The Acronis Threat Research Unit has identified new variants of Chaos RAT, a remote administration tool (RAT) that has evolved from an open-source project first observed in 2022 into a formidable multi-platform malware. These latest iterations of Chaos RAT are…
Author: wordpress
Why SMS two-factor authentication codes aren’t safe and what to use instead
A million two-factor authentication codes sent via SMS passed through an obscure third-party company. Here’s how it happened and why it’s a problem. This article has been indexed from Latest stories for ZDNET in Security Read the original article: Why…
Google’s Gerrit Code Platform Vulnerability Allows Hack of 18 Google Projects Including ChromiumOS
A critical supply chain vulnerability dubbed “GerriScary” (CVE-2025-1568) that could have allowed attackers to inject malicious code into at least 18 major Google projects, including ChromiumOS, Chromium, Dart, and Bazel. The vulnerability uncovered by Tenable security researcher Liv Matan exploits…
New Sophisticated Multi-Stage Malware Campaign Uses VBS Files to Execute PowerShell Script
A recently uncovered malware campaign has revealed a highly sophisticated, multi-stage infection process utilizing heavily obfuscated Visual Basic Script (VBS) files to deploy remote access trojans (RATs) such as Remcos, LimeRAT, DCRat, and AsyncRAT. Discovered across a cluster of 16…
LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents
Cybersecurity researchers have disclosed a now-patched security flaw in LangChain’s LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts. The vulnerability, which carries a CVSS score of 8.8 out of a maximum of…
Github-CEO erklärt: So können sich Entwickler im KI-Zeitalter durchsetzen
Der Deutsche Thomas Dohmke ist der CEO von Github, einer der wichtigsten Plattformen für Programmierer. Er erklärt, wie Entwickler trotz immer besser werdender KI ihre Rolle stärken können. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen Sie…
Beware: Weaponized Research Papers Delivering Malware Through Password-Protected Documents
The AhnLab Security Intelligence Center (ASEC) recently made the concerning revelation that the infamous Kimsuky hacking organization was connected to a crafty phishing email campaign that targeted unwary people. Disguised as a seemingly legitimate request for a paper review from…
Pro-Israel hacktivist group claims reponsibility for alleged Iranian bank hack
The apparent cyberattack comes as Israel and Iran engage in a days-long escalating military conflict. This article has been indexed from Security News | TechCrunch Read the original article: Pro-Israel hacktivist group claims reponsibility for alleged Iranian bank hack
New Veeam Vulnerabilities Enables Malicious Remote Code Execution on Backup Servers
Critical security vulnerabilities have been discovered in Veeam’s backup software solutions that could allow attackers to execute malicious code remotely on backup servers, posing significant risks to enterprise data protection systems. The vulnerabilities, assigned CVE numbers 2025-23121, 2025-24286, and 2025-24287,…
How to Detect Threats Early For Fast Incident Response: 3 Examples
Security Operations Center (SOC) teams are now facing an increasingly complex challenge: identifying and responding to security incidents before they can cause significant damage. The key to effective incident response is not just detecting threats quickly. It is understanding the…
DanaBot Malware Network Disrupted After Researchers Discover Key Flaw
In a major breakthrough, cybersecurity experts uncovered a major weakness in the DanaBot malware system that ultimately led to the disruption of its operations and criminal charges against its operators. DanaBot, which has been active since 2018, is known…
XDSpy Threat Actors Exploit Windows LNK Zero-Day Vulnerability to Target Windows System Users
The XDSpy threat actor has been identified as exploiting a Windows LNK zero-day vulnerability, dubbed ZDI-CAN-25373, to target governmental entities in Eastern Europe and Russia. This ongoing campaign, active since March 2025, employs an intricate multi-stage infection chain to deploy…
Kimsuky and Konni APT Groups Lead Active Attacks Targeting East Asia
An significant 20 Advanced Persistent Threat (APT) occurrences were found in April 2025, according to a new report from Fuying Lab’s worldwide threat hunting system. East Asia emerges as a primary hotspot, where the notorious APT groups Kimsuky and Konni…
Sitecore CMS flaw let attackers brute-force ‘b’ for backdoor
Hardcoded passwords and path traversals keeping bug hunters in work Security researchers have issued a warning about a pre-authentication exploit chain affecting a CMS used by some of the biggest companies in the world.… This article has been indexed from…
Baby Tigers Bite — The Hidden Risks of Scaling AI Too Fast
AI systems scale from prototypes to production environments, as do the risks. Is your organization planning for the AI baby tiger or full-grown AI predator? The post Baby Tigers Bite — The Hidden Risks of Scaling AI Too Fast appeared…
U.S. Moves to Collect $7.74 Million Tied to N. Korea IT Worker Scam
The DOJ is moving to collect $7.74 million seized two years ago in connection with a criminal case involving an IT worker scam run by North Korean operatives. The case is one of many that have been running in the…
IT Security News Hourly Summary 2025-06-17 18h : 15 posts
15 posts were published in the last hour 16:4 : Adobes KI-App ist da: Was Firefly auf dem Smartphone für Kreativ-Workflows bedeutet 16:4 : Cybertrading-Betrug: Ermittler nehmen fast 800 Domains vom Netz 16:3 : How to Get Hacked on Facebook…
Hacklink Market Linked to SEO Poisoning Attacks in Google Results
Cybersecurity researchers at Netcraft have discovered a series of new SEO poisoning related attacks exploiting Google’s search results… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Hacklink Market…
Siemens Mendix Studio Pro
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…
Fuji Electric Smart Editor
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Smart Editor Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute…