, analysis shows SuperCard X builds […]
Published: 2025-04-21T09:24:17
Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. Check Point Research team reported that Russia-linked cyberespionage group APT29 (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) is behind a sophisticated phishing campaign targeting European diplomatic entities, using a new WINELOADER variant and a previously unknown malware called GRAPELOADER. “While the […]
Published: 2025-04-21T08:11:41
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft? BPFDoor’s Hidden Controller Used Against Asia, Middle East […]
Published: 2025-04-20T16:23:58
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers exploited SonicWall SMA appliances since January 2025 ASUS routers with AiCloud vulnerable to auth bypass exploit U.S. […]
Published: 2025-04-20T09:53:17
Threat actors are actively exploiting a remote code execution flaw in SonicWall Secure Mobile Access (SMA) appliances since January 2025. Arctic Wolf researchers warn that threat actors actively exploit a vulnerability, tracked as CVE-2021-20035 (CVSS score of 7.1), in SonicWall Secure Mobile Access (SMA) since at least January 2025. The vulnerability is an OS Command […]
Published: 2025-04-19T17:37:08
ASUS warns of an authentication bypass vulnerability in routers with AiCloud enabled that could allow unauthorized execution of functions on the device. ASUS warns of an authentication bypass vulnerability, tracked as CVE-2025-2492 (CVSS v4 score: 9.2), which impacts routers with AiCloud enabled. A remote attacker can trigger the flaw to perform unauthorized execution of functions on the […]
Published: 2025-04-18T19:26:02
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple products and Microsoft Windows NTLM vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions of the flaws: This week Apple released out of band […]
Published: 2025-04-18T11:19:58
Legends International disclosed a data breach from November 2024 that affected employees and visitors to its managed venues. Legends International is a global leader in sports and entertainment venue management, specializing in delivering comprehensive solutions for stadiums, arenas, and attractions. The company offers a 360-degree service platform that includes strategic planning, sales, partnerships, hospitality, merchandise, […]
Published: 2025-04-18T07:20:18
China-linked APT group Mustang Panda deployed a new custom backdoor, MQsTTang, in recent attacks targeting Europe, Asia, and Australia. China-linked APT group Mustang Panda (aka Camaro Dragon, RedDelta or Bronze President). deployed a new custom backdoor, tracked as MQsTTang, in recent attacks targeting entities in Europe, Asia, and Australia. Mustang Panda has been active since […]
Published: 2025-04-17T19:30:42
Microsoft warns of a malvertising campaign using Node.js to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. Microsoft has observed Node.js increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. Threat actors are increasingly using Node.js to deploy malware, shifting from traditional […]
Published: 2025-04-17T13:07:20