China’s National Cybersecurity Notification Center has issued an urgent warning about critical vulnerabilities in ComfyUI, a widely used image-generation framework for large AI models. These flaws, already under active exploitation by hacker groups, have compromised at least 695 servers worldwide,…
Aflac Discloses Cybersecurity Incident, Customer Data Potentially Exposed Amid Industry-Wide Attacks
Aflac confirms a cyberattack exposed sensitive customer data, citing social engineering tactics amid a wave of breaches targeting US insurers. The post Aflac Discloses Cybersecurity Incident, Customer Data Potentially Exposed Amid Industry-Wide Attacks appeared first on eSecurity Planet. This article…
LinuxFest Northwest: The Geology of Open Source
Author/Presenter: Hazel Weakly (Nivenly Foundation; Director, Haskell Foundation; Infrastructure Witch of Hachyderm) Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating…
Cyberattack Disrupts Russian Dairy Supply Chain by Targeting Animal Certification System
In a Russia’s dairy supply chain, a suspected cyberattack has targeted the Mercury component of the national veterinary certification system, forcing it into emergency operation mode. This critical system, integral to the processing of veterinary accompanying documents, ensures the traceability…
Cloudflare blocked record-breaking 7.3 Tbps DDoS attack against a hosting provider
Cloudflare blocked a record-breaking 7.3 Tbps DDoS attack in May 2025. Cloudflare blocked a record 7.3 Tbps DDoS attack in May 2025, 12% greater than its previous peak and 1 Tbps greater than the attack reported by the popular cyber…
Friday Squid Blogging: Gonate Squid Video
This is the first ever video of the Antarctic Gonate Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. This article has been indexed from Schneier…
Netflix, Apple, BofA websites hijacked with fake help-desk numbers
Don’t trust mystery digits popping up in your search bar Scammers are hijacking the search results of people needing 24/7 support from Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal in an attempt to trick victims into handing…
Week in Review: ClickFake deepfake scam, Krispy Kreme breach, NIST ZTA guidance
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Howard Holton, COO and industry analyst, GigaOm Thanks to our show sponsor, Adaptive Security As deepfake scams and GenAI phishing…
Prometei Botnet Targets Linux Servers for Cryptocurrency Mining Operations
Unit 42 researchers from Palo Alto Networks have identified a renewed wave of attacks by the Prometei botnet, specifically targeting Linux servers, as of March 2025. Initially discovered in July 2020 with a focus on Windows systems, Prometei has since…
Beware of Weaponized MSI Installer Masquerading as WhatsApp to Deliver XWorm RAT
A newly identified cyber threat linked to a China-based threat actor has emerged, targeting users across East and Southeast Asia with a trojanized MSI installer disguised as a legitimate WhatsApp setup file. This deceptive campaign delivers a customized version of…
Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself
Wondering if your information is posted online from a data breach? Here’s how to check if your accounts are at risk and what to do next. This article has been indexed from Latest stories for ZDNET in Security Read the…
Mocha Manakin Uses Paste-and-Run Technique to Deceive Users into Downloading Malware
A malicious campaign tracked as Mocha Manakin has been identified employing the deceptive “paste-and-run” technique to trick unsuspecting users into executing harmful scripts. First observed in August 2024 and actively monitored since January 2025 by security researchers at Red Canary,…
Anthropic study: Leading AI models show up to 96% blackmail rate against executives
Anthropic research reveals AI models from OpenAI, Google, Meta and others chose blackmail, corporate espionage and lethal actions when facing shutdown or conflicting goals. This article has been indexed from Security News | VentureBeat Read the original article: Anthropic study:…
News brief: LOTL attacks, spoofed sites, malicious repositories
Check out the latest security news from the Informa TechTarget team. This article has been indexed from Search Security Resources and Information from TechTarget Read the original article: News brief: LOTL attacks, spoofed sites, malicious repositories
IT Security News Hourly Summary 2025-06-20 21h : 10 posts
10 posts were published in the last hour 19:4 : Insomnia API Client Vulnerability Enables Arbitrary Code Execution via Template Injection 18:37 : KI-Sprachmuster: Warum wir langsam alle ein wenig wie ChatGPT klingen 18:37 : Threat Actors Exploit Vercel Hosting…
Threat Actors Manipulate Google Search Results to Display Scammer’s Phone Number Instead of Real Number
Threat actors are increasingly exploiting the trust users place in sponsored search results on platforms like Google to orchestrate sophisticated scams. These malicious entities craft deceptive advertisements that mimic legitimate websites, particularly targeting popular brands and tech support services. By…
What is perfect forward secrecy (PFS)?
Perfect forward secrecy (PFS), also known as forward secrecy, is an encryption style known for producing temporary private key exchanges between clients and servers. This article has been indexed from Search Security Resources and Information from TechTarget Read the original…
Insomnia API Client Vulnerability Enables Arbitrary Code Execution via Template Injection
A severe security vulnerability in the Insomnia API Client, a widely used tool by developers and security testers for interacting with APIs, has been uncovered by researchers at an offensive security consultancy. Discovered by Technical Director Marcio Almeida and Head…
KI-Sprachmuster: Warum wir langsam alle ein wenig wie ChatGPT klingen
Habt ihr das Gefühl, bestimmte Wörter in letzter Zeit öfter zu hören? Das ist womöglich kein Zufall, sondern ein Zeichen dafür, wie tief KI bereits in unsere tägliche Kommunikation eingreift. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung…
Threat Actors Exploit Vercel Hosting Platform to Distribute Remote Access Malware
CyberArmor has uncovered a sophisticated phishing campaign exploiting Vercel, a widely used frontend hosting platform, to distribute a malicious variant of LogMeIn, a legitimate remote access tool. Over the past two months, threat actors have orchestrated at least 28 distinct…
CVE-2025-49763 – Remote DoS via Memory Exhaustion in Apache Traffic Server via ESI Plugin
Remote attackers can trigger an avalanche of internal ESI requests, exhausting memory and causing denial-of-service in Apache Traffic Server. Executive Summary Imperva’s Offensive Security Team discovered CVE-2025-49763, a high-severity vulnerability (CVSS v3.1 estimated score: 7.5) in Apache Traffic Server’s ESI…
US Pig Butchering Victims ‘Will’ Get Refunds — Feds Seize $225M Cryptocurrency
DoJ, FBI, USSS yoinked USDT: Pretty girls plus investment fraud equals forfeiture recovery (eventually). The post US Pig Butchering Victims ‘Will’ Get Refunds — Feds Seize $225M Cryptocurrency appeared first on Security Boulevard. This article has been indexed from Security…
TxTag Phishing Campaign Exploits .gov Domain to Deceive Employees
A new and alarming phishing campaign has surfaced, leveraging the credibility of a .gov domain to deceive employees into believing they owe unpaid tolls. Identified by the Cofense Phishing Defense Center (PDC), this campaign manipulates the GovDelivery system a legitimate…
A Token of Appreciation for Sustaining Donors 💞
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> You’ll get a custom EFF35 Challenge Coin when you become a monthly or annual Sustaining Donor by July 10. It’s that simple. Give Once a Month Give Once…