A list of topics we covered in the week of September 15 to September 21 of 2025 This article has been indexed from Malwarebytes Read the original article: A week in security (September 15 – September 21)
European airport cyberattack, SMS celltower scam, GPT4-powered ransomware
European airport disruption due to cyberattack check-in and baggage software SMS scammers now using mobile fake cell towers GPT-4-powered MalTerminal malware creates ransomware and Reverse Shell Huge thanks to our sponsor, Conveyor If security questionnaires make you feel like you’re…
Live-Streaming Dangers: Protecting Children in the Digital World
Children face unprecedented risks when live-streaming online, from exposure to predatory behavior to unintended personal data sharing. Understanding these dangers and implementing protective measures is… The post Live-Streaming Dangers: Protecting Children in the Digital World appeared first on Panda Security…
Xiaomi Recalls EVs After Fatal Crash
Xiaomi recalls more than one-third of its popular EVs in China after fatal crash involving its automated driver-assistance technology This article has been indexed from Silicon UK Read the original article: Xiaomi Recalls EVs After Fatal Crash
Beware: GitHub repos distributing Atomic Infostealer on macOS
LastPass warns macOS users of fake GitHub repos distributing Atomic infostealer malware disguised as legitimate tools. LastPass warns macOS users about fake GitHub repositories spreading malware disguised as legitimate tools, redirecting victims to download the Atomic macOS infostealer. “The LastPass…
BlackLock Ransomware Attacking Windows, Linux, and VMware ESXi Environments
A sophisticated new ransomware operation dubbed BlackLock has emerged as a significant threat to organizations worldwide, demonstrating advanced cross-platform capabilities and targeting diverse computing environments. Originally operating under the name “El Dorado” since March 2024, the group rebranded to BlackLock…
Attackers Bypass Windows “Mark of the Web” Protections Using LNK-Stomping
A sophisticated attack technique called LNK Stomping is enabling cybercriminals to bypass Windows security protections designed to block malicious files downloaded from the internet. The technique exploits a vulnerability in Windows shortcuts that was patched in September 2024 as CVE-2024-38217. Windows shortcuts,…
A Cyberattack on Jaguar Land Rover Is Causing a Supply Chain Disaster
The UK-based automaker has been forced to stop vehicle production as a result of the attack—costing JLR tens of millions of dollars and forcing its parts suppliers to lay off workers. This article has been indexed from Security Latest Read…
Trump says Michael Dell is part of the team buying TikTok, with Larry Ellison and maybe some Murdochs
The Register looks forward to a briefing on Dell’s future hyperscale sovereign SaaS platform Dell CEO Michael Dell is part of the consortium that intends to acquire TikTok’s US operations, according to US president Donald Trump.… This article has been…
Hackers Abuse GitHub Pages to Spread Stealer Malware to macOS Users
A sophisticated malware campaign is targeting Mac users through fraudulent GitHub repositories that masquerade as legitimate software downloads, with threat actors exploiting search engine optimization tactics to deliver malicious links directly to unsuspecting victims. The LastPass Threat Intelligence, Mitigation, and…
Threat Actors Market Stealthy New RAT as Alternative to ScreenConnect FUD
Cybersecurity researchers have identified a concerning development in the underground cybercrime marketplace: a sophisticated Remote Access Trojan (RAT) being marketed as a fully undetectable (FUD) alternative to the legitimate ScreenConnect remote access solution. This emerging threat represents a significant escalation…
How Juventus protects fans, revenue, and reputation during matchdays
In this Help Net Security interview, Mirko Rinaldini, Head of ICT at Juventus Football Club, discusses the club’s approach to cyber risk strategy. Juventus has developed a threat-led, outcomes-driven program that balances innovation with protections across matchdays, e-commerce, and digital…
Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants
A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. The vulnerability, tracked as CVE-2025-55241, has been assigned the maximum CVSS score of…
Hackers Deploy New EDR-Freeze Tool to Disable Security Software
A security researcher has released a new tool that can temporarily disable endpoint detection and response (EDR) systems and antivirus software without requiring vulnerable drivers, marking a significant evolution in attack techniques targeting security solutions. Advanced Evasion Through Windows Components…
MalTerminal: New GPT-4-Powered Malware That Writes Its Own Ransomware
A groundbreaking discovery in cybersecurity research has revealed the emergence of ‘MalTerminal’, potentially the earliest known example of Large Language Model (LLM)-enabled malware that leverages OpenAI’s GPT-4 API to dynamically generate ransomware code and reverse shells at runtime. This discovery represents…
Tech troubles create aviation chaos on both sides of the Atlantic
‘Cyber-attack’ on ticketing outfit Collins and cable cuts at Dallas ground hundreds of flights Technology problems hit the commercial aviation industry hard over the weekend, leading to hundreds of cancelled flights and myriad delays on both sides of the Atlantic.……
Cybersecurity AI (CAI): Open-source framework for AI security
Cybersecurity AI (CAI) is an open-source framework that helps security teams build and run AI-driven tools for offensive and defensive tasks. It’s designed for anyone working in security, including researchers, ethical hackers, IT staff, and organizations that want to use…
Extinction Level Cyber Vulnerability Now Fixed
Cybersecurity Today: Major Vulnerabilities and Attacks Uncovered Join host David Shipley for today’s cybersecurity updates on the last day of summer 2025. In this episode, we delve deep into Microsoft’s critical Entra ID vulnerability, a cyber attack crippling major European…
Kubernetes matures as AI and GitOps reshape operations
Kubernetes has moved well past its early adoption phase. The new Komodor 2025 Enterprise Kubernetes Report shows that technical teams are shifting their focus from running containers to managing a growing mix of AI workloads and advanced automation practices like…
Situational Awareness & Family Safety: Staying Alert in Today’s World with Andy Murphy
Join the Shared Security Podcast for a critical discussion about situational awareness with special guest, Andy Murphy, host of the Secure Family Podcast. In a world where mass shootings and violence in public places are alarming realities, staying alert to…
AI needs ethics to avoid real-world harm
In this Help Net Security video, Brittany Allen, Senior Trust and Safety Architect at Sift, explores how the rise of AI agents is creating new fraud risks. She explains how these agents, while designed to assist users, can unintentionally help…
OpenID Foundation sets new standards for real-time security event sharing
The OpenID Foundation (OIDF) has approved three Final Specifications, establishing the first global standards for real-time security event sharing across digital identity systems. The approved Final Specifications are: OpenID Shared Signals Framework 1.0 – Enables secure, real-time delivery of security…
ISC Stormcast For Monday, September 22nd, 2025 https://isc.sans.edu/podcastdetail/9622, (Mon, Sep 22nd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, September 22nd, 2025…
Budget-Friendly Secrets Management Strategies
Why Are Non-Human Identities Critical for Budget-Friendly Security? How can organizations maintain a fortified security posture while staying within budget constraints? This challenge is particularly pressing when considering the management of Non-Human Identities (NHIs), which play a pivotal role in…