A sophisticated Advanced Persistent Threat (APT) group, known as CNC, has been conducting a cyber espionage campaign dubbed “Operation Sea Elephant” targeting scientific research institutions and universities in South Asia. The operation, which aims to steal research data related to…
Beware! Fake CAPTCHA Hidden LummaStealer Threat Installing Silently
Cybersecurity researchers at G DATA have uncovered a sophisticated malware campaign utilizing fake booking websites to deliver the LummaStealer malware through deceptive CAPTCHA prompts. This new attack vector, discovered in January 2025, marks a significant shift in LummaStealer’s distribution methods,…
Over 10,000 WordPress Sites Exposed by Donation Plugin Code Execution Vulnerability
A critical security flaw in the widely used GiveWP – Donation Plugin and Fundraising Platform has left over 10,000 WordPress websites vulnerable to remote code execution attacks since March 3, 2025. Tracked as CVE-2025-0912, the vulnerability allows unauthenticated attackers to hijack sites by…
CISA Identifies Five New Vulnerabilities Currently Being Exploited
Of the five, one is a Windows vulnerability, another is a Cisco vulnerability. We don’t have any details about who is exploiting them, or how. News article. Slashdot thread. This article has been indexed from Schneier on Security Read the…
U.S Treasury Sanctions Admin of Nemesis Darknet Marketplace
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sweeping sanctions today against Behrouz Parsarad, an Iran-based cybercriminal identified as the sole administrator of the Nemesis darknet marketplace. This move marks OFAC’s first recognition as a…
CISA Warns of Actively Exploited VMware Vulnerabilities, Urges Immediate Patching
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert on March 4, 2025, adding three critical VMware vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog following confirmed in-the-wild exploitation. The vulnerabilities CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 allow attackers…
Ransomware Group Claims Attack on Tata Technologies
Notorious ransomware group Hunters International threatens to leak 1.4 TB of data allegedly stolen from Tata Technologies. The post Ransomware Group Claims Attack on Tata Technologies appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
LibreOffice: Schwachstelle ermöglicht Codeausführung
In LibreOffice gibt es ein Problem, bei dem ein Link im Internet schadhafter Code auslösen kann, wenn man darauf klickt. Dieser Link kann dazu führen, dass im Programm unsichere Befehle ausgeführt werden. Der Angreifer muss den Benutzer dazu bringen, auf…
Anklage: 21-Jähriger soll mit Phishing 550.000 Euro Schaden angerichtet haben
Ein 21 Jahre alter Berliner soll mit Phishing Waren und Geld im Wert von mehr als einer halben Million Euro abgezockt haben. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Anklage: 21-Jähriger soll mit Phishing…
Kampf gegen Online-Betrug: Telefónica prüft Identität von O2-Kunden für Dritte
Telefónica will Onlineshops helfen, Kundendaten zu prüfen. Damit soll Betrug verhindert werden. (Telefónica, Mobilfunk) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Kampf gegen Online-Betrug: Telefónica prüft Identität von O2-Kunden für Dritte
[NEU] [mittel] Golang Go: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Ein Angreifer kann eine Schwachstelle in Golang Go ausnutzen, um Sicherheitsvorkehrungen zu umgehen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Golang Go: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Cybercriminals Impersonate Electronic Frontier Foundation to Target Gaming Community
A sophisticated phishing campaign targeting the Albion Online gaming community has been uncovered, revealing a complex operation involving impersonation of the Electronic Frontier Foundation (EFF) and deployment of advanced malware. The campaign, discovered on March 4, 2025, showcases the evolving…
1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers
New research shows at least a million inexpensive Android devices—from TV streaming boxes to car infotainment systems—are compromised to allow bad actors to commit ad fraud and other cybercrime. This article has been indexed from Security Latest Read the original…
November 2024 Cyber Attacks Statistics
In November 2024, Cyber Crime continued to lead the Motivations chart with 72%, up from 68% of October. Operations driven… This article has been indexed from HACKMAGEDDON Read the original article: November 2024 Cyber Attacks Statistics
Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities
Chrome 134 and Firefox 136 are rolling out across desktop and mobile with patches for multiple high-severity vulnerabilities. The post Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Stress and Burnout Impacting Vast Majority of IT Pros
ISACA identified factors such as heavy workload and long hours as the primary causes of stress, while there has been high turnover of IT professionals in the past two years This article has been indexed from www.infosecurity-magazine.com Read the original…
Use one Virtual Machine to own them all — active exploitation of ESXicape
Use one Virtual Machine to own them all — active exploitation of VMware ESX hypervisor escape ESXicape Yesterday, VMware quietly released patches for three ESXi zero day vulnerabilities: CVE-2025–22224, CVE-2025–22225, CVE-2025–22226. The advisory: Support Content Notification – Support Portal – Broadcom support portal…
Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems
A topological analysis and case studies add nuance to a study of malicious traffic distribution systems. We compare their use by attackers to benign systems. The post Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems appeared first…
Trump Suspends Offensive Cyber Operations Against Russia
So Russia poses no cyberthreat? US Defense Secretary Pete Hegseth orders ‘pause’ of offensive cyber operations against Russia This article has been indexed from Silicon UK Read the original article: Trump Suspends Offensive Cyber Operations Against Russia
Hackers Exploit Cloud Misconfigurations to Spread Malware
Veriti Research reveals 40% of networks allow ‘any/any’ cloud access, exposing critical vulnerabilities. Learn how malware like XWorm… This article has been indexed from Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News Read the original article: Hackers Exploit…
U.S. Cracks Down on Nemesis Darknet Admin with New Treasury Sanctions
The U.S. Department of the Treasury has intensified its global campaign against darknet-facilitated drug trafficking by sanctioning Behrouz Parsarad, the Iran-based administrator of the notorious Nemesis Marketplace. The move, announced on March 5, 2025, follows a 2024 international law enforcement…
Microsoft To Remove DES Encryption from Windows 11 24H2 & Windows Server 2025
Microsoft has announced plans to enhance security measures by removing the Data Encryption Standard (DES) encryption algorithm from Kerberos authentication in upcoming Windows releases. This security change will affect Windows Server 2025 and Windows 11 version 24H2 computers after they…
Vim Editor Vulnerability Exploited Via TAR Files to Trigger Code Execution
The Vim text editor vulnerability CVE-2025-27423 is a high-severity issue that allows for arbitrary code execution via malicious TAR archives. Affecting Vim versions prior to 9.1.1164, this flaw in the bundled tar.vim plugin exposes users to potential command injection attacks…
Telegram EvilVideo Vulnerability Exploited to Execute Malicious Code on Victim Device
A critical evolution of the CVE-2024-7014 vulnerability, originally patched in July 2024, has resurfaced with updated tactics to bypass security measures. Dubbed Evilloader, this new exploit leverages Telegram’s multimedia handling mechanisms to execute malicious JavaScript code by disguising .htm files…