APIs (Application Programming Interfaces) have become the digital backbone of modern enterprises, seamlessly linking mobile applications, cloud platforms, and partner ecosystems. As their adoption rapidly progresses, APIs have also emerged as one of the most attractive entry points for hackers,…
Category: EN
U.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme
The U.S. Justice Department (DoJ) on Monday announced the seizure of a web domain and database that it said was used to further a criminal scheme designed to target and defraud Americans by means of bank account takeover fraud. The…
Hundreds of Arrests as Operation Sentinel Recovers $3m
Operational Sentinel helps to crack down on cybercrime across 19 African countries in a month-long campaign This article has been indexed from www.infosecurity-magazine.com Read the original article: Hundreds of Arrests as Operation Sentinel Recovers $3m
AI Drives Tech Debt Issuance To Record Level
Tech companies around the world issue record levels of debt as they spend hundreds of billions on data centres to power AI This article has been indexed from Silicon UK Read the original article: AI Drives Tech Debt Issuance To…
U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Digiever DS-2105 Pro flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Digiever DS-2105 Pro vulnerability, tracked as CVE-2023-52163 (CVSS Score of 8.8), to its Known…
Huawei’s HarmonyOS Crosses 27 Million User Mark
Huawei’s self-developed HarmonyOS has more than 27 million users, as China-developed OS competes with iOS, Android This article has been indexed from Silicon UK Read the original article: Huawei’s HarmonyOS Crosses 27 Million User Mark
Firewalla expands AP7 control and MSP management with app 1.67 update
Firewalla has announced Firewalla App version 1.67, a major upgrade that focuses on enterprise-grade Wi-Fi security, deeper access point control, and more flexible management for MSPs, small businesses, and advanced home users. The new release features expanded support for Enterprise…
Spotify music library scraped, DDoS disrupts French postal services, Fake delivery sites hit holiday shoppers
Spotify music library scraped DDoS disrupts France’s postal and banking services Fake delivery websites hit holiday shoppers Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs…
Minister Confirms UK Foreign Office Hacked
Government minister confirms Foreign Office hacked in October, after report of data theft by group backed by Chinese state This article has been indexed from Silicon UK Read the original article: Minister Confirms UK Foreign Office Hacked
From cheats to exploits: Webrat spreading via GitHub
We dissect the new Webrat campaign where the Trojan spreads via GitHub repositories, masquerading as critical vulnerability exploits to target cybersecurity researchers. This article has been indexed from Securelist Read the original article: From cheats to exploits: Webrat spreading via…
Spotify Music Library With 86M Music Files Scraped by Hacktivist Group
The shadow library known as Anna’s Archive has executed a massive scrape of Spotify, releasing a torrent collection containing approximately 86 million audio tracks and metadata for 256 million songs. The group, which typically focuses on archiving academic papers and…
Hackers Using ClickFix Technique to Hide Images within the Image Files
Threat actors have evolved their attack strategies by combining the deceptive ClickFix social engineering lure with advanced steganography techniques to conceal malicious payloads within PNG image files. This sophisticated approach, discovered by Huntress analysts, represents a significant shift in how…
CISA Adds Digiever Authorization Vulnerability to KEV List Following Active Exploitation
A critical vulnerability affecting Digiever DS-2105 Pro network video recorders was added to the Known Exploited Vulnerabilities (KEV) catalog on December 22, 2025, following evidence of active exploitation in the wild. CVE-2023-52163 is a missing authorization vulnerability in Digiever DS-2105…
Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances
A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. The vulnerability, tracked as CVE-2025-68613, carries a CVSS score of 9.9 out of a…
Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component
A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation This article has been indexed from WeLiveSecurity Read the original article: Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component
3.5 Million Affected by University of Phoenix Data Breach
The University of Phoenix is one of the many victims of the recent Oracle EBS hacking campaign attributed to the Cl0p ransomware group. The post 3.5 Million Affected by University of Phoenix Data Breach appeared first on SecurityWeek. This article…
Weak enforcement keeps PCI DSS compliance low
Payment card breaches continue to surface across industries, even after years of investment in security standards. A new study links this pattern to enforcement, showing that PCI DSS compliance trails behind HIPAA, GDPR, and the EU’s NIS2 Directive. A compliance…
FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks
The U.S. Federal Communications Commission (FCC) on Monday announced a ban on all drones and critical components made in a foreign country, citing national security concerns. To that end, the agency has added to its Covered List Uncrewed aircraft systems…
Formal proofs expose long standing cracks in DNSSEC
DNSSEC is meant to stop attackers from tampering with DNS answers. It signs records so resolvers can verify that data is authentic and unchanged. Many security teams assume that if DNSSEC validation passes, the answer can be trusted. New academic…
Malicious NPM Package with 56K Downloads Steals WhatsApp Messages
A dangerous npm package named “lotusbail” has been stealing WhatsApp messages and user data from thousands of developers worldwide. The package, which has been downloaded over 56,000 times, disguises itself as a legitimate WhatsApp Web API library while secretly running…