Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise SonicWall secure mobile access devices, the vendor has confirmed by updating the associated advisories. CISA has added the two flaws to its Known Exploited Vulnerabilities catalog, and Watchtowr…
Microsoft Exchange Online Flagging Gmail Emails as Spam – Fixes Issued
Microsoft has resolved a widespread issue with its Exchange Online service that caused legitimate emails from Gmail accounts to be incorrectly identified as spam and quarantined. The problem, which began on April 25, affected numerous organizations using Microsoft 365 and…
Hackers Weaponizing Go Modules to Deliver Disk-Wiping Malware Leads to Data Loss
A devastating new supply-chain attack has emerged in the Go ecosystem, with attackers deploying highly destructive disk-wiping malware through seemingly legitimate modules. This sophisticated attack exploits the inherent openness of Go’s package ecosystem, where developers routinely source modules directly from…
ANY.RUN Unveils Q1 2025 Malware Trends Report, Highlighting Evolving Cyber Threats
ANY.RUN, a leading cybersecurity firm, has released its Q1 2025 Malware Trends Report, offering critical insights into the dynamic cyber threat landscape. Drawing from data analyzed by 15,000 companies and 500,000 analysts within ANY.RUN’s Interactive Sandbox delivers actionable intelligence to…
Raytheon, Nightwing to Pay $8.4 Million in Settlement Over Cybersecurity Failures
The US government says defense contractor Raytheon and Nightwing agreed to pay $8.4 million to settle False Claims Act allegations. The post Raytheon, Nightwing to Pay $8.4 Million in Settlement Over Cybersecurity Failures appeared first on SecurityWeek. This article has…
TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China
Ireland’s Data Protection Commission (DPC) on Tuesday fined popular video-sharing platform TikTok €530 million ($601 million) for infringing data protection regulations in the region by transferring European users’ data to China. “TikTok infringed the GDPR regarding its transfers of EEA…
White House Warns China of Cyber Retaliation Over Infrastructure Hacks
NSC’s Alexei Bulazel said that failing to robustly respond to constant Chinese intrusions into critical infrastructure is in itself “escalatory” This article has been indexed from www.infosecurity-magazine.com Read the original article: White House Warns China of Cyber Retaliation Over Infrastructure…
Apple Warns Trump’s Tariffs Will Raise Costs By $900m
Apple says iPhones sold in US will no longer come from China, as Q2 results show it has so far mostly avoided Trump’s tariff impact This article has been indexed from Silicon UK Read the original article: Apple Warns Trump’s…
In Other News: NullPoint Source Code Leak, $17,500 for iPhone Flaw, BreachForums Down
Noteworthy stories that might have slipped under the radar: NullPoint Stealer source code leaked, researcher earns $17,500 from Apple for vulnerability, BreachForums down after zero-day exploitation by police. The post In Other News: NullPoint Source Code Leak, $17,500 for iPhone…
macOS Sandbox Escape Vulnerability Allows Keychain Deletion and Replacement
A security vulnerability in macOS has been discovered. It allows malicious actors to escape the App Sandbox protection by manipulating security-scoped bookmarks. Tracked as CVE-2025-31191, this vulnerability enables a threat actor to delete and replace a keychain entry critical for authenticating file…
Unmasking AI in Cybersecurity – From Dark-Web Tactics to Next-Gen Defenses
Artificial intelligence is fundamentally reshaping the cybersecurity landscape, introducing both unprecedented defensive capabilities and alarming new attack vectors. The rapid evolution of generative AI and large language models (LLMs) has created a technological inflection point where digital identity verification mechanisms-including…
State-Sponsored Hacktivism Attacks on The Rise, Rewrites Cyber Threat Landscape
The global cybersecurity landscape is witnessing an alarming paradigm shift as state-sponsored hacktivism attacks have surged dramatically in recent months, blurring the traditional boundaries between politically motivated activism and sophisticated nation-state operations. These hybrid threats combine the ideological zeal of…
NCSC Guidance on “Advanced Cryptography”
The UK’s National Cyber Security Centre just released its white paper on “Advanced Cryptography,” which it defines as “cryptographic techniques for processing encrypted data, providing enhanced functionality over and above that provided by traditional cryptography.” It includes things like homomorphic…
New Microsoft accounts will be “passwordless by default”
Microsoft is making new Microsoft accounts passwordless by default, the company has announced on Thursday, which marked this year’s World Password Day. “As part of [a recently simplified sign-in user experience], we’re changing the default behavior for new accounts,” Vasu…
IT Security News Hourly Summary 2025-05-02 12h : 8 posts
8 posts were published in the last hour 10:3 : Luxury department store Harrods suffered a cyberattack 10:2 : RSA Conference 2025 Announcement Summary (Day 3) 10:2 : MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth…
200+ Fake Retail Sites Used in New Wave of Subscription Scams
Bitdefender uncovers a massive surge in sophisticated subscription scams disguised as online shops and evolving mystery boxes. Learn… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: 200+ Fake…
MIWIC25: Marine Ruhamanya, Cybersecurity Senior Manager
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024’s Top 20 women selected…
15 Billion User Gain Passwordless Access to Microsoft Account Using Passkeys
As the first-ever World Passkey Day replaces the traditional World Password Day, Microsoft joins the FIDO Alliance in celebrating a milestone achievement: over 15 billion online accounts now have access to passwordless authentication through passkeys. This significant shift marks a…
15 PostgreSQL Monitoring Tools – 2025
PostgreSQL monitoring tools are essential for database administrators to ensure the optimal performance, availability, and reliability of PostgreSQL databases. These tools provide real-time insights into performance metrics, such as query execution times, CPU usage, memory consumption, and disk I/O, helping…
UK Retailers Co-op, Harrods and M&S Struggle With Cyberattacks
Major UK retailers Co-op, Harrods, and M&S are scrambling to restore services that were affected by cyberattacks. The post UK Retailers Co-op, Harrods and M&S Struggle With Cyberattacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Use AI-Driven Reconnaissance to Identify Cyber Threats
Surviving in the digital world is not about stopping the next attack. It’s about preventing any new attack from surfacing. It’s about cyberdefense – predictively and not just reactively. Like the time when GPS revolutionized navigation by showing us what…
How to Automate CVE and Vulnerability Advisory Response with Tines
Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community – all free to import and deploy through the platform’s Community Edition. A recent standout…
7 Malicious PyPI Packages Abuse Gmail’s SMTP Protocol to Execute Malicious Commands
A sophisticated software supply chain attack leveraging Python Package Index (PyPI) repositories to deploy malware using Google’s SMTP infrastructure as a command-and-control mechanism. The campaign involved seven malicious packages – Coffin-Codes-Pro, Coffin-Codes-NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022, Coffin-Grave, and cfc-bsb – which…
Windows RDP Bug Allows Login With Expired Passwords – Microsoft Confirms No Fix
Microsoft has confirmed that its Remote Desktop Protocol (RDP) allows users to log into Windows machines using passwords that have already been changed or revoked. The company says it has no plans to change this behavior, describing it as an…
Hackers Using New Eye Pyramid Tool to Leverage Python & Deploy Malware
Cybersecurity experts have identified a sophisticated hacking tool called “Eye Pyramid” being actively deployed in malicious campaigns since mid-January 2025. This tool, originally open-sourced on GitHub in 2022, has only recently gained traction among threat actors, leveraging Python to deploy…
British govt agents step in as Harrods becomes third mega retailer under cyberattack
Experts suggest the obvious: There is an ongoing coordinated attack on the Britain’s retail sector Globally recognized purveyor of all things luxury Harrods is the third major UK retailer to confirm an attempted cyberattack on its systems in under two…
Nova Scotia Power Says Hackers Stole Customer Information
Nova Scotia Power’s investigation has shown that the recent cyberattack resulted in the theft of some customer information. The post Nova Scotia Power Says Hackers Stole Customer Information appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…