A new toolkit named Impact Solutions has emerged on cybercrime forums, offering a comprehensive, user-friendly framework for crafting advanced phishing campaigns. By democratizing malware delivery, Impact Solutions empowers even low-skill threat actors to bypass both end users and conventional security…
Criminals take Renault UK customer data for a joyride
Names, numbers, and reg plates exposed in latest auto industry cyber-shunt Renault UK customers are being warned their personal data may be in criminal hands after one of its supplier was hacked.… This article has been indexed from The Register…
Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities
High-severity flaws were patched in Chrome’s WebGPU and Video components, and in Firefox’s Graphics and JavaScript Engine components. The post Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Your Guide to EDUCAUSE 2025: What Higher-Ed Leaders Need to Know
What is EDUCAUSE 2025? The EDUCAUSE Annual Conference is where higher education’s technology and strategy communities come together. In 2025, it will be October 27–30 in Nashville, with a follow-up online program on November 12–13. The theme this year is…
Beyond IPs: Why Your Next Firewall Ruleset Will be Written in Identity
The shift from IP-based ACLs to identity-aware microsegmentation is key to zero-trust. Learn how to build resilient, intent-based policies that survive re-IP. The post Beyond IPs: Why Your Next Firewall Ruleset Will be Written in Identity appeared first on Security…
Signal Enhances Security With New Hybrid PQ Ratchet to Compact Quantum Computing Threats
Signal has announced a groundbreaking advancement in secure messaging with the introduction of the Sparse Post Quantum Ratchet (SPQR), a revolutionary cryptographic enhancement designed to protect against future quantum computing threats. This latest security upgrade represents a significant milestone in…
Confucius Hacker Group Attacking Weaponizing Documents to Compromised Windows Systems With AnonDoor Malware
The Confucius hacker group, active since 2013, has recently escalated its operations by weaponizing malicious Office documents to compromise Windows endpoints with a new Python-based backdoor, dubbed AnonDoor. Historically known for deploying document stealers such as WooperStealer, the threat actor…
HackerOne Paid $81 In Bug Bounty With Emergence of Bionic Hackers
HackerOne, a leading platform in offensive security, announced it has paid out a total of $81 million in bug bounties to its global community of white-hat hackers over the past year. This figure, detailed in the company’s 9th annual Hacker-Powered…
Hundreds of Free VPN Apps for Both Android and iOS Leaks Users Personal Data
Mobile VPN apps promise to protect privacy and secure communications on smartphones, but a comprehensive analysis of nearly 800 free Android and iOS VPN applications reveals a troubling reality: many of these tools expose sensitive information rather than shield it.…
IT Security News Hourly Summary 2025-10-03 09h : 6 posts
6 posts were published in the last hour 7:2 : What personal information does the Nintendo Switch 2 collect? 7:2 : Red Hat Confirms GitLab Instance Hack, Data Theft 6:32 : Hundreds of Free VPN Apps Expose Android and iOS…
Threat Actors Imitate Popular Brands in New Malware Distribution Campaigns
In a sophisticated resurgence of smishing campaigns, cybercriminals have begun embedding trusted brand names into deceptive URLs and group messaging threads to lure unsuspecting users into downloading malware. By inserting a familiar company name before the “@” symbol in links,…
IIS Servers Compromised by Chinese Hackers for SEO Manipulation
Cisco Talos has revealed that UAT-8099, a Chinese-speaking cybercrime group, has been exploiting vulnerable Internet Information Services (IIS) servers across multiple countries to conduct search engine optimization (SEO) fraud and steal high-value data. Identified in April 2025, this group targets…
Rhadamanthys Stealer Offered on Dark Web for $299–$499
A new offering named Rhadamanthys, a sophisticated information stealer, has surfaced for sale on underground marketplaces, with subscription packages starting at $299 and reaching up to $499 per month. Marked by its polished branding and tiered pricing structure, the malware…
Oracle Confirms Hackers Target E-Business Suite Data in Extortion Campaigns
Oracle has confirmed that a group of hackers stole data from its E-Business Suite (EBS) applications and is using the information in extortion campaigns. The company warns that these attackers exploited vulnerabilities already fixed in the July 2025 Critical Patch…
Oracle Confirms that Hackers Targeting E-Business Suite Data With Extortion Emails
Oracle Corporation has officially acknowledged that cybercriminals are targeting customers of its E-Business Suite (EBS) platform through sophisticated extortion campaigns. The company’s Chief Security Officer, Rob Duhart, confirmed that hackers have been exploiting previously identified vulnerabilities that were addressed in…
When loading a model means loading an attacker
You probably think twice before downloading a random app or opening an unfamiliar email attachment. But how often do you stop to consider what happens when your team downloads and loads a machine learning model? A recent study shows why…
Shutdown furloughs CISA, Defender BIOS bug, Motilily dealership cyberattack
Government shutdown furloughs most CISA staff Microsoft Defender bug triggers erroneous BIOS update alerts Motility RV software company suffers cyberattack Huge thanks to our sponsor, Nudge Security Here’s the thing: your employees are signing up for new apps, sharing data,…
What personal information does the Nintendo Switch 2 collect?
As we enter the festive season, Nintendo has stepped up its production, making it possible for consumers actually to find stock of the latest Nintendo… The post What personal information does the Nintendo Switch 2 collect? appeared first on Panda…
Red Hat Confirms GitLab Instance Hack, Data Theft
Hackers claim to have stolen 28,000 private repositories, including data associated with major companies that use Red Hat services. The post Red Hat Confirms GitLab Instance Hack, Data Theft appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Hundreds of Free VPN Apps Expose Android and iOS Users’ Personal Data
Virtual Private Networks (VPNs) are trusted by millions to protect privacy, secure communications, and enable remote access on their mobile devices. But what if the very apps designed to safeguard your data are riddled with dangerous security flaws that expose…
Signal Introduces Hybrid Post-Quantum Ratchet to Strengthen Security
Signal, the popular end-to-end encrypted messaging platform, has announced a groundbreaking advancement in cryptographic security with the introduction of the Sparse Post Quantum Ratchet (SPQR). This innovative protocol represents a significant leap forward in protecting user communications against emerging quantum…
Google warns of Cl0p extortion campaign against Oracle E-Business users
Google observed Cl0p ransomware group sending extortion emails to executives, claiming theft of Oracle E-Business Suite data. Google Mandiant and Google Threat Intelligence Group (GTIG) researchers are tracking a suspected Cl0p ransomware group’s activity, where threat actors attempt to extort…
Protegrity Developer Edition: Free containerized Python package to secure AI pipelines
Protegrity Developer Edition enables developers, data scientists, ML engineers, and security teams an easy way to add data protection into GenAI and unstructured data workflows, without the need for enterprise setup. Billed as the first enterprise-grade, governance-focused Python package, it…
Confucius Hacker Group Weaponizes Documents to Infect Windows Systems with AnonDoor Malware
The Confucius hacking group, a long-running cyber-espionage operation with suspected state-sponsored ties, has significantly evolved its attack methodologies over the past year, transitioning from document stealers like WooperStealer to sophisticated Python-based backdoors including AnonDoor malware. The December 2024 campaign demonstrated…