A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick to mimic a fake Blue Screen of Death (BSOD). The script, which has a low detection rate of 4/59 on VirusTotal (SHA256: d716c2edbcdb76c6a6d31b21f154fee7e0f8613617078b69da69c8f4867c9534), drew the attention…
Gaming or gambling? Lifting the lid on in-game loot boxes
The virtual treasure chests and other casino-like rewards inside your children’s games may pose risks you shouldn’t play down This article has been indexed from WeLiveSecurity Read the original article: Gaming or gambling? Lifting the lid on in-game loot boxes
AI and Civil Service Purges
Donald Trump and Elon Musk’s chaotic approach to reform is upending government operations. Critical functions have been halted, tens of thousands of federal staffers are being encouraged to resign, and congressional mandates are being disregarded. The next phase: The Department…
Meta Paid Out Over $2.3 Million in Bug Bounties in 2024
Meta received close to 10,000 vulnerability reports and paid out over $2.3 million in bug bounty rewards in 2024. The post Meta Paid Out Over $2.3 Million in Bug Bounties in 2024 appeared first on SecurityWeek. This article has been…
Lexmark issues warning about critical security vulnerabilities in printer software
Lexmark has published several security warnings about recently disclosed vulnerabilities in Lexmark print software and firmware. Patches are provided and customers are asked to update their devices and software immediately to protect […] Thank you for being a Ghacks reader.…
heise-Angebot: iX-Workshop: Spezialwissen für KRITIS – Prüfverfahrenskompetenz gemäß § 8a BSIG
Erlangen Sie spezielle Prüfverfahrenskompetenz für § 8a BSIG; inklusive Abschlussprüfung und Zertifizierung. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: heise-Angebot: iX-Workshop: Spezialwissen für KRITIS – Prüfverfahrenskompetenz gemäß § 8a BSIG
It’s Time to Move Beyond Awareness Training: Why Readiness Is the New Standard for Cybersecurity
For years, cybersecurity training programs have been stuck in the same rut: entertaining videos, knowledge-heavy lectures, and phishing tests that feel more like public shaming than skill-building. It’s time for a radical shift. The world has evolved and so have…
TikTok Returns To Apple, Google Stores In US
TikTok returns to app stores of both Apple and Google in the United States, after Donald Trump delayed ban enforcement until 5 April This article has been indexed from Silicon UK Read the original article: TikTok Returns To Apple, Google…
REF7707 Hackers Target Windows & Linux Systems with FINALDRAFT Malware
Elastic Security Labs has uncovered a sophisticated cyber-espionage campaign, tracked as REF7707, targeting entities across South America and Southeast Asia. Central to this operation is the deployment of a novel malware family named FINALDRAFT, which has been engineered to exploit…
North Korean IT Workers Penetrate Global Firms to Install System Backdoors
In a concerning escalation of cyber threats, North Korean IT operatives have infiltrated global companies, posing as remote workers to introduce system backdoors and exfiltrate sensitive data. These activities, which generate critical revenue for the heavily sanctioned regime, also pose…
Protecting Hospitals from IoT Threats with Check Point
In today’s healthcare landscape, the integration of Internet of Medical Things (IoMT) devices has revolutionized patient care. However, this technological advancement also introduces significant cyber security risks. One such threat has been highlighted by the US Cybersecurity and Infrastructure Security…
New Astaroth 2FA Phishing Kit Targeting Gmail, Yahoo, Office 365, and 3rd-Party Logins
A sophisticated phishing kit, known as the Astaroth 2FA phishing kit, has been identified targeting major email services such as Gmail, Yahoo, and Office 365, along with third-party login platforms. This kit is designed to bypass two-factor authentication (2FA) security…
Have the Last Word Against Ransomware with Immutable Backup
With incidences of ransomware on the rise, nobody should even be thinking that an attack is something that couldn’t happen to them, let alone speak those words into existence. And… The post Have the Last Word Against Ransomware with Immutable…
Fake BSOD Delivered by Malicious Python Script, (Fri, Feb 14th)
I found a Python script that implements a funny anti-analysis trick. The script has a low score on VT (4/59) (SHA256:d716c2edbcdb76c6a6d31b21f154fee7e0f8613617078b69da69c8f4867c9534)[1]. This sample attracted my attention because it uses the tkinter[2] library. This library is used to create graphical user interfaces (GUIs). It…
REF7707 Hackers Attacking Windows & Linux Machines Using FINALDRAFT Malware
A sophisticated hacking campaign has been unveiled recently by Elastic Security Labs, dubbed “REF7707,” which has been targeting both Windows and Linux systems using novel malware families, including FINALDRAFT, GUIDLOADER, and PATHLOADER. This campaign has been notable for its advanced…
2 charged over alleged New IRA terrorism activity linked to cops’ spilled data
Officer says mistakenly published police details were shared ‘a considerable amount of times’ Two suspected New IRA members were arrested on Tuesday and charged under the Terrorism Act 2000 after they were found in possession of spreadsheets containing details of…
SonicWall Firewall Vulnerability Exploited After PoC Publication
The exploitation of a recent SonicWall vulnerability has started shortly after proof-of-concept (PoC) code was published. The post SonicWall Firewall Vulnerability Exploited After PoC Publication appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Microsoft Security Update Notification in February of High-Risk Vulnerabilities in Multiple Products
Overview On February 12, NSFOCUS CERT detected that Microsoft released a security update patch for February, which fixed 63 security issues involving widely used products such as Windows, Microsoft Office, Azure, Apps, and Microsoft Visual Studio, including high-risk vulnerabilities such…
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108)
Overview Recently, NSFOCUS CERT detected that Palo Alto Networks issued a security announcement and fixed the identity bypass vulnerability in PAN-OS (CVE-2025-0108). Due to the problem of path processing by Nginx/Apache in PAN-OS, unauthenticated attackers can bypass authentication to access…
Palo Alto PAN-OS: Exploit-Code für hochriskante Lücke aufgetaucht
Im Betriebssystem PAN-OS für Firewalls von Palo Alto Networks klaffen Sicherheitslücken. Für eine davon gibt es bereits Exploit-Code. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: Palo Alto PAN-OS: Exploit-Code für hochriskante Lücke aufgetaucht
Datenbank manipulierbar: Hacker entstellt Webportal von Musks Doge
Wie üblich bei Musks Vorhaben musste die Bereitstellung der Doge-Webseite wohl mal wieder schnell gehen. Anonyme wollen “Tonnen von Fehlern” entdeckt haben. (Sicherheitslücke, Datenbank) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Datenbank manipulierbar: Hacker…
NVIDIA Container Toolkit Vulnerable to Code Execution Attacks
NVIDIA has issued a critical security update to address a high-severity vulnerability discovered in the NVIDIA® Container Toolkit for Linux. The flaw, tracked as CVE-2025-23359, could allow attackers to exploit a time-of-check time-of-use (TOCTOU) vulnerability to gain unauthorized access to the…
Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
China-linked APT Salt Typhoon has been exploiting known vulnerabilities in Cisco devices in attacks on telecom providers in the US and abroad. The post Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks appeared first on SecurityWeek. This article…
UK’s AI Safety Institute Rebrands Amid Government Strategy Shift
The organization becomes the AI Security Institute as the UK shifts its focus to tackling AI risks to national security This article has been indexed from www.infosecurity-magazine.com Read the original article: UK’s AI Safety Institute Rebrands Amid Government Strategy Shift