Viasat Inc., a leading U.S. satellite and wireless communications provider, has been identified as the latest victim in a sweeping cyberespionage campaign attributed to the Chinese state-sponsored group known as Salt Typhoon. The breach, which occurred during the 2024 U.S.…
Hackers Leverage VBScript Files to Deploy Masslogger Credential Stealer Malware
A sophisticated new variant of the Masslogger credential stealer has emerged, utilizing VBScript encoded (.VBE) files to deploy a multi-stage fileless malware campaign that operates entirely from the Windows Registry. This advanced threat represents a significant evolution in information-stealing malware,…
Jitter-Trap – A New Technique to Detect Stealthy Beacon Traffic
A new detection method called Jitter-Trap that turns cybercriminals’ own evasion tactics against them, offering new hope in the battle against sophisticated post-exploitation attacks. Released on June 18, 2025, this technique focuses on identifying stealthy beacon communications that traditional security…
Russian Hackers Impersonating as U.S. Department of State to Obtain ASP Passcode
A sophisticated Russian state-sponsored cyber campaign has targeted prominent academics and critics of Russia through an innovative social engineering attack that exploited Google’s Application Specific Password (ASP) functionality. The operation, which ran from April through early June 2025, demonstrated a…
Microsoft Entra ID to Extend Passkey (FIDO2) Authentication Methods to Support Public Preview
Microsoft is expanding the number of passkey authentication methods available in Microsoft Entra ID to improve its identity and access management features. The public preview rollout is scheduled to commence in mid-October 2025, with full deployment expected by mid-November 2025. …
UK gov asks university boffins to pinpoint cyber growth areas where it should splash cash
Good to see government that values its academics (cough cough). Plus: New board criticized for lacking ‘ops’ people Cybersecurity experts have started a formal review into the UK cybersecurity market, at the government’s request, to identify future growth opportunities as…
Gleiche Frage, mehr CO2: Darum sind einige KI-Systeme umweltschädlicher als andere
Deutsche Forscher:innen haben herausgefunden, dass einige KI-Systeme viel mehr Energie verbrauchen als andere. Der Reasoning-Ansatz spielt dabei eine große Rolle. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen Sie den originalen Artikel: Gleiche Frage, mehr CO2: Darum…
IT-Vorfall bei Centerparks: Kundendaten betroffen
Angreifer sind in die IT der Centerparks eingebrochen. Dabei lagen Kundendaten offen. Das Unternehmen informiert nun Betroffene. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: IT-Vorfall bei Centerparks: Kundendaten betroffen
(g+) Registermodernisierung: Die zentralen Datenübertragungsstandards im Noots
Mit der Registermodernisierung soll für Bürger alles besser werden, aber der Weg ist weit. Eine Komplikation: ein Übertragungsstandard, der mit allen Behördendaten kann. (verwaltungimwandel, Datenschutz) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: (g+) Registermodernisierung:…
Threat Actor Exploit GitHub and Hosted 60 GitHub Repositories with 100s of Malware
A threat actor group known as Banana Squad has been found exploiting GitHub, a cornerstone platform for developers worldwide, by hosting over 60 malicious repositories containing hundreds of trojanized Python files. Discovered by the ReversingLabs threat research team, this campaign…
Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers
Java-based malware targets Minecraft users via fake cheat tools, utilizing the Stargazers Ghost Network distribution-as-a-service (DaaS). Check Point researchers found a multi-stage malware on GitHub targeting Minecraft users via Stargazers DaaS, using Java/.NET stealers disguised as cheat tools. Minecraft, one…
Self-Driving Car Video Footage
Two articles crossed my path recently. First, a discussion of all the video Waymo has from outside its cars: in this case related to the LA protests. Second, a discussion of all the video Tesla has from inside its cars.…
Chain IQ, UBS Data Stolen in Ransomware Attack
A ransomware group has claimed the theft of millions of files from procurement service provider Chain IQ and 19 other companies. The post Chain IQ, UBS Data Stolen in Ransomware Attack appeared first on SecurityWeek. This article has been indexed…
IT Security News Hourly Summary 2025-06-19 12h : 20 posts
20 posts were published in the last hour 10:4 : Hackers Exploit Cloudflare Tunnels to Infect Windows Systems With Python Malware 10:3 : The best password generators of 2025: Expert tested 10:3 : Open Next for Cloudflare SSRF Vulnerability Let…
OpenAI’s Altman Hits Out At Meta’s ‘Crazy’ Sign-On Bonuses
Demand for AI skills continues to grow, as Meta allegedly seeks to poach OpenAI staff with signing bonuses of $100m (£74m) This article has been indexed from Silicon UK Read the original article: OpenAI’s Altman Hits Out At Meta’s ‘Crazy’…
Sophisticated Phishing Attack Uses ASP Pages to Target Prominent Russia Critics – Google
Google Threat Intelligence Group (GTIG), in collaboration with external partners, has uncovered a sophisticated phishing campaign orchestrated by a Russia state-sponsored cyber threat actor, tracked as UNC6293. Active from at least April through early June 2025, this campaign specifically targeted…
Top 5 Best Practices for Cloud Security
Find out the best practices for securely deploying applications and managing data in the cloud. This article has been indexed from Security | TechRepublic Read the original article: Top 5 Best Practices for Cloud Security
Krispy Kreme Confirms Data Breach After Ransomware Attack
Krispy Kreme is sending notifications to thousands of people impacted by the data breach that came to light at the end of 2024. The post Krispy Kreme Confirms Data Breach After Ransomware Attack appeared first on SecurityWeek. This article has…
Encryption Backdoors: The Security Practitioners’ View
After decades of failed attempts to access encrypted communications, governments are shifting from persuasion to coercion—security experts say the risks are too high. The post Encryption Backdoors: The Security Practitioners’ View appeared first on SecurityWeek. This article has been indexed…
Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
Most cyberattacks today don’t start with loud alarms or broken firewalls. They start quietly—inside tools and websites your business already trusts. It’s called “Living Off Trusted Sites” (LOTS)—and it’s the new favorite strategy of modern attackers. Instead of breaking in,…
Researchers Warn of ‘Living off AI’ Attacks After PoC Exploits Atlassian’s AI Agent Protocol
Cato Networks researchers demonstrated an attack leveraging Atlassian’s AI agent-enabling server This article has been indexed from www.infosecurity-magazine.com Read the original article: Researchers Warn of ‘Living off AI’ Attacks After PoC Exploits Atlassian’s AI Agent Protocol
WordPress: AI-Engine-Plug-in reißt Sicherheitslücke in 100.000 Webseiten
Das Plug-in AI Engine ist auf mehr als 100.000 WordPress-Webseiten installiert. Eine Lücke ermöglicht die vollständige Kompromittierung. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: WordPress: AI-Engine-Plug-in reißt Sicherheitslücke in 100.000 Webseiten
Grok und Mixtral ohne Grenzen: Neue KI-Tools erzeugen Phishing-Mails und Malware
Gängige KI-Tools wie ChatGPT weigern sich, bei Vorhaben wie Phishing oder Malware-Entwicklung zu unterstützen. Doch Cyberkriminelle wissen sich zu helfen. (Cybercrime, Virus) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Grok und Mixtral ohne Grenzen:…
ClamAV 1.4.3 and 1.0.9 Released with Fixes for Critical Remote Code Execution Vulnerability
The ClamAV development team has rolled out two crucial security patch releases, versions 1.4.3 and 1.0.9, aimed at resolving significant vulnerabilities that could compromise system integrity. Alongside these patches, the team has introduced Linux aarch64 (ARM64) RPM and DEB installer…