Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in modern organizations. The platform recently received a major update that reworks all the core…
GhostSocks Malware-as-a-Service Turns Compromised Devices into Proxies for Threat Actors
On October 15, 2023, a threat actor using the handle GhostSocks published a sales post on the Russian cybercrime forum xss[.]is advertising a novel Malware-as-a-Service (MaaS) offering. The post introduced GhostSocks, a service designed to turn compromised Windows machines into…
IT Security News Hourly Summary 2025-10-03 12h : 6 posts
6 posts were published in the last hour 10:2 : What Is Identity Threat Detection and Response? 10:2 : Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks 10:2 : Enterprise Vulnerability Management: Key Processes and Tools 10:2 :…
SideWinder Hacker Group Targets Users with Fake Outlook/Zimbra Portals to Steal Login Credentials
The notorious SideWinder APT group has intensified its credential harvesting operations across South Asia, deploying sophisticated phishing campaigns that target government, defense, and critical infrastructure organizations through fake webmail portals. The campaign represents a significant escalation from the group’s August…
MokN Raises $3 Million for Phish-Back Solution
The French cybersecurity startup tricks attackers into revealing stolen credentials so they can be neutralized. The post MokN Raises $3 Million for Phish-Back Solution appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: MokN…
Organizations Warned of Exploited Meteobridge Vulnerability
Patched in mid-May, the security defect allows remote unauthenticated attackers to execute arbitrary commands with root privileges. The post Organizations Warned of Exploited Meteobridge Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
New “Cavalry Werewolf” Attack Hits Russian Agencies with FoalShell and StallionRAT
A threat actor that’s known to share overlaps with a hacking group called YoroTrooper has been observed targeting the Russian public sector with malware families such as FoalShell and StallionRAT. Cybersecurity vendor BI.ZONE is tracking the activity under the moniker…
Hackers Target Unpatched Flaws in Oracle E-Business Suite
Patches for the targeted vulnerabilities were released in Oracle’s July 2025 security update This article has been indexed from www.infosecurity-magazine.com Read the original article: Hackers Target Unpatched Flaws in Oracle E-Business Suite
Hackers Exploit Grafana Vulnerability Allowing Arbitrary File Reads
Researchers at GreyNoise observed a sudden spike in attempts to exploit a well-known Grafana flaw. This vulnerability, tracked as CVE-2021-43798, allows attackers to traverse paths on a server and read any file they choose. Over the course of a single…
Threat Actors Mimic Popular Brands to Deceive Users and Deploy Malware in New Wave of Attacks
Cybercriminals have launched a sophisticated campaign that leverages brand impersonation techniques to distribute malware through deceptive SMS phishing (smishing) attacks. This emerging threat demonstrates an evolution in social engineering tactics, where attackers strategically craft URLs containing trusted brand names to…
Top 10 Best Account Takeover Protection Tools in 2025
Account Takeover (ATO) attacks have become one of the most pressing security concerns for businesses in 2025. With the rise of credential stuffing, phishing, brute force attacks, and bot-driven fraud, organizations must reinforce their digital defenses. Account takeover can lead…
New ‘Point-and-Click’ Phishing Kit Bypasses User Awareness and Security Filters to Deliver Malicious Payloads
A novel phishing kit has surfaced that enables threat actors to craft sophisticated lures with minimal technical expertise. This “point-and-click” toolkit combines an intuitive web interface with powerful payload delivery mechanisms. Attackers can select from preconfigured templates, customize branding elements,…
Threat Actors Leveraging WhatsApp Messages to Attack Windows Systems With SORVEPOTEL Malware
Enterprise networks worldwide are facing an aggressive, self-propagating malware campaign that exploits WhatsApp as its primary delivery mechanism. First observed in early September 2025 targeting Brazilian organizations, SORVEPOTEL spreads through convincing phishing messages carrying malicious ZIP attachments. Upon execution, the…
SideWinder Hacker Group Hosting Fake Outlook/Zimbra Portals to Steal Login Credentials
APT SideWinder, a state-sponsored threat actor long associated with espionage across South Asia, has recently launched a campaign deploying phishing portals that mimic legitimate Outlook and Zimbra webmail services. Emerging in mid-2025, this operation uses free hosting platforms such as…
WestJet Data Breach Impacts 1.2 Million Customers
WestJet revealed that customer personal details and membership data were stolen in the June 2025 attack This article has been indexed from www.infosecurity-magazine.com Read the original article: WestJet Data Breach Impacts 1.2 Million Customers
What Is Identity Threat Detection and Response?
Key insights: What is identity threat detection and response (ITDR)? What are the differences and similarities between ITDR and EDR? What are the alternatives to ITDR? Identity Threat Detection and Response (ITDR) is a comparatively new term in the cybersecurity…
Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks
The software giant’s investigation showed that vulnerabilities patched in July 2025 may be involved. The post Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Enterprise Vulnerability Management: Key Processes and Tools
Learn about key processes and tools for enterprise vulnerability management, including vulnerability scanning, risk prioritization, and remediation strategies. The post Enterprise Vulnerability Management: Key Processes and Tools appeared first on Security Boulevard. This article has been indexed from Security Boulevard…
Top Vulnerability Management Tools for the Future
Discover the best vulnerability management tools for the future, focusing on enterprise SSO, CIAM, and single sign-on providers. Enhance your cybersecurity strategy today. The post Top Vulnerability Management Tools for the Future appeared first on Security Boulevard. This article has…
WhatsApp Exploited to Spread SORVEPOTEL Malware on Windows Systems
An aggressive malware campaign dubbed SORVEPOTEL is exploiting WhatsApp messages to infiltrate Windows systems, with its epicenter in Brazil. Rather than pursuing data theft or ransomware extortion, this self-propagating malware is engineered for rapid spread, leveraging social trust and automation…
CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-4008 (CVSS score: 8.7), is a case of…
New ‘Point-and-Click’ Phishing Kit Evades Security Filters to Deliver Malicious Payloads
A new toolkit named Impact Solutions has emerged on cybercrime forums, offering a comprehensive, user-friendly framework for crafting advanced phishing campaigns. By democratizing malware delivery, Impact Solutions empowers even low-skill threat actors to bypass both end users and conventional security…
Criminals take Renault UK customer data for a joyride
Names, numbers, and reg plates exposed in latest auto industry cyber-shunt Renault UK customers are being warned their personal data may be in criminal hands after one of its supplier was hacked.… This article has been indexed from The Register…
Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities
High-severity flaws were patched in Chrome’s WebGPU and Video components, and in Firefox’s Graphics and JavaScript Engine components. The post Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek…