Tripwire’s February 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. Up first on the list are patches for Microsoft Edge (Chromium-based) that resolve 4 remote code execution and 2 spoofing vulnerabilities. Next on the list are patches…
Category: EN
North Korean Fake IT Workers Pose as Blockchain Developers on GitHub
North Korean fake IT workers are creating personas on GitHub to land blockchain developer jobs at US and Japanese firms. The post North Korean Fake IT Workers Pose as Blockchain Developers on GitHub appeared first on SecurityWeek. This article has…
Silk Typhoon targeting IT supply chain
Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing IT supply chain attacks to gain access…
Cisco Webex for BroadWorks Flaw Opens Door for Attackers to Access Credentials
Cisco Systems has disclosed a security vulnerability in its Webex for BroadWorks unified communications platform that could allow attackers to intercept sensitive credentials and user data under specific configurations. The flaw, tracked as CSCwo20742 and classified as a low-severity issue, impacts organizations…
Android zero-day vulnerabilities actively abused. Update as soon as you can
Android’s March 2025 security update includes two zero-days which are under active exploitation in targeted attacks. This article has been indexed from Malwarebytes Read the original article: Android zero-day vulnerabilities actively abused. Update as soon as you can
Leeds United kick card swipers into Row Z after 5-day cyberattack
English football club offers apologies after fans’ card details stolen from online retail store English football club Leeds United says cyber criminals targeted its retail website during a five-day assault in February and stole the card details of “a small…
Identity: The New Cybersecurity Battleground
The rapid adoption of cloud services, SaaS applications, and the shift to remote work have fundamentally reshaped how enterprises operate. These technological advances have created a world of opportunity but also brought about complexities that pose significant security threats. At…
Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants
The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan with updated versions of a known backdoor called Sagerunex. “Lotus Blossom has been using the…
Australia Bans Kaspersky Products From Government Systems
After other countries, Australia also steps in against Kaspersky, deeming it a security risk. In… Australia Bans Kaspersky Products From Government Systems on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article has been…
Meta Fired Employees For Alleged Information Leaks
After expressing concern for some time, Mark Zuckerberg, the brain behind Meta (formerly Facebook), showed… Meta Fired Employees For Alleged Information Leaks on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article has been…
Thousands of Misconfigured AMS Risk Buildings’ Security Globally
Researchers found thousands of misconfigured access management systems (AMS) exposing sensitive data online. These misconfigured… Thousands of Misconfigured AMS Risk Buildings’ Security Globally on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article has…
Microsoft Retires Skype, Asks Users To Switch To Teams Free
The popular chat app Skype’s demise is now official. Microsoft recently asked all users to… Microsoft Retires Skype, Asks Users To Switch To Teams Free on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This…
New Auto-Color Linux Malware Targets Universities, Government Organizations
A new threat to Linux systems is active in the wild, targeting universities and government… New Auto-Color Linux Malware Targets Universities, Government Organizations on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article has…
Apple Appeals UK Order For ‘Backdoor’ iCloud Access – Report
Legal challenge launched by Apple against UK’s order for backdoor access to Apple’s end-to-end iCloud encryption product This article has been indexed from Silicon UK Read the original article: Apple Appeals UK Order For ‘Backdoor’ iCloud Access – Report
North Korean IT Workers Exploit GitHub to Launch Global Cyber Attacks
A network of suspected North Korean IT workers is using GitHub to create and backstop fake personas, aiming to infiltrate companies globally, particularly in Japan and the United States. DPRK-Linked Network Targets Companies in Japan and US Cybersecurity firm Nisos…
Operation Sea Elephant Targets Organizations to Steal Research Data
A sophisticated Advanced Persistent Threat (APT) group, known as CNC, has been conducting a cyber espionage campaign dubbed “Operation Sea Elephant” targeting scientific research institutions and universities in South Asia. The operation, which aims to steal research data related to…
Beware! Fake CAPTCHA Hidden LummaStealer Threat Installing Silently
Cybersecurity researchers at G DATA have uncovered a sophisticated malware campaign utilizing fake booking websites to deliver the LummaStealer malware through deceptive CAPTCHA prompts. This new attack vector, discovered in January 2025, marks a significant shift in LummaStealer’s distribution methods,…
Over 10,000 WordPress Sites Exposed by Donation Plugin Code Execution Vulnerability
A critical security flaw in the widely used GiveWP – Donation Plugin and Fundraising Platform has left over 10,000 WordPress websites vulnerable to remote code execution attacks since March 3, 2025. Tracked as CVE-2025-0912, the vulnerability allows unauthenticated attackers to hijack sites by…
CISA Identifies Five New Vulnerabilities Currently Being Exploited
Of the five, one is a Windows vulnerability, another is a Cisco vulnerability. We don’t have any details about who is exploiting them, or how. News article. Slashdot thread. This article has been indexed from Schneier on Security Read the…
U.S Treasury Sanctions Admin of Nemesis Darknet Marketplace
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sweeping sanctions today against Behrouz Parsarad, an Iran-based cybercriminal identified as the sole administrator of the Nemesis darknet marketplace. This move marks OFAC’s first recognition as a…