Hawaiian Airlines is responding to a significant cybersecurity incident that has disrupted parts of its information technology infrastructure, the company confirmed Thursday. While the full extent and nature of the attack remain undisclosed, the airline emphasized that flight operations continue…
Hunt Electronic DVR Vulnerability Leaves Admin Credentials Unprotected
A newly disclosed critical vulnerability in Hunt Electronics’ hybrid DVRs has left thousands of surveillance systems dangerously exposed, with administrator credentials accessible in plaintext to anyone on the internet. Security researchers have assigned this flaw the identifier CVE-2025-6561, and it…
How to Protect Your Drupal Site From Cyberattacks
If you do the basics right — update regularly, control permissions and protect logins — you’ll already be ahead of most sites on the web. The post How to Protect Your Drupal Site From Cyberattacks appeared first on Security Boulevard. This article has been…
The Age of Integrity
We need to talk about data integrity. Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations…
Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit
A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit. The activity has been attributed with medium confidence to a Chinese hacking…
Business Case for Agentic AI SOC Analysts
Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today’s security leaders are expected to reduce risk and deliver results without relying on larger…
Researchers Warn Free VPNs Could Leak US Data to China
Tech Transparency Project warns Chinese-owned VPNs like Turbo VPN and X-VPN remain on Apple and Google app stores, raising national security concerns. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the…
Threat Actors Employ Clickfix Tactics to Deliver Malicious AppleScripts That Steal Login Credentials
A sophisticated new malware campaign targeting macOS users has emerged, employing deceptive “Clickfix” tactics to distribute malicious AppleScripts designed to harvest sensitive user credentials and financial data. The campaign leverages typosquatted domains that closely mimic legitimate finance platforms and Apple…
MongoDB Server Pre-Authentication Vulnerability Let Attackers Trigger DoS Condition
A critical pre-authentication denial of service vulnerability was identified as CVE-2025-6709, affecting multiple versions of MongoDB Server across its 6.0, 7.0, and 8.0 release branches. Summary1. MongoDB CVE-2025-6709 allows unauthenticated attackers to crash servers (CVSS 7.5).2. Malicious JSON payloads with…
IT Security News Hourly Summary 2025-06-27 12h : 3 posts
3 posts were published in the last hour 9:42 : APT-C-36 Hackers Launching Cyberattacks on Government Entities, Financial Sectors, and Critical Systems 9:42 : Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability 9:41 : CitrixBleed 2 Vulnerability Exploited, Recalling Earlier CitrixBleed…
RevEng.ai Raises $4.15 Million to Secure Software Supply Chain
RevEng.ai has raised $4.15 million in seed funding for an AI platform that automatically detects malicious code and vulnerabilities in software. The post RevEng.ai Raises $4.15 Million to Secure Software Supply Chain appeared first on SecurityWeek. This article has been…
ClickFix Attacks Soar by 500%: Hackers Intensify Use of This Manipulative Technique to Deceive Users
A novel social engineering technique dubbed “ClickFix” has surged by an alarming 517% between the second half of 2024 and the first half of 2025, as reported by ESET telemetry data. This manipulative attack vector, now the second most prevalent…
Windows 11 Retires Blue Screen of Death Error Replaces With Black Screen
Microsoft is retiring one of computing’s most recognizable error messages after nearly four decades. The iconic Blue Screen of Death (BSOD) that has haunted Windows users since the 1980s will be replaced with a streamlined Black Screen of Death as part…
Threat Actors Embed Malware on Windows System’s Task Scheduler to Maintain Persistence
A sophisticated cyber attack targeting critical national infrastructure in the Middle East has revealed how threat actors are leveraging Windows Task Scheduler to maintain persistent access to compromised systems. The attack involves a malicious variant of the Havoc framework, a…
Chinese Hackers Target Chinese Users With RAT, Rootkit
China-linked Silver Fox hacking group is targeting Chinese users with fake installers carrying a RAT and a rootkit. The post Chinese Hackers Target Chinese Users With RAT, Rootkit appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
APT-C-36 Hackers Launching Cyberattacks on Government Entities, Financial Sectors, and Critical Systems
The cyber threat group APT-C-36, widely known as Blind Eagle, has been orchestrating sophisticated cyberattacks targeting a range of sectors across Latin America, with a pronounced focus on Colombian organizations. This group has consistently zeroed in on government institutions, financial…
Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability
The Citrix NetScaler vulnerability tracked as CitrixBleed 2 and CVE-2025–5777 may be exploited in the wild for initial access. The post Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
CitrixBleed 2 Vulnerability Exploited, Recalling Earlier CitrixBleed Fallout
This new CitrixBleed lookalike flaw is being exploited in the wild to gain initial access, according to ReliaQuest This article has been indexed from www.infosecurity-magazine.com Read the original article: CitrixBleed 2 Vulnerability Exploited, Recalling Earlier CitrixBleed Fallout
Your Android phone is getting a big security upgrade for free – here’s what’s new
Google says its latest security features are designed to block scam calls and texts, shady apps, and even phone theft. Here’s how they work. This article has been indexed from Latest stories for ZDNET in Security Read the original article:…
APT42 impersonates cyber professionals to phish Israeli academics and journalists
Iran-linked APT42 targets Israeli experts with phishing attacks, posing as security professionals to steal email credentials and 2FA codes. Iran-linked group APT42 (aka Educated Manticore, Charming Kitten, and Mint Sandstorm) is targeting Israeli journalists, cybersecurity experts, and academics with phishing attacks,…
Vulnerability Exposed All Open VSX Repositories to Takeover
A vulnerability in the extension publishing mechanism of Open VSX could have allowed attackers to tamper with any repository. The post Vulnerability Exposed All Open VSX Repositories to Takeover appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted
Threat intelligence firm GreyNoise is warning of a “notable surge” in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025—suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems.MOVEit Transfer is a…
Mitsubishi Electric AC Flaw Lets Hackers Remotely Control Systems
A critical security vulnerability has been discovered in multiple Mitsubishi Electric air conditioning systems, potentially allowing hackers to bypass authentication and remotely control affected units. The flaw, identified as CVE-2025-3699, was disclosed by Mitsubishi Electric on June 26, 2025, and…
Windows Says Goodbye to Blue Screen of Death, Introduces Black Screen
After nearly four decades as a symbol of frustration and failure for PC users worldwide, Microsoft is officially retiring the iconic Blue Screen of Death (BSOD) in favor of a new, sleeker Black Screen of Death. The change, set to…
Microsoft 365 Direct Send Abused for Phishing
Hackers are abusing the Microsoft 365 Direct Send feature to deliver phishing emails that bypass email security controls. The post Microsoft 365 Direct Send Abused for Phishing appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Abstract Security Adds Data Lake to Reduce Storage Costs
Abstract Security this week added a data lake, dubbed LakeVilla, to a portfolio of tools for migrating data between cybersecurity tools to provide a less expensive alternative to a security information event management (SIEM) platform for storing data. The post…
MOVEit Transfer Systems Face Fresh Attack Risk Following Scanning Activity Surge
GreyNoise observed a surge in scanning activity targeting MOVEit Transfer systems since May 27, indicating the software could face renewed attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: MOVEit Transfer Systems Face Fresh Attack Risk Following…