A critical security vulnerability in AWS Amplify Studio has been identified, potentially allowing authenticated users to execute arbitrary JavaScript code during component rendering and build processes. Amazon Web Services (AWS) disclosed and patched this high-severity flaw, tracked as CVE-2025-4318, on…
Category: EN
New Chinese Smishing Kit Dubbed ‘Panda Shop’ Steal Google, Apple Pay & Credit Card Details
A sophisticated new smishing kit dubbed “Panda Shop” has emerged from China, enabling cybercriminals to steal financial data including Google Pay, Apple Pay, and credit card details. This kit leverages advanced social engineering tactics by impersonating trusted organizations like USPS,…
SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks
Austin, USA / Texas, 7th May 2025, CyberNewsWire The post SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks first appeared on Cybersecurity Insiders. The post SpyCloud Analysis Reveals 94% of Fortune 50 Companies…
Using Blob URLs to Bypass SEGs and Evade Analysis
Starting in mid-2022, Cofense Intelligence detected a new technique for successfully delivering a credential phishing page to a user’s inbox: blob URIs (Uniform Resource Identifier). The post Using Blob URLs to Bypass SEGs and Evade Analysis appeared first on Security…
Verosint Vera boosts identity threat detection and response
Verosint launched Vera, an agentic AI security analyst to transform how organizations detect, investigate, and respond to identity-based threats. Built on top of Verosint’s intelligent ITDR platform, Vera is an always-on, expert identity security analyst that works alongside security teams…
Europol, Poland Bust Major DDoS-for-Hire Operation, Arrest 4
Polish authorities arrest 4 behind major DDoS-for-hire sites used in global attacks. Europol, US, Germany, and Dutch forces… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Europol, Poland…
Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025
The healthcare sector has emerged as a prime target for cyber attackers, driven by the increasing reliance on cloud applications and the rapid integration of generative AI (genAI) tools into organizational workflows. According to the Netskope Threat Labs Report for…
PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability
F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers vulnerable to the recently disclosed Apache Parquet vulnerability, CVE-2025-30065. This vulnerability, which received a maximum CVSS score of 10.0, puts countless data-driven environments at risk…
Toll road scams are in overdrive: Here’s how to protect yourself
Have you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam. This article has been indexed from WeLiveSecurity Read the original article: Toll road scams are in overdrive: Here’s…
US Sanctions Myanmar Militia Involved in Cyber Scams
The US has sanctioned Myanmar warlord Saw Chit Thu and his militia for their roles in cyber scams causing billions in losses to American victims. The post US Sanctions Myanmar Militia Involved in Cyber Scams appeared first on SecurityWeek. This…
PoC exploit for SysAid pre-auth RCE released, upgrade quickly!
WatchTowr researchers have released a proof-of-concept (PoC) exploit that chains two vulnerabilities in SysAid On-Prem – the self-hosted version of the platform behind SysAid’s popular IT service management and IT helpdesk solutions – to achieve unauthenticated remote code execution on…
NSO Group Ordered To Pay $167m For 2019 WhatApp Exploit
Jury orders maker of Pegasus spyware to pay WhatsApp millions of dollars in damages for hacking 1,400 people in 2019. This article has been indexed from Silicon UK Read the original article: NSO Group Ordered To Pay $167m For 2019…
SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution
Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling unauthenticated attackers to execute remote commands by exploiting several pre-auth XML External Entity (XXE) injection flaws. The vulnerabilities, registered as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, highlight…
Unsophisticated cyber actors are targeting the U.S. Energy sector
CISA, FBI, EPA, and DoE warn of cyberattacks on the U.S. Energy sector carried out by unsophisticated cyber actors targeting ICS/SCADA systems. The US cybersecurity agency CISA, the FBI, EPA, and the DoE issued a joint alert to warn of…
Spyware Maker NSO Ordered to Pay $167 Million Over WhatsApp Hack
Meta has won its WhatsApp hacking lawsuit against Israeli spyware company NSO Group in an “important step forward for privacy and security”. The post Spyware Maker NSO Ordered to Pay $167 Million Over WhatsApp Hack appeared first on SecurityWeek. This…
Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection
Security Service Edge (SSE) platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices. But there’s a problem: they stop short of where…
SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version
Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been…
Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited, Warns CISA
CISA warns of active exploitation of critical Langflow vulnerability (CVE-2025-3248). Critical RCE flaw allows full server takeover. Patch… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Critical Langflow…
Russian Company Gains Full Control Over Critical Open Source Easyjson Library
A startling discovery by Hunted Labs has brought to light a potential security risk lurking within the heart of the cloud-native ecosystem. The open source Go package easyjson, widely used for optimizing JSON serialization and deserialization, has been found to…
CISA Warns of Cyber Threats to Oil and Gas SCADA and ICS Networks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert warning critical infrastructure operators-particularly those in the oil and natural gas sector-of emerging cyber threats targeting Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) networks.…