CastleLoader, a sophisticated malware loader, has compromised over 400 devices since its debut in early 2025, with cybersecurity firm PRODAFT reporting 469 infections out of 1,634 attempts by May 2025, achieving a staggering 28.7% success rate. This modular threat actor…
What Does Palantir Actually Do?
Palantir is often called a data broker, a data miner, or a giant database of personal information. In reality, it’s none of these—but even former employees struggle to explain it. This article has been indexed from Security Latest Read the…
UK retail giant M&S restores Click & Collect months after cyber attack, some services still down
Many core offerings now back in action, says retailer British retailer Marks and Spencer updated its website today, confirming its Click & Collect service is once again available to customers.… This article has been indexed from The Register – Security…
Flaws in Major Automaker’s Dealership Systems Allowed Car Hacking, Personal Data Theft
A researcher has demonstrated how a platform used by over 1,000 dealerships in the US could have been used to hack cars. The post Flaws in Major Automaker’s Dealership Systems Allowed Car Hacking, Personal Data Theft appeared first on SecurityWeek.…
IT Security News Hourly Summary 2025-08-11 12h : 9 posts
9 posts were published in the last hour 10:4 : Smart Buses flaws expose vehicles to tracking, control, and spying 10:4 : Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada 10:4 : Ingram Micro Faces Alleged Breach by…
Legitimate System Functions Exploited to Steal Secrets in Shared Linux Setups
Security researcher Ionuț Cernica revealed how commonplace Linux utilities can be weaponized to siphon sensitive data in multi-tenant environments. His talk, “Silent Leaks: Harvesting Secrets from Shared Linux Environments,” exposed that without any root privileges or zero-day exploits, attackers can…
Embargo Ransomware Gang Amasses $34.2m in Attack Proceeds
TRM Labs observed crypto payments worth $34.2m moved from victims addresses to a range of destinations likely associated with the group This article has been indexed from www.infosecurity-magazine.com Read the original article: Embargo Ransomware Gang Amasses $34.2m in Attack Proceeds
Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild
CVE-2025-32433 allows for remote code execution in sshd for certain versions of Erlang programming language’s OTP. We reproduced this CVE and share our findings. The post Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild…
SoupDealer Malware Evades Sandboxes, AVs, and EDR/XDR in Real-World Attacks
The SoupDealer malware has successfully bypassed nearly all public sandboxes and antivirus solutions, with the exception of Threat.Zone, while also evading endpoint detection and response (EDR) and extended detection and response (XDR) systems in documented real-world incidents. This advanced threat…
Dia’s Paid Plan Marks New Phase in AI-Powered Web Browsing
Dia, an AI-powered browser from The Browser Company, launches a $20 Pro plan billed as “unlimited” AI access, but subject to Terms that can curb heavy use. This article has been indexed from Security | TechRepublic Read the original article:…
Anthropic’s Claude Code Arms Developers With Always-On AI Security Reviews
Anthropic’s Claude Code now features continuous AI security reviews, spotting vulnerabilities in real time to keep unsafe code from reaching production. This article has been indexed from Security | TechRepublic Read the original article: Anthropic’s Claude Code Arms Developers With…
Inside the Multimillion-Dollar Gray Market for Video Game Cheats
Gaming cheats are the bane of the video game industry—and a hot commodity. A recent study found that cheat creators are making a fortune from gamers looking to gain a quick edge. This article has been indexed from Security Latest…
SSHamble – New Open Source Tool to Exploit Vulnerabilities in SSH Protocol
SSHAmble is a powerful open-source reconnaissance tool designed to identify and exploit vulnerabilities in SSH implementations across internet-facing systems. Presented at DEFCON 33, this research tool has already uncovered significant security flaws in major networking equipment and exposed widespread SSH…
Xerox FreeFlow Vulnerabilities leads to SSRF and RCE Attacks
An urgent security update has been released for Xerox FreeFlow Core software, addressing two critical vulnerabilities that could allow attackers to execute remote code and perform server-side request forgery attacks. The vulnerabilities, identified as CVE-2025-8355 and CVE-2025-8356, affect FreeFlow Core…
APT Sidewinder Spoofs Government and Military Institutions to Steal Login Credentials
APT Sidewinder, a persistent threat actor believed to originate from South Asia, has launched a sophisticated credential harvesting campaign targeting government and military entities across Bangladesh, Nepal, Turkey, and neighboring countries. The group has demonstrated remarkable adaptability in their phishing…
Smart Buses flaws expose vehicles to tracking, control, and spying
Researchers showed how hackers can exploit flaws in a bus’ onboard and remote systems for tracking, control and spying. Researchers Chiao-Lin ‘Steven Meow’ Yu of Trend Micro Taiwan and Kai-Ching ‘Keniver’ Wang of CHT Security, found that vulnerabilities in smart…
Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada
WinRAR has patched CVE-2025-8088, a zero-day exploited by Russia’s RomCom in attacks on financial, defense, manufacturing and logistics companies. The post Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada appeared first on SecurityWeek. This article has been indexed…
Ingram Micro Faces Alleged Breach by SafePay with Ransom Threat
As Ingram Micro is dealing with a widespread outage in its global technology distribution operations that appears to be directly linked to a ransomware attack by the cybercrime group SafePay, the company appears to be experiencing a significant disruption.…
WinRAR zero day exploited by RomCom hackers in targeted attacks
ESET researchers have discovered a previously unknown vulnerability in WinRAR, exploited in the wild by Russia-aligned group RomCom. If you use WinRAR or related components such as the Windows versions of its command line tools, UnRAR.dll, or the portable UnRAR…
Multiple Critical Flaws Hit Zero Trust Products from Check Point, Zscaler, and Netskope
Security researchers at AmberWolf have uncovered critical vulnerabilities in leading Zero Trust Network Access (ZTNA) solutions from major cybersecurity vendors, potentially exposing thousands of organizations to authentication bypasses and privilege escalation attacks. The findings were presented at DEF CON 33…
Malware Campaign Masquerades as Tesla in Poisoned Google Ads
A malware operation has surfaced in the context of a complex cyber threat landscape, using tainted Google Ads to pose as Tesla and trick consumers into placing fictitious preorders for the unannounced Optimus humanoid robot. Security researchers have identified multiple…
5 bloatware apps you should delete from your Samsung phone ASAP
Samsung devices come loaded with preinstalled apps – and some of them can be real drains on storage and memory. These five are the biggest culprits. This article has been indexed from Latest news Read the original article: 5 bloatware…
Your CV is not fit for the 21st century – time to get it up to scratch
And yes, that means (retch) catering to AI searchers The job market is queasy and since you’re reading this, you need to upgrade your CV. It’s going to require some work to game the poorly trained AIs now doing so…
Eight Countries Face EU Action Over NIS2 Deadline Failings
Eight European countries have yet to transpose NIS2 into law, exposing them to regulatory action This article has been indexed from www.infosecurity-magazine.com Read the original article: Eight Countries Face EU Action Over NIS2 Deadline Failings