The Chinese have a new tool called Massistant. Massistant is the presumed successor to Chinese forensics tool, “MFSocket”, reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico. The forensics tool works in tandem with a corresponding desktop…
Top-Rated Shopify Plugin Exposes Hundreds of Stores to Takeovers, Token Leaks
A Shopify plugin meant to safeguard privacy did the opposite. For over 100 days, it quietly exposed hundreds of online stores to the kind of risk most businesses dread; data theft, full account takeover, and hijacked ad spend. Ironically, the…
Pro-Russian Cybercrime Group NoName057(16) Hit Hard in Global Takedown
A global police operation has dealt a heavy blow to the pro-Russian cybercrime network dubbed NoName057(16), which has been accused of launching disruptive digital attacks in support of Moscow’s war against Ukraine. Between 14 and 17 July, law enforcement agencies…
Lessons Learned from Steelcon’s 10th Anniversary
Every year, the security community attends regional conferences, which offer a combination of educational learning, hands-on training, and the opportunity to meet with new and familiar faces. Steelcon takes place in Sheffield in mid-July. This year, the conference marked its…
Cyber Attacks Surge 21% Globally in Q2 2025 – Europe Takes the Hardest Hit
Cyber attacks are rising. Fast. In the second quarter of 2025, entities around the world faced an average of 1,984 cyber attacks each week. This was revealed by new research from Check Point. That’s a 21% increase from the same…
Cybercriminals Are Using AI to Cloak Malicious Websites
Cybercriminals have found a new way to stay hidden in plain sight. They’re using artificial intelligence to cloak phishing sites, fake stores, and malware traps, shielding them from scanners while still reaching real victims. This was revealed by recent research…
Hackers are Using ClickFix Techniques to Deliver NetSupport RAT, Latrodectus and Lumma Stealer Malware
Emerging in late 2024 and surging throughout the first half of 2025, ClickFix has become a pervasive social-engineering vector in which threat actors trick users into executing malicious commands under the guise of “quick fixes” for common computer issues. Rather…
New WAFFLED Attack Exploits AWS, Azure, Cloud Armor, Cloudflare, and ModSecurity WAFs
WAFFLED is a recently disclosed technique that evades leading Web Application Firewalls (WAFs) by targeting subtle parsing inconsistencies rather than tampering with the malicious payload itself. By mutating innocuous elements such as boundary delimiters in multipart/form-data, character sets in application/json,…
Signal App Clone TeleMessage Vulnerability May Leak Passwords; Hackers Exploiting It
A critical security vulnerability in TeleMessageTM SGNL, an enterprise messaging system modeled after Signal, has been actively exploited by cybercriminals seeking to extract sensitive user credentials and personal data. The flaw, designated CVE-2025-48927, affects government agencies and enterprises using this…
CISA Releases 3 ICS Advisories Covering Vulnerabilities and Exploits
CISA issued three significant Industrial Control Systems (ICS) advisories on July 17, 2025, addressing critical vulnerabilities affecting energy monitoring, healthcare imaging, and access control systems. These advisories highlight severe security flaws with CVSS v4 scores ranging from 8.5 to 8.7,…
Microsoft Details Scattered Spider TTPs Observed in Recent Attack Chains
In mid-2025, a new surge of targeted intrusions, attributed to the threat group known variously as Scattered Spider, Octo Tempest, UNC3944, Muddled Libra, and 0ktapus, began impacting multiple industries. Initially identified by unusual SMS-based phishing campaigns leveraging adversary-in-the-middle (AiTM) domains,…
Google Sues Operators of 10-Million-Device Badbox 2.0 Botnet
Google has filed a lawsuit against the Badbox 2.0 botnet operators, after identifying over 10 million infected Android devices. The post Google Sues Operators of 10-Million-Device Badbox 2.0 Botnet appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
CitrixBleed 2: 100 Organizations Hacked, Thousands of Instances Still Vulnerable
The CitrixBleed 2 vulnerability in NetScaler may expose organizations to compromise even if patches have been applied. The post CitrixBleed 2: 100 Organizations Hacked, Thousands of Instances Still Vulnerable appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Fraud: A Growth Industry Powered by Gen-AI
With generative AI enabling fraud-as-a-service at scale, legacy defenses are crumbling. The next wave of cybercrime is faster, smarter, and terrifyingly synthetic. The post Fraud: A Growth Industry Powered by Gen-AI appeared first on SecurityWeek. This article has been indexed…
1.4 Million Affected by Data Breach at Virginia Radiology Practice
Radiology Associates of Richmond has disclosed a data breach impacting protected health and personal information. The post 1.4 Million Affected by Data Breach at Virginia Radiology Practice appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication
Dozens of FortiWeb instances have been hacked after PoC targeting a recent critical vulnerability was shared publicly. The post Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Critical MCP Vulnerabilities are Slipping Through the Cracks
We must pay attention to what holds everything together – the glue. That’s where the real MCP vulnerabilities are hiding. The post Critical MCP Vulnerabilities are Slipping Through the Cracks appeared first on Security Boulevard. This article has been indexed…
Cambodia Arrests More Than 1,000 in Cyberscam Crackdown
Cambodian police and military arrested more than 1,000 people in a crackdown on cyberscam operations that have proliferated in recent years in Southeast Asia and now are spreading globally, ensnaring hundreds of thousands of people in human trafficking schemes who…
From Backup to Cyber Resilience: Why IT Leaders Must Rethink Backup in the Age of Ransomware
With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to…
Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services
Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud services. The vulnerability, tracked as CVE-2025-23266, carries a CVSS score of 9.0 out of 10.0. It…
Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices
Google on Thursday revealed it’s pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure. “The BADBOX 2.0 botnet compromised over 10 million uncertified…
New “LameHug” Malware Deploys AI-Generated Commands
Ukraine’s CERT-UA has identified a new AI-powered malware, dubbed “LameHug,” which executes commands on compromised Windows systems in cyber-attacks, targeting the nation’s security and defense sector This article has been indexed from www.infosecurity-magazine.com Read the original article: New “LameHug” Malware…
[UPDATE] [hoch] PHP: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in PHP ausnutzen, um Denial of Service oder Server-Side Request-Forgery Angriffe durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [hoch] PHP: Mehrere Schwachstellen
[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder nicht näher spezifizierte Auswirkungen zu erzielen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen…