Two critical vulnerabilities in Aviatrix Controller, a Software-Defined Networking (SDN) utility that enables cloud connectivity across different vendors and regions. The vulnerabilities allowed attackers to bypass authentication and execute remote code with root privileges, potentially compromising entire cloud infrastructures. Critical…
Prometei Botnet Activity Spikes
Palo Alto Networks has observed a spike in Prometei activity since March 2025, pointing to a resurgence of the botnet. The post Prometei Botnet Activity Spikes appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Identity Is the New Perimeter: Why Proofing and Verification Are Business Imperatives
The future of secure digital engagement depends on continuous identity verification and proofing that can scale with risk. The post Identity Is the New Perimeter: Why Proofing and Verification Are Business Imperatives appeared first on SecurityWeek. This article has been…
Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network
Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments. “Attackers are exploiting misconfigured Docker APIs to gain access to containerized environments, then using Tor to mask their…
Revenge, Fame, and Fun: The Motives Behind Modern Cyberattacks
Ever wondered what really drives today’s cyberattacks? It’s not always just about stealing data or demanding a ransom. Motives can vary widely depending on the attacker, their intent, and their capabilities. In the most simple terms, a cyberattack is a…
North Korean Hackers Use Malicious Zoom Apps to Execute System-Takeover Attacks
Cybersecurity researchers and targeted individuals have reported a highly sophisticated scam orchestrated by suspected North Korean hackers. This attack, disguised as a legitimate Zoom meeting, leverages advanced social engineering techniques to trick professionals into compromising their systems. The campaign, which…
WinRAR Directory Vulnerability Allows Arbitrary Code Execution Using a Malicious File
A severe security vulnerability has been identified in RARLAB’s WinRAR software that enables remote attackers to execute arbitrary code through malicious archive files. The flaw, designated as CVE-2025-6218, carries a CVSS score of 7.8 and affects the handling of directory…
Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers
A sophisticated malware campaign has emerged targeting WordPress and WooCommerce websites with highly obfuscated credit card skimmers and credential theft capabilities, representing a significant escalation in e-commerce cyberthreats. The malware family demonstrates advanced technical sophistication through its modular architecture, featuring…
Photo-Stealing Spyware Sneaks Into Apple App Store, Google Play
Newly discovered spyware has sneaked into Apple’s App Store and Google Play to steal images from users’ mobile devices. The post Photo-Stealing Spyware Sneaks Into Apple App Store, Google Play appeared first on SecurityWeek. This article has been indexed from…
Chinese APT Hacking Routers to Build Espionage Infrastructure
A Chinese APT has been infecting SOHO routers with the ShortLeash backdoor to build stealthy espionage infrastructure. The post Chinese APT Hacking Routers to Build Espionage Infrastructure appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Using AI to Identify Patterns in Vishing Attempts
AI-powered defenses offer clear strategic advantages for telecom providers and enterprise security teams to help combat vishing attacks. The post Using AI to Identify Patterns in Vishing Attempts appeared first on Security Boulevard. This article has been indexed from Security…
High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)
A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by remote attackers to execute arbitrary code on affected installations. The vulnerability has been patched in WinRAR 7.12 beta 1, released on June 10, 2025, and users are…
APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages to deliver two new malware families dubbed BEARDSHELL and COVENANT. BEARDSHELL, per…
U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues
The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios. The decision, according to the House Chief Administrative Officer (CAO), was motivated by…
LapDogs Hackers Compromise 1,000 SOHO Devices Using Custom Backdoor for Stealthy Attacks
Security researchers at SecurityScorecard have uncovered a sprawling cyber-espionage campaign orchestrated by the LapDogs Operational Relay Box (ORB) Network, a sophisticated infrastructure compromising over 1,000 devices worldwide. Identified as a key tool for China-Nexus threat actors, LapDogs primarily targets Small…
Advanced Malware Campaign Targets WordPress and WooCommerce Sites with Hidden Skimmers
The Wordfence Threat Intelligence Team uncovered a sophisticated malware campaign during a routine site cleanup, revealing a family of malicious code targeting WordPress and WooCommerce platforms. This campaign, which dates back to September 2023 as per their Threat Intelligence platform,…
WinRAR Vulnerability Let Execute Arbitrary Code Using a Malicious File
A severe security vulnerability has been identified in RARLAB’s WinRAR software that enables remote attackers to execute arbitrary code through malicious archive files. The flaw, designated as CVE-2025-6218, carries a CVSS score of 7.8 and affects the handling of directory…
Apple, Netflix, Microsoft Sites ‘Hacked’ for Tech Support Scams
Tech support scammers are using sponsored ads and search parameter injection to trick users into calling them. The post Apple, Netflix, Microsoft Sites ‘Hacked’ for Tech Support Scams appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Unstructured Data Management: Closing the Gap Between Risk and Response
Unstructured Data Management: Closing the Gap Between Risk and Response madhav Tue, 06/24/2025 – 05:44 < div> The world is producing data at an exponential rate. With generative AI driving 90% of all newly created content, organizations are overwhelmed by…
NSFOCUS was Selected as a Representative Provider of Gartner® “Innovation Insight: Adversarial Exposure Validation in China”
SANTA CLARA, Calif., June 24, 2025 – Recently, Gartner released the 2025 “Innovation Insight: Adversarial Exposure Validation in China”¹, NSFOCUS was selected as a Representative Provider for its adversarial exposure validation (AEV) capability in the continuous threat exposure management (CTEM) service.…
Common Good Cyber Fund launches to support nonprofits protecting the internet
The Common Good Cyber Fund is a new effort to support cybersecurity that protects everyone, especially those most at risk of harassment, harm, or coercion. It has the potential to make cybersecurity better and more accessible for billions of people…
NCSC Urges Experts to Join Cyber Advisor Program
The NCSC says its Cyber Advisor program is not growing fast enough This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Urges Experts to Join Cyber Advisor Program
Xiaomi Interoperability App Flaw Allows Unauthorized Access to User Devices
A critical security vulnerability, tracked as CVE-2024-45347, has been discovered in Xiaomi’s Mi Connect Service App, exposing millions of users to the risk of unauthorized access to their smart devices. The flaw, which received a CVSS severity score of 9.6,…
OWASP Launches AI Testing Guide to Uncover Vulnerabilities in AI Systems
As artificial intelligence (AI) becomes a cornerstone of modern industry, the Open Web Application Security Project (OWASP) has announced the release of its AI Testing Guide—a comprehensive framework designed to help organizations identify and mitigate vulnerabilities unique to AI systems.…
I found a worthy Ring alternative in this video security camera (and it has no subscriptions)
The Aqara Camera Hub G5 Pro blends AI-driven visual recognition with a robust suite of home security features. This article has been indexed from Latest stories for ZDNET in Security Read the original article: I found a worthy Ring alternative…
U.S. warns of incoming cyber threats following Iran airstrikes
U.S. warns of cyberattacks by pro-Iranian groups after launching airstrikes on Iran’s nuclear sites amid the Iran –Israel war starting June 13, 2025. The Iran conflict raises cyber threat levels in the U.S., with likely low-level attacks by pro-Iranian hacktivists…
China-linked APT Salt Typhoon targets Canadian Telecom companies
Canada and FBI warn of China-linked APT Salt Typhoon targeting Canadian telecom firms in ongoing cyber espionage operations. The Canadian Centre for Cyber Security and the FBI warn that China-linked APT cyber espionage group Salt Typhoon, is targeting Canadian telecom…