Creators, Authors and Presenters: d3dbot, Mobile Hacking Community Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference’s events located at the Las Vegas Convention Center; and via…
ESET uncovers Gamaredon–Turla collaboration in Ukraine cyberattacks
ESET found evidence that Russia-linked groups Gamaredon and Turla collaborated in cyberattacks on Ukraine between February and April 2025. ESET reported Russia-linked groups Gamaredon and Turla collaborated in cyberattacks against entities in Ukraine. The Russia-linked APT group Gamaredon (a.k.a. Shuckworm, Armageddon, Primitive Bear, ACTINIUM, Callisto) is known…
WhiteCobra Floods VSCode Market with 24 Crypto-Stealing Extensions
A threat actor named WhiteCobra has infiltrated the Visual Studio Code marketplace and Open VSX registry with 24 malicious extensions targeting developers using VSCode, Cursor, and Windsurf editors . Campaign overview The ongoing campaign represents a sophisticated operation that…
500GB Leak Marks Largest Exposure of Great Firewall’s Internal Operations
There has been a significant breach of one of the world’s most sophisticated censorship systems, the Great Firewall, which is considered one of the most tightly controlled systems. This breach has led to the largest data leak to date…
Villager: AI Software That Makes Hacking Easier
A new penetration testing framework named Villager is drawing international attention for its unusual mix of traditional hacking tools and artificial intelligence. Released in July 2025 through the Python Package Index, the tool has already surpassed 10,000 downloads in…
Help Wanted: What are these odd reuqests about?, (Sun, Sep 21st)
Looking at our web honeypot data, I came across an odd new request header I hadn't seen before: “X-Forwarded-App”. My first guess was that this is yet another issue with a proxy-server bucket brigade spilling secrets when a particular “App”…
Airport Cyberattack Disrupts More Flights Across Europe
The cyberattack affected software of Collins Aerospace, whose systems help passengers check in, print boarding passes and bag tags, and dispatch their luggage. The post Airport Cyberattack Disrupts More Flights Across Europe appeared first on SecurityWeek. This article has been…
Security Affairs newsletter Round 542 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 63
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter SmokeLoader Rises From the Ashes Hive0154, aka Mustang Panda, drops updated Toneshell backdoor and novel SnakeDisk USB worm Popular…
Cybersecurity Newsletter Weekly – Shai Halud Attack, Ivanti Exploits, FinWise, BMW Data Leak, and More
This week in cybersecurity, researchers exposed hidden alliances between ransomware groups, the rise of AI-powered phishing platforms, and large-scale vulnerabilities affecting telecom and enterprise systems. Major data breaches at financial services and luxury brands highlighted insider threats and supply chain…
Hundreds of flights delayed at Heathrow and other airports after apparent cyberattack
Travelers at major European airports including Heathrow, Brussels, and Berlin faced significant delays this weekend following what Collins Aerospace described as a “cyber-related incident.” This article has been indexed from Security News | TechCrunch Read the original article: Hundreds of…
Cyberattack Disrupts Check-In Systems at Major European Airports
The disruptions to airport electronic systems meant that only manual check-in and boarding was possible. The post Cyberattack Disrupts Check-In Systems at Major European Airports appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Countering The Adaptive Playbook of Modern Threat Actors
The cybersecurity landscape has seen a substantial threat vector transformation. While malware and ransomware continue to be relevant threats, a more nuanced class of attacks has gained traction. Over 80%… The post Countering The Adaptive Playbook of Modern Threat Actors…
DevOps data breaches expose Microsoft, Schneider Electric, Mercedes-Benz, and New York Times
Source code forms the backbone of every digital enterprise, and platforms such as GitHub and Atlassian are trusted to safeguard this critical data. Yet, organizations must remember that under the Shared Responsibility Model, users retain accountability for the security…
Strengthening Cybersecurity in Healthcare: Protecting Patient Data and Ensuring Regulatory Compliance in a Digital Age
Cybersecurity in Healthcare As healthcare increasingly relies on digital technologies, the urgency for robust cybersecurity measures has never been more pronounced. This industry tackles challenges including the security of patient… The post Strengthening Cybersecurity in Healthcare: Protecting Patient Data and…
DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams
Threat actors with ties to the Democratic People’s Republic of Korea (aka DPRK or North Korea) have been observed leveraging ClickFix-style lures to deliver a known malware called BeaverTail and InvisibleFerret. “The threat actor used ClickFix lures to target marketing…
The Silent Threat: How Misconfigurations Fuel the Cyber Crime Economy
Billions of records are breached each year as a result of misconfigured servers, firewalls and other network devices. What can be done? Let’s explore. The post The Silent Threat: How Misconfigurations Fuel the Cyber Crime Economy appeared first on Security…
Animeify – 808,034 breached accounts
In October 2021, the now defunct Arabic language Anime website Animeify suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 808k unique email addresses along with names, usernames, genders and…
Week in review: Chrome 0-day fixed, npm supply chain attack, LinkedIn data used for AI
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Most enterprise AI use is invisible to security teams Most enterprise AI activity is happening without the knowledge of IT and security teams. According to…
Scientists just made atoms talk to each other inside silicon chips
Researchers at UNSW have found a way to make atomic nuclei communicate through electrons, allowing them to achieve entanglement at scales used in today’s computer chips. This breakthrough brings scalable, silicon-based quantum computing much closer to reality. This article has…
New EDR-Freeze Tool That Puts EDRs and Antivirus Into A Coma State
A new proof-of-concept tool named EDR-Freeze has been developed, capable of placing Endpoint Detection and Response (EDR) and antivirus solutions into a suspended “coma” state. According to Zero Salarium, the technique leverages a built-in Windows function, offering a stealthier alternative…
Feel Reassured with Comprehensive Secrets Scanning
Are You Leveraging Non-Human Identities for Optimal Security? The increasing prevalence of Non-Human Identities (NHIs) presents both opportunities and challenges for cybersecurity professionals. These machine identities are critical components of modern security systems, but managing them effectively requires a strategic…
Enhancing Your Team’s Capabilities in NHIDR
How Secure Are Your Organization’s Machine Identities? Have you ever considered the sheer number of machine identities roaming within your organization’s networks, each carrying sensitive secrets that require careful management? Where threats are evolving faster than ever before, Non-Human Identities…
DEF CON 33: One Modem To Brick Them All -Vulns In EV Charging Comms
Creators, Authors and Presenters: Jan Berens, Marcell Szakaly Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference’s events located at the Las Vegas Convention Center; and via…