Security researchers have uncovered a series of critical vulnerabilities in the Tenda RX2 Pro Dual-Band Gigabit Wi-Fi 6 Router (Firmware V16.03.30.14), which could allow remote attackers to gain administrative access and, in many cases, full root shell on the device.…
Category: EN
Experts shared up-to-date C2 domains and other artifacts related to recent MintsLoader attacks
MintsLoader is a malware loader delivering the GhostWeaver RAT via a multi-stage chain using obfuscated JavaScript and PowerShell. Recorded Future researchers observed MintsLoader delivering payloads like GhostWeaver via obfuscated scripts, evading detection with sandbox/VM checks, and uses DGA and HTTP…
Man Admits Hacking Disney and Leaking Data Disguised as Hacktivist
A 25-year-old has admitted hacking Disney systems and leaking data under the guise of a hacktivist collective named NullBulge. The post Man Admits Hacking Disney and Leaking Data Disguised as Hacktivist appeared first on SecurityWeek. This article has been indexed…
New LUMMAC.V2 Stealer Using ClickFix Technique to Trick Users in Execute Malicious Commands
Cybersecurity experts have identified a sophisticated evolution of the LUMMAC credential stealer, now rewritten from C to C++ and operating with enhanced capabilities. This new variant, designated LUMMAC.V2, has been observed targeting a wide range of applications including browsers, cryptocurrency…
Hackers Selling SS7 0-Day Vulnerability on Hacker Froums for $5000
A sophisticated SS7 protocol vulnerability that enables unauthorized SMS interception and real-time phone tracking is now being offered for sale on underground forums, raising serious concerns about mobile network security worldwide. The exploit, priced at $5,000, provides buyers with comprehensive…
Ransomware Group Claims Attacks on UK Retailers
The DragonForce ransomware group has claimed responsibility for the recent cyberattacks on UK retailers Co-op, Harrods, and M&S. The post Ransomware Group Claims Attacks on UK Retailers appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
The Ultimate ISO 27001 Checklist: Step-by-Step Guide to Simplify Your Compliance Journey
Navigating the path to ISO 27001 certification resembles assembling IKEA flat-pack furniture. Each piece is essential, but the sparse instructions can leave you scratching your head. Sure, both ISO and IKEA have Scandinavian roots, but when it comes to security…
US Asks Judge To Break Up Google Ad Tech Business
More regulatory headaches for Sundar Pichai, as US DoJ asks judge to also breakup Google’s ad tech business This article has been indexed from Silicon UK Read the original article: US Asks Judge To Break Up Google Ad Tech Business
Security Researchers Warn a Widely Used Open Source Tool Poses a ‘Persistent’ Risk to the US
The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm. This article has been indexed from Security Latest Read the…
New Luna Moth Domains Attacking Users Via Weaponized Helpdesk Domains
Recently identified Luna Moth phishing operations reveal a sophisticated campaign targeting legal and financial institutions through expertly crafted typosquatted domains. Security researchers from EclecticIQ, supported by additional findings from Silent Push, have uncovered a methodical approach to domain registration that…
TeleMessage, a modified Signal clone used by US govt. officials, has been hacked
A hacker has exploited a vulnerability in TeleMessage, which provides modded versions of encrypted messaging apps such as Signal, Telegram and WhatsApp, to extract archived messages and other data relating to U.S. government officials and companies who used the tool,…
NIS2 Compliance Checklist
The post NIS2 Compliance Checklist appeared first on Heimdal Security Blog. This article has been indexed from Heimdal Security Blog Read the original article: NIS2 Compliance Checklist
PoC Published for Exploited SonicWall Vulnerabilities
PoC code targeting two exploited SonicWall flaws was published just CISA added them to the KEV catalog. The post PoC Published for Exploited SonicWall Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
TikTok Fined €530m Over Transfers of European User Data to China
Ireland’s data protection watchdog accuses the Chinese social media giant of violating GDPR with transfers of European users’ data to China This article has been indexed from www.infosecurity-magazine.com Read the original article: TikTok Fined €530m Over Transfers of European User…
Hackers Exploit Email Fields to Launch XSS and SSRF Attacks
Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site scripting (XSS) and server-side request forgery (SSRF) attacks. These vulnerabilities, often overlooked in web applications, allow attackers to bypass security controls, steal data, and compromise servers. Email input fields…
Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims
A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed a surge in malicious activity tied to the Luna Moth hacking group. The actors are now leveraging fake helpdesk-themed domains to impersonate legitimate businesses and steal sensitive data.…
Getting Email Security Right
Let’s face it: your inbox is a warzone. Email security is a constant battle between evolving threats and the defenses designed to stop them. Every day, attackers bombard user inboxes with increasingly sophisticated phishing attempts, malware, and social engineering attacks.…
Strengthening Cybersecurity Incident Response Part 2: From Detection to Recovery
Cyber incidents are always going to be present. Regardless of whether you’re working for a startup or a corporation, malicious software can target you and your business. This is why it’s important to work closely with cybersecurity incident response teams…
EU Adopts New Cybersecurity Rules for Critical Infrastructure Under NIS2 Directive
The post EU Adopts New Cybersecurity Rules for Critical Infrastructure Under NIS2 Directive appeared first on Heimdal Security Blog. This article has been indexed from Heimdal Security Blog Read the original article: EU Adopts New Cybersecurity Rules for Critical Infrastructure…
Researcher Integrated Copilot with WinDbg to Analyze Windows Crash Dumps
In a significant leap forward for software debugging, a researcher has successfully developed a groundbreaking tool that brings AI assistance to one of computing’s most archaic processes: Windows crash dump analysis. Sven Scharmentke recently unveiled “mcp-windbg,” an open-source project that…