Category: EN

Lazarus Hackers Exploit 6 NPM Packages to Steal Login Credentials

North Korea’s Lazarus Group has launched a new wave of attacks targeting the npm ecosystem, compromising six packages designed to steal login credentials and deploy backdoors. The malicious packages is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, react-event-dependency, and auth-validator have collectively been downloaded…

Read more →

Apache Pinot Vulnerability Allows Attackers to Bypass Authentication

A significant security vulnerability affecting Apache Pinot, an open-source distributed data store designed for real-time analytics, has been publicly disclosed. The flaw, identified as CVE-2024-56325, allows remote attackers to bypass authentication on vulnerable installations, posing a critical threat to affected systems.…

Read more →

Navigating AI 🤝 Fighting Skynet

Using AI can be a great tool for adversarial engineering. This was just a bit of fun to see if it was possible todo and to learn more about automation but also proving you cannot trust git commit history nor…

Read more →

SAP Security Update Released to Fix Multiple Vulnerabilities

SAP announced 21 new Security Notes and updates to 3 previously released notes on its latest Security Patch Day. This release addresses critical vulnerabilities within SAP products, underscoring the company’s commitment to safeguarding enterprise software. SAP strongly recommends customers prioritize…

Read more →

DCRat backdoor returns

Kaspersky experts describe a new wave of attacks distributing the DCRat backdoor through YouTube under the guise of game cheats. This article has been indexed from Securelist Read the original article: DCRat backdoor returns

Read more →

Navigating AI 🤝 Fighting Skynet

Using AI can be a great tool for adversarial engineering. This was just a bit of fun to see if it was possible todo and to learn more about automation but also proving you cannot trust git commit history nor…

Read more →

Apache Tomcat Vulnerability Exposes Servers to RCE Attacks

A critical security vulnerability in Apache Tomcat (CVE-2025-24813) has exposed servers to remote code execution (RCE), information disclosure, and data corruption risks.  The flaw, rooted in improper handling of partial HTTP PUT requests, affects Tomcat versions 11.0.0-M1 to 11.0.2, 10.1.0-M1…

Read more →

Critical Veritas Vulnerability Let Attackers Execute Malicious Code

A critical security flaw in Veritas’ Arctera InfoScale product line has exposed enterprise systems to remote code execution (RCE) attacks, underscoring persistent risks in disaster recovery infrastructure.  Tracked as CVE-2025-27816, the vulnerability (CVSS v3.1 score: 9.8) resides in the Windows…

Read more →

DDoS Blamed as X Suffers Multiple Outages

Pro-Palestine Dark Storm Team group claims responsibility for major DDoS attacks on X This article has been indexed from www.infosecurity-magazine.com Read the original article: DDoS Blamed as X Suffers Multiple Outages

Read more →

Navigating AI 🤝 Fighting Skynet

Using AI can be a great tool for adversarial engineering. This was just a bit of fun to see if it was possible todo and to learn more about automation but also proving you cannot trust git commit history nor…

Read more →

AuditBoard unveils AI-powered audit capabilities

AuditBoard announced new AI-powered audit capabilities, further integrating AI into the product, boosting efficiency, and enabling auditors to focus on more strategic tasks. Internal audit teams are increasingly integrating AI into their work according to the Internal Audit Foundation’s 2025…

Read more →

Navigating AI 🤝 Fighting Skynet

Using AI can be a great tool for adversarial engineering. This was just a bit of fun to see if it was possible todo and to learn more about automation but also proving you cannot trust git commit history nor…

Read more →