Xilinhot, Inner Mongolia, a northern city that has been subject to widespread scrutiny as a result of a police initiative that has reignited debate over privacy and government surveillance, has recently received widespread attention from the Chinese public. In…
Axoflow Security Data Layer unifies data pipeline, storage, and analytics for security team
Axoflow has launched its Security Data Layer, extending its pipeline offering with multiple storage solutions. The Security Data Layer addresses challenges in log management, SIEM optimization, pipeline reliability, and data accessibility. In addition to a full-fledged security data pipeline that…
Why You Should Swap Passwords for Passphrases
The advice didn’t change for decades: use complex passwords with uppercase, lowercase, numbers, and symbols. The idea is to make passwords harder for hackers to crack via brute force methods. But more recent guidance shows our focus should be on…
Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign
Threat actors behind the gift card fraud campaign Jingle Thief target retail via phishing and smishing, maintaining long-term access in cloud environments. The post Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign appeared first on Unit 42. This article…
Bitter APT Exploits WinRAR Zero-Day Through Malicious Word Files to Steal Sensitive Data
In a newly uncovered campaign, the threat group known as Bitter—also tracked as APT-Q-37—has leveraged both malicious Office macros and a previously undocumented WinRAR path traversal vulnerability to deliver a C# backdoor and siphon sensitive information. Researchers at Qi’anxin Threat…
New GlassWorm Using Invisible Code Hits Attacking VS Code Extensions on OpenVSX Marketplace
Over the past week, cybersecurity professionals have been gripped by the emergence of GlassWorm, a highly sophisticated, self-propagating malware campaign targeting VS Code extensions on the OpenVSX Marketplace. The scale and technical complexity of this attack signal a turning point…
Threat Actors Allegedly Selling Monolock Ransomware on Dark Web Forums
Monolock ransomware has surfaced in underground forums, with threat actors advertising version 1.0 for sale alongside stolen corporate credentials. First detected in late September, the malware exploits phishing emails containing malicious Word documents. Upon opening, the embedded macro downloads the…
Oracle Releases October 2025 Patches
The Critical Patch Update contains 374 new security patches that resolve many vulnerabilities. The post Oracle Releases October 2025 Patches appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Oracle Releases October 2025 Patches
You’ve Lost Access to Your Online Account! What Happens Now?
Learn what happens when you lose access to your online accounts and how to recover them using secure, multi-factor, and strong authentication methods. The post You’ve Lost Access to Your Online Account! What Happens Now? appeared first on Security Boulevard.…
Elastic introduces Agent Builder to simplify AI agent development
Elastic released Agent Builder, a complete set of capabilities powered by Elasticsearch, that makes it easy for developers to build custom AI agents on company data—all within minutes. Agent Builder also provides an out-of-the-box conversational experience for exploring, analyzing, and…
IT Security News Hourly Summary 2025-10-22 12h : 3 posts
3 posts were published in the last hour 10:4 : PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation 10:4 : Deep analysis of the flaw in BetterBank reward logic 9:34 : Researchers Identify PassiveNeuron APT Using Neursite…
EN, SentinelLabs - We are hunters, reversers, exploit developers, and tinkerers shedding light on the world of malware, exploits, APTs, and cybercrime across all platforms.
PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation
SentinelLABS uncovers a coordinated spearphishing campaign targeting organizations critical to Ukraine’s war relief efforts. This article has been indexed from SentinelLabs – We are hunters, reversers, exploit developers, and tinkerers shedding light on the world of malware, exploits, APTs, and…
Deep analysis of the flaw in BetterBank reward logic
Kaspersky experts break down the recent BetterBank incident involving ESTEEM token bonus minting due to the lack of liquidity pool validation. This article has been indexed from Securelist Read the original article: Deep analysis of the flaw in BetterBank reward…
Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware
Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky. The cyber espionage activity was first flagged by the Russian cybersecurity vendor in November…
From Firewalls to Zero Trust: 10 Best Practices for Next-Gen Business Data Security
In today’s ever-evolving digital landscape, businesses must establish robust data security strategies to safeguard sensitive information from modern threats. The reality of escalating cyberattacks, such as the rise in ransomware and data breaches, has spotlighted the need for comprehensive, layered…
Netherlands Warns Voters Against Using AI
Dutch data protection authority says people turning to AI chatbots for voting advice are being given a distorted picture This article has been indexed from Silicon UK Read the original article: Netherlands Warns Voters Against Using AI
TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution
Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions. The vulnerability, tracked as CVE-2025-62518 (CVSS score: 8.1), has been…
Scattered Lapsus$ Hunters Signal Shift in Tactics
Scattered Lapsus$ Hunters may be preparing to launch an extortion-as-a-service model, according to Palo Alto Networks This article has been indexed from www.infosecurity-magazine.com Read the original article: Scattered Lapsus$ Hunters Signal Shift in Tactics
OpenAI Debuts AI-Enabled Browser, ChatGPT Atlas
OpenAI launches ChatGPT Atlas browser in direct competition with Google’s dominant Chrome, building AI into web experience This article has been indexed from Silicon UK Read the original article: OpenAI Debuts AI-Enabled Browser, ChatGPT Atlas
Vidar Stealer Exploits: Direct Memory Attacks Used to Capture Browser Credentials
On October 6, 2025, the cybercriminal developer known as “Loadbaks” announced the release of Vidar Stealer v2.0 on underground forums, introducing a sophisticated information-stealing malware that employs direct memory injection to bypass modern browser security protections. This new version represents…
Hackers Earn Over $520,000 on First Day of Pwn2Own Ireland 2025
Participants exploited 34 previously unknown vulnerabilities to hack printers, NAS devices, and smart home products. The post Hackers Earn Over $520,000 on First Day of Pwn2Own Ireland 2025 appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Keycard emerges from stealth with identity and access solution for AI agents
Keycard emerged from stealth with its identity and access platform for AI agents that integrates with organizations’ existing user identity solutions. Keycard’s platform identifies AI agents, lets users assign task-based permissions and dynamically enforces policy while tracking all activity. With…
Netherlands’ Axelera Expands AI Chip Range With ‘Europa’
Axelera’s Europa chip aimed at AI inference tasks complements Metis range for deployment in AI edge applications This article has been indexed from Silicon UK Read the original article: Netherlands’ Axelera Expands AI Chip Range With ‘Europa’
Are We Failing to Secure Files? Attackers Aren’t Failing to Check
According to a new Ponemon study, weak file protections now account for several cybersecurity incidents a year for many organizations. Unsafe file-sharing practices, malicious vendor files, weak access controls, and obscured file activity are largely to blame. File Integrity Monitoring…