In a striking evolution of its tactics, the Sidewinder advanced persistent threat (APT) group—also known as APT-C-24 or “Rattlesnake”—has adopted a novel delivery mechanism leveraging Windows shortcut (LNK) files to orchestrate complex, multi-stage intrusions across South Asia. Active since at…
Apple issues spyware warnings as CERT-FR confirms attacks
Apple warned users of a spyware campaign; France’s cyber agency confirmed targeted iCloud-linked devices may be compromised. Apple warned customers last week about new spyware attacks, the French national Computer Emergency Response Team (CERT-FR) said. The agency confirmed at least…
Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm
KioSoft was notified about a serious NFC card vulnerability in 2023 and only recently claimed to have released a patch. The post Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm appeared first on SecurityWeek. This…
Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage
The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in ways traditional security models can’t keep up with.…
FTC Opens Probe Into OpenAI, Google, Meta Over AI Risks
US trade regulator looks into how companies are protecting children and teenagers from negative impacts, after Senate launches probe This article has been indexed from Silicon UK Read the original article: FTC Opens Probe Into OpenAI, Google, Meta Over AI…
Black Box Testing vs. White Box: The Hidden Risks of Choosing Wrong
With attacks on applications growing rapidly, regular testing of web and mobile platforms has become critical. In fact, statistics show that web applications are involved in 26% of breaches, ranking as the second most exploited attack pattern. There are multiple…
HCL AppScan 360º 2.0 protects software supply chains
HCLSoftware launched HCL AppScan 360º version 2.0, a next-generation application security platform designed to help organizations regain control over their software supply chains. As open-source adoption accelerates and global data regulations tighten, HCL AppScan 360º delivers a cloud-native solution that…
ICO Warns of Student-Led Data Breaches in UK Schools
ICO warned that growing hacks by children into school computer systems is setting them up for “a life of cybercrime” This article has been indexed from www.infosecurity-magazine.com Read the original article: ICO Warns of Student-Led Data Breaches in UK Schools
Hackers Steal LNER Data In Latest UK Breach
Rail operator LNER says data does not include password or payment card data, in latest of hacks to hit major British companies this year This article has been indexed from Silicon UK Read the original article: Hackers Steal LNER Data…
M&S Digital Chief Steps Down After Hack
Marks & Spencer chief digital and technology officer Rachel Higham leaves company after cyber-attack crippled systems for months This article has been indexed from Silicon UK Read the original article: M&S Digital Chief Steps Down After Hack
LAPSUS$ Hunters 4.0 Announce Permanent Shutdown
In a startling development on September 8, the Telegram channel “scattered LAPSUS$ hunters 4.0” declared its intention to “go dark” after taunting law enforcement for repeated missteps. With an audacious message aimed squarely at the FBI and French authorities, the…
VirtualBox 7.2.2 Released With Fix For GUI Crashes On Virtual Machines (guests)
Oracle has released VirtualBox 7.2.2, a maintenance update for its open-source virtualization platform, focusing on improving stability and addressing a range of bugs. Released on September 10, 2025, this version comes as a follow-up to the major 7.2 release, which…
Apple Warns Of Series Mercenary Spyware Attacks Targeting Users Devices
Apple has issued a warning regarding highly sophisticated “mercenary spyware” attacks targeting a select group of its users. The company’s threat notification system is designed to alert and support individuals who may have been targeted due to their profession or…
Sublime Security enhances threat protection with AI agent
Sublime Security released the Autonomous Detection Engineer (ADÉ), an end-to-end AI agent that turns attack telemetry into transparent and auditable protection that security teams can trust. Email attacks are advancing as adversaries weaponize generative AI to create highly targeted and…
Apple Warns of Mercenary Spyware Attacks Targeting User Devices
Apple has issued urgent warnings about sophisticated spyware attacks targeting specific users worldwide, including journalists, activists, politicians, and diplomats. Mercenary spyware attacks differ significantly from regular cybercriminal activity. These attacks cost millions of dollars and target only a small number…
Microsoft to Deprecate VBScript in Windows, Urges Developers to Update Projects
Microsoft announced the phased deprecation of VBScript in Windows, significantly impacting VBA developers who rely on VBScript libraries for regular expressions and external script execution. The company outlined a comprehensive timeline and provided migration guidance to help developers future-proof their…
Huntress’s ‘hilarious’ attacker surveillance splits infosec community
Ethical concerns raised after crook offered themselves up on silver platter Security outfit Huntress has been forced onto the defensive after its latest research – described by senior staff as “hilarious” – split opinion across the cybersecurity community.… This article…
SonicWall VPM exploits, Fed cyberchief’s priorities, U.S spyware investment triples
SonicWall SSL VPN flaws now being actively exploited Acting federal cyber chief outlines his priorities U.S. based investors in spyware firms nearly tripled in 2024 Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls…
French Lawmakers Urge Social Media Ban For Under-15s
French parliamentary committee concludes six-month investigation urging social media ban for those under 15 over ‘dangerous content’ This article has been indexed from Silicon UK Read the original article: French Lawmakers Urge Social Media Ban For Under-15s
New K2 Think AI Model Falls to Jailbreak in Record Time
A groundbreaking vulnerability has emerged in the newly released K2 Think AI model from UAE’s Mohamed bin Zayed University of Artificial Intelligence (MBZUAI) in collaboration with G42. Security researchers have successfully jailbroken the advanced reasoning system within hours of its…
U.S. CISA adds Dassault Systèmes DELMIA Apriso flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dassault Systèmes DELMIA Apriso flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Dassault Systèmes DELMIA Apriso flaw, tracked as CVE-2025-5086 (CVSS score of 9.0), to its Known Exploited…
Boost Your Confidence With Robust NHI Management
Does Your Organization Understand the Strategic Importance of NHI Management? With corporations increasingly shift operations to the cloud, they face the daunting task of managing a vast array of Non-Human Identities (NHIs) – machine identities used in cybersecurity. With the…
How Protected Are Your NHIs in Dynamic Networks?
Unraveling the Core Structure: What are NHIs? Are you really protecting your Non-Human Identities (NHIs) to the best of your ability? NHIs are an often misunderstood but vitally important component. They are machine identities created by combining a “Secret” and…
Your heartbeat could reveal your identity, even in anonymized datasets
A new study has found that electrocardiogram (ECG) signals, often shared publicly for medical research, can be linked back to individuals. Researchers were able to re-identify people in anonymous datasets with surprising accuracy, raising questions about how health data is…