Cyberspace watchdog tightens reporting regime, leaving little time to hide incidents Beijing will soon expect Chinese network operators to ‘fess up to serious cyber incidents within an hour of spotting them – or risk penalties for dragging their feet.… This…
Category: EN
Android security changes, CISA incentive audit, LLM usage
Android moving to “risk-based” security updates CISA accused of Cyber Incentive mismanagement How security practitioners use LLMs Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust…
Balenciaga, Gucci, Alexander McQueen Customer Data Stolen
Hacking group steals data from luxury brands through parent company Kering, in latest of string of attacks on retailers this year This article has been indexed from Silicon UK Read the original article: Balenciaga, Gucci, Alexander McQueen Customer Data Stolen
Spring Framework Security Flaws Allow Authorization Bypass and Annotation Detection Issues
A pair of medium-severity vulnerabilities in the Spring Framework and Spring Security libraries were disclosed on September 15, 2025. Both flaws involve the annotation detection mechanism used by Spring Security’s method security features and can lead to authorization bypass in…
Windows 11 upgrade failed? These are my 4 most powerful troubleshooting secrets
If you’ve encountered a problem with a Windows upgrade, you know how maddeningly unhelpful Windows error messages can be. These are my favorite troubleshooting tricks. This article has been indexed from Latest news Read the original article: Windows 11 upgrade…
Insider breach at FinWise Bank exposes data of 689,000 AFF customers
An ex-employee caused an insider breach at FinWise Bank, exposing data of 689,000 American First Finance customers. FinWise Bank is a Utah-based community bank, FDIC-insured, that partners with fintechs and lenders to offer consumer loans, small business financing, and deposit…
Salt Security secures AI agent actions across enterprise APIs
Salt Security introduced a new solution designed to secure the actions AI agents take within the enterprise. As large organizations adopt agentic AI, agents are increasingly making real-time API calls through protocols like MCP and A2A, creating a new layer…
APT28 Operation Phantom Net Voxel
This post was originally distributed as a private FLINT report to our customers on 12 August 2025. Introduction Sekoia.io’s Threat Detection and Response (TDR) team closely monitors APT28 as one of its highest-priority threat actors. In early 2025 a trusted…
0-Click Linux Kernel KSMBD Vulnerability Enables Remote Code Execution via N-Day Exploit
A recent vulnerability in the Linux Kernel’s KSMBD module allows an attacker to execute arbitrary code on a target system without any user interaction. KSMBD is a kernel-space SMB3 server that handles network file sharing. Researchers demonstrated a stable exploit…
Popular NPM Package ‘ctrl/tinycolor’ with 2M Weekly Downloads and 40+ Others Compromised in Supply Chain Attack
The NPM ecosystem is under attack once again, with a sophisticated supply chain compromise targeting the widely-used @ctrl/tinycolor package and over 40 other JavaScript packages. This latest incident represents a significant escalation in supply chain threats, featuring self-propagating malware that…
New Maranhão Stealer Targets Users Through Pirated Software and Cloud Services
A sophisticated new information-stealing malware campaign dubbed Maranhão Stealer has emerged, targeting gaming enthusiasts through malicious pirated software distributed via cloud-hosted platforms. The campaign, first identified by security researchers in May 2025, represents a concerning evolution in credential theft operations, combining social…
Google introduces VaultGemma, a differentially private LLM built for secure data handling
Google has released VaultGemma, a large language model designed to keep sensitive data private during training. The model uses differential privacy techniques to prevent individual data points from being exposed, which makes it safer for handling confidential information in sectors…
Building security that protects customers, not just auditors
In this Help Net Security interview, Nir Rothenberg, CISO at Rapyd, discusses global differences in payment security maturity and the lessons that can be learned from leading regions. He points out that good engineering usually leads to strong security, and…
40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. “The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json,…
Open Source CyberSOCEval Sets New Benchmark for AI in Malware Analysis and Threat Intelligence
Open Source CyberSOCEval, a newly launched evaluation platform, is making waves in the cybersecurity community by demonstrating how artificial intelligence can transform malware analysis and threat intelligence. Developed by a group of independent security researchers, CyberSOCEval combines advanced machine learning…
Microsoft Resolves Bluetooth Audio Problem in Windows 11 24H2 Update
Microsoft has addressed a widespread audio issue affecting Bluetooth speakers, headsets, and integrated laptop speakers in Windows 11 version 24H2. The problem stemmed from an incompatibility with Dirac Audio software on certain devices, causing audio devices to go silent and…
AI video surveillance could end privacy as we know it
AI-powered video surveillance brings up big questions about privacy. On one hand, it can make us feel safer, but on the other, it can easily cross the line into intrusion. The more we let technology watch and track our behavior,…
Massive Supply Chain Attack Hijacks ctrl/tinycolor With 2 Million Downloads and Other 40 NPM Packages
A sophisticated and widespread supply chain attack has struck the NPM ecosystem, compromising the popular @ctrl/tinycolor package, which is downloaded over 2 million times per week. The attack also affected more than 40 other packages from various maintainers, introducing a…
OT security needs continuous operations, not one-time fixes
Cyberattacks keep hitting the OT systems that critical infrastructure operators run, according to new research from Forrester. In a survey of 262 OT security decision-makers, 91% reported at least one breach or system failure caused by a cyberattack in the…
Product showcase: Clean Links exposes what’s hiding behind a QR code
Clean Links is a handy app that shows you exactly where a link will take you before you click it. It strips out trackers, expands shortened URLs, and helps you avoid scams while saving you time and frustration. The best…