Security researchers have uncovered a severe unauthenticated Remote Code Execution vulnerability in Ubiquiti’s UniFi OS that earned a substantial $25,000 bug bounty reward. Tracked as CVE-2025-52665, this critical flaw allows attackers to gain complete control of UniFi devices without requiring…
Category: EN
Open VSX Registry Responds to Leaked Tokens and Malicious Extension Incident
The Open VSX team and Eclipse Foundation have addressed a significant security incident involving leaked authentication tokens and malicious extensions on their popular code marketplace. The organization has now contained the situation and outlined concrete steps to prevent future attacks.…
Windows 11 24H2/25H2 Update Causes Task Manager to be Active After Closure
Microsoft has released a non-security update for Windows 11 versions 24H2 and 25H2 that introduces an unusual bug affecting one of the operating system’s most essential utilities. The update, designated as KB5067036, is causing Task Manager to continue running in…
Proton Exposes 300 Million Stolen Credentials Available for Sale on Dark Web Cybercrime Markets
Proton has launched a new initiative called the Data Breach Observatory. This program reveals serious problems that exist on the internet. The cybersecurity company revealed that over 300 million stolen credentials are currently circulating on dark web cybercrime markets, putting…
Cyber-espionage campaign mirroring Sandworm TTPs hit Russian and Belarusian military
A spear-phishing campaign aimed to compromise Russian and Belarusian military personnel by using military-themed documents as a lure has been flagged by Cyble and Seqrite security researchers. The goal of the campaign is to get targets to download and open…
Ground zero: 5 things to do after discovering a cyberattack
When every minute counts, preparation and precision can mean the difference between disruption and disaster This article has been indexed from WeLiveSecurity Read the original article: Ground zero: 5 things to do after discovering a cyberattack
In memoriam: David Harley
We were very sorry to hear of the passing a few days ago of stalwart supporter of and contributor to VB, David Harley. Read more This article has been indexed from Virus Bulletin’s blog Read the original article: In memoriam:…
Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data
Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised devices. According to CYFIRMA, which analyzed three different samples of BankBot-YNRK, the malware incorporates features to sidestep…
DHS to collect biometric info from every non-citizen on the way in and out of the USA
The Department of Homeland Security (DHS) has confirmed that U.S. Customs and Border Protection (CBP) agents will collect biometric data from all non-citizens arriving in… The post DHS to collect biometric info from every non-citizen on the way in and…
YouTube ‘Ghost Network’ Spreads Infostealer via 3,000 Fake Videos
Check Point Research exposed a sophisticated, role-based operation called the YouTube Ghost Network, distributing dangerous Lumma and Rhadamanthys Infostealer malware. Learn how cybercriminals use hijacked channels and bots to triple malicious video output and steal user credentials. This article has…
New Operation SkyCloak Uses Powershell Tools and Hidden SSH Service to Unblock Traffic
A sophisticated campaign targeting military personnel across Russia and Belarus has emerged, deploying a complex multi-stage infection chain that establishes covert remote access through Tor-based infrastructure. Operation SkyCloak represents a stealth-oriented intrusion effort aimed at the Russian Airborne Forces and…
Password manager KeePass 2.60 is now available: here is what is new
Computer users have plenty of choice when it comes to an essential piece of software: password managers. From built-in browser password managers to local apps or cloud-based services that sync your data […] Thank you for being a Ghacks reader.…
An Anarchist’s Conviction Offers a Grim Foreshadowing of Trump’s War on the ‘Left’
As the Trump administration ramps up its targeting of left-leaning people and groups, the prosecution and harsh sentencing of Casey Goonan may provide a glimpse of things to come. This article has been indexed from Security Latest Read the original…
The race to shore up Europe’s power grids against cyberattacks and sabotage
Ukraine first to deploy open source security platform to isolate incidents, stop lateral movement Feature It was a sunny morning in late April when a massive power outage suddenly rippled across Spain, Portugal, and parts of southwestern France, leaving tens…
The New Frontier of Cyber Threats: Unpacking Prompt Injection, Model Poisoning and Adversarial Attacks in AI Security
Artificial Intelligence is reshaping the cybersecurity landscape—and with it, a new generation of attack vectors is emerging. From prompt injection to model poisoning and adversarial attacks, threat actors are exploiting vulnerabilities unique to AI systems. This article explores how these…
Standing to Sue – The Elephant in the Room
When Elephant Insurance was hacked and millions of driver’s license numbers were exposed, the Fourth Circuit confronted a crucial privacy law dilemma: Is data theft alone enough to sue, or must harm be public and provable? This case exposes how…
New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea
The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital, which disclosed details of the activity, did not…
From Gap to Growth: How Enterprises Are Rethinking Talent in the Age of AI
AI is transforming enterprise talent—driving a shift from degree-based hiring to skills, AI literacy, and building resilient, future-ready teams. This article has been indexed from Silicon UK Read the original article: From Gap to Growth: How Enterprises Are Rethinking Talent…
From Gap to Growth: Head-to-Head: Cassandra MacDonald
How has the shift from degree-based to skills-based hiring changed the way enterprises identify and evaluate talent? “Formal qualifications and academic credentials are becoming secondary to practical, hands-on experience and skills such as critical thinking and decision making. “Hiring based…
New BOF Tool Bypasses Microsoft Teams Cookie Encryption to Steal User Chats
Cybersecurity researchers at Tier Zero Security have released a specialised Beacon Object File (BOF) tool that exploits a critical weakness in Microsoft Teams cookie encryption, enabling attackers to steal user chat messages and other sensitive communications. The vulnerability stems from…