Even though almost every aspect of modern medicine is supported by digital infrastructure, the healthcare sector finds itself at the epicentre of an escalating cybersecurity crisis at the same time. Cyberattacks have now evolved from being just a financial…
IT Security News Hourly Summary 2025-10-15 12h : 13 posts
13 posts were published in the last hour 10:3 : When Face Recognition Doesn’t Know Your Face Is a Face 10:3 : Mysterious Elephant: a growing threat 10:3 : Microsoft IIS Vulnerability Allows Unauthorized Attacker To execute Malicious Code 10:3…
Microsoft IIS Exploit Allows Unauthenticated Attackers to Run Arbitrary Code
A serious security flaw has been discovered in Microsoft’s Internet Information Services (IIS) that lets attackers run arbitrary code without logging in. The vulnerability affects the IIS Inbox COM Objects and stems from improper handling of shared memory and objects…
Where Ransomware Profits Go and How to Cut Them Off
This article serves as a wake-up call. Even limited cooperation between registry bodies and law enforcement could cripple ransomware networks and raise the cost for cybercriminals. Ransomware payments hit $813 million in 2024 and my expectation is that they will…
Windows 11 And Server 2025 Will Start Caching Plaintext Credentials By Enabling WDigest Authentication
Cybersecurity threats are rapidly evolving; even advanced operating systems like Windows 11 and Windows Server 2025 can have vulnerabilities due to legacy configurations. Horizon Secure highlighted a concerning feature: WDigest authentication, which can be enabled to cache plaintext passwords in…
Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped
Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless…
PhantomVAI Loader Delivers a Range of Infostealers
PhantomVAI is a new loader used to deploy multiple infostealers. We discuss its overall evolution and use of steganography and obfuscated scripts. The post PhantomVAI Loader Delivers a Range of Infostealers appeared first on Unit 42. This article has been…
Chrome Use-After-Free Flaw Lets Attackers Execute Arbitrary Code
Google has released a critical security update for Chrome browser users after discovering a dangerous use-after-free vulnerability that could allow cybercriminals to execute malicious code on victims’ computers. The flaw, tracked as CVE-2025-11756, affects Chrome’s Safe Browsing feature and has…
Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code
Veeam has released an urgent security patch to address multiple critical remote code execution (RCE) vulnerabilities in Veeam Backup & Replication version 12. These flaws could allow authenticated domain users to run malicious code on backup servers and infrastructure hosts.…
SAP fixed maximum-severity bug in NetWeaver
SAP addressed 13 new flaws, including a maximum severity vulnerability in SAP NetWeaver, which could lead to arbitrary command execution. SAP addressed 13 new vulnerabilities, including a maximum severity issue, tracked as CVE-2025-42944 (CVSS score of 10.0) in SAP NetWeaver. The vulnerability…
Microsoft patches three zero-days actively exploited by attackers
On October 2025 Patch Tuesday, Microsoft released fixes for 175+ vulnerabilities, including three zero-days under active attack: CVE-2025-24990, CVE-2025-59230, and CVE-2025-47827. The actively exploited vulnerabilities are an unusual mix CVE-2025-24990 is in the third-party driver (ltmdm64.sys) for the software-based Agere…
When Face Recognition Doesn’t Know Your Face Is a Face
An estimated 100 million people live with facial differences. As face recognition tech becomes widespread, some say they’re getting blocked from accessing essential systems and services. This article has been indexed from Security Latest Read the original article: When Face…
Mysterious Elephant: a growing threat
Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk. This article has been indexed from Securelist Read the original article: Mysterious Elephant:…
Microsoft IIS Vulnerability Allows Unauthorized Attacker To execute Malicious Code
Microsoft has disclosed a critical remote code execution flaw in its Internet Information Services (IIS) platform, posing risks to organizations relying on Windows servers for web hosting. Tracked as CVE-2025-59282, the vulnerability affects the Inbox COM Objects handling global memory,…
NCSC Warns of UK Experiencing Four Cyber Attacks Every Week
The United Kingdom faces an unprecedented cyber security crisis as the National Cyber Security Centre (NCSC) reports handling an average of four ‘nationally significant’ cyber attacks weekly. This alarming escalation represents a dangerous shift in the threat landscape, with the…
Windows Agere Modem Driver 0-Day Vulnerabilities Actively Exploited To Escalate Privileges
Microsoft has disclosed two critical zero-day vulnerabilities in the Agere Modem driver bundled with Windows operating systems, confirming active exploitation to escalate privileges. The flaws, tracked as CVE-2025-24990 and CVE-2025-24052, affect the ltmdm64.sys driver and could allow low-privileged attackers to…
Last Windows 10 Patch Tuesday Features Six Zero Days
Microsoft has fixed over 170 CVEs in October’s Patch Tuesday, including six zero-day vulnerabilities This article has been indexed from www.infosecurity-magazine.com Read the original article: Last Windows 10 Patch Tuesday Features Six Zero Days
Intel To Sample Crescent Island AI Accelerator Next Year
Intel set to send next-generation Crescent Island data centre GPU in second half of 2026 as it seeks foothold in growing AI market This article has been indexed from Silicon UK Read the original article: Intel To Sample Crescent Island…
FortiOS CLI Bypass Flaw Lets Attackers Run Arbitrary System Commands
Fortinet has disclosed a security vulnerability affecting its FortiOS operating system that could allow attackers with administrative privileges to execute unauthorized system commands by bypassing command line interface restrictions. The flaw, tracked as CVE-2025-58325, was discovered internally by Fortinet’s PSIRT…
TigerJack Hackers Target Developer Marketplaces with 11 Malicious VS Code Extensions
Sophisticated Threat Actor Compromises 17,000+ Developers Through Trojan Extensions That Steal Code and Mine Cryptocurrency. Operating since early 2025 under multiple publisher accounts (ab-498, 498, and 498-00), this sophisticated campaign deploys extensions that steal source code, mine cryptocurrency, and establish…
FortiPAM & FortiSwitch Manager Flaw Allows Attackers to Bypass Authentication
Fortinet has disclosed a critical security vulnerability affecting FortiPAM and FortiSwitchManager products that could enable attackers to bypass authentication mechanisms through brute-force attacks. The vulnerability, tracked as CVE-2025-49201, was internally discovered by Gwendal Guégniaud of the Fortinet Product Security team…
‘A Call to Arms’ as UK Faces 50% Surge in Major Cyberattacks
National Cyber Security Centre reckons the rise is due to the UK’s increasing dependence on digital systems and a sharp increase in ransomware activity. The post ‘A Call to Arms’ as UK Faces 50% Surge in Major Cyberattacks appeared first…
Roll your own bot detection: server-side detection (part 2)
This is the second part of our series on building a lightweight, vendor-free anti-bot system to protect your login endpoint. In Part 1, we focused on the client side: we designed a fingerprinting script that collects various signals from the…
Aura enhancements simplify opt-outs and strengthen online privacy
Aura new tools to help consumers reclaim control over their personal information online. The new capabilities automate some of the most time-consuming privacy tasks, including removing personal details from Google search results, opting out of data broker sites, and identifying…