A high-severity vulnerability (CVE-2025-40778) affecting BIND 9 DNS resolvers could be leveraged by remote, unauthenticated attackers to manipulate DNS entries via cache poisoning, allowing them to redirect Internet traffic to potentially malicious sites, distribute malware, or intercept network traffic. While…
Category: EN
Keys to the Kingdom: A Defender’s Guide to Privileged Account Monitoring
Written by: Bhavesh Dhake, Will Silverstone, Matthew Hitchcock, Aaron Fletcher The Criticality of Privileged Access in Today’s Threat Landscape Privileged access stands as the most critical pathway for adversaries seeking to compromise sensitive systems and data. Its protection is not…
How Threat Intelligence Feeds Help Organizations Quickly Mitigate Malware Attacks
Organizations today face constant threats from malware, including ransomware, phishing attacks, and zero-day exploits. These threats are evolving faster than ever. Threat intelligence feeds emerge as a game-changer, delivering real-time, actionable data that empowers security teams to detect and neutralize…
XWiki RCE Vulnerability Actively Exploted In Wild To Deliver Coinminer
A critical remote code execution (RCE) flaw in XWiki, a popular open-source wiki platform, was exploited in the wild to deploy cryptocurrency mining malware on compromised servers. The vulnerability, tracked as CVE-2025-24893, allows unauthenticated attackers to inject malicious templates and…
Mozilla Wants All New Firefox Extensions to Disclose Data Collection Policies
Mozilla is implementing a significant transparency requirement for Firefox extensions, mandating that all new browser add-ons disclose their data collection practices to users before installation. Starting November 3rd, 2025, developers submitting fresh extensions to the Firefox ecosystem must declare whether…
Smart Devices Redefining Productivity in the Home Workspace
Remote working, once regarded as a rare privilege, has now become a key feature of today’s professional landscape. Boardroom discussions and water-cooler chats have become much more obsolete, as organisations around the world continue to adapt to new work…
GlassWorm Malware Exploits Invisible Unicode to Infect VS Code Extensions
A major and ongoing supply-chain attack is currently targeting developers through the OpenVSX and Microsoft Visual Studio Code (VS Code) extension marketplaces via a self-spreading malware dubbed “GlassWorm” that has triggered an estimated 35,800 installations to date. The campaign…
Microsoft’s Copilot Actions in Windows 11 Sparks Privacy and Security Concerns
When it comes to computer security, every decision ultimately depends on trust. Users constantly weigh whether to download unfamiliar software, share personal details online, or trust that their emails reach the intended recipient securely. Now, with Microsoft’s latest feature in…
Investment Scams Spread Across Asia With International Reach
A surge in fake investment platforms targeting cryptocurrency and forex markets has been driving a new wave of financial crime in Asia This article has been indexed from www.infosecurity-magazine.com Read the original article: Investment Scams Spread Across Asia With International…
Schneider Electric EcoStruxure
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the loss of…
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-301-01 Schneider Electric EcoStruxure ICSMA-25-301-01 Vertikal Systems Hospital Manager Backend Services ICSA-24-352-04 Schneider Electric Modicon (Update B) CISA…
Vertikal Systems Hospital Manager Backend Services
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vertikal Systems Equipment: Hospital Manager Backend Services Vulnerabilities: Exposure of Sensitive System Information to an Unauthorized Control Sphere, Generation of Error Message Containing Sensitive Information 2.…
KnowBe4 Honours 2025 EMEA Partner Programme Award Winners
KnowBe4, the HRM+ provider, has announced the winners of its 2025 Partner Programme Awards from Europe, the Middle East and Africa (EMEA) during their KB4-CON EMEA event. The annual awards programme recognises KnowBe4 partners demonstrating sales excellence, marketing innovation, thought…
Researchers Expose GhostCall and GhostHire: BlueNoroff’s New Malware Chains
Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire. According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has…
100,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Anti-Malware Security and Brute-Force Firewall WordPress Plugin
On October 3rd, 2025, we received a submission for an Arbitrary File Read vulnerability in Anti-Malware Security and Brute-Force Firewall, a WordPress plugin with more than 100,000 active installations. The post 100,000 WordPress Sites Affected by Arbitrary File Read Vulnerability…
Chrome Zero-Day Actively Exploited in Attacks by Mem3nt0 mori
A zero-day flaw in Chrome has been exploited by Mem3nt0 mori in Operation ForumTroll as part of a targeted espionage campaign This article has been indexed from www.infosecurity-magazine.com Read the original article: Chrome Zero-Day Actively Exploited in Attacks by Mem3nt0…
Google probes exploitation of critical Windows service CVE
Researchers have traced the threat activity to a newly identified hacker, while separate evidence points to more than one variant. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Google probes exploitation of critical…
CBP Searched a Record Number of Phones at the US Border Over the Past Year
The total number of US Customs and Border Protection device searches jumped by 17 percent over the 2024 fiscal year, but more invasive forensic searches remain relatively rare. This article has been indexed from Security Latest Read the original article:…
Everest group claimed the hack of Sweden’s power grid operator Svenska kraftnät
Hackers hit Sweden’s power grid operator Svenska kraftnät, stealing data via a file transfer tool. The power grid was not affected. Hackers breached Sweden’s state-owned power grid operator Svenska kraftnät, stealing data from an isolated file transfer system. The power…
Nation-State Cyber Ecosystems Weakened by Sanctions, Report Reveals
Cyber-related economic sanctions can alter adversary behavior, forcing underground networks to distance themselves from named actors This article has been indexed from www.infosecurity-magazine.com Read the original article: Nation-State Cyber Ecosystems Weakened by Sanctions, Report Reveals