A novel phishing kit has surfaced that enables threat actors to craft sophisticated lures with minimal technical expertise. This “point-and-click” toolkit combines an intuitive web interface with powerful payload delivery mechanisms. Attackers can select from preconfigured templates, customize branding elements,…
Threat Actors Leveraging WhatsApp Messages to Attack Windows Systems With SORVEPOTEL Malware
Enterprise networks worldwide are facing an aggressive, self-propagating malware campaign that exploits WhatsApp as its primary delivery mechanism. First observed in early September 2025 targeting Brazilian organizations, SORVEPOTEL spreads through convincing phishing messages carrying malicious ZIP attachments. Upon execution, the…
SideWinder Hacker Group Hosting Fake Outlook/Zimbra Portals to Steal Login Credentials
APT SideWinder, a state-sponsored threat actor long associated with espionage across South Asia, has recently launched a campaign deploying phishing portals that mimic legitimate Outlook and Zimbra webmail services. Emerging in mid-2025, this operation uses free hosting platforms such as…
WestJet Data Breach Impacts 1.2 Million Customers
WestJet revealed that customer personal details and membership data were stolen in the June 2025 attack This article has been indexed from www.infosecurity-magazine.com Read the original article: WestJet Data Breach Impacts 1.2 Million Customers
What Is Identity Threat Detection and Response?
Key insights: What is identity threat detection and response (ITDR)? What are the differences and similarities between ITDR and EDR? What are the alternatives to ITDR? Identity Threat Detection and Response (ITDR) is a comparatively new term in the cybersecurity…
Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks
The software giant’s investigation showed that vulnerabilities patched in July 2025 may be involved. The post Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Enterprise Vulnerability Management: Key Processes and Tools
Learn about key processes and tools for enterprise vulnerability management, including vulnerability scanning, risk prioritization, and remediation strategies. The post Enterprise Vulnerability Management: Key Processes and Tools appeared first on Security Boulevard. This article has been indexed from Security Boulevard…
Top Vulnerability Management Tools for the Future
Discover the best vulnerability management tools for the future, focusing on enterprise SSO, CIAM, and single sign-on providers. Enhance your cybersecurity strategy today. The post Top Vulnerability Management Tools for the Future appeared first on Security Boulevard. This article has…
WhatsApp Exploited to Spread SORVEPOTEL Malware on Windows Systems
An aggressive malware campaign dubbed SORVEPOTEL is exploiting WhatsApp messages to infiltrate Windows systems, with its epicenter in Brazil. Rather than pursuing data theft or ransomware extortion, this self-propagating malware is engineered for rapid spread, leveraging social trust and automation…
CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-4008 (CVSS score: 8.7), is a case of…
New ‘Point-and-Click’ Phishing Kit Evades Security Filters to Deliver Malicious Payloads
A new toolkit named Impact Solutions has emerged on cybercrime forums, offering a comprehensive, user-friendly framework for crafting advanced phishing campaigns. By democratizing malware delivery, Impact Solutions empowers even low-skill threat actors to bypass both end users and conventional security…
Criminals take Renault UK customer data for a joyride
Names, numbers, and reg plates exposed in latest auto industry cyber-shunt Renault UK customers are being warned their personal data may be in criminal hands after one of its supplier was hacked.… This article has been indexed from The Register…
Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities
High-severity flaws were patched in Chrome’s WebGPU and Video components, and in Firefox’s Graphics and JavaScript Engine components. The post Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Your Guide to EDUCAUSE 2025: What Higher-Ed Leaders Need to Know
What is EDUCAUSE 2025? The EDUCAUSE Annual Conference is where higher education’s technology and strategy communities come together. In 2025, it will be October 27–30 in Nashville, with a follow-up online program on November 12–13. The theme this year is…
Beyond IPs: Why Your Next Firewall Ruleset Will be Written in Identity
The shift from IP-based ACLs to identity-aware microsegmentation is key to zero-trust. Learn how to build resilient, intent-based policies that survive re-IP. The post Beyond IPs: Why Your Next Firewall Ruleset Will be Written in Identity appeared first on Security…
Signal Enhances Security With New Hybrid PQ Ratchet to Compact Quantum Computing Threats
Signal has announced a groundbreaking advancement in secure messaging with the introduction of the Sparse Post Quantum Ratchet (SPQR), a revolutionary cryptographic enhancement designed to protect against future quantum computing threats. This latest security upgrade represents a significant milestone in…
Confucius Hacker Group Attacking Weaponizing Documents to Compromised Windows Systems With AnonDoor Malware
The Confucius hacker group, active since 2013, has recently escalated its operations by weaponizing malicious Office documents to compromise Windows endpoints with a new Python-based backdoor, dubbed AnonDoor. Historically known for deploying document stealers such as WooperStealer, the threat actor…
HackerOne Paid $81 In Bug Bounty With Emergence of Bionic Hackers
HackerOne, a leading platform in offensive security, announced it has paid out a total of $81 million in bug bounties to its global community of white-hat hackers over the past year. This figure, detailed in the company’s 9th annual Hacker-Powered…
Hundreds of Free VPN Apps for Both Android and iOS Leaks Users Personal Data
Mobile VPN apps promise to protect privacy and secure communications on smartphones, but a comprehensive analysis of nearly 800 free Android and iOS VPN applications reveals a troubling reality: many of these tools expose sensitive information rather than shield it.…
IT Security News Hourly Summary 2025-10-03 09h : 6 posts
6 posts were published in the last hour 7:2 : What personal information does the Nintendo Switch 2 collect? 7:2 : Red Hat Confirms GitLab Instance Hack, Data Theft 6:32 : Hundreds of Free VPN Apps Expose Android and iOS…
Threat Actors Imitate Popular Brands in New Malware Distribution Campaigns
In a sophisticated resurgence of smishing campaigns, cybercriminals have begun embedding trusted brand names into deceptive URLs and group messaging threads to lure unsuspecting users into downloading malware. By inserting a familiar company name before the “@” symbol in links,…
IIS Servers Compromised by Chinese Hackers for SEO Manipulation
Cisco Talos has revealed that UAT-8099, a Chinese-speaking cybercrime group, has been exploiting vulnerable Internet Information Services (IIS) servers across multiple countries to conduct search engine optimization (SEO) fraud and steal high-value data. Identified in April 2025, this group targets…
Rhadamanthys Stealer Offered on Dark Web for $299–$499
A new offering named Rhadamanthys, a sophisticated information stealer, has surfaced for sale on underground marketplaces, with subscription packages starting at $299 and reaching up to $499 per month. Marked by its polished branding and tiered pricing structure, the malware…
Oracle Confirms Hackers Target E-Business Suite Data in Extortion Campaigns
Oracle has confirmed that a group of hackers stole data from its E-Business Suite (EBS) applications and is using the information in extortion campaigns. The company warns that these attackers exploited vulnerabilities already fixed in the July 2025 Critical Patch…