Researchers warn of a new WhatsApp “GhostPairing” attack that silently links attacker devices to accounts, enabling message spying without users knowing. The post New ‘GhostPairing’ Technique Enables Undetected WhatsApp Access appeared first on TechRepublic. This article has been indexed from…
Category: EN
EmEditor Website Breach Turns Trusted Installer Into Infostealer Malware
A supply chain attack on the EmEditor website delivered a trojanized installer that installed infostealer malware. The post EmEditor Website Breach Turns Trusted Installer Into Infostealer Malware appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet…
Coupang announces $1.17B compensation plan for 33.7M data breach victims
Coupang will spend about $1.17B to compensate 33.7 million users affected by a data breach, providing purchase vouchers to those impacted. Coupang announced it will spend about $1.17 billion to compensate 33.7 million people affected by a recent data breach,…
Palo Alto Networks Allies with Google to Secure AI
Palo Alto Networks will significantly expand the scope of the cybersecurity offerings it makes available on Google Cloud in the New Year while at the same time making greater use of cloud infrastructure and artificial intelligence (AI) technologies provided by…
An early end to the holidays: ‘Heartbleed of MongoDB’ is now under active exploit
You didn’t think you’d get to enjoy your time off without a major cybersecurity incident, did you? A high-severity MongoDB Server vulnerability, for which proofs of concept emerged over Christmas week, is now under active exploitation, according to the US…
Bluetooth Headphones Can Be Weaponized to Hack Phones
High-severity flaws in popular Bluetooth headphones can enable eavesdropping and smartphone hijacking, with many devices still unpatched. The post Bluetooth Headphones Can Be Weaponized to Hack Phones appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet…
Hackers Advertised VOID ‘AV Killer’ with Kernel-level Termination Claims
The cybercriminal threat actor known as Crypt4You has recently emerged on underground forums and dark web marketplaces, advertising a sophisticated tool named VOID KILLER. This malicious software operates as a kernel-level antivirus and endpoint detection response (EDR) process killer, designed…
Massive Magecart with 50+ Malicious Scripts Hijacking Checkout and Account Creation Flows
A large-scale web skimming operation has emerged across the internet, targeting online shoppers and account holders with unprecedented scope. Security researchers have identified an over 50-script global campaign that intercepts sensitive information during checkout and account creation processes. The attack…
Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations
Threat actors used two malicious Chrome extensions that have 900,000 users to steal their chats with AI models like ChatGPT and DeepSeek and browser history. The incident is the latest in a growing string of attacks in which hackers weaponized…
ESET Warns AI-driven Malware Attack and Rapidly Growing Ransomware Economy
The cybersecurity landscape has reached a critical turning point as artificial intelligence moves from theoretical threat to operational reality. In their H2 2025 Threat Report, ESET researchers have documented a disturbing shift in how attackers operate, revealing that AI-powered malware…
Copilot Studio Feature Enables Silent AI Backdoors
Copilot Studio’s Connected Agents feature can be abused to create silent AI backdoors that bypass visibility and audit controls. The post Copilot Studio Feature Enables Silent AI Backdoors appeared first on eSecurity Planet. This article has been indexed from eSecurity…
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-364-01: WHILL C2 Wheelchairs ICSA-25-345-03: AzeoTech DAQFactory (Update A) CISA encourages users and administrators to review newly released…
Hackers Infiltrated Maven Central Masquerading as a Legitimate Jackson JSON Library
A new malware campaign has successfully infiltrated Maven Central, one of the most trusted repositories for Java developers, by masquerading as a legitimate Jackson JSON library extension. The malicious package, published under the org.fasterxml.jackson.core/jackson-databind namespace, represents one of the first…
European Space Agency Confirms Breach of Servers Outside the Corporate Network
The European Space Agency (ESA) has confirmed a cybersecurity breach affecting a limited number of external servers, marking a rare public admission of vulnerability in the continent’s premier space organization. In an official statement released Tuesday, ESA disclosed: “ESA is…
New Spear-Phishing Attack Targeting Security Individuals in Israel Region
Israel’s National Cyber Directorate recently issued an urgent alert about a targeted spear-phishing attack aimed at people working in security and defense-related areas. The campaign uses WhatsApp messages that pretend to come from trusted organizations, inviting targets to professional conferences.…
New Spear-Phishing Attack Targeting Security Individuals in the Israel Region
Israel’s National Cyber Directorate has issued an urgent alert warning of an active spear-phishing campaign specifically targeting individuals employed in security and defense-related sectors. The operation, linked to infrastructure associated with APT42 (also known as Charming Kitten), represents a deliberate…
Critical IBM API Connect Flaw Allows Attackers to Bypass Authentication
IBM has disclosed a critical authentication bypass vulnerability affecting its API Connect platform, assigning it a maximum CVSS severity score of 9.8. The flaw, tracked as CVE-2025-13915, represents a primary authentication weakness (CWE-305) that requires no user interaction or special…
ESET Flags Rising Threat of AI-Driven Malware and Ransomware
The cybersecurity landscape entered a critical new era in the second half of 2025 as AI-powered malware transitioned from theoretical threat to tangible reality, while the ransomware-as-a-service economy expanded at an unprecedented pace. According to ESET Research’s latest Threat Report,…
Hackers Promote “VOID” AV Killer Claiming Kernel-Level Defense Evasion
A threat actor operating under the handle Crypt4You has begun advertising a sophisticated new offensive tool on underground cybercrime forums, marketed as a “kernel-level” security neutralization utility. Dubbed VOID KILLER, the malware is designed explicitly to terminate antivirus (AV) and Endpoint Detection and…
Magecart Campaign Deploys 50+ Malicious Scripts to Hijack E-Commerce Transactions
A sophisticated and expansive Magecart campaign has been uncovered, marking a dangerous evolution in client-side attacks. Security researchers have identified a global operation utilizing over 50 distinct malicious scripts to hijack checkout and account creation flows across dozens of e-commerce…