A significant security vulnerability has emerged affecting motherboards from Gigabyte, MSI, ASRock, and ASUS. Riot Games analysts and researchers identified a critical flaw during their ongoing investigation into gaming system security. The vulnerability, termed “Sleeping Bouncer,” exploits a weakness in…
Best of 2025: Scattered Spider Targets Aflac, Other Insurance Companies
Fresh off a series of recent attacks targeting major retail companies in the United States and the UK, the notorious Scattered Spider cybercrime group is now targeting insurance companies, and earlier this month apparently bagged a high-profile victim in Aflac.…
Monitoring Tool Nezha Abused For Stealthy Post-Exploitation Access
Open-source server monitoring tool, Nezha, is being exploited by attackers for remote system control This article has been indexed from www.infosecurity-magazine.com Read the original article: Monitoring Tool Nezha Abused For Stealthy Post-Exploitation Access
IT Security News Hourly Summary 2025-12-22 15h : 11 posts
11 posts were published in the last hour 14:2 : Pornhub tells users to expect sextortion emails after data exposure 14:2 : 54 Charged in US Over ATM Attacks Involving ‘Ploutus’ Malware 14:2 : Zero Trust AI Security: The Comprehensive…
Pornhub tells users to expect sextortion emails after data exposure
Users affected by the data breach may be contacted directly by cybercriminals, Pornhub warns. This article has been indexed from Malwarebytes Read the original article: Pornhub tells users to expect sextortion emails after data exposure
54 Charged in US Over ATM Attacks Involving ‘Ploutus’ Malware
The suspects are leaders and members of the Venezuelan crime syndicate Tren de Aragua. The post 54 Charged in US Over ATM Attacks Involving ‘Ploutus’ Malware appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Zero Trust AI Security: The Comprehensive Guide to Next-Generation Cybersecurity in 2026
The traditional perimeter-based security model has become obsolete in today’s distributed digital environment. With 82% of organizations now operating in hybrid or multi-cloud infrastructures and remote work becoming the standard, the concept of a secure network boundary no longer exists.…
Threat Detection Software: The Complete Guide to Protecting Your Digital Assets in 2026
The cybersecurity landscape in 2026 presents unprecedented challenges for organizations across all industries. With cybercrime damages projected to exceed $10.5 trillion annually, enterprises face sophisticated threats from attackers leveraging AI-powered tools, advanced persistent threats, and multi-vector attack strategies. Effective threat…
PoC Exploit Released for Use-After-Free Vulnerability in Linux Kernel POSIX CPU Timers
A critical race condition vulnerability in the Linux kernel’s POSIX CPU timers has been exposed through a detailed proof-of-concept, one of the most sophisticated kernel exploits targeting Android devices. CVE-2025-38352 represents a use-after-free (UAF) vulnerability in the Linux kernel’s POSIX…
Microsoft Brokering File System Vulnerability Enables Local Privilege Escalation
Microsoft has addressed a critical use-after-free vulnerability in its Brokering File System (BFS) driver that could allow attackers to escalate privileges on Windows systems. Tracked as CVE-2025-29970, the security flaw affects the bfs.sys component and was discovered by security researchers…
SideWinder APT Launches Cyberattacks on Indian Entities Posing as the Income Tax Department
Zscaler Threat Hunting has identified a sophisticated espionage campaign targeting Indian entities through fraudulent “Income Tax Department” portals, representing a significant evolution in the SideWinder APT’s operational tradecraft. The threat actor, also known as Rattlesnake or APT-C-17, has refined its…
Blind Eagle Hackers Target Government Agencies Using PowerShell Scripts
Colombian government institutions are facing a sophisticated multi-stage cyberattack campaign orchestrated by the BlindEagle threat group, which leveraged compromised internal email accounts, PowerShell scripts, and steganography to deploy remote access trojans on target systems, according to Zscaler ThreatLabz researchers. The…
Nissan Discloses Data Breach Linked to Compromised Red Hat Infrastructure
Nissan Motor Co., Ltd. has disclosed a significant data breach affecting approximately 21,000 customers of Nissan Fukuoka Sales Co., Ltd. following unauthorized access to a Red Hat-managed server used for developing the company’s dealership customer management system. Red Hat, a…
Credit Monitoring Provider Discloses Breach Impacting 5.6 Million Users
A data breach usually does not lend itself to straightforward comparisons, as each occurrence is characterized by distinctive circumstances and carries different consequences for those involved. It is common for headlines to emphasize the scale of an attack, the prominence…
VPN Surge: Americans Bypass Age Verification Laws
Americans are increasingly seeking out VPNs as states enact stringent age verification laws that limit what minors can see online. These regulations compel users to provide personal information — like government issued IDs — to verify their age, leading to concerns…
Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan
Cybersecurity firm Ontinue reveals how the open-source tool Nezha is being used as a Remote Access Trojan (RAT) to bypass security and control servers globally. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More…
Infy Returns: Iran-linked hacking group shows renewed activity
Researchers report renewed activity by Iran-linked Infy (Prince of Persia), showing the hacking group remains active and dangerous after years of silence. SafeBreach researchers have spotted renewed activity from the Iran-linked APT group Infy, also known as Prince of Persia,…
New Wonderland Android Malware with Bidirectional SMS-Stealing Capabilities Stealing OTPs
A sophisticated new Android malware family called Wonderland has emerged as a significant threat to users in Uzbekistan and the broader Central Asia region. The malware, which specializes in stealing SMS messages and intercepting one-time passwords, represents a major escalation…
MacSync macOS Malware Distributed via Signed Swift Application
A recent MacSync Stealer version no longer requires users to directly interact with the terminal for execution. The post MacSync macOS Malware Distributed via Signed Swift Application appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
How an LMS Cloud Model Supports Scalable Learning
There’s a new era for training and development programs, making the LMS (Learning Management System) cloud model the… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: How an LMS…
Lies-in-the-Loop Attack Turns AI Safety Dialogs into Remote Code Execution Attack
A newly discovered attack technique has exposed a critical weakness in artificial intelligence code assistants by weaponizing their built-in safety features. The attack, known as Lies-in-the-Loop, manipulates the trust users place in approval dialogs that are designed to prevent harmful…
Hackers Exploiting .onmicrosoft.com Domains to Launch TOAD Scam Attack
Cybercriminals are increasingly weaponizing legitimate Microsoft infrastructure to bypass security filters and trick users into falling for Telephone-Oriented Attack Delivery (TOAD) scams. By abusing the default .onmicrosoft.com When domains are assigned to Azure tenants, attackers send malicious invites that appear…
Around 1,000 systems compromised in ransomware attack on Romanian water agency
On-site staff keep key systems working while all but one region battles with encrypted PCs Romania’s cybersecurity agency confirms a major ransomware attack on the country’s water management administration has compromised around 1,000 systems, with work to remediate them still…
Gambit Cyber Raises $3.4 Million in Seed Funding
The cybersecurity startup will use the funds to accelerate platform improvements, global expansion, and partnerships. The post Gambit Cyber Raises $3.4 Million in Seed Funding appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…