The revelation that commercially available FlexiSPY spyware was clandestinely installed on devices belonging to Kenyan filmmakers while in police custody has ignited fresh concerns over press freedom and governmental overreach. Forensic analysis conducted by the Citizen Lab at the University…
CoreDNS Vulnerability Allows Attackers to Poison DNS Cache and Block Updates
A critical flaw in CoreDNS’s etcd plugin can let attackers pin DNS records in caches for years, effectively blocking legitimate updates. This vulnerability, tracked as CVE-2025-58063, stems from incorrect handling of etcd lease IDs. It affects every CoreDNS release from…
100,000 Impacted by Cornwell Quality Tools Data Breach
The tools manufacturer was targeted in a ransomware attack claimed by the Cactus group. The post 100,000 Impacted by Cornwell Quality Tools Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: 100,000…
UAE’s K2 Think AI Jailbroken Through Its Own Transparency Features
Researchers exploited K2 Think’s built-in explainability to dismantle its safety guardrails, raising new questions about whether transparency and security in AI can truly coexist. The post UAE’s K2 Think AI Jailbroken Through Its Own Transparency Features appeared first on SecurityWeek.…
Akira Ransomware Attacks Fuel Uptick in Exploitation of SonicWall Flaw
The Akira ransomware group is likely exploiting a combination of three attack vectors to gain unauthorized access to vulnerable appliances. The post Akira Ransomware Attacks Fuel Uptick in Exploitation of SonicWall Flaw appeared first on SecurityWeek. This article has been…
The True Value of Single Sign-On (SSO): A Comprehensive Guide for Technical Professionals
This comprehensive guide was developed to help technical professionals understand the strategic value of SSO and develop implementation approaches appropriate f The post The True Value of Single Sign-On (SSO): A Comprehensive Guide for Technical Professionals appeared first on Security…
Secure by Design, Visible by Choice: Why Authentication Page Optimization Matters for B2B SaaS
Enterprise customers demand both ironclad security and seamless user experiences. Your authentication pages are more than just login forms—they’re the gat The post Secure by Design, Visible by Choice: Why Authentication Page Optimization Matters for B2B SaaS appeared first on…
Top 10 Essential DevOps Tools to Use in 2025 and Beyond
Explore the essential DevOps tools for 2025 that enhance automation, monitoring, and collaboration. Discover the latest technologies including IaC, CI/CD, conta The post Top 10 Essential DevOps Tools to Use in 2025 and Beyond appeared first on Security Boulevard. This…
How to Cut Your Auth0 Bill by 70% Without Losing Enterprise Features
Learn how to cut your Auth0 bill by 70% without losing enterprise features. Explore flat-rate IAM with SSOJet for predictable pricing and growth. The post How to Cut Your Auth0 Bill by 70% Without Losing Enterprise Features appeared first on…
Top Identity and Access Management (IAM) Solutions for 2025
Discover 25 top Identity and Access Management (IAM) solutions for 2025. Streamline access, enhance security, and find the perfect fit for your organization. The post Top Identity and Access Management (IAM) Solutions for 2025 appeared first on Security Boulevard. This…
Cyber Attack Exposes LNER Train Passengers’ Personal Data
London North Eastern Railway (LNER) has confirmed that an unauthorized breach at one of its third-party suppliers exposed contact details and travel histories of some passengers. No banking or password data were involved. The company says it is treating the…
EggStreme Malware Emerges With Fileless Techniques and DLL Sideloading Payloads
A Chinese APT group compromised a Philippine military company using a new, fileless malware framework called EggStreme. This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads. The core…
Kosovo man pleads guilty to running online criminal marketplace BlackDB
Kosovo man Liridon Masurica pleaded guilty to running the cybercrime marketplace BlackDB. He was arrested in 2024. Kosovo citizen Liridon Masurica (33) of Gjilan, aka @blackdb, pleaded guilty to running the BlackDB cybercrime market. Kosovo police arrested Masurica on December…
kkRAT Exploits Network Protocols to Exfiltrate Clipboard Data
The threat actor delivers three Remote Access Trojans (RATs)—ValleyRAT, FatalRAT, and a newly discovered RAT dubbed kkRAT—via phishing sites hosted on GitHub Pages. These sites masquerade as legitimate software installers for popular applications. In each instance, a ZIP archive contains…
Palo Alto Networks User-ID Agent Flaw Leaks Passwords in Cleartext
A newly disclosed vulnerability in the Palo Alto Networks User-ID Credential Agent on Windows systems allows service account passwords to be exposed in cleartext under certain non-default configurations. Tracked as CVE-2025-4235, the flaw carries a CVSS base score of 4.2…
A Practical Guide to API Threat Analytics in Cloud Platforms
Any modern application is centered around APIs. They drive mobile applications, link business systems, and deliver new digital experiences. However, the convenience has its own risks — attackers often use APIs to break into systems. Basic security steps like authentication…
Brussels faces privacy crossroads over encryption backdoors
Over 600 security boffins say planned surveillance crosses the line Europe, long seen as a bastion of privacy and digital rights, will debate this week whether to enforce surveillance on citizens’ devices.… This article has been indexed from The Register…
Email Security Startup AegisAI Launches With $13 Million in Funding
AegisAI uses autonomous AI agents to prevent phishing, malware, and BEC attacks from reaching inboxes. The post Email Security Startup AegisAI Launches With $13 Million in Funding appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
AI Emerges as the Hope—and Risk—for Overloaded SOCs
With security teams drowning in alerts, many suppress detection rules and accept hidden risks. AI promises relief through automation and triage—but without human oversight, it risks becoming part of the problem. The post AI Emerges as the Hope—and Risk—for Overloaded…
Senator Urges FTC Probe of Microsoft Over Security Failures
Senator Ron Wyden’s complaints focus on Windows security and the Kerberoasting attack technique. The post Senator Urges FTC Probe of Microsoft Over Security Failures appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Senator…
IT Security News Hourly Summary 2025-09-11 12h : 9 posts
9 posts were published in the last hour 10:4 : PoisonSeed Threat Actor Strengthens Credential Theft Operations with New Domains 10:3 : Attackers abuse ConnectWise ScreenConnect to drop AsyncRAT 10:3 : Zero Outages, Full Visibility: How PacificSource Automated SSL TLS…
Why File Integrity Monitoring (FIM) Is a Must for Compliance — And How to Pick the Right Solution
As Fortra’s new File Integrity Monitoring Buyer’s Guide states, “What was once a security control for simple file changes now ensures integrity across organizations’ entire systems.” The landscape has evolved significantly since Fortra’s Tripwire introduced file integrity monitoring (FIM) over…
‘Astronaut-in-distress’ romance scammer steals money from elderly woman
A Japanese octogenarian lost thousands of dollars after being scammed by someone who described himself as an astronaut in need of help. This article has been indexed from Malwarebytes Read the original article: ‘Astronaut-in-distress’ romance scammer steals money from elderly…
Default Cursor setting can be exploited to run malicious code on developers’ machines
An out-of-the-box setting in Cursor, a popular AI source-code editor, could be leveraged by attackers to covertly run malicious code on users’ computers, researchers have warned. An exploitable vulnerability in the Cursor AI editor Cursor is an AI-augmented fork of…