North Korean state-sponsored threat actors have intensified their supply chain attacks against software developers through a sophisticated campaign dubbed “Contagious Interview,” deploying 338 malicious npm packages that have accumulated over 50,000 downloads. The operation represents a dramatic escalation in the…
Hackers Leveraging Microsoft Edge Internet Explorer Mode to Gain Access to Users’ Devices
The cybersecurity landscape witnessed a concerning development as threat actors discovered a novel attack vector targeting Microsoft Edge’s Internet Explorer mode functionality. This sophisticated campaign emerged in August 2025, exploiting the inherent security weaknesses of legacy browser technology to compromise…
ShinyHunters Leak Alleged Data from Qantas, Vietnam Airlines and Other Major Firms
ShinyHunters and its affiliate hackers have leaked data from 6 firms, including Qantas and Vietnam Airlines, after claiming to breach 39 companies via a Salesforce vulnerability. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI…
This 250-year-old equation just got a quantum makeover
A team of international physicists has brought Bayes’ centuries-old probability rule into the quantum world. By applying the “principle of minimum change” — updating beliefs as little as possible while remaining consistent with new data — they derived a quantum…
Building a lasting security culture at Microsoft
At Microsoft, building a lasting security culture is more than a strategic priority—it is a call to action. Security begins and ends with people, which is why every employee plays a critical role in protecting both Microsoft and our customers.…
IT Security News Hourly Summary 2025-10-13 18h : 13 posts
13 posts were published in the last hour 16:3 : AI Infrastructure: Compute, Storage, Observability, Security, and More 16:3 : Scattered Lapsus$ Hunters Claim to Have Stolen More Than 1 Billion Salesforce Records 16:3 : Linux Kernel 6.18-rc1 Released With…
Heads Up: Scans for ESAFENET CDG V5 , (Mon, Oct 13th)
In January, a possible XSS vulnerability was found in the electronic document security management system ESAFENET CDG. This was the latest (as far as I can tell) in a long list of vulnerabilities in the product. Prior vulnerabilities included SQL…
Rewiring Democracy is Coming Soon
My latest book, Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship, will be published in just over a week. No reviews yet, but can read chapters 12 and <a href=https://newpublic.substack.com/p/2ddffc17-a033-4f98-83fa-11376b30c6cd”>34 (of 43 chapters total). You can order…
Hidden Cost of MFT Vulnerabilities: Why CVE-2025-10035 Demands a New Security Playbook
When Fortra disclosed CVE-2025-10035 in GoAnywhere MFT last month, many security teams likely experienced a familiar sinking feeling. Another critical vulnerability. Another emergency patch cycle. Another race against ransomware operators. But this latest maximum-severity flaw reveals something more troubling than…
CyberSmart Become a National Ambassador of the NCRCG
With Cyber Security Awareness Month firmly underway, the National Cyber Resilience Centre Group (NCRCG) has proudly welcomed CyberSmart on board as a National Ambassador. Funded and supported by the Home Office, policing and Ambassador business partners, NCRCG is bringing together all those…
Scattered Lapsus$ Hunters rage-quit the internet (again), promise to return next year
‘We will never stop,’ say crooks, despite retiring twice in the space of a month The Scattered Lapsus$ Hunters (SLSH) cybercrime collective – compriseed primarily of teenagers and twenty-somethings – announced it will go dark until 2026 following the FBI’s…
AI Infrastructure: Compute, Storage, Observability, Security, and More
In this third article of the AI infrastructure series, you will learn about AI infrastructure compute, storage, observability, performance, optimization (deep dive), and security. This is the final part in my three-part AI infrastructure series. It’s recommended to read the…
Scattered Lapsus$ Hunters Claim to Have Stolen More Than 1 Billion Salesforce Records
Scattered Lapsus$ Hunters, a threat group previously associated with high-profile data thefts, recently claimed responsibility for exfiltrating over one billion records from Salesforce environments worldwide. Emerging in mid-2025, the group has honed its tactics to exploit misconfigurations in cloud identities…
Linux Kernel 6.18-rc1 Released With Extensive Updates Following a Steady Merge Window
Linus Torvalds has announced the release of Linux 6.18-rc1, marking the start of the release candidate phase for the upcoming kernel version. In his typical straightforward style, Torvalds noted that the merge window concluded smoothly after two weeks, with the…
PoC Exploit Unveiled for Lenovo Code Execution Vulnerability Enabling Privilege Escalation
A critical vulnerability in Lenovo’s Dispatcher drivers has come under the spotlight after researchers released a proof-of-concept exploit that demonstrates privilege escalation on affected Windows systems. Identified as CVE-2025-8061, this flaw stems from insufficient access controls in the drivers, potentially…
New WhatsApp Worm Attacks Users with Banking Malware to Users Login Credentials
Security researchers have identified a sophisticated malware campaign that exploits WhatsApp’s messaging platform to deploy banking trojans targeting Brazilian financial institutions and cryptocurrency exchanges. The self-propagating worm, which emerged on September 29, 2025, demonstrates advanced evasion techniques and multi-stage infection…
SREday SF 2025: Human Centered SRE In An AI World
SRE Day SF shows why dashboards alone do not defend anything. Explore paths to better telemetry, progressive delivery, and resilience that customers can feel. The post SREday SF 2025: Human Centered SRE In An AI World appeared first on Security…
Hackers Target ScreenConnect Features For Network Intrusions
A rise in attacks exploiting RMM tools like ScreenConnect enables system control via phishing tactics This article has been indexed from www.infosecurity-magazine.com Read the original article: Hackers Target ScreenConnect Features For Network Intrusions
OpenAI’s Guardrails Can Be Bypassed by Simple Prompt Injection Attack
Just weeks after its release, OpenAI’s Guardrails system was quickly bypassed by researchers. Read how simple prompt injection attacks fooled the system’s AI judges and exposed an ongoing security concern for OpenAI. This article has been indexed from Hackread –…
AI vs AI: The Future of Cybersecurity Is Machine vs. Machine. Is the human factor still relevant?
How Artificial Intelligence is transforming both cyber defense and cybercrime by Venkatesh Apsingekar, Senior Engineering Manager – Illumio I recently watched Terminator 2 with my 9-year-old son. Since It was… The post AI vs AI: The Future of Cybersecurity Is…
Fighting the Cyber Forever War: Born Defense Blends Investment Strategy with Just War Principles
Emerging from stealth, Born Defense is betting that a new kind of investment model can reshape how the U.S. fights its endless cyber battles. The post Fighting the Cyber Forever War: Born Defense Blends Investment Strategy with Just War Principles…
Paying Ransom Does Not Guarantee Data Restoration: Report
A new report claims that smaller firms continue to face dangers in the digital domain, as ransomware threats persistently target organizations. Hiscox’s Cyber Readiness Report surveyed 6,000 businesses, and over 59% report they have been hit by a cyber attack…
Spanish Police Dismantle AI-Powered Phishing Network and Arrest Developer “GoogleXcoder”
Spanish authorities have dismantled a highly advanced AI-driven phishing network and arrested its mastermind, a 25-year-old Brazilian developer known online as “GoogleXcoder.” The operation, led by the Civil Guard’s Cybercrime Department, marks a major breakthrough in the ongoing fight…
Red Hat Data Breach Deepens as Extortion Attempts Surface
The cybersecurity breach at enterprise software provider Red Hat has intensified after the hacking collective known as ShinyHunters joined an ongoing extortion attempt initially launched by another group called Crimson Collective. Last week, Crimson Collective claimed responsibility for infiltrating…