At Heimdal we’re constantly monitoring the latest industry alerts, media reports, academic research and government data to keep track of password breaches. It’s a crucial part of our work, and means we can advise our customers on emerging threats. To…
Category: EN
New WhatsApp Scam Alert Tricks Users to Get Complete Access to Your WhatsApp Chats
A newly discovered WhatsApp scam has begun circulating on messaging platforms, exploiting the popular device linking feature to seize full control of user accounts. The attack unfolds when recipients receive what appears to be a harmless message from a known…
Jaguar Land Rover Confirms Cybersecurity Incident Impacts Global IT Systems
Luxury automaker Jaguar Land Rover (JLR) has been forced to halt production at its Halewood plant and shut down its global IT infrastructure following a significant cybersecurity incident. The breach, which was first reported on Monday, September 1, has led…
Ukrainian Networks Launch Massive Brute-Force and Password-Spraying Campaigns Targeting SSL VPN and RDP Systems
A sophisticated network of Ukrainian-based autonomous systems has emerged as a significant cybersecurity threat, orchestrating large-scale brute-force and password-spraying attacks against SSL VPN and RDP infrastructure. Between June and July 2025, these malicious networks launched hundreds of thousands of coordinated…
Google Hack Redux: Should 2.5B Gmail Users PANIC Now?
Summer’s lease hath all too short a date: Let’s ask Ian Betteridge. The post Google Hack Redux: Should 2.5B Gmail Users PANIC Now? appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article:…
Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control
Cybersecurity researchers have disclosed a stealthy new backdoor called MystRodX that comes with a variety of features to capture sensitive data from compromised systems. “MystRodX is a typical backdoor implemented in C++, supporting features like file management, port forwarding, reverse…
Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE
The North Korea-linked threat actor known as the Lazarus Group has been attributed to a social engineering campaign that distributes three different pieces of cross-platform malware called PondRAT, ThemeForestRAT, and RemotePE. The attack, observed by NCC Group’s Fox-IT in 2024,…
ICE Reinstates Contract with Spyware Vendor Paragon
The US Immigration agency has resumed a $2m contract with the Graphite spyware developer, now owned by US investor AE Industrial Partners This article has been indexed from www.infosecurity-magazine.com Read the original article: ICE Reinstates Contract with Spyware Vendor Paragon
I asked AI to modify mission-critical code, and what happened next haunts me
This seriously raised the hairs on the back of my neck. This article has been indexed from Latest news Read the original article: I asked AI to modify mission-critical code, and what happened next haunts me
This charger’s retractable superpower makes multi-device travel a breeze
Ugreen’s Nexode 65W charger has two ports, a retractable USB-C cable, and still manages to dish out 65W of power. This article has been indexed from Latest news Read the original article: This charger’s retractable superpower makes multi-device travel a…
Fuji Electric FRENIC-Loader 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: FRENIC-Loader 4 Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3.…
SunPower PVS6
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: SunPower Equipment: PVS6 Vulnerability: Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to gain full access…
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems (ICS) advisories on September 2, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-245-01 Delta Electronics EIP Builder ICSA-25-245-02 Fuji Electric FRENIC-Loader 4 ICSA-25-245-03 SunPower PVS6 ICSA-25-182-06…
Delta Electronics EIP Builder
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.7 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: EIP Builder Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to potentially…
India’s Biggest Cyber Fraud: Businessman Duped of ₹25 Crore Through Fake Trading App
A Kochi-based pharmaceutical company owner has suffered a loss of ₹25 crore in what is being described as the largest single-person cyber fraud case in India. The incident involved a sophisticated online trading scam, executed through a fake trading…
New Forensic System Tracks Ghost Guns Made With 3D Printing Using SIDE
The rapid rise of 3D printing has transformed manufacturing, offering efficient ways to produce tools, spare parts, and even art. But the same technology has also enabled the creation of “ghost guns” — firearms built outside regulated systems and…
Malicious npm Package Masquerades as Popular Email Library
A malicious npm package “nodejs-smtp” has been discovered impersonating nodemailer and injecting code to drain crypto wallets This article has been indexed from www.infosecurity-magazine.com Read the original article: Malicious npm Package Masquerades as Popular Email Library
Palo Alto Networks, Zscaler customers impacted by supply chain attacks
A hacking campaign using credentials linked to Salesloft Drift has impacted a growing number of companies, including downstream customers of leading cybersecurity firms. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Palo Alto…
Palo Alto Networks, Zscaler and PagerDuty Hit in Salesforce Linked Data Breaches
Hackers exploited the Salesloft Drift app to steal OAuth tokens and access Salesforce data, exposing customer details at… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Palo Alto…
3 Android calendar apps that beat Google’s default hands down – and they’re all free
I’ve been wanting to replace Google Calendar as my go-to calendar app. These alternatives aren’t just drop-ins; they’re outright superior. This article has been indexed from Latest news Read the original article: 3 Android calendar apps that beat Google’s default…