In a sophisticated cybersecurity incident discovered on June 16, 2025, security researchers identified a malicious payload cleverly hidden within a JPEG image using a combination of steganography and modified Base64 encoding techniques. The malware, embedded after the file’s End Of…
46,000+ Grafana Instances Exposed to Malicious Account Takeover Attacks
A critical vulnerability affecting over 46,000 publicly accessible Grafana instances worldwide, with 36% of all public-facing deployments vulnerable to complete account takeover attacks. The newly discovered flaw, designated CVE-2025-4123 and dubbed “The Grafana Ghost,” represents a significant threat to organizations…
20+ Malicious Apps on Google Play Actively Attacking Users to Steal Login Credentials
A sophisticated phishing operation involving more than 20 malicious applications distributed through the Google Play Store, specifically designed to steal cryptocurrency wallet credentials from unsuspecting users. The discovery, made by Cyble Research and Intelligence Labs (CRIL), reveals a coordinated campaign…
Hackers Upload Weaponized Packages to PyPI Repositories to Steal AWS, CI/CD and macOS Data
A sophisticated malware campaign has emerged targeting the Python Package Index (PyPI) repository, with cybercriminals deploying weaponized packages designed to steal sensitive cloud infrastructure credentials and corporate data. The malicious package, identified as “chimera-sandbox-extensions,” represents a new breed of supply…
Zoomcar Says Hackers Accessed Data of 8.4 Million Users
The Indian car sharing marketplace Zoomcar learned that its systems were hacked after a threat actor contacted employees. The post Zoomcar Says Hackers Accessed Data of 8.4 Million Users appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Asheville Eye Associates Says 147,000 Impacted by Data Breach
Asheville Eye Associates says the personal information of 147,000 individuals was stolen in a November 2024 data breach. The post Asheville Eye Associates Says 147,000 Impacted by Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Police shut down long-running dark web drug market
Law enforcement authorities across Europe have dismantled Archetyp Market, the most enduring dark web drug market, following a large-scale operation involving six countries, supported by Europol and Eurojust. Between 11 and 13 June, a series of coordinated actions took place…
Playbook: Transforming Your Cybersecurity Practice Into An MRR Machine
Introduction The cybersecurity landscape is evolving rapidly, and so are the cyber needs of organizations worldwide. While businesses face mounting pressure from regulators, insurers, and rising threats, many still treat cybersecurity as an afterthought. As a result, providers may struggle…
⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More
Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren’t. Attackers now know how to stay hidden by blending in, and that makes it hard to tell when something’s wrong.…
North Korean APT Hackers Target Ukrainian Government Agencies to Steal Login Credentials
North Korean Advanced Persistent Threat (APT) hackers, specifically the Konni group, have shifted their focus to Ukrainian government agencies in a targeted phishing campaign aimed at stealing login credentials and distributing malware. This attack, observed in February 2025, marks a…
New Anubis RaaS includes a wiper module
Anubis RaaS now includes a wiper module, permanently deleting files. Active since Dec 2024, it launched an affiliate program in Feb 2025. Anubis is a new RaaS that combines file encryption capability with a rare “wipe mode,” permanently deleting files…
BKA schaltet Darknet-Marktplatz “Archetyp Market” ab
Strafverfolger haben den mutmaßlichen Betreiber des Darknet-Markts “Archetyp Market” festgenommen und die Plattform abgeschaltet. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: BKA schaltet Darknet-Marktplatz “Archetyp Market” ab
[NEU] [mittel] OTRS: Schwachstelle ermöglicht nicht spezifizierten Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in OTRS ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] OTRS: Schwachstelle ermöglicht…
Got a new password manager? How to clean up the credential mess you left in the cloud
Every major browser on every platform offers a way to save passwords and passkeys. If you use a third-party password manager, those built-in features can create a big mess. Here’s how to clean things up. This article has been indexed…
Generative AI Is Moving Fast. Are Your Security Practices Keeping Up?
We are in the middle of an AI gold rush. Generative AI (Gen AI) has exploded from research labs into everyday business workflows at breakneck speed. Marketing, software development, customer support, HR, companies across industries deploy Gen AI tools to…
240,000 Impacted by Data Breach at Eyecare Tech Firm Ocuco
The KillSec ransomware group has stolen hundreds of gigabytes of data from Ireland-based eyecare technology company Ocuco. The post 240,000 Impacted by Data Breach at Eyecare Tech Firm Ocuco appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
GUEST ESSAY: The AI illusion: Don’t be fooled, innovation without guardrails is just risk–at scale
Artificial intelligence is changing everything – from how we search for answers to how we decide who gets hired, flagged, diagnosed, or denied. Related: Does AI take your data? It offers speed and precision at unprecedented scale. But without intention,…
Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus
Nessus users should update patches as soon as possible This article has been indexed from www.infosecurity-magazine.com Read the original article: Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus
IT Security News Hourly Summary 2025-06-16 12h : 20 posts
20 posts were published in the last hour 10:3 : Anubis Ransomware Introduces Irreversible File Destruction Feature 10:3 : Microsoft Purview DLP Now Controls Copilot’s Access to Sensitive Email Data 10:3 : Over 20 Malicious Google Play Apps Steal Users’…
5 Dinge, die du diese Woche wissen musst: Rückschau auf die WWDC – wo hat Apple wirklich überzeugt?
Jeden Montagmorgen berichten wir über fünf Dinge, die zum Wochenstart wichtig sind. Diesmal geht es um die WWDC, Android 16, die Rechenleistung bei DeepL, Steve Jobs und die Frage, warum Menschen eine hohe Wechselbereitschaft für ihren Job zeigen. Dieser Artikel…
Nie wieder schädliche Links: Diese Android-App schützt euch vor versteckter Malware
Unbekannte Links stellen ein großes Sicherheitsrisiko für Smartphone-User:innen dar. Denn dahinter können sich schädliche Webseiten und Malware-Downloads verstecken. Eine Android-App möchte euch davor schützen, indem sie als Schutzschild fungiert. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen…
"Höchste Priorität": Mark Zuckerberg sucht 50 Experten für sein KI-Team – wir hätten da ein paar Vorschläge
Meta will bei der Entwicklung einer menschenähnlichen Intelligenz jetzt richtig Gas geben und sucht 50 Expert:innen. Wir hätten da mal ein paar Vorschläge. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen Sie den originalen Artikel: "Höchste Priorität":…
Hackers Compromise Discord Invite to Inject Malicious Links Delivering AsyncRAT
Threat actors have exploited Discord’s invite system to distribute malicious links, ultimately delivering AsyncRAT and other harmful payloads. Discord, a widely trusted platform for gamers, developers, and communities, has become a target for cybercriminals who abuse its infrastructure particularly the…
Hackers Can Hide Images in Text Data and Embeds Directly into DNS TXT Records
A novel method has emerged that demonstrates how digital images can be seamlessly embedded within DNS TXT records, effectively transforming domain name infrastructure into an unconventional image storage system. This innovative technique, dubbed “dnsimg,” represents a novel approach to data…