North Korean state-sponsored hackers from the Lazarus APT group launched a cyberespionage campaign targeting European companies involved in unmanned aerial vehicle development. Starting in late March 2025, attackers compromised three defense organizations across Central and Southeastern Europe, deploying advanced malware…
Hackers Exploit WordPress Arbitrary Installation Vulnerabilities in the Wild
Cybersecurity firm Wordfence has uncovered a renewed wave of mass exploitation targeting critical vulnerabilities in two popular WordPress plugins, allowing unauthenticated attackers to install malicious software and potentially seize control of websites. The flaws, first disclosed in late 2024, affect…
Ransomware Actors Targeting Global Public Sectors and Critical Services in Targeted Attacks
In 2025, ransomware attacks against the public sector continue to accelerate at an alarming rate, showing no signs of slowing down despite increased cybersecurity awareness and defensive measures. Throughout the year, approximately 196 public sector entities worldwide have fallen victim…
OpenAI ChatGPT Atlas Browse Jailbroken to Disguise Malicious Prompt as URLs
OpenAI’s newly launched ChatGPT Atlas browser, designed to blend AI assistance with web navigation, faces a serious security flaw that allows attackers to jailbreak the system by disguising malicious prompts as harmless URLs. This vulnerability exploits the browser’s omnibox, a…
New Phishing Attack Bypasses Using UUIDs Unique to Bypass Secure Email Gateways
A sophisticated phishing campaign leveraging randomly generated Universal Unique Identifiers (UUIDs) has emerged, successfully bypassing Secure Email Gateways (SEGs) and evading perimeter defenses. The attack employs an advanced JavaScript-based phishing script combining random domain selection, dynamic UUID generation, and server-driven…
CISA Beware! Hackers Are Actively Exploiting Windows Server Update Services RCE Flaw in the Wild
Cybersecurity researchers are sounding the alarm after discovering that hackers are actively exploiting a critical remote code execution (RCE) vulnerability in Microsoft’s Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, allows unauthenticated attackers to run arbitrary code on…
Qantas Data Leak Highlights Rising Airline Cyberattacks and Identity Theft Risks
Airlines continue to attract the attention of cybercriminals due to the vast amounts of personal data they collect, with passports and government IDs among the most valuable targets. According to privacy firm Incogni, the exposure of such documents poses…
NCSC Warns of Rising Cyber Threats Linked to China, Urges Businesses to Build Defences
The United Kingdom’s National Cyber Security Centre (NCSC) has cautioned that hacking groups connected to China are responsible for an increasing number of cyberattacks targeting British organisations. Officials say the country has become one of the most capable and…
IT Security News Hourly Summary 2025-10-25 18h : 5 posts
5 posts were published in the last hour 16:5 : NDSS 2025 – CHAOS: Exploiting Station Time Synchronization In 802.11 Networks Session 1A: WiFi and Bluetooth Security 15:34 : Microsoft Teams to Auto-Set Work Location by Detecting the Wi-Fi Network…
NDSS 2025 – CHAOS: Exploiting Station Time Synchronization In 802.11 Networks Session 1A: WiFi and Bluetooth Security
Authors, Creators & Presenters: Sirus Shahini (University of Utah), Robert Ricci (University of Utah) PAPER – CHAOS: Exploiting Station Time Synchronization in 802.11 Networks Many locations, especially in urban areas, are quite noisy with WiFi traffic. In addition to data…
Microsoft Teams to Auto-Set Work Location by Detecting the Wi-Fi Network
Microsoft is about to launch a new feature in Teams that will help hybrid workers stay connected. This feature will automatically find and update a user’s work location based on their organization’s Wi-Fi network. Set to roll out in December…
Malicious NuGet Packages Mimic as Popular Nethereum Project to Steal Wallet Keys
A sophisticated supply chain attack has emerged targeting cryptocurrency developers through the NuGet package ecosystem. Cybersecurity researchers have uncovered malicious packages impersonating Nethereum, a widely trusted .NET library for Ethereum blockchain interactions with tens of millions of downloads. The counterfeit…
Building Secure AI Systems: What Enterprises Need to Know — and What’s at Stake
Generative AI and multi-agent autonomous systems are transforming the enterprise IT stack, promising breakthroughs in efficiency, customer experience, and innovation. Yet, without disciplined, secure-by-design strategies embedded from the start, organizations… The post Building Secure AI Systems: What Enterprises Need to…
Hundreds of European Flights Disrupted by Major Ransomware Attack
A major ransomware attack recently caused widespread disruption to airline operations across several key European airports, resulting in hundreds of flight cancellations and delays for passengers. The incident highlights the growing vulnerability of the aviation industry due to its…
Pwn2Own Ireland 2025: The Hacks, The Winners, and The Big Payouts
Hackers earned over $1 million at Pwn2Own Ireland 2025 in Cork, breaching printers, routers, NAS devices, and more as Summoning Team claimed Master of Pwn. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto…
CMMC’s Reality Check for the Defense Industrial Base: What Contractors Must Do Before Enforcement Hits
The Cybersecurity Maturity Model Certification’s (CMMC) reality check has arrived. After years of delays and speculation, enforcement moves from theory to action in November 2025 (next month as of this… The post CMMC’s Reality Check for the Defense Industrial Base:…
Cheung Sha Wan Wholesale Market Faces Major Data Breach Impacting Thousands
As part of an alarming incident that highlights the growing threat of cyberattacks on public sector systems, the Vegetable Marketing Organisation (VMO) reported that it was targeted by a ransomware attack that disrupted the Cheung Sha Wan Vegetable Wholesale…
IT Security News Hourly Summary 2025-10-25 15h : 3 posts
3 posts were published in the last hour 12:5 : The glaring security risks with AI browser agents 12:5 : OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks 12:5 : $1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After…
The glaring security risks with AI browser agents
New AI browsers from OpenAI and Perplexity promise to increase user productivity, but they also come with increased security risks. This article has been indexed from Security News | TechCrunch Read the original article: The glaring security risks with AI…
OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks
Researchers have discovered that a prompt can be disguised as an url, and accepted by Atlas as an url in the omnibox. The post OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks appeared first on SecurityWeek. This article has been indexed…
$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal
WhatsApp told SecurityWeek that the two low-impact vulnerabilities cannot be used for arbitrary code execution. The post $1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal appeared first on SecurityWeek. This article has been indexed from…
Top 10 Best Cloud Access Security Brokers (CASB) in 2025
The year 2025 marks a new era in enterprise cloud adoption, characterized by a complex tapestry of Software-as-a-Service (SaaS) applications, Infrastructure-as-a-Service (IaaS) platforms, and Platform-as-a-Service (PaaS) offerings. While cloud services deliver unparalleled agility and scalability, they also introduce significant security…
CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack
Microsoft released urgent updates to address the critical WSUS RCE vulnerability CVE-2025-59287, which is under active attack.. Microsoft released an out-of-band fix for CVE-2025-59287, a critical WSUS RCE flaw (CVSS 9.8) that is under active exploitation. Researchers MEOW and Markus…
The Hidden Infrastructure of Internet Privacy: How Modern Networks Shape Digital Freedom
Explore how modern network infrastructure impacts internet privacy, surveillance, and digital freedom — and what tech protects your data. The post The Hidden Infrastructure of Internet Privacy: How Modern Networks Shape Digital Freedom appeared first on Security Boulevard. This article…