Security researchers are sounding the alarm on a looming global wave of smishing attacks, warning that a powerful phishing-as-a-service (PhaaS) platform named Lucid—run by Chinese-speaking threat actors—is enabling cybercriminals to scale operations across 88 countries. According to threat intelligence firm…
Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a maximum of 10.0.…
OpenSSL 3.5.0 enthält nun Post-Quanten-Verfahren
OpenSSL fügt mit der neuen LTS-Version 3.5.0 seiner Bibliothek die Post-Quanten-Verfahren ML-KEM, ML-DSA und SLH-DSA hinzu. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: OpenSSL 3.5.0 enthält nun Post-Quanten-Verfahren
WhatsApp for Windows Flaw Could Let Hackers Sneak In Malicious Files
If you use WhatsApp Desktop on Windows, listen up! A flaw in WhatsApp for Windows (CVE-2025-30401) let attackers disguise malicious files as safe ones. Update to version 2.2450.6 or later to stay secure. This article has been indexed from Hackread…
New GIFTEDCROOK Stealer Targets Government Organizations to Exfiltrate Sensitive Data
Cybersecurity experts have uncovered an alarming escalation in cyber-espionage operations targeting Ukrainian critical sectors, as outlined in CERT-UA’s latest alert, CERT-UA#14303. The campaign, attributed to the UAC-0226 hacking group, leverages a sophisticated C/C++-based stealer called GIFTEDCROOK to infiltrate systems, steal…
Attackers Exploit SourceForge Platform to Distribute Malware
A recent malware distribution scheme has been uncovered on SourceForge, the popular software hosting and distribution platform. Cybercriminals have leveraged SourceForge’s subdomain feature to deceive users with fake downloads of software applications, embedding malicious files into the infection chain. This…
Shopware Security Plugin Vulnerability Enables SQL Injection Attacks
A recently disclosed SQL injection vulnerability in older versions of the Shopware platform has raised concerns among online shop operators. Although Shopware has addressed the issue in its latest release (version 6.5.8.13), it has been revealed that the fix provided…
Hackers Conceal NFC Carders Behind Apple Pay and Google Wallet
In a disturbing evolution of financial fraud, cybercriminals are leveraging advanced techniques to exploit mobile payment systems such as Apple Pay and Google Wallet. Once reliant on magnetic stripe card cloning, fraudsters have adapted to breakthroughs in card security technology…
Boulanger – 966,924 breached accounts
In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 967k unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later…
Windows Common Log File System 0-Day Vulnerability Exploited in the Wild
A critical zero-day vulnerability in the Windows Common Log File System (CLFS) driver, tracked as CVE-2025-29824, has been actively exploited in the wild. This security flaw allows attackers to elevate privileges to SYSTEM level, posing a significant risk to affected…
Microsoft Patch Tuesday April 2025 – 121 Vulnerabilities Fixed Including Actively Exploited Zero-Day
Microsoft’s April 2025 Patch Tuesday update has arrived, delivering critical fixes for 121 security vulnerabilities across its broad suite of software products. This month’s update addresses a significant array of threats, including elevation of privilege, remote code execution, and a…
Microsoft April 2024 Patch Tuesday, (Tue, Apr 8th)
This month, Microsoft has released patches addressing a total of 125 vulnerabilities. Among these, 11 are classified as critical, highlighting the potential for significant impact if exploited. Notably, one vulnerability is currently being exploited in the wild, underscoring the importance…
2024 Annual WordPress Security Report by Wordfence
Read the 2024 WordPress Security Report by Wordfence: Despite another record year for disclosed vulnerabilities in 2025, the rising number doesn’t necessarily translate to increased risk for the vast majority of site owners. This article delves into the specifics of…
Vidar Stealer Uses New Deception Technique to Hijack Browser Cookies and Stored Credentials
Vidar Stealer a notorious information-stealing malware has adopted a deceptive method to disguise itself as Microsoft’s BGInfo application. By exploiting a legitimate tool widely used by IT professionals to display system details, attackers have demonstrated advanced techniques to evade detection…
Why delaying software updates could cost you more than you think
I learned the hard way that delaying software updates isn’t worth the risk. Learn from my mistakes – before it’s too late. This article has been indexed from Latest stories for ZDNET in Security Read the original article: Why delaying…
Adobe Calls Urgent Attention to Critical ColdFusion Flaws
The Adobe Patch Tuesday rollout covers 54 vulnerabilities, including code execution issues in the oft-targeted Adobe ColdFusion software. The post Adobe Calls Urgent Attention to Critical ColdFusion Flaws appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity
Meet the minds behind how Microsoft prioritizes cybersecurity across every team and employee. Three deputy CISOs share their experiences in cybersecurity and how they are redefining protection. The post Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity…
Spionagesatelliten: Bundeswehr einigt sich mit OHB wegen Antennen-Panne
SpaceX hat für die Bundeswehr die zwei Spionagesatelliten Sarah ins All gebracht, die nicht funktionieren. Jetzt gibt es wohl eine Lösung in der Milliardenpanne. (Bundeswehr, Politik) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Spionagesatelliten:…
21 Countries Sign Onto Voluntary Pact to Stem the Proliferation of Spyware
Twenty-one countries signed onto the Pall Mall Process, an effort a year in the making that was created to develop a framework nations could adopt to address the proliferation and malicious use of spyware by governments that want it to…
Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings
Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. “One such project, officepackage, on the…
Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal
Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker…
How Meta’s new teen accounts aim to keep your kids safer on Facebook
These teen accounts for Facebook and Messenger are packed with restrictions. This article has been indexed from Latest stories for ZDNET in Security Read the original article: How Meta’s new teen accounts aim to keep your kids safer on Facebook
Identity Fraud Costs Orgs Average of $7m Annually
New research has revealed the escalating cost of identity fraud and the impact it has on organisations. The research, a joint global study by Entrust and Docusign, showed the trade-offs enterprises face between security and customer experience. The Future of Global Identity…
IT Security News Hourly Summary 2025-04-08 18h : 15 posts
15 posts were published in the last hour 15:32 : Cyber Threat emerges from PDF files 15:32 : Fortinet Warns of Multiple Vulnerabilities in FortiAnalyzer, FortiManager, & Other Products 15:32 : WhatsApp fixed a spoofing flaw that could enable Remote…