Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk. This article has been indexed from Securelist Read the original article: Mysterious Elephant:…
Microsoft IIS Vulnerability Allows Unauthorized Attacker To execute Malicious Code
Microsoft has disclosed a critical remote code execution flaw in its Internet Information Services (IIS) platform, posing risks to organizations relying on Windows servers for web hosting. Tracked as CVE-2025-59282, the vulnerability affects the Inbox COM Objects handling global memory,…
NCSC Warns of UK Experiencing Four Cyber Attacks Every Week
The United Kingdom faces an unprecedented cyber security crisis as the National Cyber Security Centre (NCSC) reports handling an average of four ‘nationally significant’ cyber attacks weekly. This alarming escalation represents a dangerous shift in the threat landscape, with the…
Windows Agere Modem Driver 0-Day Vulnerabilities Actively Exploited To Escalate Privileges
Microsoft has disclosed two critical zero-day vulnerabilities in the Agere Modem driver bundled with Windows operating systems, confirming active exploitation to escalate privileges. The flaws, tracked as CVE-2025-24990 and CVE-2025-24052, affect the ltmdm64.sys driver and could allow low-privileged attackers to…
Last Windows 10 Patch Tuesday Features Six Zero Days
Microsoft has fixed over 170 CVEs in October’s Patch Tuesday, including six zero-day vulnerabilities This article has been indexed from www.infosecurity-magazine.com Read the original article: Last Windows 10 Patch Tuesday Features Six Zero Days
Intel To Sample Crescent Island AI Accelerator Next Year
Intel set to send next-generation Crescent Island data centre GPU in second half of 2026 as it seeks foothold in growing AI market This article has been indexed from Silicon UK Read the original article: Intel To Sample Crescent Island…
FortiOS CLI Bypass Flaw Lets Attackers Run Arbitrary System Commands
Fortinet has disclosed a security vulnerability affecting its FortiOS operating system that could allow attackers with administrative privileges to execute unauthorized system commands by bypassing command line interface restrictions. The flaw, tracked as CVE-2025-58325, was discovered internally by Fortinet’s PSIRT…
TigerJack Hackers Target Developer Marketplaces with 11 Malicious VS Code Extensions
Sophisticated Threat Actor Compromises 17,000+ Developers Through Trojan Extensions That Steal Code and Mine Cryptocurrency. Operating since early 2025 under multiple publisher accounts (ab-498, 498, and 498-00), this sophisticated campaign deploys extensions that steal source code, mine cryptocurrency, and establish…
FortiPAM & FortiSwitch Manager Flaw Allows Attackers to Bypass Authentication
Fortinet has disclosed a critical security vulnerability affecting FortiPAM and FortiSwitchManager products that could enable attackers to bypass authentication mechanisms through brute-force attacks. The vulnerability, tracked as CVE-2025-49201, was internally discovered by Gwendal Guégniaud of the Fortinet Product Security team…
‘A Call to Arms’ as UK Faces 50% Surge in Major Cyberattacks
National Cyber Security Centre reckons the rise is due to the UK’s increasing dependence on digital systems and a sharp increase in ransomware activity. The post ‘A Call to Arms’ as UK Faces 50% Surge in Major Cyberattacks appeared first…
Roll your own bot detection: server-side detection (part 2)
This is the second part of our series on building a lightweight, vendor-free anti-bot system to protect your login endpoint. In Part 1, we focused on the client side: we designed a fingerprinting script that collects various signals from the…
Aura enhancements simplify opt-outs and strengthen online privacy
Aura new tools to help consumers reclaim control over their personal information online. The new capabilities automate some of the most time-consuming privacy tasks, including removing personal details from Google search results, opting out of data broker sites, and identifying…
Google Offers More Search Changes To Appease EU
Google offers further changes to avoid EU fines in probe focusing on vertical search for airlines, restaurants, other sectors This article has been indexed from Silicon UK Read the original article: Google Offers More Search Changes To Appease EU
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users
The GhostBat RAT campaign leverages diverse infection vectors—WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites—to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection…
BigID introduces MCP Server to unlock AI-native access to enterprise data
BigID announced the launch of its Model Context Protocol (MCP) server, designed to unlock AI-native access to enterprise data context across the broadest range of data sources — structured, unstructured, on-prem, cloud, business applications, and AI frameworks. Built on BigID’s…
New Aura features simplify opt-outs and strengthen online privacy
Aura new tools to help consumers reclaim control over their personal information online. The new capabilities automate some of the most time-consuming privacy tasks, including removing personal details from Google search results, opting out of data broker sites, and identifying…
UK, US Sanction Southeast Asia-Based Online Scam Network
Investigations found that the network operates scam centers in Cambodia, Myanmar and across Southeast Asia This article has been indexed from www.infosecurity-magazine.com Read the original article: UK, US Sanction Southeast Asia-Based Online Scam Network
Capita Fined £14m After 2023 Breach that Hit 6.6 Million People
Outsourcing giant Capita has been fined £14m by the ICO after a major data breach in 2023 This article has been indexed from www.infosecurity-magazine.com Read the original article: Capita Fined £14m After 2023 Breach that Hit 6.6 Million People
Robotaxi Firms Pony.ai, WeRide Set For Hong Kong IPOs
US-listed Chinese autonomous taxi firms Pony.ai, WeRide gain regulatory approval for secondary offerings in Hong Kong amidst expansion This article has been indexed from Silicon UK Read the original article: Robotaxi Firms Pony.ai, WeRide Set For Hong Kong IPOs
Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor
China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor. China-linked APT group Flax Typhoon (aka Ethereal Panda or RedJuliett) compromised an ArcGIS system for over a year, using it as…
Unencrypted satellites expose global communications
Researchers found nearly half of geostationary satellites leak unencrypted data, exposing consumer, corporate, and military communications. A group of researchers from UC San Diego and the University of Maryland found nearly half of geostationary satellites transmit unencrypted data, exposing sensitive…
Netcraft launches Phone Scam Disruption to stop brand impersonation calls and texts
Netcraft unveiled a new solution to help protect organizations’ customers from scam texts and phone calls that impersonate their brand. Netcraft’s Phone Scam Disruption automates the detection and takedown of fraudulent phone numbers used in impersonation scam campaigns, shutting down…
New Cranium AI features enhance compliance, security, and agentic AI scalability
Cranium AI released several new agentic AI capabilities and featured releases to its AI Governance and Security Platform. These new products and capabilities are designed to enable enterprises to scale faster with AI agents, streamline compliance and fortify AI systems…
New BarracudaONE features streamline MSP operations and strengthen multi-tenant security
Barracuda Networks unveiled enhancements to its AI-powered BarracudaONE platform. New capabilities, including bulk remediation for email threats, PSA integrations for automated billing and invoicing, and streamlined account management, are purpose-built for managed service providers (MSPs), helping them accelerate security across…