Kaspersky researchers discovered GitVenom campaign distributing stealers and open-source backdoors via fake GitHub projects. This article has been indexed from Securelist Read the original article: The GitVenom campaign: cryptocurrency theft using GitHub
Sicherheitsupdates: Angreifer können Wireshark crashen lassen
Die Wireshark-Entwickler haben eine Sicherheitslücke in ihrem Netzwerkanalysetool geschlossen. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Sicherheitsupdates: Angreifer können Wireshark crashen lassen
Data Leak Exposes TopSec’s Role in China’s Censorship-as-a-Service Operations An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in the country. Founded…
SpyLend Android malware found on Google Play enabled financial cyber crime and extortion
CYFIRMA researchers discovered that the SpyLend Android malware was downloaded 100,000 times from the official app store Google Play. CYFIRMA researchers discovered an Android malware, named SpyLend, which was distributed through Google Play as Finance Simplified. The malware targets Indian…
DeepSeek Unveils FlashMLA, A Decoding Kernel That’s Make Things Blazingly Fast
DeepSeek has launched FlashMLA, a groundbreaking Multi-head Latent Attention (MLA) decoding kernel optimized for NVIDIA’s Hopper GPU architecture, marking the first major release of its Open Source Week initiative. This innovative tool achieves unprecedented performance metrics of 3000 GB/s memory…
Parallels Desktop 0-Day Vulnerability Gain Root Privileges – PoC Released
A critical 0-day vulnerability in Parallels Desktop virtualization software has been publicly disclosed, enabling local attackers to escalate privileges to root-level access on macOS systems. All versions of Parallels Desktop, including the most recent 20.2.1 (55876), are vulnerable to the…
Hackers Exploited Confluence Server Vulnerability To Deploy LockBit Ransomware
A sophisticated ransomware attack leveraging a critical Atlassian Confluence vulnerability (CVE-2023-22527, CVSS 10.0) has been uncovered, culminating in the deployment of LockBit Black ransomware across enterprise networks within two hours of initial compromise. The attackers orchestrated a multi-stage intrusion involving…
A week in security (February 17 – February 23)
A list of topics we covered in the week of February 17 to February 23 of 2025 This article has been indexed from Malwarebytes Read the original article: A week in security (February 17 – February 23)
The Essential Guide to Horizon Scanning in Compliance and Regulatory Frameworks
In today’s fast-paced and interconnected world, compliance and regulatory frameworks are evolving faster than ever. The risk of falling behind on these changes can be severe. Enter horizon scanning—a concept that’s rapidly gaining traction in compliance and regulatory risk management. …
North Koreans Steal $1.5bn From Crypto Exchange Bybit
North Korea’s Lazarus Group identified as attackers behind theft of $1.46bn in Ethereum tokens from Bybit in biggest-ever crypto heist This article has been indexed from Silicon UK Read the original article: North Koreans Steal $1.5bn From Crypto Exchange Bybit
$1.5B Bybit hack, UK E2E pulled, PayPal phishing emails
Hacker steals nearly $1.5 billion from Bybit crypto wallet Apple pulls iCloud end-to-end encryption in the UK PayPal “New Address” feature abused in phishing scam Huge thanks to our sponsor, Conveyor It’s 2025. This is your sign to get a…
Inside a Cyber Crime Group: Cyber Security Today for Monday, Feb 24, 2025
Unveiling Cybercrime: Black Basta Leaks, VPN Attacks, RCMP Crackdown & AI Vulnerabilities In this episode of Cybersecurity Today, Jim Love discusses the leaked chat logs of the Black Basta Ransomware Group, a colossal cyber attack targeting VPN devices with 2.8…
Zombie oder Zukunftsweiser – Zu wem zählen Sie?
Zombies in der Sicherheit als Sinnbild für veraltete Strukturen und Lösungen. Diesen Vergleich zieht Jérôme Johl, Geschäftsführer der W.I.S. Sicherheit + Service GmbH & Co. KG (W.I.S. Unternehmensgruppe) im Protector-Interview und spricht über einen zukunftsfähigen Ansatz für eine alte Branche.…
Paypal-Phishing: “Neue Adresse”-Funktion missbraucht
Eine aktuelle Phishing-Masche nutzt Paypals Adressänderungsfunktion, um serverseitige Spamfilter zu umgehen. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Paypal-Phishing: “Neue Adresse”-Funktion missbraucht
IT Security News Hourly Summary 2025-02-24 09h : 4 posts
4 posts were published in the last hour 8:4 : Fake ChatGPT Premium Phishing Scam Spreads to Steal User Credentials 8:4 : Exim Mail Transfer Vulnerability Let Attackers Inject Malicious SQL Queries 7:32 : 10 Best DevOps Tools in 2025…
Fake ChatGPT Premium Phishing Scam Spreads to Steal User Credentials
A sophisticated phishing campaign impersonating OpenAI’s ChatGPT Premium subscription service has surged globally, targeting users with fraudulent payment requests to steal credentials. Cybersecurity firm Symantec recently identified emails spoofing ChatGPT’s branding, urging recipients to renew a fictional $24 monthly subscription.…
Exim Mail Transfer Vulnerability Let Attackers Inject Malicious SQL Queries
Security researchers have uncovered a critical SQL injection vulnerability (CVE-2025-26794) in Exim, the widely-used mail transfer agent (MTA) that powers over 60% of internet mail servers. The flaw enables authenticated attackers to execute arbitrary SQL commands through specially crafted ETRN…
10 Best DevOps Tools in 2025
The term “DevOps” is a combination of the words “development” and “operations.” Promoting the development and operation processes collectively is a cultural requirement. A single team can now manage the entire application lifecycle, including development, testing, deployment, and operations. System…
UniFi Protect Camera Vulnerability Allows Remote Code Execution Attacks
Ubiquiti Networks has issued an urgent security advisory addressing five critical vulnerabilities in its UniFi Protect camera ecosystem, including two flaws enabling unauthenticated remote code execution (RCE) attacks. The vulnerabilities, discovered during the 2025 Pwn2Own Toronto hacking competition and disclosed…
Parallels Desktop 0-Day Exploit Enables Root Privileges – PoC Released
A critical zero-day vulnerability in Parallels Desktop virtualization software has been publicly disclosed after seven months of unresolved reporting, enabling attackers to escalate privileges to the root level on macOS systems. The proof-of-concept (PoC) exploit code demonstrates two distinct bypass…
Cisco Confirms Salt Typhoon Exploitation in Telecom Hits
Cisco Talos has been actively tracking reports of extensive intrusion attempts targeting multiple major U.S. telecommunications companies. First identified in late 2024 and subsequently confirmed by the US government, this activity is attributed to a highly advanced threat actor known…
Exim Mail Transfer Vulnerability Allows Attackers to Inject Malicious SQL
A newly disclosed vulnerability in the Exim mail transfer agent (CVE-2025-26794) has sent shockwaves through the cybersecurity community, revealing a critical SQL injection flaw that enables attackers to compromise email systems and manipulate underlying databases. The vulnerability, confirmed in Exim…
Cybercrooks Exploit URL Manipulation in Sophisticated Phishing Scam
In a newly seen phishing campaign, malicious actors have exploited URL manipulation techniques to obfuscate their malicious links, compromising businesses and individuals worldwide. Check Point researchers identified a whopping 200,000 phishing emails abusing URL information to hide phishing links, with…
Man vs. machine: Striking the perfect balance in threat intelligence
In this Help Net Security interview, Aaron Roberts, Director at Perspective Intelligence, discusses how automation is reshaping threat intelligence. He explains that while AI tools can process massive data sets, the nuanced judgment of experienced analysts remains critical. Roberts also…