CVE-2025-0411 is a vulnerability in 7-zip that has been reported to be exploited in recent attacks. The problem is that Mark-of-Web (MoW) isn't propagated correctly: when extracted, a file inside a ZIP file inside another ZIP file will not have…
Category: EN
Critical Zimbra Flaws Allow Attackers to Gain Unauthorized Access to Sensitive Data
Serious vulnerabilities in Zimbra Collaboration Suite (ZCS), a popular enterprise email and collaboration platform, have raised alarm in the cybersecurity community. Security researchers have identified several critical flaws that allow attackers to access sensitive data and compromise user accounts. With…
Linux Kernel 6.14-rc2 Released – What’s Newly Added !
Linus Torvalds, lead developer of the Linux kernel, announced the second release candidate (rc2) of Linux Kernel 6.14, providing developers and enthusiasts with a glimpse at the latest updates and fixes in the kernel’s development cycle. The announcement was made…
Black Duck Report: Inventory, Automation, and Endorsement
Organizations are increasingly prioritizing compliance due to recent regulatory requirements, such as those from the US Government regarding the sale of software to the US government and the EU’s Digital Operational Resilience Act (DORA). This was one of the findings…
Careers in Cybersecurity: Myths and Realities with Kathleen Smith
In this episode we welcome Kathleen Smith, CMO of ClearedJobs.net, to discuss the current state of the cybersecurity job market. Kathleen shares her extensive experience in the field, recounting her tenure in various cybersecurity events and her contributions to job…
Ransomware Payments Drop:Cyber Security Today for Monday, February 10, 2025
In this episode of Cyber Security Today with host Jim Love, we delve into the significant 35% drop in global ransomware payments in 2024, highlighting a growing resistance to hacker demands and improved law enforcement actions. We also discuss a…
What is a Seed Phrase Cyber Attack?
In the growing world of cryptocurrency and digital assets, security is a top concern. One of the most significant risks that cryptocurrency holders face is the potential for a seed phrase cyber attack. While these attacks are often misunderstood by…
Hackers Exploiting Google Tag Manager To Steal Credit Card From eCommerce Sites
Hackers have been exploiting Google Tag Manager (GTM) to steal sensitive credit card information from eCommerce sites, particularly those built on the Magento platform. This sophisticated attack shows the evolving tactics of cybercriminals in leveraging legitimate tools for malicious purposes.…
Judge says US Treasury ‘more vulnerable to hacking’ since Trump let the DOGE out
Order requires destruction of departmental data accessed by Musky men Trump administration policies that allowed Elon Musk’s Department of Government Efficiency to access systems and data at the Bureau of the Fiscal Service (BFS) have left the org “more vulnerable…
Details on Home Office Apple iCloud access and FBI message scam alert
UK Home Office Seeks Access to Apple iCloud Accounts The Home Office of the United Kingdom, a key ministerial authority responsible for overseeing immigration, national security, law enforcement, and order, has recently made a significant move aimed at gaining access…
February 2025 Patch Tuesday forecast: New directions for AI development
The new year has started with a whirlwind of activity, and one of the hottest topics in the news is the increasing emphasis on AI. DeepSeek ad Stargate DeepSeek took the world by storm as millions of copies were downloaded…
XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells
Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day…
Tor Browser 14.0.6 Released, What’s New!
The Tor Project has officially unveiled Tor Browser 14.0.6, now accessible for download from the Tor Browser download page and its distribution directory. The latest update introduces critical fixes and enhancements, ensuring a smoother and more secure browsing experience for users. Here’s a detailed…
Linux Kernel 6.14 Released – What’s New With rc2!
Linus Torvalds announced the release of Linux Kernel 6.14-rc2, the second release candidate in the 6.14 series. The release follows the usual weekly schedule and comes as a relatively small update, consistent with the overall size of the 6.14 kernel.…
Security validation: The new standard for cyber resilience
Security validation has officially turned a corner. Once considered a “nice-to-have” it’s now a top priority for security leaders worldwide. This shift has been accelerated by frameworks like Gartner’s Continuous Threat Exposure Management (CTEM), introduced in 2022, which emphasizes the…
India’s banking on the bank.in domain cleaning up its financial services sector
With over 2,000 banks in operation, a domain only they can access has clear potential to make life harder for fraudsters India’s Reserve Bank last week announced a plan to use adopt dedicated second-level domains – bank.in and fin.in –…
Political campaigns struggle to balance AI personalization and voter privacy
In this Help Net Security interview, Mateusz Łabuz, researcher at the IFSH, discusses the balance between using AI for personalized political campaigns and protecting voter privacy. Łabuz also discusses the potential of AI in fact-checking, the regulatory landscape, and the…
Hackers Exploit AnyDesk Vulnerability to Gain Admin Access – PoC Released
A newly discovered vulnerability in AnyDesk, the popular remote desktop software, has sparked serious cybersecurity concerns. Identified as CVE-2024-12754 and tracked under ZDI-24-1711, this flaw allows local attackers to exploit a mechanism to handle Windows background images, potentially escalating their…
India wants all banking to happen at dedicated bank.in domain
With over 2,000 banks in operation, the potential to make life harder for fraudsters is obvious India’s Reserve Bank last week announced a plan to use adopt dedicated second-level domains – bank.in and fin.in – in the hope it improves…
Adopt Me Trading Values – 86,136 breached accounts
In July 2022, the Adopt Me Trading Values website for assessing the value of pet trades within the "Adopt Me!" Roblox game suffered a data breach that was later redistributed as part of a larger corpus of data. The breach…