A sophisticated attack campaign uncovered where cybercriminals are weaponizing Cisco’s own security infrastructure to conduct phishing attacks. The attackers are exploiting Cisco Safe Links technology, designed to protect users from malicious URLs, to evade detection systems and bypass network filters…
Category: EN
CISA Warns of Trend Micro Apex One OS Command Injection Vulnerability Exploited in Attacks
CISA has issued a critical warning regarding a high-severity OS command injection vulnerability in Trend Micro Apex One Management Console that threat actors are actively exploiting in the wild. The vulnerability, tracked as CVE-2025-54948 and classified under CWE-78, poses significant…
Crypto Developers Attacked With Malicious npm Packages to Steal Login Details
A sophisticated new threat campaign has emerged targeting cryptocurrency developers through malicious npm packages designed to steal sensitive credentials and wallet information. The attack, dubbed “Solana-Scan” by researchers, specifically targets the Solana cryptocurrency ecosystem by masquerading as legitimate software development…
New Research Links VPN Apps, Highlights Security Deficiencies
Citizen Lab has identified links between multiple VPN providers, and multiple security weaknesses in their mobile applications. The post New Research Links VPN Apps, Highlights Security Deficiencies appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks
The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to prevent supply chain attacks. “These changes improve PyPI’s overall account security posture, making it harder for attackers to exploit…
China’s AI Cloud Market Reaches £2bn
Baidu, Alibaba top market in mainland China for public AI cloud infrastructure, led by computer vision and machine learning This article has been indexed from Silicon UK Read the original article: China’s AI Cloud Market Reaches £2bn
New Sni5Gect Attack Targets 5G to Steal Messages and Inject Payloads
Cybersecurity researchers at Singapore University of Technology and Design have unveiled a sophisticated new attack framework called SNI5GECT that can intercept 5G communications and inject malicious payloads without requiring a rogue base station. The research demonstrates significant vulnerabilities in the current 5G…
PipeMagic Malware Imitates ChatGPT App to Exploit Windows Vulnerability and Deploy Ransomware
The PipeMagic malware, which is credited to the financially motivated threat actor Storm-2460, is a remarkable illustration of how cyber dangers are always changing. It poses as the genuine open-source ChatGPT Desktop Application from GitHub. This sophisticated modular backdoor facilitates…
Malicious npm Packages Target Crypto Developers to Steal Login Credentials
A sophisticated threat campaign dubbed “Solana-Scan” has emerged, deploying malicious npm packages aimed at infiltrating the Solana cryptocurrency ecosystem. Identified by the Safety research team through advanced malicious package detection technology, this operation involves a threat actor operating under the…
Workday breach, post-quantum alliance, Chinese group targets Taiwan
Workday confirms data breach An alliance to unify post-quantum cryptography New Chinese threat actor targeting Taiwan Huge thanks to our sponsor, Conveyor If the thought of logging into a portal questionnaire makes you want to throw your laptop away, you’re…
CISA Alerts on Active Exploitation of Trend Micro Apex One Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Trend Micro Apex One vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation targeting the enterprise security platform. The vulnerability, tracked as CVE-2025-54948, affects the Trend…
Browser wars are back, predicts Palo Alto, thanks to AI
CEO says if you buy all your infosec stuff from him, life under assault from bots will be less painful Brace for a new round of browser wars, according to Palo Alto Networks CEO Nikesh Arora.… This article has been…
Git 2.51: Preparing for the future with SHA-256
Git 2.51 is out, and the release continues the long process of modernizing the version control system. The update includes several technical changes, but one of the most important areas of work is Git’s move toward stronger cryptographic security through…
OWASP Security Misconfiguration: Quick guide
Security misconfiguration is a significant concern, in the OWASP Top 10. During our web application penetration tests, we often discover numerous vulnerabilities of this nature. According to OWASP, this issue impacts nearly 90% of all web applications. In this blog,…
Hackers Exploit Cisco Secure Links to Evade Scanners and Bypass Filters
Cybercriminals have discovered a sophisticated new attack vector that weaponizes Cisco’s security infrastructure against users, according to recent research from Raven AI. The company’s context-aware detection systems uncovered a credential phishing campaign that exploits Cisco Safe Links to evade traditional…
Threat Actors Abuse Microsoft Help Index File to Execute PipeMagic Malware
Cybersecurity researchers have uncovered a sophisticated malware campaign exploiting Microsoft Help Index Files (.mshi) to deliver the notorious PipeMagic backdoor, marking a significant evolution in the threat actors’ tactics since the malware’s first detection in 2022. The campaign, which has…
What happens when penetration testing goes virtual and gets an AI coach
Cybersecurity training often struggles to match the complexity of threats. A new approach combining digital twins and LLMs aims to close that gap. Researchers from the University of Bari Aldo Moro propose using Cyber Digital Twins (CDTs) and generative AI…
Hijacked Satellites and Orbiting Space Weapons: In the 21st Century, Space Is the New Battlefield
From hacked satellites to nuclear threats in orbit, the battle for dominance beyond Earth is redefining modern warfare and national security. The post Hijacked Satellites and Orbiting Space Weapons: In the 21st Century, Space Is the New Battlefield appeared first…
The cybersecurity myths companies can’t seem to shake
Cybersecurity myths are like digital weeds: pull one out, and another quickly sprouts in its place. You’ve probably heard them before: Macs don’t get viruses, we’re too small to be a target, or changing passwords often keeps us safer. Experts…
As AI grows smarter, your identity security must too
AI is no longer on the horizon, it’s already transforming how organizations operate. In just a few years, we’ve gone from isolated pilots to enterprise-wide adoption. According to a recent SailPoint survey, 82% of companies are running AI agents today,…