The list of 1,223 victims in 51 countries hints at the “true scale of the spyware problem,” per one researcher. This article has been indexed from Security News | TechCrunch Read the original article: Court document reveals locations of WhatsApp…
Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords
Fortinet addressed a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. Fortinet has released security updates to address a critical vulnerability, tracked as CVE-2024-48887 (CVSS score 9.8), in its FortiSwitch devices. A remote…
National Social Security Fund of Morocco Suffers Data Breach
Threat actor ‘Jabaroot’ claims breach of National Social Security Fund of Morocco, aiming to steal large volumes of sensitive citizen data. Resecurity has identified a threat actor targeting government systems in Morocco with the goal of exfiltrating large volumes of…
Patch Tuesday Update – April 2025
In total, including third-party CVEs, in this Patch Tuesday edition, Microsoft published 134 CVEs, including 9 republished CVEs. Overall, Microsoft announced one Zero-Day, 11 Critical, and 113 Important vulnerabilities. From an Impact perspective, Escalation of Privilege (EoP) vulnerabilities accounted for…
Enhanced Network Security Control: Flow Management with AWS Network Firewall
AWS Network Firewall is a managed, stateful network firewall and intrusion detection and prevention service. It allows you to implement security rules for fine-grained control of your VPC network traffic. In this blog post, we discuss flow capture and flow…
Scattered Spider Launches Sophisticated Attacks to Steal Login Credentials and MFA Tokens
The cyber threat landscape has witnessed remarkable adaptation from the notorious hacker collective known as Scattered Spider. Active since at least 2022, this group has been consistently refining its strategies for system compromise, data exfiltration, and identity theft. Silent Push…
Threat Actors Exploit Messaging Services as Lucrative Cybercrime Platforms
Threat actors are exploiting weaknesses in SMS verification systems to generate massive, fraudulent message traffic, costing businesses millions. This type of fraud involves artificially triggering SMS verification requests by creating numerous synthetic identities or using automated bots, thereby inflating the…
Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools
Google plans to unleash automated AI agents into overtaxed SOCs to reduce the manual workload for cybersecurity investigators. The post Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools appeared first on SecurityWeek. This article has been…
Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI
Exchange Server and SharePoint Server are business-critical assets and considered crown-jewels for many organizations, making them attractive targets for attacks. To help customers protect their environments and respond to these attacks, Exchange Server and SharePoint Server integrated Windows Antimalware Scan…
North Korean Hackers Use Social Engineering and Python Scripts to Execute Stealthy Commands
North Korean threat actors have demonstrated their adept use of social engineering techniques combined with Python scripting to infiltrate secure networks. The Democratic People’s Republic of Korea (DPRK) operatives are leveraging the accessibility and power of Python to craft initial…
Qraved – 984,519 breached accounts
In July 2021, the Indonesian restaurant website Qraved suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 1M unique email addresses along with names, phone numbers, dates of birth…
VMware Patches Multiple 47 Vulnerabilities VMware Tanzu Greenplum Backup & Components
VMware has released critical security updates to address 47 vulnerabilities across multiple VMware Tanzu Greenplum products, including 29 issues in VMware Tanzu Greenplum Backup and Restore and 18 bugs in various components of VMware Tanzu Greenplum. The security advisories, published…
AI Now Outsmarts Humans in Spear Phishing, Analysis Shows
Agentic AI has improved spear phishing effectiveness by 55% since 2023, research shows. The post AI Now Outsmarts Humans in Spear Phishing, Analysis Shows appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: AI…
Industry Moves for the week of April 7, 2025 – SecurityWeek
Explore industry moves and significant changes in the industry for the week of April 7, 2025. Stay updated with the latest industry trends and shifts. This article has been indexed from SecurityWeek Read the original article: Industry Moves for the…
Groucho’s Wit, Cloud Complexity, and the Case for Consistent Security Policy
The greatest security policies in the world are useless if enterprises don’t have a reasonable, consistent, and reliable way to implement them. The post Groucho’s Wit, Cloud Complexity, and the Case for Consistent Security Policy appeared first on SecurityWeek. This…
100,000 WordPress Sites Affected by Administrative User Creation Vulnerability in SureTriggers WordPress Plugin
On March 13th, 2025, we received a submission for an Unauthenticated Administrative User Creation vulnerability in SureTriggers, a WordPress plugin with more than 100,000 active installations. This vulnerability can be leveraged by attackers to create malicious administrator users when the…
Amazon Mulls $15 Billion Warehouse Expansion Plan – Report
Expansion among chaos. Amazon considering warehouse expansion in US, and already cancelled some Chinese orders This article has been indexed from Silicon UK Read the original article: Amazon Mulls $15 Billion Warehouse Expansion Plan – Report
Google’s got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft’s $20B+ security biz
How Chocolate Factory hopes to double down on enterprise-sec Cloud Next Google will today reveal a new unified security platform that analysts think can help it battle Microsoft for a bigger chunk of the enterprise infosec market.… This article has…
How cyberattackers exploit domain controllers using ransomware
Read how cyberattackers exploit domain controllers to gain privileged system access where they deploy ransomware that causes widespread damage and operational disruption. The post How cyberattackers exploit domain controllers using ransomware appeared first on Microsoft Security Blog. This article has…
IT Security News Hourly Summary 2025-04-09 18h : 8 posts
8 posts were published in the last hour 15:37 : Petition „Save Social“ im Bundestag übergeben 15:36 : The Database Kill Chain 15:36 : Hospital Equipments Can be Used as Murder Weapons, Swiss Experts Warn 15:36 : CISA Highlights Major…
Musk’s DOGE Uses AI To Detect Anti-Trump Sentiment In Federal Workers
Loose lips sink…your job. Federal communications reportedly being spied upon by Musk’s DOGE, using AI to detect anti-Trump sentiment This article has been indexed from Silicon UK Read the original article: Musk’s DOGE Uses AI To Detect Anti-Trump Sentiment In…
New AkiraBot Abuses OpenAI API to Spam Website Contact Forms
Cybersecurity researchers have identified a new spam campaign driven by ‘AkiraBot,’ an AI-powered bot that targets small business… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: New AkiraBot…
Senator puts hold on Trump’s nominee for CISA director, citing telco security ‘cover up’
Sean Plankey’s nomination to head up CISA will be blocked, for now. This article has been indexed from Security News | TechCrunch Read the original article: Senator puts hold on Trump’s nominee for CISA director, citing telco security ‘cover up’
The Growing Danger of Hidden Ransomware Attacks
Cyberattacks are changing. In the past, hackers would lock your files and show a big message asking for money. Now, a new type of attack is becoming more common. It’s called “quiet ransomware,” and it can steal your private…