Krispy Kreme Doughnut Corporation has confirmed a significant data breach that exposed the personal information of over 160,000 individuals following a ransomware attack in late 2024. The incident, which affected both employees and customers, has raised concerns about data security…
Microsoft Entra ID Expands Passkey (FIDO2) Authentication Methods for Public Preview
Microsoft is expanding the number of passkey authentication methods available in Microsoft Entra ID to improve its identity and access management features. The public preview rollout is scheduled to commence in mid-October 2025, with full deployment expected by mid-November 2025. …
Android Spyware SpyNote That Mimicked Google Translate Hosted in Open Directories
Cybersecurity researchers have uncovered a sophisticated Android spyware campaign involving SpyNote malware cleverly disguised as legitimate applications, including Google Translate, hosted in unsecured open directories across the internet. This discovery highlights the evolving tactics employed by cybercriminals to distribute malicious…
Hackers Deliver Amatera Stealer via Sophisticated Web Injection & Anti-Analysis Features
Cybercriminals have unleashed a new and sophisticated information stealer called Amatera Stealer, which represents a significant evolution in malware-as-a-service offerings targeting sensitive user data. This malicious software emerged as a rebranded and enhanced version of the previously known ACR Stealer,…
Krispy Kreme Confirms Data Breach – Personal Information Stolen by Attackers
Krispy Kreme Doughnut Corporation has confirmed a significant data security incident affecting thousands of current and former employees, along with their family members, following unauthorized access to company systems discovered in late November 2024. The popular doughnut chain became aware…
UBS Employee Data Reportedly Exposed in Third Party Attack
Banking giant UBS revealed it had suffered a data breach following a cyber-attack on procurement service provider Chain IQ This article has been indexed from www.infosecurity-magazine.com Read the original article: UBS Employee Data Reportedly Exposed in Third Party Attack
Hackers Use VBScript Files to Deploy Masslogger Credential Stealer Malware
Seqrite Labs has uncovered a sophisticated variant of the Masslogger credential stealer malware being distributed through VBScript Encoded (.VBE) files. This advanced threat, which likely spreads via spam emails or drive-by downloads, operates as a multi-stage fileless malware, heavily exploiting…
New Campaigns Distribute Malware via Open Source Hacking Tools
Trend Micro and ReversingLabs uncovered over 100 GitHub accounts distributing malware embedded in open source hacking tools. The post New Campaigns Distribute Malware via Open Source Hacking Tools appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Secure Vibe Coding: The Complete New Guide
DALL-E for coders? That’s the promise behind vibe coding, a term describing the use of natural language to create software. While this ushers in a new era of AI-generated code, it introduces “silent killer” vulnerabilities: exploitable flaws that evade traditional…
BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices. Huntress, which revealed…
Dutch Government Advises Children Under 15 To Not Use Social Media
New guidelines issued by Dutch government advises that children under 15 should not use social media platforms This article has been indexed from Silicon UK Read the original article: Dutch Government Advises Children Under 15 To Not Use Social Media
N. Korean Hackers Use PylangGhost Malware in Fake Crypto Job Scam
North Korean hackers deploy PylangGhost malware through fake crypto job interviews targeting blockchain professionals with phishing and remote access tools. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article:…
Qilin Ransomware Rises as Major Threat, Demanding $50M in Ransom
The global cybersecurity landscape is facing a seismic shift as the Qilin ransomware group, also known as Agenda, has surged to the forefront of digital extortion, demanding ransoms as high as $50 million and disrupting critical services worldwide. Once an…
Golden SAML Attack: How Attackers Gain Control of Federation Server’s Private Key
The Golden SAML assault is a lesser-known but much more dangerous threat in a world where password-based hacks breach millions of accounts every month. Unlike common password sprays or phishing attempts, Golden SAML attacks are rare, with Microsoft reporting only…
Viasat Targeted in Cyberattack by Salt Typhoon APT Group
Viasat Inc., a leading U.S. satellite and wireless communications provider, has been identified as the latest victim in a sweeping cyberespionage campaign attributed to the Chinese state-sponsored group known as Salt Typhoon. The breach, which occurred during the 2024 U.S.…
Hackers Leverage VBScript Files to Deploy Masslogger Credential Stealer Malware
A sophisticated new variant of the Masslogger credential stealer has emerged, utilizing VBScript encoded (.VBE) files to deploy a multi-stage fileless malware campaign that operates entirely from the Windows Registry. This advanced threat represents a significant evolution in information-stealing malware,…
Jitter-Trap – A New Technique to Detect Stealthy Beacon Traffic
A new detection method called Jitter-Trap that turns cybercriminals’ own evasion tactics against them, offering new hope in the battle against sophisticated post-exploitation attacks. Released on June 18, 2025, this technique focuses on identifying stealthy beacon communications that traditional security…
Russian Hackers Impersonating as U.S. Department of State to Obtain ASP Passcode
A sophisticated Russian state-sponsored cyber campaign has targeted prominent academics and critics of Russia through an innovative social engineering attack that exploited Google’s Application Specific Password (ASP) functionality. The operation, which ran from April through early June 2025, demonstrated a…
Microsoft Entra ID to Extend Passkey (FIDO2) Authentication Methods to Support Public Preview
Microsoft is expanding the number of passkey authentication methods available in Microsoft Entra ID to improve its identity and access management features. The public preview rollout is scheduled to commence in mid-October 2025, with full deployment expected by mid-November 2025. …
UK gov asks university boffins to pinpoint cyber growth areas where it should splash cash
Good to see government that values its academics (cough cough). Plus: New board criticized for lacking ‘ops’ people Cybersecurity experts have started a formal review into the UK cybersecurity market, at the government’s request, to identify future growth opportunities as…
Threat Actor Exploit GitHub and Hosted 60 GitHub Repositories with 100s of Malware
A threat actor group known as Banana Squad has been found exploiting GitHub, a cornerstone platform for developers worldwide, by hosting over 60 malicious repositories containing hundreds of trojanized Python files. Discovered by the ReversingLabs threat research team, this campaign…
Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers
Java-based malware targets Minecraft users via fake cheat tools, utilizing the Stargazers Ghost Network distribution-as-a-service (DaaS). Check Point researchers found a multi-stage malware on GitHub targeting Minecraft users via Stargazers DaaS, using Java/.NET stealers disguised as cheat tools. Minecraft, one…
Self-Driving Car Video Footage
Two articles crossed my path recently. First, a discussion of all the video Waymo has from outside its cars: in this case related to the LA protests. Second, a discussion of all the video Tesla has from inside its cars.…
Chain IQ, UBS Data Stolen in Ransomware Attack
A ransomware group has claimed the theft of millions of files from procurement service provider Chain IQ and 19 other companies. The post Chain IQ, UBS Data Stolen in Ransomware Attack appeared first on SecurityWeek. This article has been indexed…
IT Security News Hourly Summary 2025-06-19 12h : 16 posts
16 posts were published in the last hour 10:3 : Hackers Exploit Cloudflare Tunnels to Infect Windows Systems With Python Malware 10:3 : The best password generators of 2025: Expert tested 10:3 : Open Next for Cloudflare SSRF Vulnerability Let…
OpenAI’s Altman Hits Out At Meta’s ‘Crazy’ Sign-On Bonuses
Demand for AI skills continues to grow, as Meta allegedly seeks to poach OpenAI staff with signing bonuses of $100m (£74m) This article has been indexed from Silicon UK Read the original article: OpenAI’s Altman Hits Out At Meta’s ‘Crazy’…
Sophisticated Phishing Attack Uses ASP Pages to Target Prominent Russia Critics – Google
Google Threat Intelligence Group (GTIG), in collaboration with external partners, has uncovered a sophisticated phishing campaign orchestrated by a Russia state-sponsored cyber threat actor, tracked as UNC6293. Active from at least April through early June 2025, this campaign specifically targeted…