The popular text editor Notepad++ has addressed a severe security weakness in its update mechanism that could allow attackers to hijack network traffic and push malicious executables to users under the guise of legitimate updates. Security researchers recently observed suspicious…
700+ Self-hosted Gits Impacted in a Wild Zero-day Exploit
Hackers actively exploit zero-day bug Threat actors are abusing a zero-day bug in Gogs- a famous self-hosted Git service. The open source project hasn’t fixed it yet. About the attack Over 700 incidents have been impacted in these attacks. Wiz…
Petco Takes Vetco Clinics Site Offline After Major Data Exposure Leaves Customer Records Accessible Online
Pet wellness brand Petco has temporarily taken parts of its Vetco Clinics website offline after a security failure left large amounts of customer information publicly accessible. TechCrunch notified the company about the exposed Vetco customer and pet data, after…
Advanced Docker Security: From Supply Chain Transparency to Network Defense
Introduction: Why Supply Chain and Network Security Matter Now In 2021, the Log4Shell vulnerability exposed a critical weakness in modern software: we don’t know what’s inside our containers. A single vulnerable library (log4j) in thousands of applications created a global…
Virtual Event Today: Cyber AI & Automation Summit Day 2
Day two of the Cyber AI & Automation Summit kicks off at 11AM ET. If you weren’t able to attend yesterday, all Day One sessions are already available on-demand. The post Virtual Event Today: Cyber AI & Automation Summit Day…
Report Surfaces Multiple Novel Social Engineering Tactics and Techniques
HP’s latest threat report reveals rising use of sophisticated social engineering, SVG-based attacks, fake software updates, and AI-enhanced malware as cybercriminals escalate tactics to evade detection. The post Report Surfaces Multiple Novel Social Engineering Tactics and Techniques appeared first on…
Malware Discovered in 19 Visual Studio Code Extensions
A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in dependency folders This article has been indexed from www.infosecurity-magazine.com Read the original article: Malware Discovered in 19 Visual Studio Code Extensions
The Year in Review 2025: AI, APIs, and a Whole Lot of Audacity
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: The Year in Review 2025: AI, APIs, and a Whole Lot of…
Gogs 0-Day Vulnerability Exploited in the Wild to Hack 700+ Instances
A critical zero-day vulnerability in Gogs, a widely used self-hosted Git service, is currently being exploited in the wild. Designated as CVE-2025-8110, this flaw allows authenticated users to execute a symlink bypass, leading to Remote Code Execution (RCE). As of…
New ‘DroidLock’ Android Malware Locks Users Out, Spies via Front Camera
Zimperium zLabs reveals DroidLock, a new Android malware acting like ransomware that can hijack Android devices, steal credentials via phishing, and stream your screen via VNC. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and…
Beyond the SBOM: What CISOs should know about CBOMs and HBOMs
<p>Heartbleed, SolarWinds and Log4j — the stuff of CISOs’ nightmares. As cybersecurity leaders know all too well, these historic, high-profile security breaches revealed massive weaknesses in supply chain security.</p> <p>Rising <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-create-a-third-party-risk-management-policy”>awareness of third-party risk</a> has led to a surge…
Ivanti Flags Critical Endpoint Manager Flaw Allowing Remote Code Execution
Ivanti is urging customers to quickly patch a critical vulnerability in its Endpoint Manager (EPM) product that could let remote attackers execute arbitrary JavaScript in administrator sessions through low-complexity cross-site scripting (XSS) attacks.The issue, tracked as CVE-2025-10573, affects the…
December Patch Tuesday Brings Critical Microsoft, Notepad++, Fortinet, and Ivanti Security Fixes
While December’s Patch Tuesday gave us a lighter release than normal, it arrived with several urgent vulnerabilities that need attention immediately. In all, Microsoft released 57 CVE patches to finish out 2025, including one flaw already under active exploitation…
Infinity Global Services’ Cyber Park World Championship Crowns Its First Global Winners
Check Point’s Infinity Global Services (IGS) recently concluded its first ever Cyber Park World Championship, a global competition designed to challenge and inspire the next generation of cyber defenders. In partnership with CheckMates, Check Point’s community of cyber security professionals,…
Former Accenture Employee Charged Over Cybersecurity Fraud
Danielle Hillmer allegedly concealed the fact that her employer’s cloud platform did not meet DoD requirements. The post Former Accenture Employee Charged Over Cybersecurity Fraud appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
IT Security News Hourly Summary 2025-12-11 15h : 43 posts
43 posts were published in the last hour 14:4 : 1inch Named Exclusive Swap Provider at Launch for Ledger Multisig 14:4 : Security flaws in Freedom Chat app exposed users’ phone numbers and PINs 14:4 : Malwarebytes for Mac now…
1inch Named Exclusive Swap Provider at Launch for Ledger Multisig
Road Town, British Virgin Islands, 11th December 2025, CyberNewsWire This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: 1inch Named Exclusive Swap Provider at Launch for Ledger Multisig
Security flaws in Freedom Chat app exposed users’ phone numbers and PINs
The founder of Freedom Chat said the company has reset user PINs and released a new version to app stores. This article has been indexed from Security News | TechCrunch Read the original article: Security flaws in Freedom Chat app…
Malwarebytes for Mac now has smarter, deeper scans
Say hello to the upgraded Malwarebytes for Mac, with stronger protection and more control. This article has been indexed from Malwarebytes Read the original article: Malwarebytes for Mac now has smarter, deeper scans
MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations
Eleven companies took part in the evaluations and several have boasted 100% detection and coverage rates. The post MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Beyond Cargo Audit: Securing Your Rust Crates in Container Images
Container image scanning has come a long way over the years, but it still comes with its own set of, often unique, challenges. One of these being the difficulty in analyzing images for vulnerabilities when they contain a Rust payload.…
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes. According to a report from Elastic Security Labs, the malware shares code similarities with another implant codenamed…
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing…
Critical Vulnerability in Multiple India-Based CCTV Cameras Let Attackers Video and Account Credentials
A severe security vulnerability affecting multiple India-based CCTV camera manufacturers has been disclosed. Potentially allowing attackers to access video feeds and steal account credentials without authentication. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on December 9,…