A new 29.7 Tbps distributed denial-of-service (DDoS) blast from the Aisuru botnet has set a new world record for attack volume, underscoring how fragile core internet infrastructure remains under extreme load. The previous record of 22Tbps, quietly broken in Q3…
Category: EN
Attackers have a new way to slip past your MFA
Attackers are using a tool called Evilginx to steal session cookies, letting them bypass the need for a multi-factor authentication (MFA) token. This article has been indexed from Malwarebytes Read the original article: Attackers have a new way to slip…
Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate a worm that deploys a banking trojan via WhatsApp in…
UK’s Cyber Service for Telcos Blocks 1 Billion Malicious Site Attempts
A new cyber defense service has prevented almost one billion early-stage cyber-attacks in the past year, British Security Minister claims This article has been indexed from www.infosecurity-magazine.com Read the original article: UK’s Cyber Service for Telcos Blocks 1 Billion Malicious…
Leading surveillance camera vendor signs CISA’s product-security pledge
Axis Communications is the first major surveillance camera maker to vow to adhere to CISA’s security guidelines. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Leading surveillance camera vendor signs CISA’s product-security pledge
New Joint Guide Advances Secure Integration of Artificial Intelligence in Operational Technology
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from CISA News Read the original article: New Joint Guide Advances Secure Integration of Artificial Intelligence in Operational…
Check Point Named a Leader in the 2025 Gartner® Magic Quadrant™ for Email Security
We’re proud to announce that Gartner® has recognized Check Point as a Leader in the 2025 Magic Quadrant™ for Email Security (published December 2025). We believe that this independent evaluation from the industry’s most trusted research firm validates our commitment…
CISA, Australia, and Partners Author Joint Guidance on Securely Integrating Artificial Intelligence in Operational Technology
CISA and the Australian Signals Directorate’s Australian Cyber Security Centre, in collaboration with federal and international partners, have released new cybersecurity guidance: Principles for the Secure Integration of Artificial Intelligence in Operational Technology. This guidance aims to help critical infrastructure owners and…
Malicious Rust Evm-Units Mimic as EVM Version Silently Executes OS-specific Payloads
The open-source software supply chain recently encountered a deceptive threat in the form of evm-units, a malicious Rust crate published by the author ablerust. Masquerading as a standard utility for verifying Ethereum Virtual Machine (EVM) versions, the package accumulated thousands…
Shai-Hulud 2.0 Malware Attack Compromised 30,000 Repositories and Stolen 500 GitHub Usernames and Tokens
A significant supply chain security breach has emerged with the discovery of Shai-Hulud 2.0, a sophisticated malware that has compromised over 30,000 GitHub repositories since its emergence on November 24, 2025. This worm-like malware represents a growing threat to the…
K7 Antivirus Vulnerability Allows Attackers Gain SYSTEM-level Privileges
A serious privilege escalation vulnerability in K7 Ultimate Security, an antivirus product from K7 Computing, was found by abusing named pipes with overly permissive access control lists. This flaw enables low-privileged users to manipulate registry settings and achieve SYSTEM-level access…
Bitwarden Access Intelligence helps enterprises take action on risky credentials
Bitwarden announced Bitwarden Access Intelligence for Enterprise plans. Access Intelligence provides visibility into weak, reused, or exposed credentials across critical applications, with guided remediation workflows for consistent credential updates at scale. The capability helps IT and security teams prioritize and…
Salt Security identifies external misuse and abuse of MCP servers by AI agents
Salt Security announced it is extending its API behavioral threat protection to detect and block malicious intent targeting Model Context Protocol (MCP) servers deployed within the AWS ecosystem. Building on the recent launch of Salt’s MCP Finder technology, Salt now…
Architecture Patterns That Enable Cycode alternatives at Scale
Guide to scale ready code security with event driven scans unified data and API first design for large teams seeking strong growth aligned control. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and…
How deepfake scams are fueling a new wave of fraud
Scammers are using deepfake technology to replicate your child’s voice in a kidnapping hoax, catfish with AI-generated video dates, and impersonate executives to steal millions. Learn how to spot deepfake fraud, and use Avast Scam Guardian to help verify what’s…
Yearn Finance yETH Pool Hit by $9M Exploit
A critical vulnerability in Yearn Finance’s yETH pool allowed an attacker to steal around $9m This article has been indexed from www.infosecurity-magazine.com Read the original article: Yearn Finance yETH Pool Hit by $9M Exploit
Digital Signatures: Traditional Vs. Post-Quantum Cryptographic Mechanisms
Secure your connections against quantum threats. Learn about post-quantum cryptography and digital signatures. This article has been indexed from Blog Read the original article: Digital Signatures: Traditional Vs. Post-Quantum Cryptographic Mechanisms
Microsoft Patched Windows LNK Vulnerability Abused by Hackers to Hide Malicious Code
Microsoft has silently patched a Windows shortcut vulnerability that threat actors have been exploiting since 2017 to hide malicious commands from users inspecting file properties. The flaw, tracked as CVE-2025-9491, was addressed in Microsoft’s November 2025 Patch Tuesday updates but…
Storm-0900 Hackers Leveraging Parking Ticket and Medical Test Themes in Massive Phishing Attack
On Thanksgiving eve, a sophisticated threat actor known as Storm-0900 launched a high-volume phishing campaign targeting users across the United States. Microsoft Threat Intelligence security analysts detected and blocked this coordinated attack consisting of tens of thousands of emails designed…
How attackers use real IT tools to take over your computer
We’ve seen a new wave of attacks exploiting legitimate Remote Monitoring and Management (RMM) tools to remotely control victims’ systems. This article has been indexed from Malwarebytes Read the original article: How attackers use real IT tools to take over…