Cybercriminals have devised sophisticated methods to exploit Near Field Communication (NFC) technology via popular mobile payment platforms. These attackers are now leveraging Apple Pay and Google Wallet to conduct unauthorized transactions after obtaining victims’ card credentials through phishing operations. The…
Category: EN
Microsoft Exchange Admin Center Down Globally
Microsoft has confirmed a global outage affecting the Exchange Admin Center (EAC), leaving administrators unable to access critical management tools. The issue, which has been designated as a critical service incident under ID EX1051697, is causing widespread disruptions across organizations…
Adobe Security Update – Patch for Multiple Vulnerabilities Across Products
Adobe has released a comprehensive set of security updates addressing multiple vulnerabilities across twelve of its products. The patches, all released on April 8, 2025, aim to resolve critical, important, and moderate security flaws that could potentially expose users to…
Hellcat Ransomware Updated It’s Arsenal to Attack Government, Education, and Energy Sectors
A sophisticated ransomware strain known as Hellcat has emerged as a formidable threat in the cybersecurity landscape since its first appearance in mid-2024. The malware has rapidly evolved its capabilities, specifically targeting critical sectors including government agencies, educational institutions, and…
Windows Active Directory Domain Vulnerability Let Attackers Escalate Privileges
Microsoft has disclosed a significant security vulnerability in Active Directory Domain Services that could allow attackers to elevate their privileges to the system level, potentially gaining complete control over affected systems. The vulnerability tracked as CVE-2025-29810, was patched as part…
BSidesLV24 – Breaking Ground – Chrome Cookie Theft On macOS, And How To Prevent It
Author/Presenter: Nick Frost Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink The post BSidesLV24…
Automating AWS Private CA audit reports and certificate expiration alerts
Today’s organizations rely heavily on secure and reliable communication channels and digital certificates play a crucial role in securing internal and external-facing infrastructure by establishing trust and enabling encrypted communication. While public certificates are commonly used to secure internet applications,…
The Database Kill Chain
Modern attacks targeting sensitive data have become complex. An organization with many assets might be lost when trying to assess its overall risk, understand the pain points and prioritize the tasks required to secure its information systems. Cyber threat modeling…
Hospital Equipments Can be Used as Murder Weapons, Swiss Experts Warn
Swiss specialists have issued a grave warning that cyber attackers could use hospital devices to commit murder. In an alarming new research from Zurich-based cybersecurity firm Scip AG, specialists showed how they were simply able to hijack medical devices…
CISA Highlights Major Vulnerabilities in Critical Infrastructure Systems
The Cybersecurity and Infrastructure Security Agency (CISA) has released two significant advisories focused on Industrial Control Systems (ICS), urging swift action from organizations operating within vital infrastructure sectors. These advisories—ICSA-25-091-01 and ICSA-24-331-04—highlight newly discovered vulnerabilities that could pose severe…
Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages
Lovable, a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing novice and aspiring cybercrooks to set up lookalike credential harvesting…
QR code phishing: 14 quishing prevention tips
Quishing is an offputting word for an on-the-rise attack method. Learn how to defend against it. This article has been indexed from Search Security Resources and Information from TechTarget Read the original article: QR code phishing: 14 quishing prevention tips
Wyden to Hold Up Trump CISA Nominee Over Telecom ‘Cover Up’: Report
Senator Ron Wyden (D-OR) is demanding CISA release a three-year-old report critical of telecoms’ security in the wake of the expansive Salt Typhoon hacks before he lifts a hold on President Trump’s nomination of Sean Plankey as head of the…
WK Kellogg Confirms Data Breach Tied to Cleo Software Exploit
WK Kellogg breach exposed employee data after attackers exploited flaws in Cleo software This article has been indexed from www.infosecurity-magazine.com Read the original article: WK Kellogg Confirms Data Breach Tied to Cleo Software Exploit
Microsoft Overtakes Apple As Most Valuable Public Company
Apple’s share price plummets over 23 percent in recent days, promoting Microsoft as world’s most valuable public firm This article has been indexed from Silicon UK Read the original article: Microsoft Overtakes Apple As Most Valuable Public Company
Shopware Security Plugin Exposes Systems to SQL Injection Attacks
A plugin designed to patch security vulnerabilities in older versions of Shopware has itself been found vulnerable to SQL injection attacks. The flaw, discovered in Shopware Security Plugin 6 version 2.0.10, affects Shopware installations below versions 6.5.8.13 and 6.6.5.1, potentially…
Hacker’s Dual Identity: Cybercriminal vs Bug Bounty Hunter
EncryptHub is an infamous threat actor responsible for breaches at 618 organizations. The hacker reported two Windows zero-day flaws to Microsoft, exposing a conflicted figure that blurs the lines between cybercrime and security research. The reported flaws are CVE-2025-24061 (Mark…
Payment Fraud on the Rise: How Businesses Are Fighting Back with AI
The threat of payment fraud is growing rapidly, fueled by the widespread use of digital transactions and evolving cyber tactics. At its core, payment fraud refers to the unauthorized use of someone’s financial information to make illicit transactions. Criminals are…
Cisco CVE-2024-20439: Exploitation Attempts Target Smart Licensing Utility Backdoor
A critical vulnerability tracked as CVE-2024-20439 has placed Cisco’s Smart Licensing Utility (CSLU) in the spotlight after cybersecurity researchers observed active exploitation attempts. The flaw, which involves an undocumented static administrative credential, could allow unauthenticated attackers to remotely access…
Precision-Validated Phishing Elevates Credential Theft Risks
New phishing method targets high-value accounts using real-time email validation This article has been indexed from www.infosecurity-magazine.com Read the original article: Precision-Validated Phishing Elevates Credential Theft Risks