Cybercriminals have launched a devious campaign targeting users of gaming sites, social media platforms, and even sponsored ads by redirecting links to counterfeit Booking.com websites. According to recent Report by Malwarebytes, approximately 40% of travelers book their trips through general…
Category: EN
Splunk Enterprise XSS Flaw Enables Attackers to Execute Unauthorized JavaScript
Splunk has disclosed a reflected Cross-Site Scripting (XSS) vulnerability in its Enterprise and Cloud Platform products, tracked as CVE-2025-20297 and detailed in advisory SVD-2025-0601. The flaw, rated medium with a CVSSv3.1 score of 4.3, affects the dashboard PDF generation component…
Host-based logs, container-based threats: How to tell where an attack began
Kaspersky expert shares insights on how to determine whether an attack was first launched in a container or on the host itself when an organization’s logs lack container visibility. This article has been indexed from Securelist Read the original article:…
Threat Actors Seeking to Bypass PerimeterX CAPTCHA to Create a Microsoft Account Automatically
Underground cybercriminal forums have recently witnessed a solicitation seeking developers capable of bypassing PerimeterX (PX) CAPTCHA protection systems, specifically targeting Microsoft’s account registration infrastructure. The threat actor is offering $1,500 USD for a working solution to circumvent the “hold CAPTCHA”…
New Lyrix Ransomware Attacking Windows Users With New Evasion Tactics
A sophisticated new ransomware strain dubbed “Lyrix” has emerged in the cyberthreat landscape, targeting Windows systems with an arsenal of advanced evasion techniques that have caught the attention of security researchers worldwide. The malware represents a significant evolution in ransomware…
New ModSecurity WAF Vulnerability Let Attackers Crash the System
A significant denial of service vulnerability has been discovered in ModSecurity, one of the most widely deployed open-source web application firewall (WAF) engines used to protect Apache, IIS, and Nginx web servers. The vulnerability, designated as CVE-2025-48866, affects all ModSecurity…
Microsoft and CrowdStrike Teaming Up to Bring Clarity To Threat Actor Mapping
Microsoft and CrowdStrike announced a groundbreaking collaboration yesterday to streamline the confusing landscape of cyberthreat actor identification, marking what industry experts are calling a watershed moment for cybersecurity intelligence sharing. The partnership addresses a critical challenge that has long plagued…
Malicious NPM Packages Exploit Ethereum Wallets with Obfuscated JavaScript
A recent wave of malicious NPM packages has emerged as a significant threat to cryptocurrency users, specifically targeting Ethereum wallet holders. Cybersecurity researchers have uncovered a sophisticated campaign where attackers leverage the widely-used Node Package Manager (NPM) ecosystem to distribute…
Bling slinger Cartier tells customers to be wary of phishing attacks after intrusion
Nothing terribly valuable taken in data heist, though privacy a little tarnished Global jewelry giant Cartier is writing to customers to confirm their data was exposed to cybercriminals that broke into its systems.… This article has been indexed from The…
Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets
A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques…
#Infosec2025: VEC Attacks Alarmingly Effective at Driving Engagement
Abnormal AI found that engagement rates with VEC attacks globally is “worrisomely high”, overtaking BEC in the EMEA region This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: VEC Attacks Alarmingly Effective at Driving Engagement
Apple Appeals EU Interoperability Order
Apple files formal legal appeal in General Court over Commission’s instructions for providing interoperability for third-party devices This article has been indexed from Silicon UK Read the original article: Apple Appeals EU Interoperability Order
Google Agrees To Pay $500m To Revamp Compliance
Google settles shareholder lawsuit that accused company directors and executives of exposing company to antitrust legal action This article has been indexed from Silicon UK Read the original article: Google Agrees To Pay $500m To Revamp Compliance
Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques
A formidable new strain of ransomware, dubbed Lyrix, has recently surfaced, posing a significant threat to Windows users worldwide. Cybersecurity researchers have identified Lyrix as a highly advanced malicious software designed to encrypt critical files and demand substantial ransoms for…
New ModSecurity WAF Vulnerability Enables Attackers to Crash Systems
A high-severity denial-of-service (DoS) vulnerability (CVE-2025-48866) has been identified in ModSecurity’s Apache module (mod_security2), threatening web application firewall stability. Rated 7.5/10 on the CVSS scale, this flaw enables attackers to crash servers by exploiting argument sanitization logic, with patches now…
Multiple High-Risk Vulnerabilities in Microsoft Products
According to the latest advisory by Cert-In, 78 vulnerabilities have been discovered across a broad range of Microsoft products, including Windows, Azure, MS Office, Developer Tools, Microsoft Apps, System Center, Dynamics, and even legacy products receiving Extended Security Updates (ESU).…
Threat Actors Target PerimeterX CAPTCHA to Automate Microsoft Account Creation
A recent post on an underground forum has brought renewed attention to the escalating arms race between cybercriminals and anti-bot security vendors. The solicitation, offering USD 1,500 for a working bypass of PerimeterX (PX) anti-fraud protections—specifically targeting the “hold CAPTCHA”…
Google fixed the second actively exploited Chrome zero-day since the start of the year
Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild. Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including one, tracked as CVE-2025-5419, that is actively exploited…
Google Researchers Find New Chrome Zero-Day
Reported by the Google Threat Analysis Group, the vulnerability might have been exploited by commercial spyware. The post Google Researchers Find New Chrome Zero-Day appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Google…
Scammers are impersonating Interactive Brokers: Here’s what you need to know
Interactive Brokers is warning customers to be on high alert due to a wave of scams involving fraudsters posing as company representatives. Interactive Brokers (IBKR) is a global brokerage firm that lets investors trade stocks, options, futures, and other assets…