23andMe has been fined over £2m by the UK ICO for failing to adequately protect genetic data This article has been indexed from www.infosecurity-magazine.com Read the original article: UK ICO Fines 23andMe £2.3m for Data Protection Failings
Category: EN
Introducing the new console experience for AWS WAF
Protecting publicly facing web applications can be challenging due to the constantly evolving threat landscape. You must defend against sophisticated threats, including zero-day vulnerabilities, automated events, and changing compliance requirements. Navigating through consoles and selecting the protections best suited to…
How Long Until the Phishing Starts? About Two Weeks, (Tue, Jun 17th)
[This is a guest diary by Christopher Crowley, https://montance.com] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: How Long Until the Phishing Starts? About Two Weeks, (Tue, Jun 17th)
Critical Vulnerabilities in Sitecore Could Lead to Widespread Enterprise Attacks
A series of newly disclosed critical vulnerabilities in the Sitecore Experience Platform (XP) have raised alarm across the enterprise technology sector, with security researchers warning that unpatched systems could be exposed to devastating remote code execution (RCE) attacks. Sitecore, a…
BeyondTrust Tools RCE Vulnerability Allows Attackers Execute Arbitrary Code
A newly disclosed vulnerability in BeyondTrust’s Remote Support (RS) and Privileged Remote Access (PRA) products has raised alarms across the cybersecurity community. The flaw, tracked as CVE-2025-5309 and detailed in advisory BT25-04, allows attackers to execute arbitrary code on affected…
Without automation, external attack surface management misses the point
In cyber security, external attack surface management (ASM) is like tending a garden, helping you keep track of plants (your assets) as they grow. It enables you to monitor your assets and quickly identify risks to them—like pests attacking the…
DMV-Themed Phishing Campaign Targeting U.S. Citizens
In May 2025, a sophisticated phishing campaign emerged, impersonating several U.S. state Departments of Motor Vehicles (DMVs). This campaign leveraged widespread SMS phishing (smishing) and deceptive web infrastructure to harvest personal and financial data from unsuspecting citizens. Victims received alarming…
The default TV setting you should turn off immediately – and why experts recommend it
Often called the “soap opera effect,” motion smoothing can improve gaming performance – but it usually makes movies and shows look unnatural. Here’s how to disable it. This article has been indexed from Latest stories for ZDNET in Security Read…
Threat Group Targets Companies in Taiwan
FortiGuard Labs has uncovered an ongoing cyberattack, targeting companies in Taiwan using phishing emails disguised as tax-related communications. Read more. This article has been indexed from Fortinet Threat Research Blog Read the original article: Threat Group Targets Companies in…
New Variants of Chaos RAT Attacking Windows and Linux Systems to Steal Sensitive Data
Cybersecurity researchers have identified sophisticated new variants of Chaos RAT, a remote administration tool that has evolved from an open-source project into a formidable cross-platform malware threat targeting both Windows and Linux systems. Originally documented in 2022, this malware has…
ASUS Armoury Crate Vulnerability Let Attackers Escalate to System User on Windows Machine
A critical authorization bypass vulnerability in ASUS Armoury Crate enables attackers to gain system-level privileges on Windows machines through a sophisticated hard link manipulation technique. The vulnerability, tracked as CVE-2025-3464 with a CVSS score of 8.8, affects the popular gaming…
New KimJongRAT Stealer Using Weaponized LNK File to Deploy Powershell Based Dropper
A sophisticated evolution of the KimJongRAT malware family has emerged, demonstrating advanced techniques for credential theft and system compromise through weaponized Windows shortcut files and PowerShell-based payloads. This latest campaign represents a significant advancement from previous variants, incorporating both Portable…
Zyxel Firewall Vulnerability Again in Attacker Crosshairs
GreyNoise warns of a spike in exploitation attempts targeting a two-year-old vulnerability in Zyxel firewalls. The post Zyxel Firewall Vulnerability Again in Attacker Crosshairs appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Zyxel…
Google Warns of Scattered Spider Attacks Targeting IT Support Teams at U.S. Insurance Firms
The notorious cybercrime group known as Scattered Spider (aka UNC3944) that recently targeted various U.K. and U.S. retailers has begun to target major insurance companies, according to Google Threat Intelligence Group (GTIG). “Google Threat Intelligence Group is now aware of…
Taiwan Hit by Sophisticated Phishing Campaign
Phishing campaign targeting Taiwan has been identified, using tax-themed emails and malware like Winos and HoldingHands This article has been indexed from www.infosecurity-magazine.com Read the original article: Taiwan Hit by Sophisticated Phishing Campaign
Hackers Manipulate Search Engines to Push Malicious Sites
A new wave of cybercrime is exploiting the very backbone of internet trust: search engines. Recent research by Netcraft has exposed a sophisticated and organized SEO poisoning operation, where hackers manipulate search engine algorithms to push malicious websites to the…
Google Chrome 0-Day Vulnerability Exploited by APT Hackers in the Wild
A sophisticated attack campaign exploiting a Google Chrome zero-day vulnerability tracked as CVE-2025-2783, marking yet another instance of advanced persistent threat (APT) groups leveraging previously unknown security flaws to compromise high-value targets. The vulnerability, which enables sandbox escape capabilities, has…
Critical sslh Vulnerabilities Let Hackers Trigger Remote DoS Attacks
Two critical vulnerabilities in sslh, a popular protocol demultiplexer that allows multiple services to share the same network port. The flaws tracked as CVE-2025-46807 and CVE-2025-46806 could be exploited remotely to trigger denial-of-service (DoS) attacks. The vulnerabilities affect sslh versions prior…
Kimsuky and Konni APT Groups Accounts Most Active Attacks Targeting East Asia
North Korean state-sponsored advanced persistent threat (APT) groups Kimsuky and Konni have emerged as the most prolific cyber threat actors targeting East Asian nations, according to the latest threat intelligence findings. In April 2025, these groups orchestrated the highest number…
Beware of Weaponized Research Papers That Delivers Malware Via Password-Protected Documents
A newly identified malware campaign orchestrated by the notorious Kimsuky group has been leveraging password-protected research documents to infiltrate academic networks and compromise sensitive systems. This sophisticated attack represents a significant evolution in social engineering tactics, exploiting the academic community’s…