A new version of MacSync Stealer malware is targeting macOS users through digitally signed and notarized applications, marking a major shift in how this threat is delivered. Unlike older versions that required users to paste commands into Terminal, this updated…
Windows Imaging Component Vulnerability Can Lead to RCE Attacks Under Complex Attack Scenarios
A comprehensive analysis of CVE-2025-50165, a critical Windows vulnerability affecting the Windows Imaging Component (WIC). That could potentially enable remote code execution through specially crafted JPEG files. However, their findings suggest the real-world exploitation risk is significantly lower than initially…
Threat Actors Poses as Korean TV Programs’ Writer to Trick Victims and Install Malware
Cybersecurity researchers have uncovered a sophisticated campaign where threat actors impersonate writers from major Korean broadcasting networks to distribute malicious documents. The operation, tracked as Operation Artemis, represents a notable evolution in social engineering tactics by leveraging trusted media personalities…
Critical n8n Automation Platform Vulnerability Enables RCE Attacks – 103,000+ Instances Exposed
A critical remote code execution vulnerability has been discovered in n8n, the open-source workflow automation platform, exposing over 103,000 potentially vulnerable instances worldwide. Tracked as CVE-2025-68613 with a maximum CVSS severity score of 9.9. The vulnerability exists within n8n’s workflow…
Hacktivists claim near-total Spotify music scrape
Hacktivists have scraped almost 100% of the content available on Spotify. Is there anything users need to worry about? This article has been indexed from Malwarebytes Read the original article: Hacktivists claim near-total Spotify music scrape
Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits
Malware peddlers are targeting infosec enthusiasts, budding security professionals, and aspiring hackers with the Webrat malware, masquerading the threat as proof-of-concept (PoC) exploits for known vulnerabilities. Delivering the malware The recently uncovered Webrat can steal data from Telegram, Discord and…
Top Ransomware Trends of 2025
Infosecurity has selected some of the key ransomware statistics for 2025 This article has been indexed from www.infosecurity-magazine.com Read the original article: Top Ransomware Trends of 2025
Spotify Music Library Targeted as Hacktivists Scrape 86 Million Files
Anna’s Archive, a prominent digital preservation platform, has announced the largest unauthorized extraction of Spotify music data ever recorded. The hacktivist group scraped approximately 86 million songs from the streaming service, representing nearly 99.6% of all user listening activity on…
MacSync Stealer Malware Targets macOS Users Through Digitally Signed Apps
Jamf Threat Labs has uncovered a new MacSync Stealer campaign that significantly raises the bar for macOS malware delivery by abusing Apple’s own trust mechanisms. The latest variant is delivered as a fully code‑signed and notarized Swift application, allowing it…
Threat Actors Impersonate Korean TV Writers to Deliver Malware
North Korean-backed threat actors are impersonating writers from major Korean broadcasting companies to deliver malicious documents and establish initial access to targeted systems, according to threat intelligence research by Genians Security Center. The “Artemis” campaign, attributed to the APT37 group,…
Critical n8n Vulnerability Exposes 103,000+ Automation Instances to RCE Attacks
A critical remote code execution vulnerability in n8n, a popular open-source workflow automation platform, threatens over 103,000 potentially vulnerable instances worldwide. Tracked as CVE-2025-68613 with a maximum CVSS severity score of 9.9, the flaw allows authenticated attackers to execute arbitrary…
Indian Income Tax–Lure Campaign Deploying Multi-Stage Malware Against Businesses
Tax-themed phishing campaigns have intensified in recent months, capitalizing on the heightened awareness surrounding India’s Income Tax Return (ITR) filing season. Public discussions about refund timelines and compliance deadlines create an ideal backdrop for attackers to craft credible lures. Recent…
Denmark Accuses Russia of Conducting Two Cyberattacks
News: The Danish Defence Intelligence Service (DDIS) announced on Thursday that Moscow was behind a cyber-attack on a Danish water utility in 2024 and a series of distributed denial-of-service (DDoS) attacks on Danish websites in the lead-up to the municipal…
Feds Seize Password Database Used in Massive Bank Account Takeover Scheme
The cybercriminals attempted to steal $28 million from compromised bank accounts through phishing. The post Feds Seize Password Database Used in Massive Bank Account Takeover Scheme appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Nissan Confirms Impact From Red Hat Data Breach
The personal information of 21,000 customers was stolen after hackers compromised Red Hat’s GitLab instances. The post Nissan Confirms Impact From Red Hat Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Breaking: Massive Spotify Data Scrape Hits 300TB — 86M Tracks Exposed
Spotify is currently making headlines as it battles a massive unauthorized data scrape. A group known as Anna’s… The post Breaking: Massive Spotify Data Scrape Hits 300TB — 86M Tracks Exposed appeared first on Hackers Online Club. This article has…
Assessing SIEM effectiveness
We share the results of assessing the effectiveness of Kaspersky SIEM in real-world infrastructures and explore common challenges and solutions to these. This article has been indexed from Securelist Read the original article: Assessing SIEM effectiveness
Passwd: A walkthrough of the Google Workspace Password Manager
Passwd is designed specifically for organizations operating within Google Workspace. Rather than competing as a general consumer password manager, its purpose is narrow, and business-focused: secure credential storage, controlled sharing, and seamless Workspace integration. The platform emphasizes practicality over feature…
INTERPOL Arrests 574 in Africa; Ukrainian Ransomware Affiliate Pleads Guilty
A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued crackdown on cybercrime networks in Africa. The coordinated effort, named Operation…
Chinese Crypto Scammers on Telegram Are Fueling the Biggest Darknet Markets Ever
Online black markets once lurked in the shadows of the dark web. Today, they’ve moved onto public platforms like Telegram—and are racking up historic illicit fortunes. This article has been indexed from Security Latest Read the original article: Chinese Crypto…
IT Security News Hourly Summary 2025-12-23 12h : 6 posts
6 posts were published in the last hour 11:2 : Pirate Group Anna’s Archive Copies 256M Spotify Songs in Data Scrape 11:2 : Why Third-Party Access Remains the Weak Link in Supply Chain Security 11:2 : New GhostLocker Tool that…
Pirate Group Anna’s Archive Copies 256M Spotify Songs in Data Scrape
Spotify has confirmed a massive unauthorised data scrape involving 256 million track records and 86 million audio files. Learn how “Anna’s Archive” bypassed security, and why experts warn against downloading the leaked files. This article has been indexed from Hackread…
Why Third-Party Access Remains the Weak Link in Supply Chain Security
Attackers exploited a supply chain weakness, abusing trusted components to compromise systems and spread malicious activity across connected targets. Your next breach probably won’t start inside your network—it will start with someone you trust. Every supplier, contractor, and service provider…
New GhostLocker Tool that Uses Windows AppLocker to Neutralize and Control EDR
A new tool named GhostLocker has been released, demonstrating a novel technique to neutralize Endpoint Detection and Response (EDR) systems by weaponizing the native Windows AppLocker feature. Developed by security researcher zero2504, the tool highlights a fundamental architectural vulnerability in…