Over the past year, federal agents struggled to uncover who operated a notorious child exploitation site on the dark web. Their search took an unexpected turn when the suspect revealed their use of ChatGPT, marking a significant moment in digital…
Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw
Hackers exploit CVE-2025-54236 in Adobe Commerce and Magento to hijack accounts via REST API. Over 250 attacks in 24 hours. E-commerce security company Sansec researchers warn that threat actors are exploiting a critical flaw in Adobe Commerce and Magento, tracked…
Impacket Tool in Kali Repo Upgraded With New Attack Paths and Relay Tricks
The popular Impacket toolkit, a staple in penetration testing and now integrated into the Kali Linux repository, is set for a major upgrade. Maintained by Fortra’s cybersecurity team, the forthcoming release, building on version 0.12, addresses long-standing community requests with…
BIND Updates Address High-Severity Cache Poisoning Flaws
The vulnerabilities allow attackers to predict source ports and query IDs BIND will use, and to inject forged records into the cache. The post BIND Updates Address High-Severity Cache Poisoning Flaws appeared first on SecurityWeek. This article has been indexed…
IT Security News Hourly Summary 2025-10-23 12h : 9 posts
9 posts were published in the last hour 10:4 : IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response 10:4 : New Python-Based RAT Disguised as Minecraft App Steals Sensitive User Data 10:4 : This…
IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response
Cisco Talos Incident Response observed a surge in attacks exploiting public-facing applications — mainly via ToolShell targeting SharePoint — for initial access, with post-exploitation phishing and evolving ransomware tactics also persisting this quarter. This article has been indexed from Cisco…
New Python-Based RAT Disguised as Minecraft App Steals Sensitive User Data
Threat researchers at Netskope have uncovered a sophisticated new Remote Access Trojan (RAT) written in Python that masquerades as “Nursultan Client,” a legitimate Minecraft application popular in Eastern-European and Russian gaming communities. The malware leverages the Telegram Bot API as…
This ‘Privacy Browser’ Has Dangerous Hidden Features
The Universe Browser is believed to have been downloaded millions of times. But researchers say it behaves like malware and has links to Asia’s booming cybercrime and illegal gambling networks. This article has been indexed from Security Latest Read the…
Lanscope Endpoint Manager Zero-Day Exploited in the Wild
The bug has been exploited in the wild as a zero-day and the US cybersecurity agency CISA has added it to its KEV catalog. The post Lanscope Endpoint Manager Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article…
Lumma Stealer Vacuum Filled by Upgraded Vidar 2.0 Infostealer, Researchers Say
Trend Micro believe security teams should anticipate increased Vidar 2.0 prevalence in campaigns through Q4 2025 This article has been indexed from www.infosecurity-magazine.com Read the original article: Lumma Stealer Vacuum Filled by Upgraded Vidar 2.0 Infostealer, Researchers Say
Tesla Recalls More Than 12,000 Cars Over Battery Issue
Tesla issues recall for more than 12,000 Model 3 and Model Y EVs over battery problem that can lead to sudden loss of propulsion This article has been indexed from Silicon UK Read the original article: Tesla Recalls More Than…
SpaceX pulls plug on 2,500 Starlink terminals tied to Myanmar fraud farms
Criminal outfits had been using Musk’s broadband beacons to run cyber-slavery scams across Southeast Asia SpaceX says it has shut down thousands of Starlink terminals that were powering Myanmar’s notorious scam compounds after its satellite network was found to be…
Mobile Security: Verizon Says Attacks Soar, AI-Powered Threats Raise Alarm
Verizon’s 2025 Mobile Security Index shows that 85% of organizations believe mobile device attacks are on the rise. The post Mobile Security: Verizon Says Attacks Soar, AI-Powered Threats Raise Alarm appeared first on SecurityWeek. This article has been indexed from…
Belgium Considers Power Limits On AI Data Centres
Belgian grid operator Elia considers setting power allocation limits on data centres to prevent other industrial users from being pushed out This article has been indexed from Silicon UK Read the original article: Belgium Considers Power Limits On AI Data…
Multiple BIND 9 DNS Vulnerabilities Enable Cache Poisoning and Denial of Service Attacks
The Internet Systems Consortium (ISC) disclosed three high-severity vulnerabilities in BIND 9 on October 22, 2025, potentially allowing remote attackers to conduct cache poisoning attacks or cause denial-of-service (DoS) conditions on affected DNS resolvers. These flaws, tracked as CVE-2025-8677, CVE-2025-40778,…
Multiple Oracle VM VirtualBox Vulnerabilities Enables Complete Takeover Of VirtualBox
Oracle has disclosed multiple critical vulnerabilities in its Oracle VM VirtualBox virtualization software, potentially allowing attackers to achieve complete control over the VirtualBox environment. These flaws, detailed in the October 2025 Critical Patch Update (CPU), affect the Core component of…
TARmageddon Vulnerability In Rust Library Let Attackers Replace Config Files And Execute Remote Codes
A severe vulnerability in the async-tar Rust library and its popular forks, including the widely used tokio-tar. Dubbed TARmageddon and tracked as CVE-2025-62518, the bug carries a CVSS score of 8.1, classifying it as high severity. It allows attackers to…
DHS Asks OpenAI To Share Information on ChatGPT Prompts Used By Users
The Department of Homeland Security (DHS) has issued the first known federal search warrant compelling OpenAI to disclose user data tied to ChatGPT prompts. The warrant, unsealed last week in Maine and reviewed by cybersecurity outlets, stems from a year-long…
Airbnb Praises Alibaba’s Open-Source AI Model
Airbnb says it is ‘relying a lot’ on Alibaba’s Qwen model, which is ‘fast and cheap’, as open-source approach wins over corporate users This article has been indexed from Silicon UK Read the original article: Airbnb Praises Alibaba’s Open-Source AI…
SideWinder Leverages ClickOnce Installer to Deliver StealerBot Malware
The notorious SideWinder advanced persistent threat (APT) group has evolved its cyber espionage tactics with a sophisticated new attack method, combining PDF lures with ClickOnce technology to deploy StealerBot malware against diplomatic targets across South Asia. SideWinder orchestrated a carefully…
Cyberattack on Jaguar Land Rover inflicts $2.5B loss on UK economy
The attack on Jaguar Land Rover costs the UK economy $2.5B, marking its most damaging cyber incident, says CMC. In early September, Jaguar Land Rover shut down systems to mitigate a cyberattack that disrupted production and retail operations. The attack also impacted…
“Jingle Thief” Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards
Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud. “Jingle Thief attackers use phishing and smishing…
Hugging Face and VirusTotal: Building Trust in AI Models
We’re happy to announce a collaboration with Hugging Face, an open platform that fosters collaboration and transparency in AI, to make security insights more accessible to the community. VirusTotal’s analysis results are now integrated directly into the Hugging Face platform,…
Hong Kong Stock Exchange Tops Global IPO Rankings
Hong Kong’s stock exchange tops world rankings for initial public offerings so far this year, building on DeepSeek-driven tech rally This article has been indexed from Silicon UK Read the original article: Hong Kong Stock Exchange Tops Global IPO Rankings