Having taken a look at AppSuite in one of our last articles, we have started pulling on a few loose threads to see where it would take us. It turns out that there are relationships with other malicious programs –…
Category: EN
New Phoenix Rowhammer Attack Variant Bypasses Protection With DDR5 Chips
A new Rowhammer attack variant named Phoenix can bypass the latest protections in modern DDR5 memory chips, researchers have revealed. The attack is the first to demonstrate a practical privilege escalation exploit on a commodity system equipped with DDR5 RAM,…
0-Click Linux Kernel KSMBD RCE Exploit From N-Day Vulnerabilities
A 0-Click Linux Kernel KSMBD RCE Exploit From N-Day Vulnerabilities, achieving remote code execution on a two-year-out-of-date Linux 6.1.45 instance running the kernelspace SMB3 daemon, ksmbd. By chaining two authenticated N-day flaws, CVE-2023-52440 and CVE-2023-4130, the exploit attains an unauthenticated…
New Maranhão Stealer Via Pirated Software Leveraging Cloud-Hosted Platforms to Steal Login Credentials
Since May 2025, a novel credential stealer dubbed Maranhão Stealer has emerged as a significant threat to users of pirated gaming software. Distributed through deceptive websites hosting cracked launchers and cheats, the malware leverages cloud-hosted platforms to deliver trojanized installers…
Open Source CyberSOCEval Sets New Standards for AI in Malware Analysis and Threat Intelligence
A groundbreaking open-source benchmark suite called CyberSOCEval has emerged as the first comprehensive evaluation framework for Large Language Models (LLMs) in Security Operations Center (SOC) environments. Released as part of CyberSecEval 4, this innovative benchmark addresses critical gaps in cybersecurity…
Endpoint Security Firm Remedio Raises $65 Million in First Funding Round
The bootstrapped company will invest in an AI-powered unified enterprise platform combining configuration, compliance, patching, and vulnerability management. The post Endpoint Security Firm Remedio Raises $65 Million in First Funding Round appeared first on SecurityWeek. This article has been indexed…
Prolific Hackers Claim They Are ‘Going Dark’
Hackers who claim to be behind high-profile cyber-attacks this year say they have ‘fulfilled objectives’ and are ceasing activities This article has been indexed from Silicon UK Read the original article: Prolific Hackers Claim They Are ‘Going Dark’
China-linked Mustang Panda deploys advanced SnakeDisk USB worm
China-linked APT group Mustang Panda has been spotted using a new USB worm called SnakeDisk along with a new version of known malware China-linked APT group Mustang Panda (aka Hive0154, Camaro Dragon, RedDelta or Bronze President) has been spotted using an updated version of the TONESHELL…
Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds
A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor vendor SK Hynix. The RowHammer attack variant, codenamed Phoenix (CVE-2025-6202,…
JLR Suppliers ‘At Risk’ As Cyber-Attack Fallout Continues
Government faces calls to support Jaguar Land Rover suppliers as UK factories remain shuttered after cyber-attack This article has been indexed from Silicon UK Read the original article: JLR Suppliers ‘At Risk’ As Cyber-Attack Fallout Continues
Apple Releases Security Update Patching Multiple Vulnerabilities in iOS 26 and iPadOS 26
Apple has released a comprehensive security update for iOS 26 and iPadOS 26, addressing 27 vulnerabilities across multiple system components. The update, released on September 15, 2025, targets devices including iPhone 11 and later models, along with various iPad generations from iPad…
Microsoft Releases Fix for Windows 11 24H2 Bluetooth Audio Malfunction Affecting Headsets and Speakers
Microsoft has successfully resolved a critical audio compatibility issue that left thousands of Windows 11 version 24H2 users without functioning Bluetooth headsets, speakers, and integrated laptop audio devices. The company released a targeted driver update on September 12, 2025, addressing…
China slaps 1-hour deadline on reporting serious cyber incidents
Cyberspace watchdog tightens reporting regime, leaving little time to hide incidents Beijing will soon expect Chinese network operators to ‘fess up to serious cyber incidents within an hour of spotting them – or risk penalties for dragging their feet.… This…
Android security changes, CISA incentive audit, LLM usage
Android moving to “risk-based” security updates CISA accused of Cyber Incentive mismanagement How security practitioners use LLMs Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust…
Balenciaga, Gucci, Alexander McQueen Customer Data Stolen
Hacking group steals data from luxury brands through parent company Kering, in latest of string of attacks on retailers this year This article has been indexed from Silicon UK Read the original article: Balenciaga, Gucci, Alexander McQueen Customer Data Stolen
Spring Framework Security Flaws Allow Authorization Bypass and Annotation Detection Issues
A pair of medium-severity vulnerabilities in the Spring Framework and Spring Security libraries were disclosed on September 15, 2025. Both flaws involve the annotation detection mechanism used by Spring Security’s method security features and can lead to authorization bypass in…
Windows 11 upgrade failed? These are my 4 most powerful troubleshooting secrets
If you’ve encountered a problem with a Windows upgrade, you know how maddeningly unhelpful Windows error messages can be. These are my favorite troubleshooting tricks. This article has been indexed from Latest news Read the original article: Windows 11 upgrade…
Insider breach at FinWise Bank exposes data of 689,000 AFF customers
An ex-employee caused an insider breach at FinWise Bank, exposing data of 689,000 American First Finance customers. FinWise Bank is a Utah-based community bank, FDIC-insured, that partners with fintechs and lenders to offer consumer loans, small business financing, and deposit…
Salt Security secures AI agent actions across enterprise APIs
Salt Security introduced a new solution designed to secure the actions AI agents take within the enterprise. As large organizations adopt agentic AI, agents are increasingly making real-time API calls through protocols like MCP and A2A, creating a new layer…
APT28 Operation Phantom Net Voxel
This post was originally distributed as a private FLINT report to our customers on 12 August 2025. Introduction Sekoia.io’s Threat Detection and Response (TDR) team closely monitors APT28 as one of its highest-priority threat actors. In early 2025 a trusted…