A sophisticated campaign by the Pakistan-linked SideCopy Advanced Persistent Threat (APT) group has emerged since late December 2024, targeting critical Indian government sectors with enhanced tactics. The group has significantly expanded its scope beyond traditional defense and maritime sectors to…
Category: EN
HollowQuill Malware Attacking Government Agencies Worldwide Via Weaponized PDF Documents
A sophisticated malware campaign dubbed “HollowQuill” has emerged as a significant threat to academic institutions and government agencies worldwide. The attack leverages weaponized PDF documents disguised as research papers, grant applications, or official government communiques to entice unsuspecting victims into…
Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine
The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel. The group…
The Identities Behind AI Agents: A Deep Dive Into AI & NHI
AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain…
PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party
Overview of the PlayPraetor Masquerading Party Variants CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants.…
Amazon Delays Project Kuiper Launch Amid Bad Weather
First launch of Amazon’s Project Kuiper internet satellites pushed back amid “stubborn” cloud cover, heavy winds This article has been indexed from Silicon UK Read the original article: Amazon Delays Project Kuiper Launch Amid Bad Weather
TP-Link Smart Hub Flaw Exposes Users’ Wi-Fi Credentials
A critical vulnerability has been discovered in TP-Link’s Smart Hub, potentially exposing users’ Wi-Fi credentials to malicious actors. This flaw could allow attackers to gain unauthorized access to sensitive information, posing significant risks to affected users. The vulnerability, identified as CVE-2025-0072,…
Hackers Claim WooCommerce Breach Exposing 4.4 Million Customer Records
A hacker operating under the alias “Satanic” has claimed responsibility for a massive data breach involving WooCommerce, a leading e-commerce platform used globally to power online stores. The breach, allegedly carried out on April 6, 2025, has reportedly compromised sensitive…
Google Launches Sec-Gemini v1: A New AI Powerhouse for Cybersecurity
Google today announced the release of Sec-Gemini v1, an experimental Artificial Intelligence (AI) model specifically designed to revolutionize… The post Google Launches Sec-Gemini v1: A New AI Powerhouse for Cybersecurity appeared first on Hackers Online Club. This article has been…
An APT group exploited ESET flaw to execute malware
At least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures. Kaspersky researchers reported that an APT group, tracked as ToddyCat, has exploited a vulnerability in ESET software to stealthily execute malware, bypassing…
Infosec experts fear China could retaliate against tariffs with a Typhoon attack
Scammers are already cashing in with fake invoices for import costs World War Fee As the trade war between America and China escalates, some infosec and policy experts fear Beijing will strike back in cyberspace.… This article has been indexed…
GitHub Announces General Availability of Security Campaigns
GitHub security campaigns make it easier for developers and security teams to collaborate on fixing vulnerabilities in their applications. The post GitHub Announces General Availability of Security Campaigns appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Watch out for these traps lurking in search results
Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results This article has been indexed from WeLiveSecurity Read the original article: Watch out for these traps lurking in search…
Russian APT Hackers Using Device Code Phishing Technique to Bypass MFA
A sophisticated cyber campaign orchestrated by the Russian state-backed group Storm-2372 has emerged, exploiting device code phishing tactics to circumvent Multi-Factor Authentication (MFA) security measures. This targeted approach represents a significant escalation in threat actors’ capabilities to defeat advanced security…
New Mirai Botnet Exploiting TVT DVRs To Gain Administrative Control
Cybersecurity researchers have identified a significant spike in exploitation attempts targeting TVT NVMS9000 digital video recorders (DVRs), with activity surging to three times normal levels in early April 2025. This new campaign appears to be linked to the infamous Mirai…
Linux Firewall IPFire 2.29 Released With Support for Post-Quantum Cryptography & Core Updates
IPFire has announced the release of version 2.29 (Core Update 193), introducing significant enhancements to the Linux-based firewall distribution. This update brings forward-thinking security features, including post-quantum cryptography support for IPsec tunnels and major toolchain upgrades that strengthen the system’s…
Authorities Seized Smokeloader Malware Operators & Seized Servers
Law enforcement agencies across Europe and North America have arrested five individuals linked to the Smokeloader botnet service as part of Operation Endgame’s second phase. This follow-up action, conducted in early April 2025, specifically targeted the “customers” of the notorious…
Microsoft Identity Web Package Vulnerability Exposes Client Secrets & Certificate Information
A moderate-severity vulnerability has been identified in Microsoft Identity Web. Under specific conditions, it could potentially expose sensitive client secrets and certificate information in service logs. The flaw, tracked as CVE-2025-32016, impacts versions 3.2.0 through 3.8.1 of the library and…
Nissan Leaf Hacked for Remote Spying, Physical Takeover
Researchers find vulnerabilities that can be exploited to remotely take control of a Nissan Leaf’s functions, including physical controls. The post Nissan Leaf Hacked for Remote Spying, Physical Takeover appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence
Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals. “In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar,’…