South Asian hacking group Bitter (APT-Q-37) is deploying a C# backdoor using two new methods: a WinRAR flaw and malicious Office XLAM files, targeting government and military sectors. This article has been indexed from Hackread – Cybersecurity News, Data Breaches,…
Critical Vulnerability in MCP Server Platform Exposes 3,000+ Servers and Thousands of API Keys
A critical vulnerability in Smithery.ai, a popular registry for Model Context Protocol (MCP) servers. This issue could have allowed attackers to steal from over 3,000 AI servers and take API keys from thousands of users across many services. MCP powers…
IT Security News Hourly Summary 2025-10-22 21h : 4 posts
4 posts were published in the last hour 18:34 : Navigating the Next Chapter in Corporate Renewable Energy 18:34 : TP-Link urges immediate updates for Omada Gateways after critical flaws discovery 18:34 : Russia’s Coldriver Ramps Up Malware Development After…
Navigating the Next Chapter in Corporate Renewable Energy
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Navigating the Next Chapter in Corporate Renewable Energy
TP-Link urges immediate updates for Omada Gateways after critical flaws discovery
TP-Link warns of critical flaws in Omada gateways across ER, G, and FR models. Users should update firmware immediately to stay secure. TP-Link is warning users of critical flaws impacting its Omada gateway devices. The Taiwanese company published two security…
Russia’s Coldriver Ramps Up Malware Development After LostKeys Exposure
Google threat researchers in May publicized the Russian-based threat group Coldriver’s LostKeys credential-stealing malware. However, five days later, the bad actors launched three new malware families that they developed rapidly and used aggressively in their campaigns. The post Russia’s Coldriver…
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-61932 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability This type of vulnerability is a frequent attack…
Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files
Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine’s war relief efforts to deliver a remote access trojan that uses a WebSocket for command-and-control (C2). The activity, which took place on October…
Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign
The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations across the Middle East and North Africa (MENA) region, including…
Canada Fines Cybercrime Friendly Cryptomus $176M
Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada’s anti money-laundering laws come ten months…
New PassiveNeuron Attacking Servers of High-Profile Organizations to Implant Malware
A sophisticated cyberespionage campaign dubbed PassiveNeuron has resurfaced with infections targeting government, financial, and industrial organizations across Asia, Africa, and Latin America. First detected in 2024, the campaign remained dormant for six months before re-emerging in December 2024, with the…
SOCs Have a Quishing Problem: Here’s How to Solve It
QR codes used to be harmless, now they’re one of the sneakiest ways attackers slip past defenses. Quishing, or QR code phishing, hides malicious links inside innocent-looking images that filters can’t read. One scan, and the victim lands on a fake login page designed to steal…
Critical Argument Injection Vulnerability in Popular AI Agents Let Attackers Execute Remote Code
A critical argument injection flaw in three unnamed popular AI agent platforms enables attackers to bypass human approval safeguards and achieve remote code execution (RCE) through seemingly innocuous prompts. According to Trail of Bits, these vulnerabilities exploit pre-approved system commands…
ChatGPT Atlas: The First Step Toward AI Operating Systems
The Big Picture OpenAI’s ChatGPT Atlas browser is the prototype for how we’ll use computers in the future. Within a few years, operating systems will be powered by AI as users interact through prompts instead of clicking applications. You’ll describe…
The Long Tail of the AWS Outage
Experts say outages like the one that Amazon experienced this week are almost inevitable given the complexity and scale of cloud technology—but the duration serves as a warning. This article has been indexed from Security Latest Read the original article:…
OSCP vs. OSWE: Which Certification Fits Your Career Goals?
OSCP vs OSWE: find out which OffSec certification suits you best! Build pen testing expertise or master advanced web exploit development. The post OSCP vs. OSWE: Which Certification Fits Your Career Goals? appeared first on OffSec. This article has been…
Amazon resolves major AWS outage that disrupted apps, websites, and banks globally
A widespread disruption at Amazon Web Services (AWS) on Monday caused several high-profile apps, websites, and banking platforms to go offline for hours before the issue was finally resolved later in the night. The outage, which affected one of…
The Rise of AI Agents and the Growing Need for Stronger Authorization Controls
AI agents are no longer confined to research labs—they’re now writing code, managing infrastructure, and approving transactions in real-world production. The appeal is speed and efficiency. The risk? Most organizations still use outdated, human-oriented permission systems that can’t safely…
China Memory Maker CXMT Prepares Massive IPO
China’s biggest memory-chip maker, CXMT, hopes to raise billions in Shanghai IPO as it challenges SK Hynix, Samsung, Micron This article has been indexed from Silicon UK Read the original article: China Memory Maker CXMT Prepares Massive IPO
From Platform Cowboys to Governance Marshals: Taming the AI Wild West
The rapid ascent of artificial intelligence has ushered in an unprecedented era, often likened to a modern-day gold rush. This “AI gold rush,” while brimming with potential, also bears a striking resemblance to the chaotic and lawless frontier of the…
Over 100 Chrome extensions break WhatsApp’s anti-spam rules
The add-ons abuse WhatsApp Web to blast bulk messages, sidestepping both Chrome’s extension policies and WhatsApp’s anti-spam rules. This article has been indexed from Malwarebytes Read the original article: Over 100 Chrome extensions break WhatsApp’s anti-spam rules
The CISO imperative: Building resilience in an era of accelerated cyberthreats
The latest Microsoft Digital Defense Report 2025 paints a vivid picture of a cyberthreat landscape in flux. The surge in financially motivated cyberattacks and the persistent risk of nation-state actors demand urgent attention. But for those of us in the…
IT Security News Hourly Summary 2025-10-22 18h : 10 posts
10 posts were published in the last hour 16:5 : Rival Hackers Dox Alleged Operators of Lumma Stealer 16:4 : Lumma Infostealer Malware Attacks Users to Steal Browser Cookies, Cryptocurrency Wallets and VPN/RDP Accounts 16:4 : New Tykit Phishing Kit…
Rival Hackers Dox Alleged Operators of Lumma Stealer
Rival hackers expose the alleged operators behind Lumma Stealer, a major data-theft malware, causing leaks and internal chaos that have slowed its growth. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More…