A new banking malware called Sturnus has emerged as a significant threat to mobile users across Europe. Security researchers have discovered that this sophisticated Android trojan can capture encrypted messages from popular messaging apps like WhatsApp, Telegram, and Signal by…
Tsundere Botnet Abusing Popular Node.js and Cryptocurrency Packages to Attack Windows, Linux, and macOS Users
Tsundere represents a significant shift in botnet tactics, leveraging the power of legitimate Node.js packages and blockchain technology to distribute malware across multiple operating systems. First identified around mid-2025 by Kaspersky GReAT researchers, this botnet demonstrates the evolving sophistication of…
New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages
The Android malware is in development and appears to be mainly aimed at users in Europe. The post New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Security gap in Perplexity’s Comet browser exposed users to system-level attacks
There is a serious security problem inside Comet, the AI-powered agentic browser made by Perplexity, SquareX researchers say: Comet’s MCP API allows the browser’s built-in (but hidden from the user) extensions to issue commands directly to a user’s device, and…
UNC2891 Money Mule Network Reveals Full Scope of ATM Fraud Operation
A multi-year ATM fraud campaign by UNC2891 targeted two Indonesian banks, cloning cards, recruiting money mules and coordinating cash withdrawals This article has been indexed from www.infosecurity-magazine.com Read the original article: UNC2891 Money Mule Network Reveals Full Scope of ATM…
Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation
The medium severity vulnerability can be chained together with a critical flaw in the same product, which could help attackers gain additional capabilities. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Researchers warn…
Light has been hiding a magnetic secret for nearly 200 years
New research shows that light’s magnetic field is far more influential than scientists once believed. The team found that this magnetic component significantly affects how light rotates as it passes through certain materials. Their work challenges a 180-year-old understanding of…
Trust Beyond Containers: Identity and Agent Security Lessons from KubeCon 2025
From secure service mesh rollouts to AI cluster hardening, see how KubeCon + CloudNativeCon NA 2025 redefined identity, trust, and governance in Kubernetes environments. The post Trust Beyond Containers: Identity and Agent Security Lessons from KubeCon 2025 appeared first on Security…
Beyond the Watering Hole: APT24’s Pivot to Multi-Vector Attacks
Written by: Harsh Parashar, Tierra Duncan, Dan Perez Google Threat Intelligence Group (GTIG) is tracking a long-running and adaptive cyber espionage campaign by APT24, a People’s Republic of China (PRC)-nexus threat actor. Spanning three years, APT24 has been deploying BADAUDIO,…
PlushDaemon compromises network devices for adversary-in-the-middle attacks
ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks This article has been indexed from WeLiveSecurity Read the original article: PlushDaemon compromises network devices for adversary-in-the-middle attacks
APIContext Introduces MCP Server Performance Monitoring to Ensure Fast and Reliable AI Workflows
Today, APIContext, has launched its Model Context Protocol (MCP) Server Performance Monitoring tool, a new capability that ensures AI systems respond fast enough to meet customer expectations. Given that 85% of enterprises and 78% of SMBs are now using autonomous agents,…
Education boards left gates wide open for PowerSchool mega-breach, say watchdogs
Privacy cops say attack wasn’t just bad luck but a result of sloppy homework Canadian privacy watchdogs say that school boards must shoulder part of the blame for the PowerSchool mega-breach, not just the ed-tech giant that lost control of…
Oligo delivers runtime-native security for models and agents
Oligo Security announced new capabilities to protect the broadest spectrum of AI deployments, including AI applications, LLMs, and agentic AI. The new platform modules address the largest blind spot in AI security by securing production AI technologies that remain largely…
CISA Issues New Guidance on Bulletproof Hosting Threat
CISA launches guide to combat cybercrime via bulletproof hosting, recommending measures for ISPs This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Issues New Guidance on Bulletproof Hosting Threat
The Black Friday Cyber Crime Economy: Surge in Fraudulent Domains and eCommerce Scams
Key findings Malicious activity is rising, with 1 in 11 newly registered Black Friday themed domains classified as harmful. Brand impersonation remains a primary tactic, with 1 in 25 new domains related to the reputable ecommerce marketplaces of Amazon, AliExpress,…
Gmail can read your emails and attachments to train its AI, unless you opt out
A new Gmail update may allow Google to use your private messages and attachments for AI training. Here’s how to turn it off. This article has been indexed from Malwarebytes Read the original article: Gmail can read your emails and…
Holiday scams 2025: These common shopping habits make you the easiest target
Holiday deals are flooding your phone, and scammers are too. Watch for fake listings, phishing texts, and offers that seem just a little too good to be true. This article has been indexed from Malwarebytes Read the original article: Holiday…
Doppel Raises $70 Million at $600 Million Valuation
The AI-native social engineering defense (SED) platform will accelerate product innovation and expand its offerings. The post Doppel Raises $70 Million at $600 Million Valuation appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
New runC Vulnerabilities Expose Docker and Kubernetes Environments to Potential Host Breakouts
Three newly uncovered vulnerabilities in the runC container runtime have raised significant concerns for organizations relying on Docker, Kubernetes, and other container-based systems. The flaws, identified as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, were disclosed by SUSE engineer and Open Container…
Supply Chain Breaches Impact Almost All Firms Globally, BlueVoyant Reveals
Despite a growing maturity of third-party risk management programs, supply chain attacks impacted more organizations in 2025 than in previous years This article has been indexed from www.infosecurity-magazine.com Read the original article: Supply Chain Breaches Impact Almost All Firms Globally,…
WhatsApp Flaw Exposed User Numbers
Eurofiber, a provider of B2B digital infrastructure services, detected a cybersecurity incident on November 13, 2025, which exclusively affected its operations The post WhatsApp Flaw Exposed User Numbers first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read…
Ransomware Hits LG Battery Subsidiary
LG Energy Solution, a prominent South Korean battery company and a subsidiary of LG, recently acknowledged that it was the victim of a targeted ransomware attack The post Ransomware Hits LG Battery Subsidiary first appeared on CyberMaterial. This article has…
Europe Scales Back Privacy And AI Laws
The European Union, after years of leading the world in establishing strict technology regulation, is now proposing to loosen its grip on its flagship rules The post Europe Scales Back Privacy And AI Laws first appeared on CyberMaterial. This article…
US UK Australia Sanction Russian Host
The governments of the United States, the United Kingdom, and Australia have taken coordinated action by sanctioning a Russian “bulletproof” web hosting company The post US UK Australia Sanction Russian Host first appeared on CyberMaterial. This article has been indexed…