Cloud Security plays a crucial role in the field of information security operations, handling much of the heavy lifting needed to protect systems and data. Starting in 2016, the security… The post From AI to Generative AI: The Evolution of…
North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset. That’s according to new findings…
Teen Tied to Russian Hackers in Dutch Cyber Espionage Probe
Dutch prosecutors suspect three teens of aiding a foreign power, with one allegedly linked to a Russian-affiliated hacker group This article has been indexed from www.infosecurity-magazine.com Read the original article: Teen Tied to Russian Hackers in Dutch Cyber Espionage Probe
Hackers Using AI to Automate Vulnerability Discovery and Malware Generation – Microsoft Report
Security teams around the world are grappling with a new breed of cyber threats that leverage advanced automation to identify software weaknesses and craft malicious payloads at unprecedented speed. Over the past year, adversaries have integrated machine-driven workflows into their…
Chrome vs Comet: Security Concerns Rise as AI Browsers Face Major Vulnerability Reports
The era of AI browsers is inevitable — the question is not if, but when everyone will use one. While Chrome continues to dominate across desktops and mobiles, the emerging AI-powered browser Comet has been making waves. However, growing…
Asahi Beer Giant Hit by Cyberattack, Forced to Manual Operations
Japanese brewing giant Asahi Group Holdings, the manufacturer of Japan’s most popular beer Super Dry, suffered a devastating ransomware attack in late September 2025 that forced the company to revert to manual operations using pen, paper, and fax machines.…
Data Breach at Bectu Exposes Members’ Information and Bank Details
Prospect, one of the UK’s leading trade unions, has revealed that in June 2025, it was seriously affected by a cyberattack which had been discovered in the wake of a sophisticated cyberattack that had been launched against it. This…
North Korean Hackers Use EtherHiding to Steal Crypto
Google reveals North Korean hackers are using EtherHiding, a blockchain-based technique, to deliver malware and steal cryptocurrency This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korean Hackers Use EtherHiding to Steal Crypto
Attackers Exploit Zendesk Authentication Issue to Flood Targets’ Inboxes with Corporate Notifications
Cybercriminals have discovered a gap in Zendesk’s ticket submission process and are using it to bombard victims with waves of misleading support messages. When configured to accept anonymous requests, however, the service can be abused to generate email floods that…
A critical WatchGuard Fireware flaw could allow unauthenticated code execution
A critical WatchGuard Fireware vulnerability, tracked as CVE-2025-9242, could allow unauthenticated code execution. Researchers revealed details of a critical vulnerability, tracked as CVE-2025-9242 (CVSS score of 9.3), in WatchGuard Fireware. An unauthenticated attacker can exploit the flaw to execute arbitrary…
In Other News: CrowdStrike Vulnerabilities, CISA Layoffs, Mango Data Breach
Other noteworthy stories that might have slipped under the radar: Capita fined £14 million, ICTBroadcast vulnerability exploited, Spyware maker NSO acquired. The post In Other News: CrowdStrike Vulnerabilities, CISA Layoffs, Mango Data Breach appeared first on SecurityWeek. This article has…
Wordfence Bug Bounty Program Monthly Report – September 2025
Last month in September 2025, the Wordfence Bug Bounty Program received 374 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by…
TikTok Videos Weaponized to Deliver Self-Compiling PowerShell Malware
Attackers are exploiting TikTok’s massive reach to trick users into executing malware through seemingly innocuous videos. In one popular TikTok video (liked over 500 times), the attacker poses as a provider of a free Photoshop activation tool and urges viewers…
WatchGuard VPN Flaw Allows Remote Attackers to Execute Arbitrary Code
A critical security vulnerability has been discovered in WatchGuard Firebox appliances that could allow remote attackers to execute arbitrary code without authentication. The flaw, identified as CVE-2025-9242, affects the IKEv2 VPN service and has been assigned a severity score of…
Fortinet Advances Global Cyber Resilience at the World Economic Forum’s Annual Meeting on Cybersecurity
Learn more about building shared understanding and action at a global scale. This article has been indexed from Fortinet Industry Trends Blog Read the original article: Fortinet Advances Global Cyber Resilience at the World Economic Forum’s Annual Meeting on…
Critical ConnectWise Vulnerabilities Allow Attackers To Inject Malicious Updates
ConnectWise released a critical security update for its Automate platform on October 16, 2025. The patch, version 2025.9, addresses serious flaws in agent communications that could let attackers intercept sensitive data or push malicious software updates. These vulnerabilities primarily affect…
APT28 With Weaponized Office Documents Delivers BeardShell and Covenant Modules
Russia’s APT28 has resurfaced in mid-2025 with a sophisticated spear-phishing campaign that weaponizes Office documents to deploy two novel payloads: BeardShell, a C-based backdoor leveraging IceDrive as a command-and-control channel, and Covenant’s HTTP Grunt Stager, which communicates via the Koofr…
Windows Rust-based Kernel GDI Vulnerability Leads to Crash and Blue Screen of Death Error
A vulnerability in Microsoft’s newly implemented Rust-based kernel component for the Graphics Device Interface (GDI) in Windows. This flaw, which could trigger a system-wide crash via a Blue Screen of Death (BSOD), highlights the challenges of integrating memory-safe languages into…
New Tech Support Scam with Microsoft’s Logo Tricks Users to Steal Login Credentials
A new campaign has emerged that weaponizes Microsoft’s familiar branding to lure unsuspecting users into a sophisticated tech support scam. Victims receive a seemingly legitimate email, complete with Microsoft’s official logo, claiming there is an important financial transaction or security…
Labor unions sue Trump administration over social media surveillance
Sharing views POTUS doesn’t like? Say goodbye to that visa, First Amendment be damned Lawyers at the Electronic Frontier Foundation (EFF) are helping three US labor unions sue the Trump administration over a social media surveillance program that threatens to…
IT Security News Hourly Summary 2025-10-17 15h : 7 posts
7 posts were published in the last hour 13:3 : ClickFake Interview Campaign Used by Threat Actors to Deliver OtterCandy Malware 13:3 : Tracking Malware and Attack Expansion: A Hacker Group’s Journey across Asia 13:3 : Powering AI at the…
ClickFake Interview Campaign Used by Threat Actors to Deliver OtterCandy Malware
A North Korean-linked group, WaterPlum’s Cluster B, has evolved its tactics by introducing OtterCandy—a Node.js–based RAT and information stealer—through the ClickFake Interview campaign, with significant enhancements observed in August 2025. This threat actor, attributed to North Korea, orchestrated two primary…
Tracking Malware and Attack Expansion: A Hacker Group’s Journey across Asia
FortiGuard Labs has tracked a hacker group expanding attacks from China to Malaysia, linking campaigns through shared code, infrastructure, and tactics. This article has been indexed from Fortinet Threat Research Blog Read the original article: Tracking Malware and Attack…
Powering AI at the Tactical Edge
As the U.S. Department of Defense (DoD) continues to make artificial intelligence (AI) a key segment of national security, turning cutting-edge research into real-world tools remains a major hurdle. AI-powered… The post Powering AI at the Tactical Edge appeared first…