Threat actors stole personal data, including names, IDs, and financial details from Prosper, affecting over 17M users. Prosper is a U.S.-based peer-to-peer lending platform that connects individual borrowers with investors. Founded in 2005 and headquartered in San Francisco, Prosper allows…
Hackers used Cisco zero-day to plant rootkits on network devices (CVE-2025-20352)
Threat actors have leveraged a recently patched IOS/IOS XE vulnerability (CVE-2025-20352) to deploy Linux rootkits on vulnerable Cisco network devices. “The operation targeted victims running older Linux systems that do not have endpoint detection response solutions,” Trend Micro researchers shared.…
AI, Quantum Computing and Other Emerging Risks
Prepare for tomorrow’s cybersecurity threats. Explore emerging risks from AI and quantum computing and learn how to build a proactive defense strategy. The post AI, Quantum Computing and Other Emerging Risks appeared first on Palo Alto Networks Blog. This article…
Over $3 Million in Prizes Offered at Pwn2Own Automotive 2026
Set for January 2026 at Automotive World in Tokyo, the contest will have six categories, including Tesla, infotainment systems, EV chargers, and automotive OSes. The post Over $3 Million in Prizes Offered at Pwn2Own Automotive 2026 appeared first on SecurityWeek.…
Identity Security: Your First and Last Line of Defense
The danger isn’t that AI agents have bad days — it’s that they never do. They execute faithfully, even when what they’re executing is a mistake. A single misstep in logic or access can turn flawless automation into a flawless…
Malicious Perplexity Comet Browser Download Ads Push Malware Via Google
Attackers are exploiting Google Ads with fake Comet Browser download links to spread malware disguised as Perplexity’s official installer. The campaign, tracked by DataDome, has ties to DarkGate. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News,…
Email Bombs Exploit Lax Authentication in Zendesk
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. This article has been indexed from Krebs on Security…
A Surprising Amount of Satellite Traffic Is Unencrypted
Here’s the summary: We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure,…
Hackers Steal Sensitive Data From Auction House Sotheby’s
Sotheby’s has disclosed a data breach impacting personal information, including SSNs. The post Hackers Steal Sensitive Data From Auction House Sotheby’s appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Hackers Steal Sensitive Data…
New Tech Support Scam Exploits Microsoft Logo to Steal User Credentials
Microsoft’s name and branding have long been associated with trust in computing, security, and innovation. Yet a newly uncovered campaign by the Cofense Phishing Defense Center demonstrates that even the most recognized logos can be hijacked by threat actors to…
Cisco Desk, IP, and Video Phone Vulnerabilities Let Remote Attackers Trigger DoS And XSS Attacks
Cisco has issued a security advisory warning of multiple vulnerabilities in its Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models running Cisco Session Initiation Protocol (SIP) Software. Published on October 15, 2025, the…
LinkPro Rootkit Attacking GNU/Linux Systems Using eBPF Module to Hide Malicious Activities
A sophisticated rootkit targeting GNU/Linux systems has emerged, leveraging advanced eBPF (extended Berkeley Packet Filter) technology to conceal malicious activities and evade traditional monitoring tools. The threat, known as LinkPro, was discovered during a digital forensic investigation of a compromised…
‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability
CVE-2025-55315 is an HTTP request smuggling bug leading to information leaks, file content tampering, and server crashes. The post ‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability appeared first on SecurityWeek. This article has been indexed from…
Prosper Data Breach Exposes 17 Million Customers’ Personal Info
The US lending platform said early investigations found no evidence of unauthorized account access or fund theft This article has been indexed from www.infosecurity-magazine.com Read the original article: Prosper Data Breach Exposes 17 Million Customers’ Personal Info
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign
Microsoft revoked 200+ certificates used by Vanilla Tempest to sign fake Teams installers spreading Oyster backdoor and Rhysida ransomware. Microsoft revoked over 200 certificates used by the cybercrime group Vanilla Tempest (aka VICE SPIDER and Vice Society) to sign fake…
Prosper data breach puts 17 million people at risk of identity theft
While Prosper says no funds or accounts were accessed, the stolen data could lead to targeted phishing and identity theft. This article has been indexed from Malwarebytes Read the original article: Prosper data breach puts 17 million people at risk…
Differences Between Secure by Design and Secure by Default
Explore the differences between Secure by Design and Secure by Default in Enterprise SSO & CIAM. Learn how each approach impacts security, usability, and development. The post Differences Between Secure by Design and Secure by Default appeared first on Security…
IT Security News Hourly Summary 2025-10-17 12h : 12 posts
12 posts were published in the last hour 10:2 : Windows GDI Vulnerability in Rust Kernel Module Enables Remote Attacks 10:2 : Post-exploitation framework now also delivered via npm 10:2 : Microsoft revokes 200 certs used to sign malicious Teams…
Windows GDI Vulnerability in Rust Kernel Module Enables Remote Attacks
A newly discovered flaw in Microsoft’s Rust-based Graphics Device Interface (GDI) kernel component allows unprivileged attackers to crash or take control of Windows systems. Check Point Research (CPR) uncovered the issue in January 2025 and reported it to Microsoft. The…
Post-exploitation framework now also delivered via npm
The npm registry contains a malicious package that downloads the AdaptixC2 agent onto victims’ devices, Kaspersky experts have found. The threat targets Windows, Linux, and macOS. This article has been indexed from Securelist Read the original article: Post-exploitation framework now…
Microsoft revokes 200 certs used to sign malicious Teams installers
By revoking 200 software-signing certificates, Microsoft has hampered the activities of Vanilla Tempest, a ransomware-wielding threat actor that has been targeting organizations with malware posing as Microsoft Teams. “In this campaign, Vanilla Tempest used fake MSTeamsSetup.exe files hosted on malicious…
Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting…
New York Judge Sanctions Lawyer Over AI-Generated Filings
Judge sanctions attorney after he submits AI-generated filing to explain previous AI-generated documents replete with errors This article has been indexed from Silicon UK Read the original article: New York Judge Sanctions Lawyer Over AI-Generated Filings
ConnectWise Flaws Let Attackers Deliver Malicious Software Updates
ConnectWise has issued a critical security update for its Automate™ platform after uncovering vulnerabilities that could allow attackers to intercept and tamper with software updates. The flaws, present in on-premises installations configured to use unsecured communication channels, put organizations at…