GitLab has issued critical security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with three high-risk flaws enabling denial-of-service (DoS) attacks dominating the threat landscape. The coordinated release of versions 18.0.1, 17.11.3, and 17.10.7…
Hackers Exploit PyBitmessage Library to Evade Antivirus and Network Security Detection
The AhnLab Security Intelligence Center (ASEC) has uncovered a new strain of backdoor malware being distributed alongside a Monero coin miner. This malware leverages the PyBitmessage library, a Python implementation of the Bitmessage protocol, to establish covert peer-to-peer (P2P) communications.…
Hackers Targets Coinbase Users Targeted in Advanced Social Engineering Hack
Coinbase users have become the prime targets of an intricate social engineering campaign since early 2025. Reports from on-chain investigator Zach reveal that over $300 million is stolen annually through these meticulously coordinated attacks, with a staggering $45 million lost…
Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities
Cisco published 10 security advisories detailing over a dozen vulnerabilities, including two high-severity flaws in its Identity Services Engine (ISE) and Unified Intelligence Center. The post Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities appeared first on SecurityWeek. This article has…
Authentifizierung: Kritische Lücke in Samlify macht Angreifer zu Admins
Ein Sicherheitsupdate schließt eine Schwachstelle in der SAML-Bibiliothek Samlify. Attacken sollen vergleichsweise einfach sein. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Authentifizierung: Kritische Lücke in Samlify macht Angreifer zu Admins
New Process Injection Technique Evades EDR by Injecting Malicious Code into Windows Processes
Researchers revealed this method exploits shared memory regions and thread context manipulation to execute malicious payloads without triggering standard detection heuristics. Novel process injection technique leveraging execution-only primitives has demonstrated the ability to bypass leading Endpoint Detection and Response (EDR)…
Attackers Exploit BIND DNS Server Vulnerability to Crash Servers Using Malicious Packets
The vulnerability in BIND DNS server software allowed attackers to crash DNS servers by sending specifically crafted malicious packets. This flaw, identified as CVE-2023-5517, could cause named (the BIND DNS server process) to terminate unexpectedly with an assertion failure when…
Grafana Zero-Day Vulnerability Allows Attackers to Redirect Users to Malicious Sites
The High-severity cross-site scripting (XSS) vulnerability has been discovered in Grafana, prompting the immediate release of security patches across all supported versions. The vulnerability (CVE-2025-4123) enables attackers to redirect users to malicious websites where arbitrary JavaScript code can be executed.…
New Attack Exploits dMSA in Windows Server 2025 to Compromise Any Active Directory Users
A critical vulnerability in Windows Server 2025 that enables attackers to compromise any user in Active Directory, including highly privileged accounts. Dubbed “BadSuccessor,” this attack exploits a feature called delegated Managed Service Accounts (dMSA) and works by default in environments…
Lumma Stealer Infrastructure With 2,300 Domains That Attacks Millions of Users Worldwide Seized
In a coordinated global operation announced on May 21, 2025, law enforcement and cybersecurity partners have successfully disrupted the infrastructure behind Lumma Stealer, one of the most prolific information-stealing malware operations targeting users worldwide. The Justice Department, in conjunction with…
Hackers Attacking Coinbase Users in a Sophisticated Social Engineering Attack
A massive wave of targeted social engineering attacks has been hitting Coinbase users since early 2025, with scammers exploiting insider access to obtain sensitive customer data. Unlike traditional technical breaches, these attacks leverage psychological manipulation to trick users into voluntarily…
BIND DNS Vulnerability Let Attackers Crash DNS Servers With Malicious Packet
A high-severity vulnerability in the BIND DNS server software was recently disclosed that allows attackers to crash DNS servers by sending just a single malicious packet. The Internet Systems Consortium (ISC) released BIND versions 9.18.37, 9.20.9, and 9.21.8 on May…
Grafana 0-Day Vulnerability Let Attackers to Redirect Users to Malicious Websites
A high-severity cross-site scripting (XSS) vulnerability in Grafana could allow attackers to redirect users to malicious websites. The vulnerability, tracked as CVE-2025-4123 received a CVSS score of 7.6 (HIGH), allows attackers to exploit client path traversal and open redirect to…
Western Logistics and Tech Firms Targeted by Russia’s APT28
NSA, NCSC and allies warn Western tech and logistics firms of Russian APT28 cyber-espionage threat This article has been indexed from www.infosecurity-magazine.com Read the original article: Western Logistics and Tech Firms Targeted by Russia’s APT28
IT Security News Hourly Summary 2025-05-22 09h : 3 posts
3 posts were published in the last hour 6:33 : ThreatBook Named a Notable Vendor in Global Network Analysis and Visibility (NAV) Independent Report 6:33 : Hackers Leverage PyBitmessage Library to Bypass AV & Network Security Detections 6:32 : The…
Microsoft: Signal trickst Recall mit DRM aus
Unter anderem Menschenrechtsaktivisten nutzen Signal – entsprechend sollte Microsofts Recall keine Screenshots machen. Signal verhindert diese. (Signal, Microsoft) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Microsoft: Signal trickst Recall mit DRM aus
#Infosec2025: NCC Group Expert Warns UK Firms to Prepare for Cyber Security and Resilience Bill
UK businesses should start to plan for required changes to their cybersecurity programs ahead of the Cyber Security and Resilience Bill This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: NCC Group Expert Warns UK Firms to…
Fast Flux: Herausforderung für die Cybersicherheit
Die NSA warnte vor DNS-Manipulationen durch Fast Flux. Diese Technik stellt eine Bedrohung für die nationale Sicherheit dar und erfordert spezielle Erkennungsmechanismen. Dieser Artikel wurde indexiert von Newsfeed Lesen Sie den originalen Artikel: Fast Flux: Herausforderung für die Cybersicherheit
Signal’s new Windows update prevents the system from capturing screenshots of chats
Signal said today that it is updating its Windows app to prevent the system from capturing screenshots, thereby protecting the content that is on display. The company said that this new “screen security” setting is enabled by default on Windows…
Kettering Health outage, Lumma disrupted, Opexus “major lapse”
Ransomware attack knocks out Kettering Health Lumma malware operation disrupted Federal agencies impacted by “major lapse” at Opexus Huge thanks to our sponsor, Conveyor Half-baked AI answers to security questionnaires are worse than no answer at all. Conveyor’s AI gets…
Behörden warnen: Russische Hacker bei Spionage über IP-Kameras erwischt
Dem russischen Militär zugeordnete Hacker haben es wohl auf Hilfslieferungen an die Ukraine abgesehen. Tausende IP-Kameras wurden infiltriert. (Spionage, Cyberwar) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Behörden warnen: Russische Hacker bei Spionage über…
INE Security Partners with Abadnet Institute for Cybersecurity Training Programs in Saudi Arabia
Cary, North Carolina, 22nd May 2025, CyberNewsWire This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: INE Security Partners with Abadnet Institute for Cybersecurity Training Programs in Saudi Arabia
Russia-linked APT28 targets western logistics entities and technology firms
CISA warns Russia-linked group APT28 is targeting Western logistics and tech firms aiding Ukraine, posing an elevated threat to supply chains Russia-linked cyberespionage group APT28 intensifies its operations against Western logistics and technology companies moving supplies into Ukraine, US CISA…
ThreatBook Named a Notable Vendor in Global Network Analysis and Visibility (NAV) Independent Report
ThreatBook, a global leader cyber threat and response solutions backed by threat intelligence and AI, has been recognized as a notable vendor in Forrester’s Network Analysis And Visibility Solutions Landscape, Q2 2025 report. This marks a major milestone in ThreatBook’s…