A newly discovered WhatsApp scam has begun circulating on messaging platforms, exploiting the popular device linking feature to seize full control of user accounts. The attack unfolds when recipients receive what appears to be a harmless message from a known…
Jaguar Land Rover Confirms Cybersecurity Incident Impacts Global IT Systems
Luxury automaker Jaguar Land Rover (JLR) has been forced to halt production at its Halewood plant and shut down its global IT infrastructure following a significant cybersecurity incident. The breach, which was first reported on Monday, September 1, has led…
Ukrainian Networks Launch Massive Brute-Force and Password-Spraying Campaigns Targeting SSL VPN and RDP Systems
A sophisticated network of Ukrainian-based autonomous systems has emerged as a significant cybersecurity threat, orchestrating large-scale brute-force and password-spraying attacks against SSL VPN and RDP infrastructure. Between June and July 2025, these malicious networks launched hundreds of thousands of coordinated…
Google Hack Redux: Should 2.5B Gmail Users PANIC Now?
Summer’s lease hath all too short a date: Let’s ask Ian Betteridge. The post Google Hack Redux: Should 2.5B Gmail Users PANIC Now? appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article:…
Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control
Cybersecurity researchers have disclosed a stealthy new backdoor called MystRodX that comes with a variety of features to capture sensitive data from compromised systems. “MystRodX is a typical backdoor implemented in C++, supporting features like file management, port forwarding, reverse…
Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE
The North Korea-linked threat actor known as the Lazarus Group has been attributed to a social engineering campaign that distributes three different pieces of cross-platform malware called PondRAT, ThemeForestRAT, and RemotePE. The attack, observed by NCC Group’s Fox-IT in 2024,…
ICE Reinstates Contract with Spyware Vendor Paragon
The US Immigration agency has resumed a $2m contract with the Graphite spyware developer, now owned by US investor AE Industrial Partners This article has been indexed from www.infosecurity-magazine.com Read the original article: ICE Reinstates Contract with Spyware Vendor Paragon
IT Security News Hourly Summary 2025-09-02 18h : 24 posts
24 posts were published in the last hour 16:4 : I asked AI to modify mission-critical code, and what happened next haunts me 16:4 : This charger’s retractable superpower makes multi-device travel a breeze 16:4 : Fuji Electric FRENIC-Loader 4…
I asked AI to modify mission-critical code, and what happened next haunts me
This seriously raised the hairs on the back of my neck. This article has been indexed from Latest news Read the original article: I asked AI to modify mission-critical code, and what happened next haunts me
This charger’s retractable superpower makes multi-device travel a breeze
Ugreen’s Nexode 65W charger has two ports, a retractable USB-C cable, and still manages to dish out 65W of power. This article has been indexed from Latest news Read the original article: This charger’s retractable superpower makes multi-device travel a…
Fuji Electric FRENIC-Loader 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: FRENIC-Loader 4 Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3.…
SunPower PVS6
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: SunPower Equipment: PVS6 Vulnerability: Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to gain full access…
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems (ICS) advisories on September 2, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-245-01 Delta Electronics EIP Builder ICSA-25-245-02 Fuji Electric FRENIC-Loader 4 ICSA-25-245-03 SunPower PVS6 ICSA-25-182-06…
Delta Electronics EIP Builder
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.7 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: EIP Builder Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to potentially…
India’s Biggest Cyber Fraud: Businessman Duped of ₹25 Crore Through Fake Trading App
A Kochi-based pharmaceutical company owner has suffered a loss of ₹25 crore in what is being described as the largest single-person cyber fraud case in India. The incident involved a sophisticated online trading scam, executed through a fake trading…
New Forensic System Tracks Ghost Guns Made With 3D Printing Using SIDE
The rapid rise of 3D printing has transformed manufacturing, offering efficient ways to produce tools, spare parts, and even art. But the same technology has also enabled the creation of “ghost guns” — firearms built outside regulated systems and…
Malicious npm Package Masquerades as Popular Email Library
A malicious npm package “nodejs-smtp” has been discovered impersonating nodemailer and injecting code to drain crypto wallets This article has been indexed from www.infosecurity-magazine.com Read the original article: Malicious npm Package Masquerades as Popular Email Library
Palo Alto Networks, Zscaler customers impacted by supply chain attacks
A hacking campaign using credentials linked to Salesloft Drift has impacted a growing number of companies, including downstream customers of leading cybersecurity firms. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Palo Alto…
Palo Alto Networks, Zscaler and PagerDuty Hit in Salesforce Linked Data Breaches
Hackers exploited the Salesloft Drift app to steal OAuth tokens and access Salesforce data, exposing customer details at… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Palo Alto…
3 Android calendar apps that beat Google’s default hands down – and they’re all free
I’ve been wanting to replace Google Calendar as my go-to calendar app. These alternatives aren’t just drop-ins; they’re outright superior. This article has been indexed from Latest news Read the original article: 3 Android calendar apps that beat Google’s default…
I found an AirTag wallet alternative that works with Android (and is cheaper)
$20 is a price worth paying for peace of mind. This article has been indexed from Latest news Read the original article: I found an AirTag wallet alternative that works with Android (and is cheaper)
I drove a tractor over this $45 power bank – it didn’t skip a beat
Waterproof, dustproof, and insanely shock resistant, the Elecom Nestout 5000mAh power bank is the toughest one I’ve tested. This article has been indexed from Latest news Read the original article: I drove a tractor over this $45 power bank –…
Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack
Part of a wave of DDoS attacks that lasted for weeks, the assault was a UDP flood mainly originating from Google Cloud. The post Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack appeared first on SecurityWeek. This article has been indexed…
Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach
In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud – have confirmed their Salesforce instances were accessed.…
Azure AD Credentials Exposed in Public App Settings File
Experts have revealed an Azure AD vulnerability exposing ClientId and ClientSecret in a publicly accessible appsettings.json file This article has been indexed from www.infosecurity-magazine.com Read the original article: Azure AD Credentials Exposed in Public App Settings File
ESPHome Vulnerability Allows Unauthorized Access to Smart Devices
A critical authentication bypass flaw in ESPHome’s ESP-IDF web server component allows unauthorized users on the same local network to access and control smart devices without any valid credentials. Discovered and reported by security researcher jesserockz, the vulnerability (CVE-2025-57808) undermines…
Could a tablet survive a real hike? This Samsung Galaxy model did – and I’d bring it again
With hot-swappable dual batteries and multiple physical buttons, the Samsung Galaxy Tab Active5 Pro is built for top-tier performance in the field. This article has been indexed from Latest news Read the original article: Could a tablet survive a real…