The cybersecurity landscape has witnessed the emergence of a sophisticated threat actor with the appearance of CatB ransomware in late 2022. Also known as CatB99 or Baxtoy, this malware has gained significant attention for its advanced evasion capabilities and distinctive…
Category: EN
TP-Link IoT Smart Hub Vulnerability Exposes Wi-Fi Credentials
A critical vulnerability in the TP-Link Tapo H200 V1 IoT Smart Hub that could expose users’ Wi-Fi credentials to attackers. The flaw, assigned CVE-2025-3442, stems from the device’s firmware storing sensitive information in plain text, making it accessible to attackers…
Your 23andMe genetic data could be bought by China, senator warns
US senator Cassidy is afraid that Chinese companies will jump at the opportunity to buy the genetic data of 15 million 23andMe customers. This article has been indexed from Malwarebytes Read the original article: Your 23andMe genetic data could be…
Guidepoint Security & Enzoic: Taking on the Password Problem
Compromised passwords remain one of the most common—and preventable—ways attackers gain access to systems. Despite advancements in security tools, weak and reused credentials still leave organizations wide open to phishing, credential stuffing, and account takeovers. To tackle this head-on, password…
PCI DSS Tokenization vs Encryption: Key Differences to Protect Payment Data
If your organization handles sensitive financial information, you must implement security measures that fulfill the Payment Card Industry Data Security Standard (PCI DSS) requirements. The most commonly used methods for securing cardholder data are tokenization and encryption. These techniques aim…
Trump orders revocation of security clearances for Chris Krebs, SentinelOne
US President Donald Trump has signed an Executive Order on Wednesday to revoke security clearance held by Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), and his colleagues at SentinelOne. “The Order also suspends any…
Can VPNs Be Tracked by the Police?
VPNs are popular due to the fact they add security and privacy to what are otherwise fairly open Wi-Fi and public internet channels. But can VPNs be tracked by the police? This article has been indexed from Security | TechRepublic…
Study Identifies 20 Most Vulnerable Connected Devices of 2025
Routers are the riskiest devices in enterprise networks as they contain the most critical vulnerabilities, a new Forescout report shows. The post Study Identifies 20 Most Vulnerable Connected Devices of 2025 appeared first on SecurityWeek. This article has been indexed…
Langflow AI Builder Vulnerability Allows Remote Server Takeover by Attackers
A critical security vulnerability has been discovered in the Langflow AI Builder, a popular tool for creating agentic AI workflows. The flaw, tracked as CVE-2025-3248, enables unauthenticated remote attackers to compromise servers running Langflow, potentially leading to full server control. Security…
Cable: Powerful Post-Exploitation Toolkit for Active Directory Attacks
Cybersecurity researchers are raising alarms about Cable, a potent open-source post-exploitation toolkit designed to exploit Active Directory (AD) vulnerabilities. With 298 GitHub stars and 33 forks since its release, this .NET-based tool is rapidly gaining traction among threat actors for its…
SideCopy APT Hackers Mimic as Government Personnel to Deploy Open-Source XenoRAT Tool
A sophisticated campaign by the Pakistan-linked SideCopy Advanced Persistent Threat (APT) group has emerged since late December 2024, targeting critical Indian government sectors with enhanced tactics. The group has significantly expanded its scope beyond traditional defense and maritime sectors to…
HollowQuill Malware Attacking Government Agencies Worldwide Via Weaponized PDF Documents
A sophisticated malware campaign dubbed “HollowQuill” has emerged as a significant threat to academic institutions and government agencies worldwide. The attack leverages weaponized PDF documents disguised as research papers, grant applications, or official government communiques to entice unsuspecting victims into…
Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine
The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel. The group…
The Identities Behind AI Agents: A Deep Dive Into AI & NHI
AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain…
PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party
Overview of the PlayPraetor Masquerading Party Variants CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants.…
Amazon Delays Project Kuiper Launch Amid Bad Weather
First launch of Amazon’s Project Kuiper internet satellites pushed back amid “stubborn” cloud cover, heavy winds This article has been indexed from Silicon UK Read the original article: Amazon Delays Project Kuiper Launch Amid Bad Weather
TP-Link Smart Hub Flaw Exposes Users’ Wi-Fi Credentials
A critical vulnerability has been discovered in TP-Link’s Smart Hub, potentially exposing users’ Wi-Fi credentials to malicious actors. This flaw could allow attackers to gain unauthorized access to sensitive information, posing significant risks to affected users. The vulnerability, identified as CVE-2025-0072,…
Hackers Claim WooCommerce Breach Exposing 4.4 Million Customer Records
A hacker operating under the alias “Satanic” has claimed responsibility for a massive data breach involving WooCommerce, a leading e-commerce platform used globally to power online stores. The breach, allegedly carried out on April 6, 2025, has reportedly compromised sensitive…
Google Launches Sec-Gemini v1: A New AI Powerhouse for Cybersecurity
Google today announced the release of Sec-Gemini v1, an experimental Artificial Intelligence (AI) model specifically designed to revolutionize… The post Google Launches Sec-Gemini v1: A New AI Powerhouse for Cybersecurity appeared first on Hackers Online Club. This article has been…
An APT group exploited ESET flaw to execute malware
At least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures. Kaspersky researchers reported that an APT group, tracked as ToddyCat, has exploited a vulnerability in ESET software to stealthily execute malware, bypassing…