Multiple legitimate, unusual tools were used in a Fog ransomware attack, including one employed by Chinese hacking group APT41. The post Fog Ransomware Attack Employs Unusual Tools appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Category: EN
SAML vs. OAuth 2.0: Mastering the Key Differences
Imagine this: It’s Monday morning. You grab your coffee, sit down at your desk, and open up your computer. First, you log into your email. Then, your project management tool… Before you’ve even tackled your first task, you’ve navigated a…
Fog Ransomware Uses Pentesting Tools to Steal Data and Launch Attacks
Fog ransomware incidents in recent years have exposed a dangerous new trend in cybercrime: hackers are using open-source penetration testing tools and genuine staff monitoring software to breach networks, steal confidential data, and initiate ransomware attacks. This unprecedented blend of…
Graphite Spyware Uses iOS Zero-Click Flaw to Target Journalists
Security researchers at Citizen Lab have uncovered the first forensic evidence linking Paragon’s Graphite mercenary spyware to zero-click attacks on journalists’ iPhones. The campaigns exploited a now-patched iMessage vulnerability (CVE-2025-43200) to compromise devices running iOS 18.2.1, highlighting the persistent threat…
Ransomware Gang Exploits SimpleHelp RMM to Compromise Utility Billing Firm
A CISA advisory urged all software vendors and downstream customers to check if they are impacted by unpatched versions of the SimpleHelp RMM tool This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Gang Exploits SimpleHelp RMM…
Google “strongly encourages” its users to stop using passwords
Most users who have online accounts sign in using passwords. While there are some outliers, using security keys, passkeys and other advanced sign in options, the majority still relies heavily on passwords. […] Thank you for being a Ghacks reader.…
JSFireTruck Obfuscation Helps Cybercriminals Hijack Trusted Sites with Malicious JavaScript
A sophisticated and extensive cyber attack campaign has been uncovered, in which threat actors are compromising legitimate websites to inject highly obfuscated JavaScript code. Dubbed “JSFireTruck,” this obfuscation technique enables cybercriminals to quietly redirect unsuspecting visitors to malicious sites capable…
Fog Ransomware Actors Exploits Pentesting Tools to Exfiltrate Data and Deploy Ransomware
The Fog ransomware group has evolved beyond conventional attack methods, deploying an unprecedented arsenal of legitimate pentesting tools in a sophisticated May 2025 campaign targeting a financial institution in Asia. This latest operation marks a significant departure from typical ransomware…
Ransomware Actors Exploit Unpatched SimpleHelp RMM to Compromise Billing Software Provider
Cybersecurity researchers have uncovered a sophisticated ransomware campaign targeting utility billing software providers through unpatched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) systems. The attack represents a concerning evolution in ransomware tactics, where threat actors are leveraging trusted remote…
Microsoft 365 Copilot: New Zero-Click AI Vulnerability Allows Corporate Data Theft
Researchers have found a flaw in Microsoft 365 Copilot that allows the exfiltration of sensitive corporate data with a simple email This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft 365 Copilot: New Zero-Click AI Vulnerability Allows…
PoC Exploit Unveiled for Windows Disk Cleanup Elevation Vulnerability
Microsoft addressed a high-severity elevation of privilege vulnerability (CVE-2025-21420) in its Windows Disk Cleanup Utility (cleanmgr.exe) during February 2025’s Patch Tuesday. The flaw, scoring 7.8 on the CVSS scale, enabled attackers to execute malicious code with SYSTEM privileges through DLL…
Slapped wrists for Financial Conduct Authority staff who emailed work data home
It was one of the offenders’ final warning Four staffers at the UK’s Financial Conduct Authority (FCA) were let off with warnings over separate cases involving the transmission of regulator data to their personal email accounts.… This article has been…
Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption
Trend Micro patches critical-severity Apex Central and Endpoint Encryption PolicyServer flaws leading to remote code execution. The post Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking
Mitel has announced patches for a MiCollab path traversal vulnerability that can be exploited remotely without authentication. The post Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Qilin Ransomware Actors Take Advantage of Newly Discovered Fortinet Bugs
The recently observed increase in ransomware activity linked to the Qilin group has sparked alarms throughout the cybersecurity industry. As a result of these sophisticated Ransomware-as-a-Service (RaaS) operations operating under multiple aliases, including Phantom Mantis and Agenda, Fortinet’s recent…
Major Outage Hits Google Cloud and Linked Cloudflare Services, Thousands Affected
On June 12, 2025, concurrent infrastructure failures at Cloudflare and Google caused widespread service disruptions, highlighting vulnerabilities in modern cloud dependencies. The outages impacted critical services ranging from authentication systems to AI platforms, underscoring the fragility of interconnected internet ecosystems.…
Trend Micro fixes critical bugs in Apex Central and TMEE PolicyServer
Trend Micro fixed multiple vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. Trend Micro address remote code execution and authentication bypass vulnerabilities impacting its Endpoint Encryption (TMEE) PolicyServer and Apex Central solutions. Trend Micro Endpoint Encryption…
Ualabee – 472,296 breached accounts
In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone…
StackHawk Sensitive Data Identification provides visibility into high-risk APIs
StackHawk announced Sensitive Data Identification to give security teams visibility into high-risk APIs across thousands of code repositories within an organization. With most security teams only aware of approximately 10% of their API attack surface, StackHawk illuminates the complete API…
Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as…