Akamai Technologies has introduced Akamai DNS Posture Management, a solution that offers unified, multicloud visibility over all DNS assets. The agentless solution provides real-time monitoring and guided remediation across all major DNS providers. Security teams can quickly detect and respond…
Category: EN
Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization
In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption caused — currently…
Splunk Universal Forwarder for Windows Flaw Grants Non-Admin Users Full Content Access
A critical security advisory (SVD-2025-0602) has been issued for Splunk Universal Forwarder for Windows, addressing a high-severity vulnerability (CVE-2025-20298) that exposes Windows systems to potential privilege escalation. The flaw, rated 8.0 (High) on the CVSSv3.1 scale (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), affects Universal Forwarder…
Threat Actors Exploit DevOps Web Server Misconfigurations to Deploy Malware
Threat actors have increasingly turned their attention to exploiting misconfigurations in DevOps-managed web servers to deploy malicious payloads. Recent investigations into web server vulnerabilities reveal a sophisticated pattern of attacks targeting poorly secured environments. These misconfigurations, often stemming from improper…
Australia Enforces Ransomware Payment Reporting
Covered organizations in Australia are now required to report ransomware and other cyber extortion payments within three days. The post Australia Enforces Ransomware Payment Reporting appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Lost in Resolution: Azure OpenAI’s DNS Resolution Issue
We discovered an Azure OpenAI misconfiguration allowing shared domains, potentially leading to data leaks. Microsoft quickly resolved the issue. The post Lost in Resolution: Azure OpenAI's DNS Resolution Issue appeared first on Unit 42. This article has been indexed from…
Beware: Fake Booking.com Sites Spread AsyncRAT Malware to Infect Devices
Cybercriminals have launched a devious campaign targeting users of gaming sites, social media platforms, and even sponsored ads by redirecting links to counterfeit Booking.com websites. According to recent Report by Malwarebytes, approximately 40% of travelers book their trips through general…
Splunk Enterprise XSS Flaw Enables Attackers to Execute Unauthorized JavaScript
Splunk has disclosed a reflected Cross-Site Scripting (XSS) vulnerability in its Enterprise and Cloud Platform products, tracked as CVE-2025-20297 and detailed in advisory SVD-2025-0601. The flaw, rated medium with a CVSSv3.1 score of 4.3, affects the dashboard PDF generation component…
Host-based logs, container-based threats: How to tell where an attack began
Kaspersky expert shares insights on how to determine whether an attack was first launched in a container or on the host itself when an organization’s logs lack container visibility. This article has been indexed from Securelist Read the original article:…
Threat Actors Seeking to Bypass PerimeterX CAPTCHA to Create a Microsoft Account Automatically
Underground cybercriminal forums have recently witnessed a solicitation seeking developers capable of bypassing PerimeterX (PX) CAPTCHA protection systems, specifically targeting Microsoft’s account registration infrastructure. The threat actor is offering $1,500 USD for a working solution to circumvent the “hold CAPTCHA”…
New Lyrix Ransomware Attacking Windows Users With New Evasion Tactics
A sophisticated new ransomware strain dubbed “Lyrix” has emerged in the cyberthreat landscape, targeting Windows systems with an arsenal of advanced evasion techniques that have caught the attention of security researchers worldwide. The malware represents a significant evolution in ransomware…
New ModSecurity WAF Vulnerability Let Attackers Crash the System
A significant denial of service vulnerability has been discovered in ModSecurity, one of the most widely deployed open-source web application firewall (WAF) engines used to protect Apache, IIS, and Nginx web servers. The vulnerability, designated as CVE-2025-48866, affects all ModSecurity…
Microsoft and CrowdStrike Teaming Up to Bring Clarity To Threat Actor Mapping
Microsoft and CrowdStrike announced a groundbreaking collaboration yesterday to streamline the confusing landscape of cyberthreat actor identification, marking what industry experts are calling a watershed moment for cybersecurity intelligence sharing. The partnership addresses a critical challenge that has long plagued…
Malicious NPM Packages Exploit Ethereum Wallets with Obfuscated JavaScript
A recent wave of malicious NPM packages has emerged as a significant threat to cryptocurrency users, specifically targeting Ethereum wallet holders. Cybersecurity researchers have uncovered a sophisticated campaign where attackers leverage the widely-used Node Package Manager (NPM) ecosystem to distribute…
Bling slinger Cartier tells customers to be wary of phishing attacks after intrusion
Nothing terribly valuable taken in data heist, though privacy a little tarnished Global jewelry giant Cartier is writing to customers to confirm their data was exposed to cybercriminals that broke into its systems.… This article has been indexed from The…
Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets
A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques…
#Infosec2025: VEC Attacks Alarmingly Effective at Driving Engagement
Abnormal AI found that engagement rates with VEC attacks globally is “worrisomely high”, overtaking BEC in the EMEA region This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: VEC Attacks Alarmingly Effective at Driving Engagement
Apple Appeals EU Interoperability Order
Apple files formal legal appeal in General Court over Commission’s instructions for providing interoperability for third-party devices This article has been indexed from Silicon UK Read the original article: Apple Appeals EU Interoperability Order
Google Agrees To Pay $500m To Revamp Compliance
Google settles shareholder lawsuit that accused company directors and executives of exposing company to antitrust legal action This article has been indexed from Silicon UK Read the original article: Google Agrees To Pay $500m To Revamp Compliance
Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques
A formidable new strain of ransomware, dubbed Lyrix, has recently surfaced, posing a significant threat to Windows users worldwide. Cybersecurity researchers have identified Lyrix as a highly advanced malicious software designed to encrypt critical files and demand substantial ransoms for…