While Prosper says no funds or accounts were accessed, the stolen data could lead to targeted phishing and identity theft. This article has been indexed from Malwarebytes Read the original article: Prosper data breach puts 17 million people at risk…
Differences Between Secure by Design and Secure by Default
Explore the differences between Secure by Design and Secure by Default in Enterprise SSO & CIAM. Learn how each approach impacts security, usability, and development. The post Differences Between Secure by Design and Secure by Default appeared first on Security…
IT Security News Hourly Summary 2025-10-17 12h : 12 posts
12 posts were published in the last hour 10:2 : Windows GDI Vulnerability in Rust Kernel Module Enables Remote Attacks 10:2 : Post-exploitation framework now also delivered via npm 10:2 : Microsoft revokes 200 certs used to sign malicious Teams…
Windows GDI Vulnerability in Rust Kernel Module Enables Remote Attacks
A newly discovered flaw in Microsoft’s Rust-based Graphics Device Interface (GDI) kernel component allows unprivileged attackers to crash or take control of Windows systems. Check Point Research (CPR) uncovered the issue in January 2025 and reported it to Microsoft. The…
Post-exploitation framework now also delivered via npm
The npm registry contains a malicious package that downloads the AdaptixC2 agent onto victims’ devices, Kaspersky experts have found. The threat targets Windows, Linux, and macOS. This article has been indexed from Securelist Read the original article: Post-exploitation framework now…
Microsoft revokes 200 certs used to sign malicious Teams installers
By revoking 200 software-signing certificates, Microsoft has hampered the activities of Vanilla Tempest, a ransomware-wielding threat actor that has been targeting organizations with malware posing as Microsoft Teams. “In this campaign, Vanilla Tempest used fake MSTeamsSetup.exe files hosted on malicious…
Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting…
New York Judge Sanctions Lawyer Over AI-Generated Filings
Judge sanctions attorney after he submits AI-generated filing to explain previous AI-generated documents replete with errors This article has been indexed from Silicon UK Read the original article: New York Judge Sanctions Lawyer Over AI-Generated Filings
ConnectWise Flaws Let Attackers Deliver Malicious Software Updates
ConnectWise has issued a critical security update for its Automate™ platform after uncovering vulnerabilities that could allow attackers to intercept and tamper with software updates. The flaws, present in on-premises installations configured to use unsecured communication channels, put organizations at…
Microsoft Report Warns of AI-Powered Automation in Cyberattacks and Malware Creation
Cybercriminals are weaponizing artificial intelligence to accelerate malware development, discover vulnerabilities faster, and create more sophisticated phishing campaigns, according to Microsoft’s latest Digital Defense Report covering trends from July 2024 through June 2025. In 80% of the cyber incidents Microsoft…
Microsoft’s Patch Tuesday: 172 Flaws Fixed
The tech titan is addressing 172 security flaws, including six zero-day vulnerabilities. Among these, eight are rated “Critical,” consisting of five remote code execution bugs and three elevation of privilege issues. The post Microsoft’s Patch Tuesday: 172 Flaws Fixed appeared…
PowerSchool hacker got four years in prison
Matthew D. Lane, a Massachusetts student, got four years in prison for hacking and extorting $3M from PowerSchool and another company. A Massachusetts student, Matthew D. Lane, was sentenced to four years in prison for hacking and extorting about $3…
Over 269,000 F5 Devices Exposed Online After Major Breach: U.S. Faces Largest Risk
Over 269,000 F5 devices are reportedly exposed to the public internet daily, according to data from The Shadowserver Foundation. This exposure comes at a critical time following F5’s disclosure of a sophisticated nation-state attack that compromised its development environment, stealing…
North Korean Hackers Using EtherHiding to Deliver Malware and Steal Cryptocurrency
In recent months, a sophisticated malware campaign—dubbed EtherHiding—has emerged from North Korea-aligned threat actors, sharply escalating the cybersecurity risks facing cryptocurrency exchanges and their users worldwide. The campaign surfaced in the wake of heightened regulatory crackdowns on illicit crypto transactions,…
VMware Workstation and Fusion 25H2 Released with New Features and Latest OS Support
VMware has launched Workstation 25H2 and Fusion 25H2, the newest iterations of its desktop hypervisors, featuring a revamped versioning system, enhanced tools, and broader compatibility with modern hardware and operating systems. These updates aim to streamline virtualization for developers, IT…
Is it possible to keep AI out of your personal life?
It is close to impossible to keep AI out of your personal life, and a recent report by PEW research confirms that the majority of… The post Is it possible to keep AI out of your personal life? appeared first…
ABB Sees Surge In AI Data Centre Orders
ABB data orders related to AI data centres grow by double-digit percentage rate in third quarter, in latest sign of AI’s sway over economy This article has been indexed from Silicon UK Read the original article: ABB Sees Surge In…
Authors Sue Salesforce Over AI Training Methods
Authors file proposed class-action lawsuit over alleged use of pirated novels to train xGen AI models to process language This article has been indexed from Silicon UK Read the original article: Authors Sue Salesforce Over AI Training Methods
APT28 Deploys BeardShell and Covenant Modules via Weaponized Office Documents
Security researchers at Sekoia.io have uncovered a sophisticated cyberattack campaign orchestrated by APT28, the notorious Russian state-sponsored threat actor, targeting Ukrainian military personnel with weaponized Office documents that deliver advanced malware frameworks including BeardShell and Covenant modules. The operation represents…
Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks
Multiple Cisco desk, IP, and video phones are at risk of remote denial-of-service (DoS) and cross-site scripting (XSS) attacks due to flaws in their Session Initiation Protocol (SIP) software. The weaknesses affect Desk Phone 9800 Series, IP Phone 7800 and…
Prosper Data Breach Impacts 17.6 Million Accounts
Hackers stole names, addresses, dates of birth, email addresses, Social Security numbers, government IDs, and other information. The post Prosper Data Breach Impacts 17.6 Million Accounts appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Auction house Sotheby’s disclosed a July data breach
Sotheby’s reported a July 24 breach exposing customer and financial data; it took two months to assess the stolen information and affected individuals. Sotheby’s reported a data breach that exposed customer information, including financial details. The company discovered the security…
F5 Released Security Updates Covering Multiple Products Following Recent Hack
F5 Networks, a leading provider of application security and delivery solutions, has disclosed a significant security breach involving a nation-state threat actor, prompting the release of critical updates for its core products. Detected in August 2025, the incident exposed internal…
Under the engineering hood: Why Malwarebytes chose WordPress as its CMS
It might surprise some that a security company would choose WordPress as the backbone of its digital content operations. Here’s what we considered when choosing it. This article has been indexed from Malwarebytes Read the original article: Under the engineering…