Microsoft has officially announced a multi-phase plan to deprecate VBScript in Windows, a move that signals a significant shift for developers, particularly those working with Visual Basic for Applications (VBA). The change, first detailed in May 2024, will gradually phase…
Category: EN
Windows Defender Firewall Vulnerabilities Let Attackers Escalate Privileges
Microsoft has addressed four elevation of privilege vulnerabilities in its Windows Defender Firewall service, all rated as “Important” in severity. The security flaws were detailed in Microsoft’s September 9, 2025, security update release. If exploited, these vulnerabilities could allow an…
Hack to school: Parents told to keep their little script kiddies in line
UK data watchdog says students behind most education cyberattacks The UK’s data protection watchdog says more than half of cyberattacks in schools are caused by students, and that parents should act early to prevent their offspring from falling into the…
Privacy activists warn digital ID won’t stop small boats – but will enable mass surveillance
Big Brother Watch says a so-called BritCard could turn daily life into one long identity check – and warn that Whitehall can’t be trusted to run A national digital ID could hand the government the tools for population-wide surveillance –…
VMScape: Academics Break Cloud Isolation With New Spectre Attack
Exploiting incomplete speculative execution attack mitigations extended to the branch predictor state, VMScape leaks arbitrary memory. The post VMScape: Academics Break Cloud Isolation With New Spectre Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Malware Campaign Uses SVG Email Attachments to Deploy XWorm and Remcos RAT
Recent threat campaigns have revealed an evolving use of BAT-based loaders to deliver Remote Access Trojans (RATs), including XWorm and Remcos. These campaigns typically begin with a ZIP archive—often hosted on seemingly legitimate platforms such as ImgKit—designed to entice user…
How Everyday Apps Leak More Data Than You Realize
Most mobile apps silently leak personal data to third parties, even trusted ones. From trackers in Google Play apps to high-profile breaches like Strava and British Airways, app data leakage is a growing privacy risk. Learn why apps leak data…
Axios Vulnerability Enables Attackers to Crash Node.js Applications via Data Handle Abuse
A critical security vulnerability has been discovered in the popular Axios HTTP client library that allows attackers to crash Node.js applications through malicious data URL handling. The flaw, tracked as CVE-2025-58754, affects all versions of Axios before 1.11.0 and has been…
Sidewinder Hackers Exploit LNK Files to Deploy Malicious Scripts
In a striking evolution of its tactics, the Sidewinder advanced persistent threat (APT) group—also known as APT-C-24 or “Rattlesnake”—has adopted a novel delivery mechanism leveraging Windows shortcut (LNK) files to orchestrate complex, multi-stage intrusions across South Asia. Active since at…
Apple issues spyware warnings as CERT-FR confirms attacks
Apple warned users of a spyware campaign; France’s cyber agency confirmed targeted iCloud-linked devices may be compromised. Apple warned customers last week about new spyware attacks, the French national Computer Emergency Response Team (CERT-FR) said. The agency confirmed at least…
Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm
KioSoft was notified about a serious NFC card vulnerability in 2023 and only recently claimed to have released a patch. The post Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm appeared first on SecurityWeek. This…
Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage
The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in ways traditional security models can’t keep up with.…
FTC Opens Probe Into OpenAI, Google, Meta Over AI Risks
US trade regulator looks into how companies are protecting children and teenagers from negative impacts, after Senate launches probe This article has been indexed from Silicon UK Read the original article: FTC Opens Probe Into OpenAI, Google, Meta Over AI…
Black Box Testing vs. White Box: The Hidden Risks of Choosing Wrong
With attacks on applications growing rapidly, regular testing of web and mobile platforms has become critical. In fact, statistics show that web applications are involved in 26% of breaches, ranking as the second most exploited attack pattern. There are multiple…
HCL AppScan 360º 2.0 protects software supply chains
HCLSoftware launched HCL AppScan 360º version 2.0, a next-generation application security platform designed to help organizations regain control over their software supply chains. As open-source adoption accelerates and global data regulations tighten, HCL AppScan 360º delivers a cloud-native solution that…
ICO Warns of Student-Led Data Breaches in UK Schools
ICO warned that growing hacks by children into school computer systems is setting them up for “a life of cybercrime” This article has been indexed from www.infosecurity-magazine.com Read the original article: ICO Warns of Student-Led Data Breaches in UK Schools
Hackers Steal LNER Data In Latest UK Breach
Rail operator LNER says data does not include password or payment card data, in latest of hacks to hit major British companies this year This article has been indexed from Silicon UK Read the original article: Hackers Steal LNER Data…
M&S Digital Chief Steps Down After Hack
Marks & Spencer chief digital and technology officer Rachel Higham leaves company after cyber-attack crippled systems for months This article has been indexed from Silicon UK Read the original article: M&S Digital Chief Steps Down After Hack
LAPSUS$ Hunters 4.0 Announce Permanent Shutdown
In a startling development on September 8, the Telegram channel “scattered LAPSUS$ hunters 4.0” declared its intention to “go dark” after taunting law enforcement for repeated missteps. With an audacious message aimed squarely at the FBI and French authorities, the…
VirtualBox 7.2.2 Released With Fix For GUI Crashes On Virtual Machines (guests)
Oracle has released VirtualBox 7.2.2, a maintenance update for its open-source virtualization platform, focusing on improving stability and addressing a range of bugs. Released on September 10, 2025, this version comes as a follow-up to the major 7.2 release, which…