A new wave of macOS-targeted malware has emerged under the radar—despite employing advanced process reconnaissance and maintaining successful notarization status for years. Jamf Threat Labs recently uncovered a developer-signed sample on VirusTotal that used sophisticated endpoint profiling and established persistence…
DDoS Mitigation Provider Hit by Massive 1.5 Billion Packets Per Second Attack
FastNetMon today announced it detected a record-scale distributed denial-of-service (DDoS) attack targeting the website of a leading DDoS scrubbing vendor in Western Europe. The attack peaked at 1.5 billion packets per second (1.5 Gpps), making it one of the largest…
Cynomi simplifies vendor risk management
Cynomi has launched its Third-Party Risk Management (TPRM) module. Delivered as an add-on to the Cynomi vCISO Platform, the new capability integrates vendor risk management into existing service providers’ workflows. The global third-party risk management market, valued at $7.42 billion…
npm update, Cursor Autorun flaw details, Microsoft probe over Ascension hack?
The npm incident: nothing to fret about? Cursor Autorun flaw lets repositories execute code without consent Senator Wyden urges FTC to probe Microsoft over Ascension hack Huge thanks to our sponsor, Vanta Do you know the status of your compliance…
Hush Security emerges from stealth to replace legacy vaults with secretless access
Hush Security has raised $11 million in seed funding led by Battery Ventures and YL Ventures. As agentic AI expands, Hush replaces legacy vaults and secrets across the enterprise with just-in-time, policy-driven access controls enforced at runtime. This approach eliminates…
Key Operators of LockerGoga, MegaCortex, and Nefilim Ransomware Gangs Arrested
The U.S. District Court for the Eastern District of New York has charged Volodymyr Viktorovich Tymoshchuk, a Ukrainian national known as deadforz, Boba, msfv, and farnetwork, for his role in administering LockerGoga, MegaCortex, and Nefilim ransomware operations. The indictment alleges…
ACSC Warns of Actively Exploited SonicWall Access Control Vulnerability
The Australian Cyber Security Centre (ACSC) has issued an urgent warning about a critical vulnerability in SonicWall firewall devices that is being actively exploited by threat actors. The flaw, tracked as CVE-2024-40766, affects SonicOS management access and SSLVPN functionality across…
Chrome Extension Scam Exposed: Hackers Stealing Meta Accounts
A sophisticated campaign targeting Meta advertisers through fake AI-powered ad optimization tools has been uncovered, with cybercriminals deploying malicious Chrome extensions to steal credentials and hijack business accounts. Cybereason Security Services has identified an evolving malicious Chrome extension campaign that…
When typing becomes tracking: Study reveals widespread silent keystroke interception
You type your email address into a website form but never hit submit. Hours later, a marketing email shows up in your inbox. According to new research, that is not a coincidence. A team of researchers from UC Davis, Maastricht…
AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto
Cybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring and Management (RMM) software, to deliver a fleshless loader that drops a remote access trojan (RAT) called AsyncRAT to steal sensitive data from…
Hackers Reap Minimal Gains from Massive npm Supply Chain Breach
On September 8th, 2025, at approximately 9AM EST, the npm ecosystem faced an acute supply chain attack. A threat actor leveraged social engineering techniques to compromise the account of well-known npm developer Qix, subsequently publishing malicious releases for several widely-used…
Reflected XSS Flaw Enables Attackers to Evade Amazon CloudFront Protection Using Safari
A recent bug bounty discovery has drawn attention to a browser-specific reflected Cross-Site Scripting (XSS) vulnerability on help-ads.target.com. This flaw was found to bypass Amazon CloudFront’s Web Application Firewall (WAF) protections but could only be exploited on the Safari browser.…
Dell PowerProtect Data Manager Flaw Allows System Compromise by Attackers
Dell has released a critical security update for its PowerProtect Data Manager (PPDM) platform, addressing multiple vulnerabilities that could allow attackers to compromise systems and execute arbitrary commands. The security advisory DSA-2025-326 reveals several high-severity flaws affecting versions 19.19 and…
NASA bars Chinese citizens from its facilities, networks, even Zoom calls
You don’t need to be a rocket scientist to figure out the reasons why NASA has barred Chinese nationals from accessing its premises and assets, even those who hold visas that permit them to reside in the USA.… This article…
Authorities Arrested Admins Of “LockerGoga,” “MegaCortex,” And “Nefilim” Ransomware Gangs
The U.S. District Court for the Eastern District of New York has unsealed a superseding indictment against a Ukrainian national, charging him with his alleged role as an administrator in the LockerGoga, MegaCortex, and Nefilim ransomware operations. The schemes reportedly…
Why organizations need a new approach to risk management
To succeed in the risk environment, risk, audit, and compliance leaders need to focus on what Gartner calls “reflexive risk ownership.” This is a future state where business leaders don’t just identify and manage risks after they occur, but instinctively…
The state of DMARC adoption: What 10M domains reveal
In this Help Net Security video, John Wilson, Senior Fellow, Threat Research at Fortra, explores the state of DMARC adoption across the top 10 million internet domains. He explains how SPF, DKIM, and DMARC work together to prevent email spoofing,…
AI is everywhere, but scaling it is another story
AI is being adopted across industries, but many organizations are hitting the same obstacles, according to Tines. IT leaders say orchestration is the key to scaling AI. They point to governance, visibility, and collaboration as the critical areas executives need…
How attackers weaponize communications networks
In this Help Net Security interview, Gregory Richardson, Vice President, Advisory CISO Worldwide, at BlackBerry, talks about the growing risks to communications networks. He explains why attackers focus on these networks and how their motivations range from corporate espionage to…
IT Security News Hourly Summary 2025-09-11 06h : 1 posts
1 posts were published in the last hour 4:2 : Beijing went to ‘EggStreme’ lengths to attack Philippines military, researchers say
Beijing went to ‘EggStreme’ lengths to attack Philippines military, researchers say
Ovoid-themed in-memory malware offers a menu for mayhem ‘EggStreme’ framework looks like the sort of thing Beijing would find handy in its ongoing territorial beefs Infosec outfit Bitdefender says it’s spotted a strain of in-memory malware that looks like the…
IT Security News Hourly Summary 2025-09-11 03h : 6 posts
6 posts were published in the last hour 1:4 : T-Mobile will give you a free iPhone 17 Pro right now – how the preorder deal works 1:4 : iPhone 17 Pro Max vs. Google Pixel 10 Pro XL: I…
ISC Stormcast For Thursday, September 11th, 2025 https://isc.sans.edu/podcastdetail/9608, (Thu, Sep 11th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, September 11th, 2025…
T-Mobile will give you a free iPhone 17 Pro right now – how the preorder deal works
At T-Mobile, you can get the all-new iPhone 17 Pro for free when you sign up for or switch to the Experience Beyond mobile plan and use a qualifying trade-in. This article has been indexed from Latest news Read the…