Expired security cert, real Brussels agenda, plus PlugX malware finish the job Cyber spies linked to the Chinese government exploited a Windows shortcut vulnerability disclosed in March – but that Microsoft hasn’t fixed yet – to target European diplomats in…
New Windows-Based Airstalk Malware Employs Multi-Threaded C2 Communication to Steal Logins
A newly discovered Windows malware family named Airstalk has emerged as a sophisticated threat capable of exfiltrating sensitive browser credentials through an innovative covert command-and-control channel. Available in PowerShell and .NET variants, this malware demonstrates advanced capabilities including multi-threaded communications,…
New Agent-Aware Cloaking Leverages OpenAI ChatGPT Atlas Browser to Deliver Fake Content
A new agent-aware cloaking technique uses AI browsers like OpenAI’s ChatGPT Atlas to deliver misleading content. This method allows malicious actors to poison the information AI systems ingest, potentially manipulating decisions in hiring, commerce, and reputation management. By detecting AI…
New Lampion Stealer Uses ClickFix Attack to Silently Steal Login Credentials
Researchers have uncovered a sophisticated campaign leveraging the Lampion banking trojan, a malware strain that has operated since 2019 with a renewed focus on Portuguese financial institutions. The threat actor group behind these operations has refined its tactics significantly, introducing…
Proton trains new service to expose corporate infosec cover-ups
Service will tell on compromised organizations, even if they didn’t plan on doing so themselves Some orgs would rather you not know when they’ve suffered a cyberattack, but a new platform from privacy-focused tech firm Proton will shine a light…
The 5 generative AI security threats you need to know about detailed in new e-book
In this blog post, we’ll highlight the key themes covered in the e-book, including the challenges organizations face, the top generative AI threats to organizations, and how companies can enhance their security posture to meet the dangers of today’s unpredictable…
Spyware-Plugged ChatGPT, DALL·E and WhatsApp Apps Target US Users
Are you using a fake version of a popular app? Appknox warns US users about malicious brand clones hiding on third-party app stores. Protect yourself from hidden spyware and ‘commercial parasites.’ This article has been indexed from Hackread – Cybersecurity…
Latest Windows 11 Update Hit by Task Manager Bug – It Won’t Close!
A strange but concerning bug has surfaced following a recent optional update for Windows 11, potentially slowing down… The post Latest Windows 11 Update Hit by Task Manager Bug – It Won’t Close! appeared first on Hackers Online Club. This…
Brush exploit can cause any Chromium browser to collapse in 15-60 seconds
“Brash” flaw in Chromium’s Blink engine lets attackers crash browsers instantly via a single malicious URL, researcher Jose Pino revealed. Security researcher Jose Pino found a severe vulnerability, named Brash, in Chromium’s Blink rendering engine that can be exploited to crash many…
US Defense Contractor Boss Sold Zero Days to Russia — Cops a Plea
So long and thanks for all the fish: Peter Williams admits to selling unpatched iPhone bugs to a shady Russian broker. The post US Defense Contractor Boss Sold Zero Days to Russia — Cops a Plea appeared first on Security…
Trick, treat, repeat
Thor gets into the Halloween spirit, sharing new CVE trends, a “treat” for European Windows 10 users, and a reminder that patching is your best defense against zombie vulnerabilities. This article has been indexed from Cisco Talos Blog Read the…
WhatsApp adds passkey protection to end-to-end encrypted backups
This means if you lose your device, you can use methods like fingerprint, face, or the screen lock code of your previous device to access WhatsApp’s backup. This article has been indexed from Security News | TechCrunch Read the original…
RediShell RCE Vulnerability Exposes 8,500+ Redis Instances to Code Execution Attacks
The cybersecurity landscape faced a critical threat in early October 2025 with the public disclosure of RediShell, a severe use-after-free vulnerability in Redis’s Lua scripting engine. Identified as CVE-2025-49844 and dubbed “RediShell” by Wiz researchers, this flaw enables attackers to…
700+ Malicious Android Apps Abusing NFC Relay to Exfiltrate Banking Login Credentials
A sophisticated malware campaign exploiting Near Field Communication technology on Android devices has expanded dramatically since its emergence in April 2024. What began as isolated incidents has escalated into a widespread threat, with over 760 malicious applications now circulating in…
Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks
The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs. AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration…
Google’s Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month
Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month. The tech giant also said it has blocked over 100 million suspicious…
ICE Wants to Build a Shadow Deportation Network in Texas
A new ICE proposal outlines a 24/7 transport operation run by armed contractors—turning Texas into the logistical backbone of an industrialized deportation machine. This article has been indexed from Security Latest Read the original article: ICE Wants to Build a…
IT Security News Hourly Summary 2025-10-30 18h : 9 posts
9 posts were published in the last hour 17:4 : International Standards Organization ISO 15118-2 17:4 : The Hidden Cost of Secrets Sprawl 17:4 : Veeam Sets Data Graph Course Following Acquisition of Securiti AI 17:4 : Is Unsupported OpenJDK…
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems (ICS). These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-303-01 International Standards Organization ISO 15118-2 ICSA-25-303-02 Hitachi Energy TropOS CISA encourages users and administrators to review newly released…
International Standards Organization ISO 15118-2
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.2 ATTENTION: Low Attack Complexity Standard: ISO 15118-2 Network and Application Protocol Requirements Equipment: EV Car Chargers Vulnerability: Improper Restriction of Communication Channel to Intended Endpoints 2. RISK EVALUATION Successful exploitation of this…
The Hidden Cost of Secrets Sprawl
Manual secrets management costs organizations $172,000+ annually per 10 developers. Discover the hidden productivity drain, security risks, and how automation can recover at least 1.2 FTE worth of capacity. The post The Hidden Cost of Secrets Sprawl appeared first on…
Veeam Sets Data Graph Course Following Acquisition of Securiti AI
Veeam Software plans to expand the scope of its offerings into the realm of data security posture management (DSPM) following the closing of a $1.725 billion acquisition of Securiti AI. Securiti AI developed a DSPM platform based on a knowledge…
Is Unsupported OpenJDK for Universities Good Enough?
Institutions wondering whether to pay Oracle must decide whether unsupported OpenJDK for universities is good enough. The post Is Unsupported OpenJDK for Universities Good Enough? appeared first on Azul | Better Java Performance, Superior Java Support. The post Is Unsupported…
Your Enterprise LAN Security Is a Problem—Nile Can Fix It
For decades, the Local Area Network (LAN) has been the neglected, insecure backyard of the enterprise. While we’ve poured money and talent into fortifying our data centers and cloud environments, the LAN has remained a tangled mess of implicit trust,…