A widespread supply chain attack on the popular Nx build system has compromised dozens of high-traffic packages, exposing sensitive credentials and demonstrating a frighteningly comprehensive approach to future threats. Security researchers have confirmed that malicious versions of Nx—numbered 20.9.0 through…
Baggage Tag Scam
I just heard about this: There’s a travel scam warning going around the internet right now: You should keep your baggage tags on your bags until you get home, then shred them, because scammers are using luggage tags to file…
Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms
A recently uncovered phishing campaign – carefully designed to bypass security defenses and avoid detection by its intended victims – is targeting firms in industrial manufacturing and other companies critical to various supply chains, Check Point researchers have warned. The…
State-Sponsored Hackers Behind Majority of Vulnerability Exploits
Recorded Future highlighted the vast capabilities of state actors to rapidly weaponize newly disclosed vulnerabilities for geopolitical purposes This article has been indexed from www.infosecurity-magazine.com Read the original article: State-Sponsored Hackers Behind Majority of Vulnerability Exploits
IT Security News Hourly Summary 2025-08-29 12h : 2 posts
2 posts were published in the last hour 9:6 : DPRK Remote Work Tactics: Leveraging Code-Sharing Platforms 9:6 : I replaced my deadbolt with this Apple HomeKey smart lock – and it’s an iPhone user’s dream
How attackers adapt to built-in macOS protection
We analyze the built-in protection mechanisms in macOS: how they work, how threat actors can attack them or deceive users, and how to detect such attacks. This article has been indexed from Securelist Read the original article: How attackers adapt…
FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available
The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with an administrator control panel (ACP) exposed to the public internet. FreePBX is an open-source private branch exchange (PBX) platform…
Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Page
Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to address an authentication bypass vulnerability in its software. The issue, which is yet to be assigned a CVE identifier, has been addressed in…
TransUnion Data Breach Compromises Over 4 Million Customers
In a significant data breach disclosed by TransUnion LLC, more than 4.4 million consumers had sensitive personal information compromised in late July 2025. The credit reporting agency, headquartered at 555 W. Adams Street in Chicago, Illinois, revealed the incident on…
Microsoft Teams Abused in Cyberattack Delivering PowerShell-Based Remote Access Malware
In a concerning development for enterprise security, cybercriminals have begun exploiting Microsoft Teams—long trusted as an internal messaging and collaboration tool—to deliver PowerShell-based malware and gain unauthorized remote access to Windows systems. By impersonating IT support personnel and leveraging social…
Simple prompt or agent workflow? How not to overthink AI
The key to AI success is knowing what tool to use when. This article has been indexed from Latest news Read the original article: Simple prompt or agent workflow? How not to overthink AI
Changing these 10 settings on my OnePlus phone gave it a big performance boost
Not sure you’re getting the most out of your OnePlus device? Adjust these settings to unlock better performance and a smoother experience. This article has been indexed from Latest news Read the original article: Changing these 10 settings on my…
Google: Salesloft Drift breach hits all integrations
Google warns that Salesloft Drift OAuth breach affects all integrations, not just Salesforce. All tokens should be treated as compromised. Google disclosed that the Salesloft Drift OAuth breach is broader than Salesforce, affecting all integrations. GTIG and Mandiant advise all…
TransUnion Hack Exposes 4M+ Customers Personal Information
TransUnion, one of the nation’s three major credit reporting agencies, has disclosed a significant data breach that exposed the personal information of more than four million U.S. customers. The company is now alerting affected individuals about the cyber incident, which…
New Mac Malware Dubbed ‘JSCoreRunner’ Weaponizing PDF Conversion Site to Deliver Malware
A sophisticated new Mac malware campaign has emerged, targeting users through a deceptive PDF conversion website that conceals a dangerous two-stage payload. The malware, dubbed “JSCoreRunner,” represents a significant evolution in macOS threats, demonstrating how cybercriminals are adapting their techniques…
Nagios XSS Vulnerability Let Remote Attackers to Execute Arbitrary JavaScript
Nagios XI, a widely-deployed network monitoring solution, has addressed a critical cross-site scripting (XSS) vulnerability in its Graph Explorer feature that could enable remote attackers to execute malicious JavaScript code within users’ browsers. The security flaw was patched in version…
How Adversary-In-The-Middle (AiTM) Attack Bypasses MFA and EDR?
Adversary-in-the-Middle (AiTM) attacks are among the most sophisticated and dangerous phishing techniques in the modern cybersecurity landscape. Unlike traditional phishing attacks that merely collect static credentials, AiTM attacks actively intercept and manipulate communications between users and legitimate services in real-time,…
Cybercriminals Harness AI and Automation, Leaving Southeast Asia Exposed
A new study warns that cybercriminals are leveraging artificial intelligence (AI) and automation to strike faster and with greater precision, exposing critical weaknesses in Southeast Asia—a region marked by rapid digital growth and interconnected supply chains. The findings urge…
Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domain
Authorities from the Netherlands and the United States have announced the dismantling of an illicit marketplace called VerifTools that peddled fraudulent identity documents to cybercriminals across the world. To that end, two marketplace domains (verif[.]tools and veriftools[.]net) and one blog…
Safety-critical industries wary about using AI for cybersecurity
Finance, tech and professional services are among the sectors with the widest adoption of AI-based security tools, according to a new report. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Safety-critical industries wary…
NetScaler warns hackers are exploiting zero-day vulnerability
The company is urging customers to patch their devices immediately, saying the flaw could lead to denial of service or remote code execution. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: NetScaler warns…
US, allies warn China-linked actors still targeting critical infrastructure
An advisory from 13 countries says state-backed hackers continue trying to breach telecommunications systems and other vital networks. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: US, allies warn China-linked actors still targeting…
Federal, state officials investigating ransomware attack targeting Nevada
The Sunday attack disrupted key services across the state and led to the theft of some data. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Federal, state officials investigating ransomware attack targeting Nevada
DPRK Remote Work Tactics: Leveraging Code-Sharing Platforms
DPRK IT workers have leveraged popular code-sharing platforms such as GitHub, CodeSandbox, and Medium to cultivate convincing developer portfolios and land remote positions under fabricated identities. Investigations reveal approximately 50 active GitHub profiles operated by North Korean actors, supplemented by…
I replaced my deadbolt with this Apple HomeKey smart lock – and it’s an iPhone user’s dream
Say goodbye to bulky smart locks – the Matter-enabled Level Lock Pro maintains a sleek deadbolt look while packing advanced smart features. This article has been indexed from Latest news Read the original article: I replaced my deadbolt with this…
Operation Serengeti 2.0: Trend Micro Helps Law Enforcement Fight Cybercrime in Africa
Operation Serengeti 2.0: With Trend Micro’s support, INTERPOL led a major crackdown across Africa, arresting cybercriminals, dismantling infrastructures, recovering illicit funds, and protecting tens of thousands of victims. This article has been indexed from Trend Micro Research, News and Perspectives…
Threat Actors Use Facebook Ads to Deliver Android Malware
Cybercriminals are increasingly turning their sights from desktop to mobile, exploiting Meta’s advertising platform to distribute a sophisticated Android banking trojan disguised as a free TradingView Premium app. Bitdefender Labs warns that these threat actors have shifted tactics after months…