The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT. The activity, observed in September 2025, has been attributed to a threat cluster it tracks as UAC-0245.…
ICO: Imgur’s UK Decision Won’t Prevent Regulatory Fine
Image-sharing platform Imgur has blocked its services within the UK, following a regulatory notice from the ICO This article has been indexed from www.infosecurity-magazine.com Read the original article: ICO: Imgur’s UK Decision Won’t Prevent Regulatory Fine
IT Security News Hourly Summary 2025-10-01 09h : 7 posts
7 posts were published in the last hour 7:3 : Why AI Browsers Could Put Your Money at Risk 7:2 : 48+ Cisco Firewalls Hit by Actively Exploited 0-Day Vulnerability 7:2 : Cisco IOS/IOS XE SNMP Vulnerabilities Exploited in Ongoing…
Battering RAM Exploit Bypasses Modern Protections in Intel, AMD Cloud Processors
Cloud providers rely on hardware-based memory encryption to keep user data safe. This encryption shields sensitive information like passwords, financial records, and personal files from hackers and curious insiders. Leading technologies such as Intel SGX and AMD SEV-SNP are designed…
Google Publishes Security Hardening Guide to Counter UNC6040 Threats
Google’s Threat Intelligence Group (GTIG) has published a comprehensive guide to help organizations strengthen their SaaS security posture—particularly Salesforce—against UC6040’s sophisticated voice-phishing and malicious connected-app attacks. By combining identity hardening, SaaS-specific controls, and advanced logging and detection, security teams can…
New Android Banking Trojan Uses Hidden VNC to Gain Complete Remote Control Over Device
A new Android banking trojan has emerged that combines traditional overlay attacks with a stealthy hidden Virtual Network Computing (VNC) server to achieve full remote control of compromised devices. First detected in late September 2025, the malware is distributed through…
Windows 11 25H2 Released for General Availability – Know Issues and Mitigations
Microsoft has officially released Windows 11, version 25H2, also known as the Windows 11 2025 Update, marking the next feature update for the operating system. The update became available for general availability on September 30, 2025, initiating a phased rollout…
48+ Cisco Firewalls Vulnerable to Actively Exploited 0-Day Vulnerability in the Wild
A critical zero-day vulnerability affecting thousands of Cisco firewalls is being actively exploited by threat actors in the wild. The vulnerability, tracked as CVE-2025-20333, poses an immediate risk to organizations worldwide with a CVSS score of 9.9, representing one of…
New 360 Strata platform delivers actionable intelligence to protect sensitive data
360 Privacy launched 360 Strata, an advanced privacy platform designed to transform how organizations understand, manage, and reduce digital exposures. The platform empowers executives, security teams, and family offices with actionable intelligence to identify what personal information is exposed and…
Navigating AI Standards and Regulations
Note: This post is written with a lot of help from AI, used to summarize the standards mentioned below. Artificial intelligence (AI) is reshaping industries, but it also brings new risks. From security vulnerabilities to compliance challenges, organizations must…
Akuity unveils AI-powered incident detection and automation for Kubernetes
Akuity has launched new AI capabilities that enable users to detect degraded states across applications, triage incidents, and automate fixes on the Akuity platform within minutes. The platform also provides enterprise-ready continuous delivery and promotion capabilities for Kubernetes, built on…
China-linked group linked to new malware, 2024 VMware zero-day still exploited, iOS fixes a bevy of glitches
China-Linked Group Hits Governments With Stealth Malware Chinese hackers exploit VMware zero-day since October 2024 Apple’s iOS fixes a bevy of glitches Huge thanks to our sponsor, Nudge Security The SaaS supply chain is a hot mesh. As your workforce…
Why AI Browsers Could Put Your Money at Risk
A new generation of web browsers is coming to a computer near you. Agentic AI browsers, like Comet from Perplexity, can shop and browse the… The post Why AI Browsers Could Put Your Money at Risk appeared first on Panda…
48+ Cisco Firewalls Hit by Actively Exploited 0-Day Vulnerability
Cisco has confirmed two serious vulnerabilities impacting its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls. Tracked as CVE-2025-20333 and CVE-2025-20362, both issues allow attackers to run arbitrary code on unpatched devices. Cisco security advisories warn that exploits for both flaws…
Cisco IOS/IOS XE SNMP Vulnerabilities Exploited in Ongoing Attacks, Warns CISA
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about critical vulnerabilities in Cisco’s IOS and IOS XE Software SNMP subsystem that are actively being exploited by threat actors. CVE-2025-20352, which involves a stack-based buffer overflow in the…
WestJet confirms cyberattack exposed IDs, passports in June incident
WestJet confirms June cyberattack that disrupted certain internal systems, exposed customer passports and IDs. WestJet airline confirmed the June security breach exposed customer passports and IDs. WestJet is a Canadian airline that operates both domestic and international flights. Founded in…
Beware! Threat Actors Distributing Malicious AI Tools as Chrome Extensions
A concerning cybersecurity trend has emerged as threat actors exploit the growing popularity of artificial intelligence tools by distributing malicious Chrome extensions masquerading as legitimate platforms. These deceptive extensions target users seeking convenient access to popular services like ChatGPT, Claude,…
OpenSSL Vulnerabilities Let Attackers Execute Malicious Code and Recover Private Key Remotely
The OpenSSL Project has released a critical security advisory, addressing three significant vulnerabilities that could allow attackers to execute remote code and potentially recover private cryptographic keys. These flaws affect multiple OpenSSL versions across different platforms and could lead to…
Hackers love LOTL, this approach shuts them down
Every time cyber defenders and companies discover new ways to block intrusions, attackers change their tactics and find a way around the defenses. “Living off the Land” (LOTL) is a prime example: since many detection tools became good at flagging…
Microsoft Sentinel Launches AI-Driven Agentic SIEM Platform for Enterprise Security
Organizations face an ever-evolving cyberthreat landscape marked by faster, more complex attacks. Today, Microsoft is answering this call with the general availability of an agentic security platform built on Microsoft Sentinel. This new wave of innovation combines data, context, automation, and intelligent…
Google Gemini Vulnerabilities Let Hackers Steal Saved Data and Live Location
Research has uncovered three significant vulnerabilities in Google’s Gemini AI assistant suite, dubbed the “Gemini Trifecta,” that could have allowed cybercriminals to steal users’ saved data and live location information. The vulnerabilities, which have since been remediated by Google, demonstrate…
MatrixPDF Campaign Evades Gmail Filters to Deliver Malicious Payloads
Cybercriminals are turning a trusted file format against users in a sophisticated new attack campaign. MatrixPDF represents a concerning evolution in social engineering attacks that split malicious activities across multiple platforms to evade detection. PDF files have become the perfect…
Top 10 Best Autonomous Endpoint Management Software In 2025
Managing endpoints effectively has become one of the most critical priorities for IT teams across organizations. With the growing number of devices, operating systems, and hybrid workforce requirements, businesses need smarter and more automated endpoint management solutions. This is where…
A2AS framework targets prompt injection and agentic AI security risks
AI systems are now deeply embedded in business operations, and this introduces new security risks that traditional controls are not built to handle. The newly released A2AS framework is designed to protect AI agents at runtime and prevent real-world incidents…