A sophisticated and highly coordinated cyberattack campaign came to light, as tracked by Guardz Research. This operation zeroed in on legacy authentication protocols within Microsoft Entra ID, exploiting outdated methods to sidestep modern security measures like Multi-Factor Authentication (MFA) and…
Category: EN
Cybercriminals Hide Undetectable Ransomware Inside JPG Images
A chilling new ransomware attack method has emerged, with hackers exploiting innocuous JPEG image files to deliver fully undetectable (FUD) ransomware, according to a recent disclosure by cybersecurity researchers. This technique, which bypasses traditional antivirus systems, highlights an alarming evolution in…
Unending ransomware attacks are a symptom, not the sickness
We need to make taking IT systems ‘off the books’ a problem for corporate types Opinion It’s been a devastating few weeks for UK retail giants. Marks and Spencer, the Co-Op, and now uber-posh Harrods have had massive disruptions due…
Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures
Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile. “Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms…
German Police Shutter “eXch” Money Laundering Service
Germany’s BKA has seized the infrastructure behind the crypto swapping service eXch This article has been indexed from www.infosecurity-magazine.com Read the original article: German Police Shutter “eXch” Money Laundering Service
Mitel SIP Phone Flaws Allow Attackers to Inject Malicious Commands
A pair of vulnerabilities in Mitel’s 6800 Series, 6900 Series, and 6900w Series SIP Phones-including the 6970 Conference Unit-could enable attackers to execute arbitrary commands or upload malicious files to compromised devices, posing significant risks to enterprise communication systems. The…
Defendnot: A Tool That Disables Windows Defender by Registering as Antivirus
Cybersecurity developers have released a new tool called “defendnot,” a successor to the previously DMCA-takedown-affected “no-defender” project. This innovative utility leverages undocumented Windows Security Center APIs to disable Windows Defender by registering itself as a third-party antivirus solution. The developer…
Hackers Abuse Copilot AI in SharePoint to Steal Passwords and Sensitive Data
Microsoft’s Copilot for SharePoint, designed to streamline enterprise collaboration through generative AI, has become an unexpected weapon for cybercriminals targeting organizational secrets. Recent findings from cybersecurity researchers reveal that attackers are exploiting AI agents embedded in SharePoint sites to bypass…
Nvidia ‘Downgrading’ H20 AI Chip For China
Nvidia reportedly tells customers it is preparing July release for downgraded H20 AI chip with reduced memory capacity This article has been indexed from Silicon UK Read the original article: Nvidia ‘Downgrading’ H20 AI Chip For China
Defendnot — A New Tool That Disables Windows Defender by Posing as an Antivirus Solution
Defendnot, a sophisticated new tool that effectively disables Windows Defender by exploiting the Windows Security Center (WSC) API to register itself as a legitimate antivirus solution. The Windows Security Center service is designed to ensure Windows computers maintain adequate security…
Critical Vulnerabilities in Mitel SIP Phones Let Attackers Inject Malicious Commands
Security researchers have discovered two significant vulnerabilities affecting Mitel’s suite of SIP phones that could allow attackers to execute arbitrary commands and upload malicious files. The more severe vulnerability, identified as CVE-2025-47188, received a critical CVSS score of 9.8 and…
Japan finance hacks, Pearson suffers cyberattack, Teams blocks screen captures
Hackers hijack Japanese financial accounts to conduct billions in trades Education giant Pearson hit by cyberattack exposing customer data Microsoft Teams will soon block screen capture during meetings Huge thanks to our sponsor, Vanta Do you know the status of…
Microsoft Teams to Safeguard Meetings by Blocking Screen Snaps
Microsoft has announced the upcoming release of a groundbreaking “Prevent Screen Capture” feature for Teams, designed to block unauthorized screenshots and recordings during virtual meetings. The new capability, slated for worldwide deployment in July 2025, underscores Microsoft’s increasing commitment to…
German police seized eXch crypto exchange
Germany’s BKA shut down eXch crypto exchange, seizing its infrastructure over money laundering and illegal trading platform charges. On April 30, 2025, Germany’s Federal Criminal Police (BKA) shut down the eXch crypto exchange (eXch.cx), seizing its infrastructure over money laundering…
When Visibility Meets Action in NHS Cybersecurity
In NHS cybersecurity, one problem keeps security teams up at night: the gap between spotting issues and actually fixing them. If you work in healthcare IT, you know this headache all too well. Legacy systems that can’t be easily patched,…
Bluetooth 6.1 released, enhances privacy and power efficiency
The Bluetooth Special Interest Group has released Bluetooth 6.1, and one of the most important new features is an update to how devices manage privacy and power. The update, called Bluetooth Randomized RPA (resolvable private address) Updates, helps protect users…
Cyber Threats Target HR, AI Tools, and Critical Infrastructure: A Comprehensive Update
In this episode of Cybersecurity Today, host David Shipley covers a range of cyber threats including the Venom Spider malware targeting HR professionals, the emergence of the Noodlofile info stealer disguised as an AI video generator, and misinformation campaigns amid…
DragonForce Ransomware targeting M&S vows not to target Russia or Soviet Union
In a surprising twist, DragonForce Ransomware, the group responsible for a recent attack on UK retailer Marks & Spencer, has made an unusual public plea. The group is reportedly asking other cybercriminal organizations to avoid targeting businesses operating in Russia…
Can Your Photos Stored Online Cause Privacy Concerns
In this digital age, photos have become one of the most shared and stored types of content online. Whether it’s a picture shared on social media, an image saved to a cloud service, or even photos attached to an email,…
New Exploit Method Extracts Microsoft Entra Tokens Through Beacon
A novel exploit method leveraging Beacon Object Files (BOFs) has emerged, enabling attackers to extract Microsoft Entra (formerly Azure AD) tokens from compromised endpoints, even on non-domain-joined or BYOD devices. This technique sidesteps traditional detection mechanisms and expands access to…