Thales launched OneWelcome FIDO Key Lifecycle Management, a new solution to help large organizations successfully deploy and manage FIDO security passkeys at scale. OneWelcome FIDO Key Lifecycle Management combines an interoperable management platform with Thales hardware FIDO security keys (passkeys)…
Category: EN
US, UK and Australia Sanction Russian Bulletproof Hoster Zservers
The US and its allies have sanctioned Russian bulletproof hoster Zservers for abetting ransomware attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: US, UK and Australia Sanction Russian Bulletproof Hoster Zservers
Microsoft Fixes Another Two Actively Exploited Zero-Days
February Patch Tuesday sees Microsoft fix four zero-days, including two under active exploitation This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Fixes Another Two Actively Exploited Zero-Days
Windows Storage 0-Day Vulnerability Let Attackers Delete The Target Files Remotely
A significant security vulnerability has been identified in Windows, allowing attackers to remotely delete targeted files on affected systems. This vulnerability, tracked as CVE-2025-21391, was disclosed on February 11, 2025, and is classified as an Elevation of Privilege vulnerability with…
Hackers Exploit Prompt Injection to Tamper with Gemini AI’s Long-Term Memory
A sophisticated attack targeting Google’s Gemini Advanced chatbot. The exploit leverages indirect prompt injection and delayed tool invocation to corrupt the AI’s long-term memory, allowing attackers to plant false information that persists across user sessions. This vulnerability raises serious concerns…
Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely
Ivanti has disclosed a critical vulnerability, CVE-2025-22467, impacting its Connect Secure (ICS) product. This stack-based buffer overflow vulnerability, rated 9.9 (Critical) on the CVSS v3.1 scale, allows remote authenticated attackers to execute arbitrary code on affected systems. The flaw is…
Google Chrome’s Safe Browsing Now Protect 1 Billion Users With 300,000 Deep Scans
In honor of Safer Internet Day, Google has announced a significant milestone in online security, more than 1 billion Chrome users are now safeguarded by the browser’s Enhanced Protection mode. This advanced security feature, introduced in 2020 as part of…
Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications
Devolutions have disclosed critical vulnerabilities in its Remote Desktop Manager (RDM) software, which could allow attackers to intercept and modify encrypted communications through man-in-the-middle (MITM) attacks. These flaws stem from improper certificate validation across all platforms and have been assigned…
0-Day Vulnerability in Windows Storage Allow Hackers to Delete the Target Files Remotely
A newly discovered 0-day vulnerability in Windows Storage has sent shockwaves through the cybersecurity community. Identified as CVE-2025-21391, this critical flaw allows attackers to elevate privilege and remotely delete targeted files on a victim’s system without their interaction. Microsoft officially confirmed…
U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2024-40891 is a…
Thales unveils OneWelcome FIDO Key Management for scalable passkey security
Thales has announced the launch of OneWelcome FIDO Key Lifecycle Management, a new solution to help large organizations successfully deploy and manage FIDO security passkeys at scale. OneWelcome FIDO Key Lifecycle Management combines an interoperable management platform with Thales hardware…
Armor Nexus reduces an organization’s attack surface
Armor unveiled Nexus, a platform designed to provide transparency, proactive risk reduction, and intelligent support for large, complex organizations to ensure an adaptable, comprehensive, and unified cybersecurity strategy. With Nexus, Armor Defense reinforces its commitment of being the trusted security…
EchoMark’s API detects, investigates, and identifies the source of data leaks
EchoMark launched its new API. The API seamlessly integrates EchoMark’s watermarking and leak detection capabilities directly into workflows and applications, protecting sensitive information without disrupting current operations. EchoMark is the only company to watermark plain text. Having pioneered forensic watermarking…
LockBit host sanctioned, DeepSeek security, trojanized KMS
LockBit host sanctioned A peak at DeepSeek’s weak security Sandworm targeting Ukraine with trojanized KMS Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is…
Safer Internet Day – Getting Serious With Passwords
To celebrate Safer Internet Day (SID) and raise further awareness around promoting the safe and positive use of digital technology for the theme “Together for a better Internet,” we’ve decided to focus on a critical element within security that many…
Sandworm APT Hackers Weaponize Microsoft KMS Activation Tools To Compromise Windows
In a sophisticated cyber-espionage operation, the Russian state-sponsored hacking group Sandworm (APT44), linked to the GRU (Russia’s Main Intelligence Directorate), has been exploiting pirated Microsoft Key Management Service (KMS) activation tools to target Ukrainian Windows users. The campaign, which began…
Ratatouille Malware Bypass UAC Control & Exploits I2P Network to Launch Cyber Attacks
A newly discovered malware, dubbed “Ratatouille” (or I2PRAT), is raising alarms in the cybersecurity community due to its sophisticated methods of bypassing User Account Control (UAC) and leveraging the Invisible Internet Project (I2P) network for anonymous Command and Control (C2)…
Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs
Microsoft Patch Tuesday security updates for February 2025 addressed four zero-day flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2025 addressed 57 vulnerabilities in Windows and Windows Components, Office and Office…
Microsoft Secure Boot Security 0-Day Lets Attackers Steal The Admin Credentials
A significant security vulnerability, identified as CVE-2023-24932, has been discovered in Microsoft’s Secure Boot feature. This vulnerability allows attackers to bypass Secure Boot, potentially leading to the theft of admin credentials. The vulnerability was first disclosed on May 9, 2023,…
Scammers Exploit DeepSeek Hype: Cyber Security Today for Wednesday, February 12, 2025
Scammers Exploit DeepSeek Hype & Jailbreak OpenAI’s O3 Mini – TechNewsDay Update In this episode, we uncover how scammers are exploiting the recent hype around DeepSeek, a new AI model, by creating fake websites, counterfeit cryptocurrency tokens, and malware-laced downloads.…