Check Point Research (CPR) has revealed that cybercriminals are increasingly leveraging the newly launched AI models, DeepSeek and Qwen, to create malicious content. These models, which lack robust anti-abuse provisions, have quickly become a preferred choice for threat actors over…
Category: EN
Developers Beware! Malicious ML Models Found on Hugging Face Platform
In a concerning development for the machine learning (ML) community, researchers from ReversingLabs have uncovered malicious ML models on the Hugging Face platform, a popular hub for AI collaboration. Dubbed “nullifAI,” this novel attack method leverages vulnerabilities in the widely…
New Facebook Fake Copyright Notices to Steal Your FB Accounts
A newly discovered phishing campaign is using fake Facebook copyright infringement notices to trick users into divulging their credentials, potentially compromising business accounts. Phishing Campaign Exploits Facebook Brand to Target Businesses Researchers at Check Point Software Technologies revealed that this…
Hackers Exploiting SimpleHelp Vulnerabilities to Deploy Malware on Systems
Cybercriminals are actively exploiting vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to infiltrate networks, create unauthorized administrator accounts, and deploy malware, including the Sliver backdoor. These flaws, identified as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, were disclosed in early January…
Attackers used a public ASP.NET machine to conduct ViewState code injection attacks
Microsoft researchers warn that threat actors are delivering the Godzilla framework using a static ASP.NET machine. In December 2024, Microsoft Threat Intelligence researchers spotted a threat actor using a public ASP.NET machine key to deploy Godzilla malware, exploiting insecure key…
HPE Aruba Networking ClearPass Policy Manager Vulnerabilities Allow Arbitrary Code Execution
Hewlett Packard Enterprise (HPE) has disclosed multiple critical vulnerabilities in its Aruba Networking ClearPass Policy Manager (CPPM), a widely used network access control solution. These flaws, if exploited, could lead to arbitrary code execution, privilege escalation, and sensitive data exposure.…
DeepSeek iOS App Sending Data Unencrypted to ByteDance Controlled Server
Critical vulnerabilities have been disclosed in the DeepSeek iOS app, raising concerns over privacy and national security risks. The app, which has been the top iOS download since January 25, 2025, transmits sensitive user data unencrypted to servers controlled by…
Dell Update Manager Plugin Vulnerability Let Hackers Access Sensitive Data
Dell Technologies has issued a security update addressing a vulnerability in its Update Manager Plugin (UMP), which could allow attackers to exploit sensitive data through improper neutralization of HTML tags in web pages. This vulnerability, identified as CVE-2025-22402, has been…
Ex-Google Engineer Charged for Stealing AI Secrets to China
In a groundbreaking case highlighting the intersection of technology and national security, a federal grand jury has indicted Linwei Ding, also known as Leon Ding, on four counts of theft of trade secrets. The charges allege that Ding, a former…
Logsign Vulnerability Remote Attackers to Bypass Authentication
A severe security vulnerability identified as CVE-2025-1044 has been disclosed in the Logsign Unified SecOps Platform, a widely used software for security operations. This flaw, rated with a CVSS score of 9.8, poses a critical threat, allowing remote attackers to…
Trimble Cityworks Customers Warned of Zero-Day Exploitation
Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware. The post Trimble Cityworks Customers Warned of Zero-Day Exploitation appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Cybercriminals Weaponize Graphics Files in Phishing Attacks
Sophos has observed cybercriminals ramping up their use of graphics files as part of email phishing attacks to bypass conventional security protections This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybercriminals Weaponize Graphics Files in Phishing Attacks
Former Google Engineer Charged for Allegedly Stealing AI Secrets for China
A federal grand jury has indicted Linwei Ding, also known as Leon Ding, a former Google software engineer, on four counts of theft of trade secrets. The charges stem from allegations that Ding stole proprietary artificial intelligence (AI) technologies from…
Hackers Exploiting DeepSeek & Qwen AI Models To Develop Malware
Hackers have begun leveraging the capabilities of DeepSeek and Qwen AI models to create sophisticated malware. These models, known for their advanced language processing capabilities, have attracted the attention of cybercriminals due to their potential for generating malicious content with…
Securing Data Catalog Implementation
If you have been reached out by your data engineering team to give security approval for a particular data catalog vendor and wondering what a data catalog solution can do, its purpose and how to securely integrate a data catalog solution…
Outlook RCE bug, Kimsuky forceCopy malware, Treasury tightens DOGE
Critical RCE bug in Microsoft Outlook now exploited in attacks Kimsuky uses forceCopy malware to steal browser-stored credentials Treasury agrees to block additional DOGE staff from accessing sensitive payment systems Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a…
Dell Update Manager Plugin Flaw Exposes Sensitive Data
Dell Technologies has issued a security advisory (DSA-2025-047) to address a vulnerability in the Dell Update Manager Plugin (UMP) that could expose sensitive data to malicious actors. The flaw, identified as CVE-2025-22402, is categorized as a low-risk issue but requires immediate attention and…
Building a Culture of Security: Employee Awareness and Training Strategies
Establishing a culture of security — where every employee actively contributes to protecting information — is key to building a strong shield against evolving cyber risks. The post Building a Culture of Security: Employee Awareness and Training Strategies appeared first…
Self-sovereign identity could transform fraud prevention, but…
The way we manage digital identity is fundamentally broken. The root of the problem lies in traditional, centralized identity models, where a single organization holds and controls a user’s credentials, creating an attractive target for attackers. The bigger the database,…
DeepSeek Security Concerns: Cyber Security Today for Friday, February 7, 2025
Cybersecurity Today: EDR Evasion, SSH Backdoor, WhatsApp Zero-Click Hack, and DeepSeek AI In today’s episode of Cybersecurity Today, host Jim Love discusses several pressing cybersecurity issues. The show covers Canada’s Digital Governance Council’s launch of a cyber ready validation program…