Threat actors linked to the Play ransomware operation exploited a zero-day vulnerability in Microsoft Windows prior to its patching on April 8, 2025. The vulnerability, tracked as CVE-2025-29824, affects the Windows Common Log File System (CLFS) driver and allows attackers…
Author: wordpress
CISA Warns of Hackers Attacking ICS/SCADA Systems in Oil and Natural Gas Companies
CISA along with the FBI, EPA, and Department of Energy, issued an urgent advisory, warning that cyber actors are actively targeting industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems within the U.S. oil and natural gas…
Critical AWS Amplify Studio Vulnerability Let Attackers Execute Arbitrary Code
A critical security vulnerability in AWS Amplify Studio has been identified, potentially allowing authenticated users to execute arbitrary JavaScript code during component rendering and build processes. Amazon Web Services (AWS) disclosed and patched this high-severity flaw, tracked as CVE-2025-4318, on…
New Chinese Smishing Kit Dubbed ‘Panda Shop’ Steal Google, Apple Pay & Credit Card Details
A sophisticated new smishing kit dubbed “Panda Shop” has emerged from China, enabling cybercriminals to steal financial data including Google Pay, Apple Pay, and credit card details. This kit leverages advanced social engineering tactics by impersonating trusted organizations like USPS,…
SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks
Austin, USA / Texas, 7th May 2025, CyberNewsWire The post SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks first appeared on Cybersecurity Insiders. The post SpyCloud Analysis Reveals 94% of Fortune 50 Companies…
Using Blob URLs to Bypass SEGs and Evade Analysis
Starting in mid-2022, Cofense Intelligence detected a new technique for successfully delivering a credential phishing page to a user’s inbox: blob URIs (Uniform Resource Identifier). The post Using Blob URLs to Bypass SEGs and Evade Analysis appeared first on Security…
Verosint Vera boosts identity threat detection and response
Verosint launched Vera, an agentic AI security analyst to transform how organizations detect, investigate, and respond to identity-based threats. Built on top of Verosint’s intelligent ITDR platform, Vera is an always-on, expert identity security analyst that works alongside security teams…
Europol, Poland Bust Major DDoS-for-Hire Operation, Arrest 4
Polish authorities arrest 4 behind major DDoS-for-hire sites used in global attacks. Europol, US, Germany, and Dutch forces… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Europol, Poland…
Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025
The healthcare sector has emerged as a prime target for cyber attackers, driven by the increasing reliance on cloud applications and the rapid integration of generative AI (genAI) tools into organizational workflows. According to the Netskope Threat Labs Report for…
PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability
F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers vulnerable to the recently disclosed Apache Parquet vulnerability, CVE-2025-30065. This vulnerability, which received a maximum CVSS score of 10.0, puts countless data-driven environments at risk…
Toll road scams are in overdrive: Here’s how to protect yourself
Have you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam. This article has been indexed from WeLiveSecurity Read the original article: Toll road scams are in overdrive: Here’s…
US Sanctions Myanmar Militia Involved in Cyber Scams
The US has sanctioned Myanmar warlord Saw Chit Thu and his militia for their roles in cyber scams causing billions in losses to American victims. The post US Sanctions Myanmar Militia Involved in Cyber Scams appeared first on SecurityWeek. This…
PoC exploit for SysAid pre-auth RCE released, upgrade quickly!
WatchTowr researchers have released a proof-of-concept (PoC) exploit that chains two vulnerabilities in SysAid On-Prem – the self-hosted version of the platform behind SysAid’s popular IT service management and IT helpdesk solutions – to achieve unauthenticated remote code execution on…
Wegen Sicherheitslücken: LibreOffice rät von OpenOffice ab
Die Entwickler von LibreOffice raten vom Konkurrenten OpenOffice ab. Die Apache-Software enthalte Sicherheitslücken und werde nicht weiterentwickelt. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Wegen Sicherheitslücken: LibreOffice rät von OpenOffice ab
Zero Day: Windows-Lücke von mindestens zwei Hackergruppen ausgenutzt
Mindestens zwei Cyberbanden haben sich einer Schwachstelle im CLFS-Treiber von Windows bedient, bevor Microsoft einen Patch ausliefern konnte. (Cybercrime, Windows) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Zero Day: Windows-Lücke von mindestens zwei Hackergruppen…
NSO Group Ordered To Pay $167m For 2019 WhatApp Exploit
Jury orders maker of Pegasus spyware to pay WhatsApp millions of dollars in damages for hacking 1,400 people in 2019. This article has been indexed from Silicon UK Read the original article: NSO Group Ordered To Pay $167m For 2019…
SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution
Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling unauthenticated attackers to execute remote commands by exploiting several pre-auth XML External Entity (XXE) injection flaws. The vulnerabilities, registered as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, highlight…
Unsophisticated cyber actors are targeting the U.S. Energy sector
CISA, FBI, EPA, and DoE warn of cyberattacks on the U.S. Energy sector carried out by unsophisticated cyber actors targeting ICS/SCADA systems. The US cybersecurity agency CISA, the FBI, EPA, and the DoE issued a joint alert to warn of…
Spyware Maker NSO Ordered to Pay $167 Million Over WhatsApp Hack
Meta has won its WhatsApp hacking lawsuit against Israeli spyware company NSO Group in an “important step forward for privacy and security”. The post Spyware Maker NSO Ordered to Pay $167 Million Over WhatsApp Hack appeared first on SecurityWeek. This…
Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection
Security Service Edge (SSE) platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices. But there’s a problem: they stop short of where…