The gaming community faces a sophisticated new threat as cybercriminals exploit the massive popularity of Minecraft to distribute advanced malware through fake modifications. With over 200 million monthly active players and more than 1 million users actively involved in modding,…
Category: EN
60+ GitHub Repositories Exploited to Store Windows-Based Payloads to Steal Sensitive Data
A sophisticated supply chain attack campaign has emerged targeting software developers through the exploitation of over 60 GitHub repositories containing trojanized Python files designed to steal sensitive Windows-based data. The threat actor, known as Banana Squad, has demonstrated remarkable stealth…
Mattel’s going to make AI-powered toys, kids’ rights advocates are worried
Toy company Mattel has announced a deal with OpenAI to create AI-powered toys, but digital rights advocates have urged caution. This article has been indexed from Malwarebytes Read the original article: Mattel’s going to make AI-powered toys, kids’ rights advocates…
Data Resilience in a Post-Quantum World
As cyberthreats grow more sophisticated and the quantum era draws closer, resilience is no longer just a best practice—it’s a business imperative. Many organizations have focused on breach prevention. Forward-looking enterprises are shifting to a resilience-first model. This model prioritizes…
Hackers Deploy Amatera Stealer Using Advanced Web Injection and Anti-Analysis Techniques
Proofpoint has uncovered a rebranded and significantly enhanced information stealer named Amatera Stealer, derived from the previously known ACR Stealer. Identified in early 2025, this malware exhibits substantial code overlap with its predecessor but introduces advanced features and stealth mechanisms…
The Hidden AI Threat to Your Software Supply Chain
AI-powered coding assistants like GitHub’s Copilot, Cursor AI and ChatGPT have swiftly transitioned from intriguing gadgets to indispensable sidekicks for modern developers. A recent survey by Stack Overflow revealed that over 76% of developers now rely on these assistants, with…
Glazed and confused: Hole lotta highly sensitive data nicked from Krispy Kreme
Experts note ‘major red flags’ in donut giant’s security as 161,676 staff and families informed of attack details Krispy Kreme finally revealed the number of people affected by its November cyberattack, and it’s easy to see why analyzing the incident…
Best SIEM Tools for Enhanced Security
Looking for the best SIEM tool? Check out our list and find the security information and event management solution that fits your business needs. This article has been indexed from Security | TechRepublic Read the original article: Best SIEM Tools…
Iran experienced a near-total national internet blackout
Iran experienced a near-total internet blackout on Wednesday as tensions with Israel escalated into the first week of conflict. Global internet monitor NetBlocks reported almost near-total Internet disruptions in Iran as tensions with Israel escalated into the first week of…
Android Spyware SpyNote Masquerading as Google Translate Found in Open Directories
Our team stumbled upon a disturbing array of SpyNote spyware samples lurking in open directories across the internet. These misconfigured digital repositories, often overlooked as mere storage spaces, have become unwitting hosts to dangerous malware targeting Android users. Uncovering Hidden…
Krispy Kreme Data Breach Exposes Customer Personal Information
Krispy Kreme Doughnut Corporation has confirmed a significant data breach that exposed the personal information of over 160,000 individuals following a ransomware attack in late 2024. The incident, which affected both employees and customers, has raised concerns about data security…
Microsoft Entra ID Expands Passkey (FIDO2) Authentication Methods for Public Preview
Microsoft is expanding the number of passkey authentication methods available in Microsoft Entra ID to improve its identity and access management features. The public preview rollout is scheduled to commence in mid-October 2025, with full deployment expected by mid-November 2025. …
Android Spyware SpyNote That Mimicked Google Translate Hosted in Open Directories
Cybersecurity researchers have uncovered a sophisticated Android spyware campaign involving SpyNote malware cleverly disguised as legitimate applications, including Google Translate, hosted in unsecured open directories across the internet. This discovery highlights the evolving tactics employed by cybercriminals to distribute malicious…
Hackers Deliver Amatera Stealer via Sophisticated Web Injection & Anti-Analysis Features
Cybercriminals have unleashed a new and sophisticated information stealer called Amatera Stealer, which represents a significant evolution in malware-as-a-service offerings targeting sensitive user data. This malicious software emerged as a rebranded and enhanced version of the previously known ACR Stealer,…
Krispy Kreme Confirms Data Breach – Personal Information Stolen by Attackers
Krispy Kreme Doughnut Corporation has confirmed a significant data security incident affecting thousands of current and former employees, along with their family members, following unauthorized access to company systems discovered in late November 2024. The popular doughnut chain became aware…
UBS Employee Data Reportedly Exposed in Third Party Attack
Banking giant UBS revealed it had suffered a data breach following a cyber-attack on procurement service provider Chain IQ This article has been indexed from www.infosecurity-magazine.com Read the original article: UBS Employee Data Reportedly Exposed in Third Party Attack
Hackers Use VBScript Files to Deploy Masslogger Credential Stealer Malware
Seqrite Labs has uncovered a sophisticated variant of the Masslogger credential stealer malware being distributed through VBScript Encoded (.VBE) files. This advanced threat, which likely spreads via spam emails or drive-by downloads, operates as a multi-stage fileless malware, heavily exploiting…
New Campaigns Distribute Malware via Open Source Hacking Tools
Trend Micro and ReversingLabs uncovered over 100 GitHub accounts distributing malware embedded in open source hacking tools. The post New Campaigns Distribute Malware via Open Source Hacking Tools appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Secure Vibe Coding: The Complete New Guide
DALL-E for coders? That’s the promise behind vibe coding, a term describing the use of natural language to create software. While this ushers in a new era of AI-generated code, it introduces “silent killer” vulnerabilities: exploitable flaws that evade traditional…
BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices. Huntress, which revealed…