Windows 365 Cloud PCs now come with new default settings aimed at preventing / minimizing data exfiltration and malicious exploits, Microsoft has announced. Windows 365 Cloud PCs are Azure (i.e., Windows 365 service)-hosted virtual Windows PCs the company offers as…
Meta To Introduce Full Passkey Support for Facebook on Mobiles
Around half of the world’s top 100 websites have already integrated passkey support This article has been indexed from www.infosecurity-magazine.com Read the original article: Meta To Introduce Full Passkey Support for Facebook on Mobiles
[NEU] [hoch] IBM QRadar SIEM: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, um beliebige Befehle auszuführen und um nicht näher spezifizierte Auswirkungen zu verursachen. Dieser Artikel wurde indexiert von BSI Warn-…
Oxford City Council Hit by Cyberattack Exposing Employee Personal Data
Oxford City Council has confirmed it was the target of a sophisticated cyberattack that resulted in the exposure of personal data belonging to employees, including those involved in council-administered elections over the past two decades. The council detected an unauthorised…
A Token of Appreciation for Sustaining Donors 💞
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> You’ll get a custom EFF35 Challenge Coin when you become a monthly or annual Sustaining Donor by July 10. It’s that simple. Give Once a Month Give Once…
Motors Theme Vulnerability Exploited to Hack WordPress Websites
Threat actors are exploiting a critical-severity vulnerability in Motors theme for WordPress to change arbitrary user passwords. The post Motors Theme Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Cyberangriffe: Nordkoreanische Hacker faken Vorgesetzte in Videokonferenzen
Um Malware einzuschleusen, verwenden nordkoreanische Hacker mittlerweile offenbar Deepfakes von Vorgesetzten in fingierten Videomeetings. (Nordkorea, Datenschutz) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Cyberangriffe: Nordkoreanische Hacker faken Vorgesetzte in Videokonferenzen
[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder nicht spezifizierte Effekte zu erzielen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den…
Resurgence of the Prometei Botnet
We identified a resurgence of the Prometei botnet’s Linux variant. Our analysis tracks the activity of this cryptominer and its new features. The post Resurgence of the Prometei Botnet appeared first on Unit 42. This article has been indexed from…
GodFather Android Malware Uses On-Device Virtualization to Hijack Legitimate Banking Apps
Zimperium zLabs has uncovered a highly advanced iteration of the GodFather Android banking malware, which employs a groundbreaking on-device virtualization technique to compromise legitimate mobile banking and cryptocurrency applications. Unlike traditional overlay attacks that merely mimic login screens, this malware…
Versa Director Flaws Let Attackers Execute Arbitrary Commands
A newly disclosed set of vulnerabilities in Versa Networks’ SD-WAN orchestration platform, Versa Director, with the flaws enabling authenticated attackers to upload malicious files and execute arbitrary commands on affected systems. The vulnerabilities, tracked as CVE-2025-23171 and CVE-2025-23172, stem from…
184 million passwords for Google, Microsoft, Facebook, and more leaked in massive data breach
The file was completely exposed – no encryption, no password protection, no security – just a plain text document containing millions of sensitive data entries. This article has been indexed from Latest stories for ZDNET in Security Read the original…
Your Android phone is getting a big security upgrade for free – these Pixel models included
Google has introduced new enterprise-grade security features for managing Android devices across your organization. Here’s how they work. This article has been indexed from Latest stories for ZDNET in Security Read the original article: Your Android phone is getting a…
Linux flaws chain allows Root access across major distributions
Researchers discovered two local privilege escalation flaws that could let attackers gain root access on systems running major Linux distributions. Qualys researchers discovered two local privilege escalation (LPE) vulnerabilities, an attacker can exploit them to gain root privileges on machines…
Surveillance in the US
Good article from 404 Media on the cozy surveillance relationship between local Oregon police and ICE: In the email thread, crime analysts from several local police departments and the FBI introduced themselves to each other and made lists of surveillance…
ClamAV 1.4.3 and 1.0.9 Released With Fix for Vulnerabilities that Enable Remote Code Execution
Multiple high-severity vulnerabilities, including a dangerous buffer overflow capable of remote code execution, have been fixed in critical security updates released by the ClamAV team for versions 1.4.3 and 1.0.9. These patch releases target several security issues that affect all…
New TxTag Phishing Attack Leverages .gov Domain to Trick Employees
A sophisticated phishing campaign targeting employees with fake toll payment notices has been identified, combining government domain spoofing with social engineering tactics. The attackers craft messages claiming to be from TxTag, warning recipients that their accounts face suspension unless outstanding…
A Token of Appreciation for Sustaining Donors 💞
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> You’ll get a custom EFF35 Challenge Coin when you become a monthly or annual Sustaining Donor by July 10. It’s that simple. Give Once a Month Give Once…
Attack on Oxford City Council exposes 21 years of election worker data
Services coming back online after legacy systems compromised Oxford City Council says a cyberattack earlier this month resulted in 21 years of data being compromised.… This article has been indexed from The Register – Security Read the original article: Attack…
FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks
WhatsApp told SecurityWeek that it linked the exploited FreeType vulnerability CVE-2025-27363 to a Paragon exploit. The post FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
Cloudflare on Thursday said it autonomously blocked the largest ever distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps). The attack, which was detected in mid-May 2025, targeted an unnamed hosting provider. “Hosting…
6 Steps to 24/7 In-House SOC Success
Hackers never sleep, so why should enterprise defenses? Threat actors prefer to target businesses during off-hours. That’s when they can count on fewer security personnel monitoring systems, delaying response and remediation. When retail giant Marks & Spencer experienced a security…
IT Security News Hourly Summary 2025-06-20 12h : 11 posts
11 posts were published in the last hour 10:5 : Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay 10:5 : A Token of Appreciation for Sustaining Donors 💞 9:35 : Dover…
Ubiquiti UniFi Network Application: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Es gibt eine Schwachstelle in der Ubiquiti UniFi Network Application aufgrund einer fehlerhaft konfigurierten Abfrage. Dadurch, können sich fremde Geräte allein mit ihrer Gerätekennung (MAC-Adresse) per RADIUS anmelden. Ein Angreifer kann das ausnutzen, um Sicherheitsmechanismen zu umgehen. Dieser Artikel wurde…