The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat). The campaign, detected earlier this month, has been found to target both employees of enterprises…
Kali Linux 2025.1a Released: New Tools and Desktop Environment Upgrades
Kali Linux, the renowned cybersecurity-focused Linux distribution, has just ushered in the new year with the release of Kali Linux 2025.1a. This update builds upon the existing features, offering myriad enhancements and improvements designed to give users a streamlined experience.…
Linux Kernel Vulnerability Allows Attackers to Escalate Privileges via Out-of-Bounds Write
A recently discovered vulnerability in the Linux kernel, identified as CVE-2025-0927, poses a significant threat to system security. This flaw, present in the HFS+ file system driver, allows attackers to exploit an out-of-bounds write condition, potentially leading to local privilege…
Chinese military-linked companies dominate US digital supply chain
Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the US digital supply chain, according to Bitsight. These organizations, many of which have been designated by the US Department of Defense as “Chinese Military…
How healthcare CISOs can balance security and accessibility without compromising care
In this Help Net Security interview, Sunil Seshadri, EVP and CSO at HealthEquity, talks about the growing risks to healthcare data and what organizations can do to stay ahead. He shares insights on vendor management, zero trust, and securing the…
IT Security News Hourly Summary 2025-03-20 06h : 4 posts
4 posts were published in the last hour 5:3 : How Web Browsers Have Become a Major Data Security Risk 5:3 : 70% of leaked secrets remain active two years later 4:35 : Kali Linux 2025.1a Released With New Tool…
How Web Browsers Have Become a Major Data Security Risk
For years, companies protected sensitive data by securing emails, devices, and internal networks. But work habits have changed. Now, most of the data moves through web browsers. Employees often copy, paste, upload, or transfer information online without realizing the…
70% of leaked secrets remain active two years later
Long-lived plaintext credentials have been involved in most breaches over the last several years, according to GitGuardian. When valid credentials, such as API keys, passwords, and authentication tokens, leak, attackers at any skill level can gain initial access or perform…
Kali Linux 2025.1a Released With New Tool & Updates to Desktop Environments
Kali Linux, the widely acclaimed cybersecurity-focused distribution, has officially unveiled its latest release, Kali Linux 2025.1a. This update not only significantly enhances desktop environments but also introduces exciting new tools and improvements tailored for cybersecurity professionals and enthusiasts. The release, available for download or upgrade, builds upon…
Why So Many Employee Phishing Training Initiatives Fall Short
During the work-from-home boom of 2020, GitLab, a company that largely employs tech-savvy individuals, decided to test its security by sending fake phishing messages to its WFH workers. About one out of every five tested employees fell for it, and…
Kali Linux 2025.1a New Tool & Upates to Desktop Environments
Kali Linux, the widely acclaimed cybersecurity-focused distribution, has officially unveiled its latest release, Kali Linux 2025.1a. This update not only significantly enhances desktop environments but also introduces exciting new tools and improvements tailored for cybersecurity professionals and enthusiasts. The release, available for download or upgrade, builds upon…
ISC Stormcast For Thursday, March 20th, 2025 https://isc.sans.edu/podcastdetail/9372, (Thu, Mar 20th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, March 20th, 2025…
DOGE to Fired CISA Staff: Email Us Your Personal Data
A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in…
EU Hands Apple First Interoperability Requirements
EU gives Apple demands for third-party developer access to iOS features and greater responsiveness in communications This article has been indexed from Silicon UK Read the original article: EU Hands Apple First Interoperability Requirements
How a $6M bet on Wiz turned into a massive 200x return for one early backer
Wiz’s $32 billion all-cash acquisition by Google parent Alphabet promises a colossal payday for the cybersecurity startup’s early-stage investors. The deal is a big win for Sequoia, one of the best-known VC firms, which stands to make $3 billion, about…
WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware
WhatsApp fixed a zero-click, zero-day vulnerability used to install Paragon’s Graphite spyware on the devices of targeted individuals. WhatsApp has addressed a zero-click, zero-day vulnerability exploited to install Paragon’s Graphite spyware on the devices of targeted individuals. WhatsApp blocked a…
EU Charges Google Over DMA Violations
Preliminary findings from European Commission argue Google unfairly restricts app developers, self-preferences in search This article has been indexed from Silicon UK Read the original article: EU Charges Google Over DMA Violations
EU Hands Apple Interoperability Requirements
EU gives Apple demands for third-party developer access to iOS features and greater responsiveness in communications This article has been indexed from Silicon UK Read the original article: EU Hands Apple Interoperability Requirements
The ultimate cyber spring cleaning checklist
A cluttered digital space slows you down, adds stress, and can even make you more vulnerable to cyber threats. Who needs that? Nobody. So, let’s fix it. Here’s how: This article has been indexed from blog.avast.com EN Read the original…
Hugging Face submits open-source blueprint, challenging Big Tech in White House AI policy fight
Hugging Face challenges Big Tech in White House AI Action Plan submission, arguing open-source models match commercial performance while democratizing access and enhancing national security. This article has been indexed from Security News | VentureBeat Read the original article: Hugging…
TechRepublic Exclusive: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure’
Ransomware attackers know where your kids go to school and they want you to know it, according to professional negotiators at Sygnia. This article has been indexed from Security | TechRepublic Read the original article: TechRepublic Exclusive: New Ransomware Attacks…
Data breach at stalkerware SpyX affects close to 2 million, including thousands of Apple users
Another consumer-grade spyware operation was hacked in June 2024, which exposed thousands of Apple Account credentials. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the original article:…
Hacked, leaked, exposed: Why you should never use stalkerware apps
Using stalkerware is creepy, unethical, potentially illegal, and puts your data and that of your loved ones in danger. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read…
SpyX – 1,977,011 breached accounts
In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud…