In recent months, a new advanced persistent threat (APT) group known as Mysterious Elephant has emerged as a formidable adversary targeting government and diplomatic institutions across the Asia-Pacific region. First identified by Kaspersky’s Global Research and Analysis Team (GReAT) in…
Qilin Ransomware Using Ghost Bulletproof Hosting to Attack Organizations Worldwide
The Qilin ransomware group has emerged as one of the most prolific and dangerous threat actors in the cybersecurity landscape, exploiting sophisticated bulletproof hosting infrastructure to conduct devastating attacks on organizations across multiple sectors. Operating under a Ransomware-as-a-Service (RaaS) model,…
Operation Silk Lure Weaponizing Windows Scheduled Tasks to Drop ValleyRAT
Over the past month, a targeted campaign dubbed Operation Silk Lure has surfaced, exploiting the Windows Task Scheduler to deploy a novel variant of ValleyRAT. Emerging in mid-2025, the operation hinges on spear-phishing emails that carry malicious LNK attachments masquerading…
Video call app Huddle01 exposed 600K+ user logs
Privacy left the chat. A misconfigured Kafka broker effectively undid the anonymity many users rely on. This article has been indexed from Malwarebytes Read the original article: Video call app Huddle01 exposed 600K+ user logs
Locked out of your Gmail account? Google says phone a friend
Recovery feature lets trusted contacts help you get back in when other methods fail The latest security feature for Gmail enables users to recover their accounts with a little help from their friends.… This article has been indexed from The…
South Korea Loses 858TB of Government Data After Massive Fire at National Data Center
In a shocking turn of events, South Korea’s National Information Resources Service (NIRS) lost 858 terabytes of critical government data after a devastating fire engulfed its data center — and there were no backups available. The incident occurred on…
CoMaps: The Open-Source, Privacy-Focused Google Maps Alternative You’ll Actually Want to Use
Google Maps may be convenient, but for some users, its constant tracking and battery drain are reason enough to look for an alternative. One such option is CoMaps, an open-source navigation app built for privacy and efficiency. Users frustrated…
IT Security News Hourly Summary 2025-10-16 15h : 19 posts
19 posts were published in the last hour 13:3 : Ethical Hacking in the Gaming Industry: How Penetration Testing Enhances Security 13:3 : Operation Silk Lure: Weaponizing Windows Scheduled Tasks for ValleyRAT Delivery 13:3 : Senator presses Cisco over firewall…
Phishing Alert: Fake ‘LastPass Hack’ Emails Spreading Malware
A new phishing campaign impersonating LastPass is circulating today, October 13, 2025, aiming to deceive users into downloading malicious desktop software. Emails purporting to come from “hello@lastpasspulse.blog” or “hello@lastpassgazette.blog” carry the alarming subject line “We Have Been Hacked – Update…
North Korean Hackers Deploy BeaverTail–OtterCookie Combo for Keylogging Attacks
Researchers at Cisco Talos have uncovered a sophisticated campaign by the Famous Chollima subgroup of Lazarus, wherein attackers deploy blended JavaScript tools—BeaverTail and OtterCookie—to carry out stealthy keylogging, screenshot capture, and data exfiltration. This cluster of activity, part of the…
Microsoft Dominates Phishing Impersonations in Q3 2025
Cyber criminals are sticking with familiar names, and Microsoft remains their favorite disguise. According to Check Point Research’s Brand Phishing Report for Q3 2025, Microsoft accounted for 40% of all brand impersonation attempts this quarter, holding its place as the…
2025 Insider Risk Report: The Hidden Cost of Everyday Actions
Insider risk is on the rise as everyday actions inadvertently expose sensitive data. Discover insights, trends, and best practices from Fortinet’s 2025 Insider Risk Report. This article has been indexed from Fortinet Industry Trends Blog Read the original article:…
Beware of Malicious Ivanti VPN Client Sites in Google Search That Delivers Malware
An aggressive SEO poisoning campaign has surfaced in early October 2025, preying on users searching for the legitimate Ivanti Pulse Secure VPN client. Attackers have registered lookalike domains such as ivanti-pulsesecure.com and ivanti-secure-access.org to host trojanized installers that appear official.…
CISA Warns Of Windows Improper Access Control Vulnerability Exploited In Attacks
CISA has added a critical Microsoft Windows vulnerability to its Known Exploited Vulnerabilities catalog, warning organizations that threat actors are actively exploiting it in real-world attacks. Identified as CVE-2025-59230, the flaw stems from improper access control in the Windows Remote…
PhantomVAI Loader Attacking Organizations Worldwide to Deliver AsyncRAT, XWorm, FormBook and DCRat
A sophisticated multi-stage malware campaign is targeting organizations globally, utilizing the PhantomVAI Loader to distribute dangerous information-stealing malware. The attack chain, which begins with carefully crafted phishing emails, has emerged as a significant threat to businesses across manufacturing, education, healthcare,…
Microsoft kills 9.9-rated ASP.NET Core bug – ‘our highest ever’ score
Flaw in Kestrel web server allowed request smuggling, impact depends on hosting setup and application code Microsoft has patched an ASP.NET Core vulnerability with a CVSS score of 9.9, which security program manager Barry Dorrans said was “our highest ever.”…
AI Attacks Surge as Microsoft Process 100 Trillion Signals Daily
Microsoft systems analyze over 100 trillion daily signals, suggesting dramatically increasing AI-driven cyber-threats This article has been indexed from www.infosecurity-magazine.com Read the original article: AI Attacks Surge as Microsoft Process 100 Trillion Signals Daily
Ethical Hacking in the Gaming Industry: How Penetration Testing Enhances Security
Imagine this: millions of players logged in, trading gear, leveling up, and trusting your platform with not just their credit cards, but their identities, emotions, and time. Now, imagine a… The post Ethical Hacking in the Gaming Industry: How Penetration…
Operation Silk Lure: Weaponizing Windows Scheduled Tasks for ValleyRAT Delivery
A targeted cyber-espionage campaign exploiting Windows Scheduled Tasks and DLL side-loading to deploy the sophisticated ValleyRAT backdoor. The operation pivots on tailored spear-phishing emails, weaponized Windows shortcuts, and a persistent task scheduler mechanism, all delivering a multi-stage malware payload designed…
Senator presses Cisco over firewall flaws that burned US agency
Bill Cassidy letter asks if Switchzilla sat on critical flaws before feds were forced into emergency patching US Senator Bill Cassidy has fired off a pointed letter to Cisco over the firewall flaws that allegedly let hackers breach “at least…
Matters.AI Raises $6.25 Million to Safeguard Enterprise Data
The company’s AI Security Engineer autonomously keeps enterprise data protected across devices and environments. The post Matters.AI Raises $6.25 Million to Safeguard Enterprise Data appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Matters.AI…
AISLE Emerges From Stealth With AI-Based Reasoning System That Remediates Vulnerabilities on the Fly
AISLE aims to automate the vulnerability remediation process by detecting, exploiting, and patching software vulnerabilities in real time. The post AISLE Emerges From Stealth With AI-Based Reasoning System That Remediates Vulnerabilities on the Fly appeared first on SecurityWeek. This article…
Critical insights Q&A: AcceleTrex pilots a trust-first, privacy-led model to reinforce business outcomes
I’ve been writing about data trust and privacy engineering for more than a decade. Related: Preserving privacy can be profitable In 2015, I sat down with Cisco’s privacy lead, Michelle Dennedy, who argued that privacy must be grounded in ……
API Attack Awareness: When Authentication Fails — Exposing APIs to Risk
Authentication issues seem like low-level attacks. But authentication today – especially API authentication – can be more difficult than people expect. Companies rely on APIs to carry sensitive information every day. If access to those APIs is not properly secured,…