Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, and still lost by…
Pall Mall Process to Define Responsible Commercial Cyber Intrusion
The Pall Mall Process begins outreach to define guidelines for private commercial intrusion industry This article has been indexed from www.infosecurity-magazine.com Read the original article: Pall Mall Process to Define Responsible Commercial Cyber Intrusion
IT Security News Hourly Summary 2025-12-03 12h : 11 posts
11 posts were published in the last hour 10:32 : French NGO Reporters Without Borders targeted by Calisto in recent campaign 10:32 : Ireland Starts Probes Into LinkedIn, TikTok 10:32 : New “Executive Award” Scam Exploits ClickFix to Deliver Stealerium…
French NGO Reporters Without Borders targeted by Calisto in recent campaign
Some portions of this article were first distributed as a private report to our customers in June 2025. In May and June 2025, TDR team analysts were contacted by two organisations — including the French NGO Reporters Without Borders (RSF)…
Ireland Starts Probes Into LinkedIn, TikTok
Irish media regulator begins investigations into Microsoft’s LinkedIn, ByteDance’s TikTok over content reporting mechanisms This article has been indexed from Silicon UK Read the original article: Ireland Starts Probes Into LinkedIn, TikTok
New “Executive Award” Scam Exploits ClickFix to Deliver Stealerium Malware
A sophisticated new phishing campaign is targeting company executives with a double-pronged attack that steals credentials and deploys information-stealing malware in a single coordinated strike. The “Executive Award” scam, identified by cybersecurity researchers at Trustwave MailMarshal, represents an evolution in…
Critical Elementor Plugin Flaw Allows Attackers to Seize WordPress Admin Control
A severe privilege escalation vulnerability in the King Addons for Elementor WordPress plugin has exposed thousands of websites to complete administrative compromise. The flaw, tracked as CVE-2025-8489 with a critical CVSS score of 9.8, allows unauthenticated attackers to register with…
New Stealth K.G.B RAT Marketed by Threat Actors on Underground Forums
Threat actors on an underground cybercrime forum are allegedly promoting a new remote access Trojan (RAT) bundle dubbed “K.G.B RAT + Crypter + HVNC,” claiming it is “fully undetectable” by security solutions. The post, attributed to a member of a…
Authorities Seize Domains Linked to Tai Chang Cryptocurrency Investment Scam
The United States Justice Department has seized a website domain used to steal money from Americans through fake cryptocurrency investments. The domain, tickmilleas.com, was operated by the Tai Chang scam compound located in Kyaukhat, Burma. This action comes less than…
Threat Actors Using Matanbuchus Downloader to Deliver Ransomware and Maintain Persistence
Threat actors are increasingly abusing the Matanbuchus malicious downloader as a key enabler for hands-on-keyboard ransomware operations, using its backdoor-like capabilities to deliver secondary payloads, move laterally, and maintain long-term persistence on compromised systems. Initially observed in 2020 and offered…
Threat Actors Allegedly Promoting Fully Undetectable K.G.B RAT on Hacker Forums
A concerning development has emerged within the cybercriminal ecosystem as threat actors continue distributing K.G.B RAT, a remote access trojan bundled with advanced detection evasion capabilities. According to recent reports, this tool combination surfaced on underground forums and has caught…
CISA Warns of Iskra iHUB Vulnerability Allowing Remote Device Reconfiguration
A critical warning regarding a severe authentication vulnerability affecting Iskra’s iHUB and iHUB Lite intelligent metering gateways used in energy infrastructure worldwide. The flaw, tracked as CVE-2025-13510, carries a CVSS v4 severity score of 9.3, indicating an exploit that requires…
Angular Platform Vulnerability Allows Malicious Code Execution Via Weaponized SVG Animation Files
A critical Stored XSS vulnerability in Angular’s template compiler (CVE-2025-66412) allows attackers to execute arbitrary code by weaponizing SVG animation attributes. Bypassing Angular’s built-in security sanitization mechanisms and affecting applications using versions below 19.2.17, 20.3.15, or 21.0.2. The Angular template…
HTB AI Range benchmarks the safety and limits of autonomous security agents
Hack The Box (HTB) unveiled HTB AI Range, a controlled AI cyber range built to test and benchmark the safety, limits, and capabilities of autonomous AI security agents. HTB AI Range replicates live, high stakes cyber battlegrounds tailored for enterprise…
Nvidia Says $100bn OpenAI Deal Still Not Finalised
Nvidia says landmark AI infrastructure deal between it and OpenAI still not finalised two months after it was announced This article has been indexed from Silicon UK Read the original article: Nvidia Says $100bn OpenAI Deal Still Not Finalised
India mandates SIM-linked messaging apps to fight rising fraud
India ordered messaging apps to work only with active SIM cards linked to users’ phone numbers to curb fraud and misuse. India’s Department of Telecommunications (DoT) now requires providers of messaging apps to work only with active SIM cards linked…
Exploits and vulnerabilities in Q3 2025
This report provides statistical data on vulnerabilities published and exploits we researched during the third quarter of 2025. It also includes summary data on the use of C2 frameworks. This article has been indexed from Securelist Read the original article:…
’Tis the Season to Be Cyber-Wary: How Thales Protects Against Account Takeover During Peak Shopping Season
The holiday shopping season is the busiest time of year for online retailers, and increasingly the most dangerous. As traffic surges and customers rush to place orders, cybercriminals use the distraction and volume to blend in. Account Takeover (ATO) attacks…
Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems
Cybersecurity researchers have discovered a malicious Rust package that’s capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine (EVM) unit helper tool. The Rust…
Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code
Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool’s protections. Picklescan, developed and maintained by Matthieu Maitre (@mmaitre314),…
Samsung Launches Double-Hinged Smartphone
Samsung’s Galaxy Z TriFold is its first entry into emerging double-hinged foldable smartphone market, as foldables grow rapidly This article has been indexed from Silicon UK Read the original article: Samsung Launches Double-Hinged Smartphone
Let’s Encrypt to Reduce Certificate Validity from 90 Days to 45 Days
Let’s Encrypt has officially announced plans to reduce the maximum validity period of its SSL/TLS certificates from 90 days to 45 days. The transition, which will be completed by 2028, aligns with broader industry shifts mandated by the CA/Browser Forum…
Threat Actors Leveraging Matanbuchus Malicious Downloader to Ransomware and Establish Persistence
Matanbuchus represents a significant threat in the cybercriminal landscape as a dangerous malware downloader written in C++. Since 2020, this tool has been sold as Malware-as-a-Service, allowing threat actors to rent access and deploy it against targeted organizations. In July…
BPFDoor and Symbiote Rootkits Attacking Linux Systems Exploiting eBPF Filters
Two sophisticated Linux rootkits are posing increasingly serious threats to network security by exploiting eBPF technology to hide their presence from traditional detection systems. BPFDoor and Symbiote, both originating from 2021, represent a dangerous class of malware that combines advanced…