Acreed, a novel infostealer first observed in February 2025, has rapidly gained traction among threat actors seeking discreet credential and cryptocurrency data harvesting. Leveraging a unique command-and-control (C2) mechanism via the Steam platform’s community profiles, Acreed exhibits advanced OPSEC measures…
Category: EN
WhatsApp 0-Click Flaw Abused via Malicious DNG Image File
A newly discovered zero-click remote code execution (RCE) vulnerability in WhatsApp is putting millions of Apple users at risk. Researchers from DarkNavyOrg have demonstrated a proof-of-concept (PoC) exploit that leverages two distinct flaws to compromise iOS, macOS, and iPadOS devices without any…
The State of AI in the SOC 2025 – Insights from Recent Study
Security leaders are embracing AI for triage, detection engineering, and threat hunting as alert volumes and burnout hit breaking points. A comprehensive survey of 282 security leaders at companies across industries reveals a stark reality facing modern Security Operations Centers:…
DarkCloud Infostealer Relaunched to Grab Credentials, Crypto and Contacts
eSentire TRU analyses the new DarkCloud V4.2 infostealer, rewritten in VB6. Find out how the malware steals browser data, crypto, and contacts via targeted phishing. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI &…
Cybercriminals Target SonicWall Firewalls to Deploy Akira Ransomware via Malicious Login Attempts
Security teams face a rapidly evolving campaign that abuses compromised SonicWall SSL VPN credentials to deliver Akira ransomware in under four hours—dwell times among the shortest ever recorded for this type of threat. Within minutes of successful authentication—often originating from…
How to Use a Password Manager to Share Your Logins After You Die (2025)
Your logins will live on after you pass on. Make sure they end up in the right hands. This article has been indexed from Security Latest Read the original article: How to Use a Password Manager to Share Your Logins…
SUSE Rancher Vulnerabilities Let Attackers Lockout the Administrators Account
A critical flaw in SUSE Rancher’s user management module allows privileged users to disrupt administrative access by modifying usernames of other accounts. Tracked as CVE-2024-58260, this vulnerability affects Rancher Manager versions 2.9.0 through 2.12.1, enabling both username takeover and full…
WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File
WhatsApp 0-click remote code execution (RCE) vulnerability affecting Apple’s iOS, macOS, and iPadOS platforms, detailed with a proof of concept demonstration. The attack chain exploits two distinct vulnerabilities, identified as CVE-2025-55177 and CVE-2025-43300, to compromise a target device without requiring…
UK minister suggests government could ditch ‘dangerous’ Elon Musk’s X
Ed Miliband takes aim at social media overlord for promoting violence and disinformation The UK government should consider the possibility of leaving social media platform X, a high-profile minister has suggested.… This article has been indexed from The Register –…
How Users Can Identify Spying on Their Wi-Fi Network
The wireless network has become a powerful invisible infrastructure that powers both homes and businesses in today’s interconnected world, silently enabling everything from personal communication to business operations. In the same way that electricity has transformed from being an…
SpamGPT: AI-Powered Phishing Tool Puts Cybersecurity at Risk
While most people have heard of ChatGPT, a new threat called SpamGPT is now making headlines. Security researchers at Varonis have discovered that this professional-grade email campaign tool is designed specifically for cybercriminals. The platform, they report, offers “all…
Akira Ransomware bypasses MFA on SonicWall VPNs
Akira ransomware is targeting SonicWall SSL VPNs, bypassing OTP MFA on accounts, likely using stolen OTP seeds. Since July 2025, Akira ransomware has exploited SonicWall SSL VPNs, likely using credentials obtained from the exploitation of the CVE-2024-40766 vulnerability, bypassing OTP…
Harrods blames its supplier after crims steal 430k customers’ data in fresh attack
Attackers make contact but negotiations fall on deaf ears Luxury London-based retailer Harrods is facing its second cybersecurity scandal in 2025, confirming criminals not only stole 430,000 customers’ data in a fresh attack but have even made contact.… This article…
Cyberattack on JLR Prompts £1.5 Billion UK Government Intervention
The government has announced a support package, but a cybersecurity expert has raised some concerns. The post Cyberattack on JLR Prompts £1.5 Billion UK Government Intervention appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
SafeHill Emerges from Stealth With $2.6 Million Pre-Seed Funding
Co-founder Hector Monsegur, formerly known as “Sabu,” a black hat hacker and leader of LulzSec, now serves as SafeHill’s chief research officer. The post SafeHill Emerges from Stealth With $2.6 Million Pre-Seed Funding appeared first on SecurityWeek. This article has…
Two-Thirds of Organizations Have Unfilled Cybersecurity Positions
Recruitment and retention remain a significant challenge for security teams, amid growing pressures on cyber professionals This article has been indexed from www.infosecurity-magazine.com Read the original article: Two-Thirds of Organizations Have Unfilled Cybersecurity Positions
New Olymp Loader Malware-as-a-Service Promises Defender Bypass with Auto Certificate Signing
Olymp Loader, a newly emerged Malware-as-a-Service (MaaS) offering, has rapidly gained traction across underground forums and Telegram since its debut on June 5, 2025. Developed by a trio of seasoned Assembly coders under the alias “OLYMPO,” the loader boasts fully…
Tile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers Say
A team of researchers found that, by not encrypting the data broadcast by Tile tags, users could be vulnerable to having their location information exposed to malicious actors. This article has been indexed from Security Latest Read the original article:…
Lesson From Cisco ASA 0-Day RCE Vulnerability That Actively Exploited In The Wild
The cybersecurity landscape experienced a significant escalation in September 2025, when Cisco disclosed multiple critical zero-day vulnerabilities affecting its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) platforms. At the center of this security crisis lies CVE-2025-20333, a devastating…
Jaguar Land Rover gets £1.5B government jump-start after cyber breakdown
Hundreds of thousands of workers in financial despair supported with landmark loan The UK government is stepping in with financial support for Jaguar Land Rover, providing it with a hefty loan as it continues to battle the fallout from a…