Akamai documents a privilege escalation flaw in Windows Server 2025 after Redmond declines to ship an immediate patch. The post Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Signal Gives Microsoft a Clear Signal: Do NOT Recall This
Black screen of DRM: Privacy-first messenger blocks Microsoft Recall The post Signal Gives Microsoft a Clear Signal: Do NOT Recall This appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: Signal Gives…
IT Security News Hourly Summary 2025-05-22 18h : 12 posts
12 posts were published in the last hour 15:35 : Sicherheitsexperte Brian Krebs Ziel von DDoS-Attacke mit 6,3 Terabit pro Sekunde 15:33 : Signal Desktop Blocks Microsoft Recall Screenshots 15:33 : Gujarat Teen Arrested for Orchestrating Over 50 Cyberattacks in…
Database Leak Reveals 184 Million Infostealer-Harvested Emails and Passwords
Cybersecurity researcher Jeremiah Fowler discovered a misconfigured cloud server containing a massive 184 million login credentials, likely collected… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Database Leak…
Vidar and StealC Malware Delivered Through Viral TikTok Videos by Hackers
A sophisticated social engineering campaign that leverages the viral power of TikTok to distribute dangerous information-stealing malware, specifically Vidar and StealC. This alarming trend marks a shift in cybercriminal tactics, moving away from traditional methods like fake CAPTCHA pages to…
Researchers Warn of ‘Smiao Network’ Cyber Threat Against Taiwan’s Federal Staff
The Foundation for Defense of Democracies (FDD) and cybersecurity firm TeamT5 has exposed an intricate Chinese intelligence operation, dubbed the ‘Smiao Network,’ targeting federal workers in both the United States and Taiwan. This network, linked to the Chinese technology company…
Cityworks Zero-Day Vulnerability Used by UAT-638 Hackers to Infect IIS Servers with Shell Malware
Cisco Talos has uncovered active exploitation of a zero-day remote-code-execution vulnerability, identified as CVE-2025-0994, in Cityworks, a widely used asset management system. This critical flaw has been leveraged by a group tracked as UAT-6382, assessed with high confidence to be…
Armitage Installation Step By Step Guide – V1
Imagine you’re learning to be a digital detective, and you need the right tools to uncover vulnerabilities. That’s… The post Armitage Installation Step By Step Guide – V1 appeared first on Hackers Online Club. This article has been indexed from…
Lantronix Device Installer
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity Vendor: Lantronix Equipment: Device Installer Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access…
CVE-2024-46986 – Arbitrary File Write in Camaleon CMS Leading to RCE
A vulnerability was discovered in Camaleon CMS authenticating attackers to write files on the file system which enabled them to execut remote code under certain conditions. The post CVE-2024-46986 – Arbitrary File Write in Camaleon CMS Leading to RCE appeared…
Irish privacy watchdog OKs Meta to train AI on EU folks’ data
Case in Germany could derail Zuck’s plans, noyb tells El Reg fight isn’t over The Irish Data Protection Commission has cleared the way for Meta to begin slurping up the data of European citizens for training AI next week, ongoing…
Halo Security Achieves SOC 2 Type 1 Compliance, Validating Security Controls for Its Attack Surface Management Platform
Miami, Florida, 22nd May 2025, CyberNewsWire The post Halo Security Achieves SOC 2 Type 1 Compliance, Validating Security Controls for Its Attack Surface Management Platform appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the…
UAE Recruiting US Personnel Displaced by DOGE to Work on AI for its Military
A UAE brigadier general received permission from the Pentagon to recruit former members of the Defense Digital Service to work on artificial intelligence for the UAE military — despite past warnings from US spy agencies and federal lawmakers that UAE…
Lumma Stealer Infrastructure Behind Global Attacks on Millions of Users Dismantled
The U.S. Justice Department, in collaboration with the FBI and private sector partners like Microsoft, has announced the disruption of the Lumma Stealer (also known as LummaC2) malware infrastructure. This global operation targeted the notorious Malware-as-a-Service (MaaS) platform, which has…
Malicious VS Code Extensions Target Windows Solidity Developers to Steal Login Credentials
Datadog Security Research has uncovered a targeted malware campaign aimed at Solidity developers on Windows systems, using malicious Visual Studio Code (VS Code) extensions as the initial attack vector. Identified as the work of a single threat actor tracked as…
Hackers Deploy Weaponized npm Packages to Target React and Node.js JavaScript Frameworks
Socket’s Threat Research Team, a series of malicious npm packages have been found lurking in the JavaScript ecosystem for over two years, amassing more than 6,200 downloads. These weaponized packages, targeting popular frameworks like React, Vue.js, Vite, Node.js, and the…
Global Data Breach Uncovers 23 Million Stolen Credentials
As a consequence of the fact that a single set of login credentials can essentially unlock an individual’s financial, professional, and personal life, the exposure of billions of passwords represents more than just a routine cybersecurity concern today- it…
Beware iPhone Users: Indian Government Issues Urgent Advisory Over Data Theft Risk
The Indian government has issued an urgent security warning to iPhone and iPad users, citing major flaws in Apple’s iOS and iPadOS software. If not addressed, these vulnerabilities could allow cybercriminals to access sensitive user data or make devices…
Scattered Spider Cyberattack Cripples M&S, Co-op: DragonForce Ransomware Causes Weeks-Long Disruption
Weeks after a significant cyberattack disrupted operations at major British retailers, companies like Marks & Spencer (M&S) and Co-op are still struggling to restore full functionality. Despite public reassurances, the scope of the attack is proving more serious than…
Unpatched Windows Server vulnerability allows full domain compromise
A privilege escalation vulnerability in Windows Server 2025 can be used by attackers to compromise any user in Active Directory (AD), including Domain Admins. “The [“BadSuccessor”] attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows…
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. “UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web…
AI-Generated TikTok Videos Used to Distribute Infostealer Malware
Malware campaign exploiting TikTok’s popularity has been observed using social engineering to spread Vidar and StealC This article has been indexed from www.infosecurity-magazine.com Read the original article: AI-Generated TikTok Videos Used to Distribute Infostealer Malware
Sicherheitsexperte Brian Krebs Ziel von DDoS-Attacke mit 6,3 Terabit pro Sekunde
Ein neues Botnet schickt sich an, das Erbe von Mirai anzutreten – nur ungleich stärker. Ein Sicherheitsexperte wurde mit 6,3 Terabit pro Sekunde attackiert. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Sicherheitsexperte Brian Krebs…
Signal Desktop Blocks Microsoft Recall Screenshots
Messaging app Signal updates its Windows app to block Microsoft Recall from taking screenshots of people’s conversations This article has been indexed from Silicon UK Read the original article: Signal Desktop Blocks Microsoft Recall Screenshots