A sophisticated cyberattack technique known as Browser-in-the-Middle (BitM) has emerged, enabling hackers to bypass multi-factor authentication (MFA) and steal user sessions in mere seconds. This method exploits web browser functionalities to hijack authenticated sessions, posing a significant threat to organizations…
Category: EN
Cloudflare Adopts Post-Quantum Cryptography to Combat Future Quantum Attacks
Cloudflare has announced the implementation of post-quantum cryptography across its services. This advancement is part of a broader effort to protect customers from potential quantum attacks that could compromise conventional cryptographic systems in the future. Quantum computers, which are rapidly…
Google is buying Wiz for $32B to beef up in cloud security, sources say
Google is making the biggest acquisition in its history. The company’s parent company Alphabet is acquiring Wiz, the cloud security startup, for $32 billion, our sources say. The deal will still need regulatory and other approvals before closing. From what…
Amazon disables option to store Echo voice recordings on your device
Amazon informed Echo users in the US that the “Do not send voice recordings” feature will stop working on March 28, 2025. This article has been indexed from Malwarebytes Read the original article: Amazon disables option to store Echo voice…
Western Alliance Bank Discloses Data Breach Linked to Cleo Hack
The personal information of 22,000 Western Alliance Bank customers was stolen in a data breach linked to Cl0p’s hacking of the Cleo file transfer tool. The post Western Alliance Bank Discloses Data Breach Linked to Cleo Hack appeared first on…
“My Vas Pokhoronim!”
CISA, in collaboration with the FBI and NSA, identified and attributed multiple attacks to Russian entities, emphasizing the risks posed by state-backed Advanced Persistent Threats (APTs). The post “My Vas Pokhoronim!” appeared first on Security Boulevard. This article has been…
Hackers Exploit SSRF Vulnerability to Attack OpenAI’s ChatGPT Infrastructure
A critical cybersecurity alert has been issued following the active exploitation of a Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s ChatGPT infrastructure. According to the Veriti report, the vulnerability, identified as CVE-2024-27564, has been weaponized by attackers in real-world attacks,…
GitHub Action tj-actions/changed-files was compromised in supply chain attack
The GitHub Action tj-actions/changed-files was compromised, enabling attackers to extract secrets from repositories using the CI/CD workflow. Researchers reported that threat actors compromised the GitHub Action tj-actions/changed-files, allowing the leak of secrets from repositories using the continuous integration and continuous…
Is Security Human Factors Research Skewed Towards Western Ideas and Habits?
Really interesting research: “How WEIRD is Usable Privacy and Security Research?” by Ayako A. Hasegawa Daisuke Inoue, and Mitsuaki Akiyama: Abstract: In human factor fields such as human-computer interaction (HCI) and psychology, researchers have been concerned that participants mostly come…
PoC Exploit Released for Use-after-free Linux Kernel Vulnerability
Security researchers have publicly released a proof-of-concept (PoC) exploit for CVE-2024-36904, a critical use-after-free vulnerability in the Linux kernel that has remained undetected for seven years. The vulnerability, which affects the TCP subsystem, could potentially allow attackers to execute remote…
Denmark Warns of Serious Cyber Attacks Targeting Telecommunication Sector
The Danish Agency for Social Security (CFCS) has issued an updated threat assessment warning of severe cyber threats targeting the nation’s telecommunications sector, signaling a heightened alert level for state-sponsored espionage. The report, which supersedes the 2022 version, underscores an…
Red Team Tool Cobalt Strike 4.11 Released With out-of-the-box Evasion Options
Cobalt Strike has released version 4.11 with significant improvements to its evasion capabilities, making the popular red team tool more resilient against modern security solutions. The update introduces a novel Sleepmask, new process injection techniques, enhanced obfuscation options, and stealthier…
Crypto Exchange OKX Suspends Tool Used by North Korean Hackers to Steal Funds
Cryptocurrency exchange OKX has temporarily suspended its decentralized exchange (DEX) aggregator service following allegations that North Korea’s state-sponsored Lazarus Group exploited it to launder funds stolen from the recent Bybit hack. The suspension, announced on March 17, 2025, coincides with…
“My vas pokhoronim!”
CISA, in collaboration with the FBI and NSA, identified and attributed multiple attacks to Russian entities, emphasizing the risks posed by state-backed Advanced Persistent Threats (APTs). The post “My vas pokhoronim!” appeared first on Security Boulevard. This article has been…
FBI: Free file converter sites and tools deliver malware
Malware peddlers are increasingly targeting users who are searching for free file converter services (websites) and tools, the FBI’s Denver Field Office has warned earlier this month. “To conduct this scheme, cyber criminals across the globe are using any type…
BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse
At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem. This includes SalesTracker Group, MoYu Group,…
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation
Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in…
How to Improve Okta Security in Four Steps
While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts.…
DeepMind’s Hassabis Urges UK To Expand AI Ambitions
DeepMind co-founder Demis Hassabis says top universities, tech talent give UK key edge in fast-moving AI industry This article has been indexed from Silicon UK Read the original article: DeepMind’s Hassabis Urges UK To Expand AI Ambitions
TruffleHog: New Burp Suite Extension for Secret Scanning Released
A new extension for Burp Suite has been released, integrating the powerful secret scanning capabilities of TruffleHog. This innovative integration aims to enhance the detection of live, exploitable credentials within HTTP traffic, making it a valuable tool for security professionals.…