Common email phishing tactics in 2025 include PDF attachments with QR codes, password-protected PDF documents, calendar phishing, and advanced websites that validate email addresses. This article has been indexed from Securelist Read the original article: The evolving landscape of email…
IT Security News Hourly Summary 2025-10-21 12h : 7 posts
7 posts were published in the last hour 10:5 : XRayC2 – Weaponizing AWS X-Ray for Covert Command and Control (C2) 10:4 : Myanmar Military Shuts Down Major Cybercrime Center and Detains Over 2,000 People 10:4 : Over 73,000 WatchGuard…
XRayC2 – Weaponizing AWS X-Ray for Covert Command and Control (C2)
XRayC2 shows how AWS X-Ray can be abused as a covert command and control channel. Practical walkthrough, install, attack scenario, detections. This article has been indexed from Darknet – Hacking Tools, Hacker News & Cyber Security Read the original article:…
Myanmar Military Shuts Down Major Cybercrime Center and Detains Over 2,000 People
Myanmar is notorious for hosting cyberscam operations responsible for bilking people all over the world. The post Myanmar Military Shuts Down Major Cybercrime Center and Detains Over 2,000 People appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Over 73,000 WatchGuard Firebox Devices Impacted by Recent Critical Flaw
Affecting the Fireware OS iked process, the vulnerability can lead to remote code execution and does not require authentication. The post Over 73,000 WatchGuard Firebox Devices Impacted by Recent Critical Flaw appeared first on SecurityWeek. This article has been indexed…
Apple App Store Faces Regulatory Complaint In China
Group of Chinese users complains to market regulator over App Store policies including ban on alternative app stores, payment restrictions This article has been indexed from Silicon UK Read the original article: Apple App Store Faces Regulatory Complaint In China
A shot in the dark: Can malware vaccines stop ransomware’s rampage?
Security pros explore whether infection-spoofing code can immunize Windows systems against attack Feature What’s better, prevention or cure? For a long time the global cybersecurity industry has operated by reacting to attacks and computer viruses. But given that ransomware has…
VirusTotal Success Stories – SEQRITE
Introduction One of the best parts of being at VirusTotal (VT) is seeing all the amazing ways our community uses our tools to hunt down threats. We love hearing about your successes, and we think the rest of the community…
US Regulator Probes Waymo Over School Bus Incident
US road safety regulator opens new probe into Waymo after video surfaces of self-driving car illegally passing stationary school bus This article has been indexed from Silicon UK Read the original article: US Regulator Probes Waymo Over School Bus Incident
New Phishing Emails Pretend to Offer Jobs to Steal Facebook Logins
Sublime Security warns of a massive credential phishing scam using fake job offers from brands like KFC and Red Bull to steal Facebook login details. Don’t fall for the trap. This article has been indexed from Hackread – Cybersecurity News,…
Critical ASP.NET Vulnerability Allows Attacker To Bypass Security Feature Remotely
Microsoft has disclosed a serious security flaw in ASP.NET Core that enables authenticated attackers to smuggle HTTP requests and evade critical protections. Tracked as CVE-2025-55315, the vulnerability stems from inconsistent handling of HTTP requests, a classic issue known as HTTP…
ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration
A critical vulnerability in Zyxel’s ATP and USG series firewalls that allows attackers to bypass authorization controls and access sensitive system configurations. Dubbed CVE-2025-9133, this flaw affects devices running firmware versions up to V5.40(ABPS.0) and enables unauthorized viewing and downloading…
CISA Confirms Exploitation of Latest Oracle EBS Vulnerability
The cybersecurity agency has added CVE-2025-61884 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Confirms Exploitation of Latest Oracle EBS Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: CISA Confirms…
NASA To Reopen Artemis Lunar Lander Contract
NASA says it will reopen its contract for the Artemis III crewed Moon mission, following delays to SpaceX’s Starship This article has been indexed from Silicon UK Read the original article: NASA To Reopen Artemis Lunar Lander Contract
PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations
Kaspersky GReAT experts break down a recent PassiveNeuron campaign that targets servers worldwide with custom Neursite and NeuralExecutor APT implants and Cobalt Strike. This article has been indexed from Securelist Read the original article: PassiveNeuron: a sophisticated campaign targeting servers…
Zero Trust Everywhere: a new era in cybersecurity for European organizations
Zero trust is the best kind of trust when it comes to securing your organization, says ZScaler Partner Content Many organizations across Europe have taken steps to implement Zero Trust principles, securing users, devices, workloads, and applications. But while these…
Pro-Russia Information Operations Leverage Russian Drone Incursions into Polish Airspace
Written by: Alden Wahlstrom, David Mainor Introduction Google Threat Intelligence Group (GTIG) observed multiple instances of pro-Russia information operations (IO) actors promoting narratives related to the reported incursion of Russian drones into Polish airspace that occurred on Sept. 9-10, 2025.…
iPhone 17 Sees Major Sales Boost Over Previous Generation
Apple’s iPhone 17 sold 14 percent more units than the previous generation in its first 10 days in the US and China, Counterpoint Research said, as the California-based company continues to face competitive pressure from Android phone makers such as…
Cavalry Werewolf APT Targets Multiple Sectors Using FoalShell and StallionRAT
From May to August 2025, an advanced persistent threat group known as Cavalry Werewolf—also tracked as YoroTrooper and Silent Lynx—executed a sophisticated attack campaign targeting Russia’s public sector and vital industries such as energy, mining, and manufacturing. The coordinated offensive…
Anti-fraud body leaks dozens of email addresses in invite mishap
Calendar cock-up exposed recipients’ details Anti-fraud nonprofit Cifas was left red-faced after sending out a calendar invite that exposed the email addresses of dozens of individuals working across the fraud space.… This article has been indexed from The Register –…
Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network
A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon. The organization, per Darktrace, was targeted in the first week of July 2025, with…
Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers
A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased “operations tempo” from the threat actor. The findings come from Google Threat Intelligence Group (GTIG), which said…
Lumma Stealer Developers Doxxed in Underground Rival Cybercrime Campaign
Lumma Stealer operators allegedly exposed in underground doxxing campaign, with sensitive details leaked by rival cybercriminals, according to Trend Micro This article has been indexed from www.infosecurity-magazine.com Read the original article: Lumma Stealer Developers Doxxed in Underground Rival Cybercrime Campaign
Home Depot Halloween phish gives users a fright, not a freebie
Boo! A Home Depot Halloween “giveaway” isn’t a treat—it’s a phishing trick. Fake links, tracking pixels, and compromised sites are the real prizes here. This article has been indexed from Malwarebytes Read the original article: Home Depot Halloween phish gives…