A critical remote code execution (RCE) vulnerability, identified as CVE-2025-31324, in SAP NetWeaver Visual Composer 7.x is being actively exploited by a Chinese threat actor, tracked as Chaya_004. This deserialization flaw allows attackers to upload malicious binaries, including web shells,…
WatchGuard transitions new CEO
WatchGuard® Technologies, a provider of unified cybersecurity for managed service providers (MSPs), today announced a planned leadership transition. After a decade of impactful leadership, Chief Executive Officer (CEO) Prakash Panjwani will transition out of his operational role, continuing to serve…
160,000 Impacted by Valsoft Data Breach
VMS firm Valsoft Corporation says the personal information of over 160,000 people was compromised in a February 2025 data breach. The post 160,000 Impacted by Valsoft Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
IT Security News Hourly Summary 2025-05-09 15h : 9 posts
9 posts were published in the last hour 12:33 : Legacy Login in Microsoft Entra ID Exploited to Breach Cloud Accounts 12:33 : FreeDrain Phishing Attack Targets Users to Steal Financial Login Credentials 12:33 : LockBit Hacked – 20 Critical…
Videoüberwachung und Gesichtserkennung: Duo für Sicherheit
Videoüberwachung ist mehr als nur Aufzeichnung. Mit fortschrittlicher Gesichtserkennung wird sie zum intelligenten Sicherheitswerkzeug und befolgt Richtlinien wie den Datenschutz. Dieser Artikel wurde indexiert von Newsfeed Lesen Sie den originalen Artikel: Videoüberwachung und Gesichtserkennung: Duo für Sicherheit
Apple Developing Specialised Chips For Smart Glasses, AI Servers – Report
Specialised silicon is reportedly being developed inhouse by Apple for its smart glasses, Macbooks, and AI servers This article has been indexed from Silicon UK Read the original article: Apple Developing Specialised Chips For Smart Glasses, AI Servers – Report
New Supply Chain Attack Compromises Popular npm Package with 45,000 Weekly Downloads
An advanced supply chain attack has targeted the well-known npm package rand-user-agent, which receives about 45,000 downloads every week, in a worrying development for the JavaScript developer community. Maintained by WebScrapingAPI, this package is designed to generate randomized, real-world user-agent…
Malicious Python Package Impersonates Discord Developers to Deploy Remote Commands
A seemingly innocuous Python package named ‘discordpydebug’ surfaced on the Python Package Index (PyPI) under the guise of “Discord py error logger.” Marketed as a debugging utility for developers working on Discord bots with the Discord.py library, this package was…
New Mamona Ransomware Targets Windows Systems Using Abused Ping Command
Cybersecurity researchers are raising the alarm about a newly discovered commodity ransomware strain dubbed Mamona, which is rapidly spreading across Windows systems. Unlike traditional ransomware, Mamona employs a unique set of tactics, notably exploiting the humble Windows “ping” command as a…
April 2025 Malware Spotlight: FakeUpdates Dominates as Multi-Stage Campaigns Blend Commodity Malware with Stealth
Cyber criminals are raising the stakes. This month, researchers uncovered a sophisticated, multi-stage malware campaign delivering some of the most prevalent commodity malware—AgentTesla, Remcos, and XLoader—via stealthy techniques designed to evade detection. Meanwhile, FakeUpdates retains its top spot in the…
RSAC 2025 Conference: Identity security highlights
RSAC 2025 Conference was abuzz with talk about agentic AI and tool convergence. Analyst Todd Thiemann shares how these trends affect identity security. This article has been indexed from Search Security Resources and Information from TechTarget Read the original article:…
Florida bill requiring encryption backdoors for social media accounts has failed
The bill would have required social media companies create encryption backdoors to allow access to users’ private information. This article has been indexed from Security News | TechCrunch Read the original article: Florida bill requiring encryption backdoors for social media…
Fake AI platforms deliver malware diguised as video content
A clever malware campaign delivering the novel Noodlophile malware is targeting creators and small businesses looking to enhance their productivity with AI tools. But, in an unusual twist, the threat actors are not disguising the malware as legitimate software, but…
Indirect Prompt Injection Exploits LLMs’ Lack of Informational Context
A new wave of cyber threats targeting large language models (LLMs) has emerged, exploiting their inherent inability to differentiate between informational content and actionable instructions. Termed “indirect prompt injection attacks,” these exploits embed malicious directives within external data sources-such as…
Hackers Exploit PDF Invoices to Target Windows, Linux, and macOS Systems
A recent discovery by the FortiMail Incident Response team has revealed a highly sophisticated email campaign targeting organizations in Spain, Italy, and Portugal. This attack distributes a potent Remote Access Trojan (RAT) known as RATty, primarily affecting Windows systems, but…
Threat Actors Leverage Multimedia Systems in Stealthy Vishing Attacks
Threat actors have begun exploiting multimedia systems as a pivotal component of their voice phishing (vishing) attacks. Unlike traditional vishing schemes that rely solely on spoofed phone numbers and social engineering tactics, these advanced operations integrate compromised multimedia platforms, such…
Zencoder launches Zen Agents, ushering in a new era of team-based AI for software development
Zencoder launches Zen Agents, the first AI platform enabling teams to create, share, and leverage custom development assistants organization-wide, plus an open-source marketplace for enterprise-grade AI tools. This article has been indexed from Security News | VentureBeat Read the original…
Cybercriminal services target end-of-life routers, FBI warns
The FBI warns that attackers are using end-of-life routers to deploy malware and turn them into proxies sold on 5Socks and Anyproxy networks. The FBI released a FLASH alert warning about 5Socks and Anyproxy malicious services targeting end-of-life (EOL) routers.…
State of ransomware in 2025
Kaspersky researchers review ransomware trends for 2024, analyze the most active groups and forecast how this threat will evolve in 2025. This article has been indexed from Securelist Read the original article: State of ransomware in 2025
Threat Actors Using Multimedia Systems Via Stealthy Vishing Attack
Cybercriminals have developed sophisticated vishing techniques that leverage multimedia file formats to bypass security systems and target unsuspecting victims. These new attack vectors, observed in early 2025, represent an evolution in social engineering tactics where threat actors exploit commonly trusted…
Scattered Spider Malware Targeting Klaviyo, HubSpot, and Pure Storage Services
Cybersecurity experts have identified an escalating campaign by the notorious hacker collective Scattered Spider, which continues to evolve its sophisticated attack methods in 2025. The group, active since at least 2022, has shifted focus to target business services including Klaviyo,…
openSUSE deep sixes Deepin desktop over security stink
Linux giant finds Chinese environment to be perilous beneath pretty exterior SUSE has kicked the Deepin Desktop Environment (DDE) out of its community-driven Linux distro, openSUSE, and the reasons it gives for doing so are revealing.… This article has been…
Malicious NPM Packages Target Cursor AI’s macOS Users
Three NPM packages posing as developer tools for Cursor AI code editor’s macOS version contain a backdoor. The post Malicious NPM Packages Target Cursor AI’s macOS Users appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Legacy Login in Microsoft Entra ID Exploited to Breach Cloud Accounts
A flaw in Microsoft Entra ID’s legacy login allowed attackers to bypass MFA, targeting admin accounts across finance,… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Legacy Login…