Multiple critical security vulnerabilities in the Trend Micro Apex One enterprise security platform could enable attackers to inject malicious code and escalate privileges on affected systems. The company released emergency patches on June 9, 2025, to address five distinct vulnerabilities tracked under…
Category: EN
Non-Human Identities: How to Address the Expanding Security Risk
Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardian’s end-to-end NHI…
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
A novel attack technique named EchoLeak has been characterized as a “zero-click” artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 Copilot’s context sans any user interaction. The critical-rated vulnerability has been assigned the…
‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot
Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data from Copilot. The post ‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot appeared first on SecurityWeek. This article has…
Amazon Signs Data Centre Nuclear Power Deal
Nuclear deal with Talen Energy includes construction of two new AWS data centres, plus possible building of Small Modular Reactors (SMRs) This article has been indexed from Silicon UK Read the original article: Amazon Signs Data Centre Nuclear Power Deal
US Tops List of Unsecured Cameras Exposing Homes and Offices
A BitSight report reveals over 40,000 internet-connected security cameras globally are exposed, streaming live footage without protection. Learn how common devices, from home cameras to factory surveillance, pose privacy and security risks and get simple tips to secure your own.…
Cybercriminals Advertise Advanced MaaS Botnet with Blockchain C2 on Hacking Forums
Cybersecurity researchers have uncovered the alleged sale of a sophisticated Malware-as-a-Service (MaaS) botnet that combines legitimate development frameworks with cutting-edge evasion techniques. The threat actor is reportedly offering the complete source code of a botnet that leverages Node.js runtime, blockchain-based…
New Account Takeover Campaign Leverages Pentesting Tool to Attack Entra ID User Accounts
A sophisticated account takeover campaign has emerged, exploiting a legitimate penetration testing framework to compromise Microsoft Entra ID environments across hundreds of organizations worldwide. The malicious activity, which began intensifying in December 2024, demonstrates how cybercriminals are increasingly weaponizing security…
Threat Actors Weaponizing Bat Files to Deliver Quasar RAT
Cybersecurity researchers have identified a sophisticated new campaign where threat actors are leveraging Windows batch files to deliver the notorious Quasar Remote Access Trojan (RAT). This attack vector represents a concerning evolution in malware distribution tactics, as attackers continue to…
Windows SMB Client Zero-Day Vulnerability Exploited Using Reflective Kerberos Relay Attack
A critical zero-day vulnerability affecting Windows systems that allows attackers to achieve privilege escalation through a novel Reflective Kerberos Relay Attack. The vulnerability, designated CVE-2025-33073, was patched by Microsoft on June 10, 2025, as part of their monthly Patch Tuesday…
Hackers Attacking Apache Tomcat Manager From 400 Unique IPs
A significant coordinated attack campaign targeting Apache Tomcat Manager interfaces, with threat actors leveraging approximately 400 unique IP addresses in a concentrated attack that peaked on June 5, 2025. The attack represents a substantial increase in malicious activity, with observed…
Surge in Cyberattacks Targeting Journalists: Cloudflare
Between May 2024 and April 2025, Cloudflare blocked 109 billion malicious requests targeting organizations protected under Project Galileo. The post Surge in Cyberattacks Targeting Journalists: Cloudflare appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce
It’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy. The post The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce appeared first…
NIST Publishes New Zero Trust Implementation Guidance
The new NIST guidance sets out 19 example implementations of zero trust using commercial, off-the-shelf technologies This article has been indexed from www.infosecurity-magazine.com Read the original article: NIST Publishes New Zero Trust Implementation Guidance
JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique
In an extensive campaign affecting 270k webpages, compromised websites were injected with the esoteric JavaScript programming style JSF*ck to redirect users to malicious content. The post JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique appeared first on Unit…
‘Major compromise’ at NHS temping arm exposed gaping security holes
Incident responders suggested sweeping improvements following Active Directory database heist Exclusive Cybercriminals broke into systems belonging to the UK’s NHS Professionals body in May 2024, stealing its Active Directory database, but the healthcare organization never publicly disclosed it, The Register…
Hackers Launch Coordinated Attack on Apache Tomcat Manager from 400 Unique IPs
Cybersecurity researchers at GreyNoise Intelligence have identified a significant coordinated attack campaign targeting Apache Tomcat Manager interfaces across the globe. On June 5, 2025, the company’s threat detection systems registered activity levels far exceeding normal baselines, with nearly 400 unique…
U.S. CISA adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities…
New Campaign Targets Entra ID User Accounts Using Pentesting Tool for Account Takeover
Proofpoint Threat Intelligence has uncovered a large-scale Account Takeover (ATO) campaign, internally tracked as UNK_SneakyStrike, that leverages the open-source penetration testing framework TeamFiltration to target Microsoft Entra ID user accounts across global organizations. The campaign, which began in late 2024,…
Securing the SaaS Browser Experience Through Proactive Measures
Increasingly, organisations are using cloud-based technologies, which has led to the rise of the importance of security concerns surrounding Software as a Service (SaaS) platforms. It is the concept of SaaS security to ensure that applications and sensitive data…