This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools…
Category: EN
US Army Soldier Arrested for Hacking 15 Telecom Carriers
U.S. Army Specialist Cameron John Wagenius, 21, is charged with federal offenses for allegedly hacking at least 15 telecom companies and trying to extort a major provider while leveraging stolen call detail records (CDRs) of high-ranking officials. The U.S. Department…
New Vulnerability in Substack let Attackers Take Over Subdomains
A newly disclosed edge case in Substack’s custom domain implementation allows threat actors to hijack inactive subdomains, potentially enabling content spoofing, phishing campaigns, and brand impersonation. The researcher identified 1,426 vulnerable domains – representing 8% of all Substack-associated custom domains…
MediaTek Warns of Multiple Vulnerabilities that let Attackers Escalate Privileges
MediaTek has issued urgent security advisories warning of multiple high-severity vulnerabilities in its system-on-chip (SoC) architectures, including flaws that enable local privilege escalation (LPE) and remote code execution (RCE). The March 2025 Product Security Bulletin highlights three high severity vulnerabilities…
Apache Derby Vulnerability Let Attackers Bypass Authentication with LDAP Injection
A critical security vulnerability (CVE-2022-46337) in Apache Derby, an open-source relational database implemented entirely in Java, has exposed systems to authentication bypass attacks via LDAP injection. The flaw, rated with a CVSS score of 9.1, enables attackers to craft malicious…
Vulnerable Paragon Driver Exploited in Ransomware Attacks
Ransomware operators exploit a vulnerable Paragon driver in BYOVD attacks to elevate privileges to System. The post Vulnerable Paragon Driver Exploited in Ransomware Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Vulnerable…
The New Ransomware Groups Shaking Up 2025
In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023. After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents (33% of the year’s total). Law enforcement actions against major groups like LockBit…
Vodafone Trials Quantum-Safe Tech to Protect Smartphone Browsing
Telecoms provider Vodafone has developed the new proof of concept with IBM, as it seeks to implement post-quantum cryptography ahead of anticipated quantum-based attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Vodafone Trials Quantum-Safe Tech to…
Mark of the Web: Some Technical Details, (Mon, Mar 3rd)
The Mark of the Web (MoTW) is file metadata in Windows that marks a file that was obtained from an untrusted source. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Mark of…
Uncovering .NET Malware Obfuscated by Encryption and Virtualization
Malware authors use AES encryption and code virtualization to evade sandbox static analysis. We explore how this facilitates spread of Agent Tesla, XWorm and more. The post Uncovering .NET Malware Obfuscated by Encryption and Virtualization appeared first on Unit 42.…
Foxconn Breaks Ground On Massive EV Headquarters
Foxconn begins construction of massive headquarters in China for new businesses as it aims to become ‘Android of EVs’ This article has been indexed from Silicon UK Read the original article: Foxconn Breaks Ground On Massive EV Headquarters
Bitcoin Drops 25 Percent From Peak
Bitcoin sees biggest weekly decline since collapse of FTX in 2022 as optimism evaporates and investors sell risky assets This article has been indexed from Silicon UK Read the original article: Bitcoin Drops 25 Percent From Peak
JavaGhost: Exploiting Amazon IAM Permissions for Phishing Attacks
Unit 42 researchers have observed a threat actor group known as JavaGhost exploiting misconfigurations in Amazon Web Services (AWS) environments to conduct sophisticated phishing campaigns. Active for over five years, JavaGhost has pivoted from website defacement to leveraging compromised cloud…
Hackers Using PowerShell and Microsoft Legitimate Apps to Deploy Malware
Cybersecurity experts are warning of an increasing trend in fileless attacks, where hackers leverage PowerShell and legitimate Microsoft applications to deploy malware without leaving significant traces on compromised systems. These sophisticated attacks, which have been around for over two decades,…
Indian Stock Broker Angel One Discloses Data Breach
Indian stock broker Angel One says client information was compromised in a data breach involving its AWS account. The post Indian Stock Broker Angel One Discloses Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
New Poco RAT Via Weaponized PDF Attacking Users to Capture Sensitive Data
A new variant of malware, dubbed “Poco RAT,” has emerged as a potent espionage tool in a campaign targeting Spanish-speaking users in Latin America. Security researchers at Positive Technologies Expert Security Center (PT ESC) have linked this malware to the…
Industry Moves for the week of March 3, 2025 – SecurityWeek
Explore industry moves and significant changes in the industry for the week of March 3, 2025. Stay updated with the latest industry trends and shifts. This article has been indexed from SecurityWeek Read the original article: Industry Moves for the…
Black Basta Leak Offers Glimpse Into Group’s Inner Workings
A massive hoard of internal chats has been leaked from Black Basta, rivalling the Conti leaks of late February 2022. The post Black Basta Leak Offers Glimpse Into Group’s Inner Workings appeared first on SecurityWeek. This article has been indexed…
DOGE Access to Personal Information and The Difficulty of Showing Harm in Privacy Litigation
If a company has effective insurance, prevention becomes even less cost-effective. By failing to “value” privacy alone, the system skews in favor of not protecting privacy. The post DOGE Access to Personal Information and The Difficulty of Showing Harm in…
Alibaba To Ship High-Performance RISC-V Chip In March
Alibaba develops open source RISC-V-based chip for high-performance computing as it plans massive AI, cloud expenditure This article has been indexed from Silicon UK Read the original article: Alibaba To Ship High-Performance RISC-V Chip In March