A sophisticated new Windows backdoor named NANOREMOTE emerged in October 2025, presenting a significant threat to enterprise environments by leveraging legitimate cloud infrastructure for malicious purposes. This fully-featured malware utilizes the Google Drive API as its primary Command-and-Control (C2) channel,…
New ConsentFix Attack Let Attackers Hijack Microsoft Accounts by Leveraging Azure CLI
A sophisticated new phishing attack technique called “ConsentFix” that combines OAuth consent phishing with ClickFix-style prompts to compromise Microsoft accounts without requiring passwords or multi-factor authentication. The attack leverages the Azure CLI app to gain unauthorized access to victim accounts.…
CyberVolk Hackers Group With New VolkLocker Payloads Attacks both Linux and Windows Systems
CyberVolk, a pro-Russia hacktivist group, has reemerged with a new ransomware platform called VolkLocker following a period of dormancy in 2025. The group, first documented in late 2024 for conducting attacks aligned with Russian government interests, initially went silent due…
UK watchdog urged to probe GDPR failures in Home Office eVisa rollout
Rights groups say digital-only record is leaking data and courting trouble Civil society groups are urging the UK’s data watchdog to investigate whether the Home Office’s digital-only eVisa scheme is breaching GDPR, sounding the alarm about systemic data errors and…
3 Compliance Processes to Automate in 2026
For years, compliance has been one of the most resource-intensive responsibilities for cybersecurity teams. Despite growing investments in tools, the day-to-day reality of compliance is still dominated by manual, duplicative tasks. Teams chase down screenshots, review spreadsheets, and cross-check logs,…
Aisuru Botnet Unleashes Record 29.7 Tbps DDoS Attack
A new record-breaking 29.7 Tbps distributed denial-of-service (DDoS) attack launched via the Aisuru botnet has set a new standard for internet disruption and reinforced that multi-terabit attacks are on track to soon be an everyday event for DDoS defenders.…
Recent GeoServer Vulnerability Exploited in Attacks
Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request. The post Recent GeoServer Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Elastic detects stealthy NANOREMOTE malware using Google Drive as C2
Elastic found a new Windows backdoor, NANOREMOTE, similar to FINALDRAFT/REF7707, using the Google Drive API for C2. Elastic Security Labs researchers uncovered NANOREMOTE, a new Windows backdoor that uses the Google Drive API for C2. Elastic says it shares code…
Building Trustworthy AI Agents
The promise of personal AI assistants rests on a dangerous assumption: that we can trust systems we haven’t made trustworthy. We can’t. And today’s versions are failing us in predictable ways: pushing us to do things against our own best…
MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities
XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25. The post MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities appeared first on…
Abusing DLLs EntryPoint for the Fun, (Fri, Dec 12th)
In the Microsoft Windows ecosystem, DLLs (Dynamic Load Libraries) are PE files like regular programs. One of the main differences is that they export functions that can be called by programs that load them. By example, to call RegOpenKeyExA(), the…
Illegal Streaming and Piracy Are on the Rise
Illegal streaming and digital piracy have surged dramatically. Visits to illegal streaming website climbing from 130 billion in 2020 to 216 billion by 2024. That’s… The post Illegal Streaming and Piracy Are on the Rise appeared first on Panda Security…
Apple Wins Concessions In Epic Games Appeal
US appeals court orders district judge to allow Apple to charge a commission on purchases made outside App Store This article has been indexed from Silicon UK Read the original article: Apple Wins Concessions In Epic Games Appeal
Nick Clegg Joins VC Firm To Invest In European Start-Ups
Former UK deputy prime minister Clegg joins London-based Hiro Capital, which aims to invest in European spatial AI start-ups This article has been indexed from Silicon UK Read the original article: Nick Clegg Joins VC Firm To Invest In European…
Epic Games’ Fortnite Returns To Google Play In US
Popular game Fortnite returns to Google Play app store in US as Google complies with US District Court injunction This article has been indexed from Silicon UK Read the original article: Epic Games’ Fortnite Returns To Google Play In US
Silicon UK AI for Your Business Podcast: Trust at Speed: Governing Enterprise AI Without Losing Momentum
Explore how enterprises balance rapid AI deployment with trust, governance, and compliance—without slowing innovation. Insights from Silicon UK and Alteryx. This article has been indexed from Silicon UK Read the original article: Silicon UK AI for Your Business Podcast: Trust…
Do Kwon Sentenced To 15 Years In Prison Over Crypto Collapse
Do Kwon, creator of Luna and TerraUSD tokens that were worth $50bn at their height, sentenced to 15 years in US prison for ‘epic fraud’ This article has been indexed from Silicon UK Read the original article: Do Kwon Sentenced…
Severe Flaws in React Server Components Enable DoS Attacks and Code Exposure
Security researchers have disclosed two new vulnerabilities in React Server Components that expose servers to Denial-of-Service (DoS) attacks and to source code leaks. These flaws were discovered while experts were analyzing the patches for last week’s critical “React2Shell” vulnerability. While…
Ashen Lepus Hacker Group Targets Eastern Diplomatic Entities with AshTag Malware Attack
An advanced persistent threat (APT) group with ties to Hamas has intensified its espionage operations against government and diplomatic entities across the Middle East, deploying a sophisticated new malware suite dubbed AshTag. The threat actor, tracked as Ashen Lepus (also known as WIRTE),…
Notepad++ Flaw Allows Attackers to Hijack Update Traffic and Deploy Malware
The development team behind the popular text editor Notepad++ has released version 8.8.9 to address a critical security flaw that could allow traffic hijacking. This vulnerability affects the software’s update mechanism, potentially allowing attackers to intercept network traffic and install…
Gogs 0-Day Actively Exploited to Compromise Over 700 Servers
Security researchers have identified an active zero-day vulnerability in Gogs, a widely used self-hosted Git service. The flaw has already resulted in the compromise of more than 700 servers publicly exposed on the internet. As of early December 2025, no…
Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity
If you don’t look inside your environment, you can’t know its true state – and attackers count on that This article has been indexed from WeLiveSecurity Read the original article: Locks, SOCs and a cat in a box: What Schrödinger…
Black Hat Europe 2025: Reputation matters – even in the ransomware economy
Being seen as reliable is good for ‘business’ and ransomware groups care about ‘brand reputation’ just as much as their victims This article has been indexed from WeLiveSecurity Read the original article: Black Hat Europe 2025: Reputation matters – even…
Half of exposed React servers remain unpatched amid active exploitation
Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters…