Proofpoint has released a new open-source tool called PDF Object Hashing that helps security teams detect and track malicious files distributed as PDFs. The tool is now available on GitHub and represents a significant advancement in identifying suspicious documents used…
The Enterprise Edge is Under Siege
Not too long ago, the shimmering perimeter of enterprise networks was seen as an impregnable citadel, manned by fortresses of firewalls, bastions of secure gateways, and sentinels of intrusion prevention. Yet, in the cruel irony of our digital age, these…
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
Microsoft has released an out-of-band security update that “comprehensively” addresses CVE-2025-59287, a remote code execution vulnerability in the Windows Server Update Services (WSUS) that is reportedly being exploited in the wild. About CVE-2025-59287 WSUS is a tool that helps organizations…
IIS Servers Hijacked via Exposed ASP.NET Machine Keys — Malicious Modules Injected in the Wild
Security researchers have uncovered a sophisticated cyberattack campaign that exploited publicly exposed ASP.NET machine keys to compromise hundreds of Internet Information Services (IIS) servers worldwide. The operation, detected in late August and early September 2025, deployed a previously undocumented malicious…
Amazon Uncovers Root Cause of Major AWS Outage That Brokes The Internet
Amazon Web Services (AWS), the backbone for countless websites and services, faced a severe outage last weekend that disrupted operations for millions. The incident, which unfolded in the early hours of October 20, 2025, exposed vulnerabilities in even the most…
New PhantomCaptcha RAT Weaponized PDFs to Deliver Malware Using ‘ClickFix’-Style Cloudflare Captcha Pages
A sophisticated spearphishing campaign has emerged targeting humanitarian organizations and Ukrainian government agencies, leveraging weaponized PDF attachments and fake Cloudflare verification pages to distribute a dangerous WebSocket-based remote access trojan. The operation, first uncovered in early October 2025, demonstrates a…
Hackers Exploited 73 0-Day Vulnerabilities and Earned $1,024,750
The hacking community celebrated the end of Pwn2Own Ireland 2025. Researchers demonstrated their skills by identifying 73 unique zero-day vulnerabilities across different devices. The event, hosted by the Zero Day Initiative (ZDI), distributed a staggering $1,024,750 in prizes, highlighting the…
Digital ID is now less about illegal working, more about rummaging through drawers
Starmer rebrands unpopular scheme as convenience tool after backlash UK Prime Minister Keir Starmer has relaunched his digital ID scheme as something that will make people’s lives easier, less than four weeks after announcing it as a measure to tackle…
Toys ‘R’ Us Canada Customer Information Leaked Online
The customer information published on the dark web includes names, addresses, phone numbers, and email addresses. The post Toys ‘R’ Us Canada Customer Information Leaked Online appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Threat Actors Ramp Up Public App Exploits as ToolShell Gains Traction
ToolShell exploit activity surged last quarter, appearing in over 60% of Cisco Talos IR cases and driving a sharp rise in public-facing application attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Threat Actors Ramp Up Public…
Baohuo Android Malware Hijacks Telegram Accounts via Fake Telegram X
New Android malware Baohuo hijacks Telegram X accounts, stealing data and controlling chats. Over 58,000 devices infected, mainly in India and Brazil. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More Read…
3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation
A malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads, essentially abusing the popularity and trust associated with the video hosting platform for propagating malicious payloads. Active since 2021, the network has…
Microsoft blocks risky file previews in Windows File Explorer
Along with fixing many code-based vulnerabilities, the October 2025 Windows updates also change how File Explorer handles files downloaded from the internet. The change affects the file management tool’s Preview Pane, which lets users see the contents of a file…
IT Security News Hourly Summary 2025-10-24 12h : 15 posts
15 posts were published in the last hour 10:4 : Think passwordless is too complicated? Let’s clear that up 10:4 : North Korean Hackers Target UAV Industry to Steal Confidential Data 10:4 : Microsoft Disables Downloaded File Previews to Block…
Think passwordless is too complicated? Let’s clear that up
We’ve relied on passwords for years to protect our online accounts, but they’ve also become one of the easiest ways attackers get in. Cisco Duo helps clear up some of the biggest passwordless myths. This article has been indexed from…
North Korean Hackers Target UAV Industry to Steal Confidential Data
ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coordinated effort to steal proprietary manufacturing…
Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks
In files downloaded from the internet, HTML tags referencing external paths could be used to leak NTLM hashes during file previews. The post Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks appeared first on SecurityWeek. This article has…
Tesla Recalls 63,619 Cybertrucks To Fix Headlights
Tesla issues over-the-air software update to fix headlights that are too bright, in latest issue to affect recently launched Cybertruck This article has been indexed from Silicon UK Read the original article: Tesla Recalls 63,619 Cybertrucks To Fix Headlights
Phishing Campaign Uses Unique UUIDs to Evade Secure Email Gateways
A sophisticated new phishing attack discovered in early February 2025 is successfully bypassing Secure Email Gateways (SEGs) and evading perimeter defenses through an ingenious combination of random domain selection, dynamic UUID generation, and browser session manipulation. The attack leverages a…
China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom
China-based threat actors exploited ToolShell SharePoint flaw CVE-2025-53770 soon after its July patch. China-linked threat actors exploited the ToolShell SharePoint flaw vulnerability, tracked as CVE-2025-53770, to breach a telecommunications company in the Middle East after it was addressed by Microsoft in…
Amazon Shows Prototype Smart Glasses For Delivery Drivers
Amazon shows prototype smart glasses that it says can reduce delivery times by up to 30 minutes over an eight- to 10-hour shift This article has been indexed from Silicon UK Read the original article: Amazon Shows Prototype Smart Glasses…
Huawei HarmonyOS 6 Adds AirDrop-Like Transfers To iPhones
Updated HarmonyOS 6 can now perform short-range file transfers to and from Apple iPhone devices, says China’s Huawei This article has been indexed from Silicon UK Read the original article: Huawei HarmonyOS 6 Adds AirDrop-Like Transfers To iPhones
Apple’s Giant Foldable iPad Faces Tech Delays
Apple faces technical hurdles in developing 18-inch foldable iPad, as it seeks to join address growing foldables market This article has been indexed from Silicon UK Read the original article: Apple’s Giant Foldable iPad Faces Tech Delays
Apple Loses UK Class-Action Lawsuit Over App Store Fees
London competition tribunal finds Apple abused market power to charge ‘excessive and unfair’ App Store developer fees This article has been indexed from Silicon UK Read the original article: Apple Loses UK Class-Action Lawsuit Over App Store Fees