A severe security vulnerability has been identified in RARLAB’s WinRAR software that enables remote attackers to execute arbitrary code through malicious archive files. The flaw, designated as CVE-2025-6218, carries a CVSS score of 7.8 and affects the handling of directory…
Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers
A sophisticated malware campaign has emerged targeting WordPress and WooCommerce websites with highly obfuscated credit card skimmers and credential theft capabilities, representing a significant escalation in e-commerce cyberthreats. The malware family demonstrates advanced technical sophistication through its modular architecture, featuring…
Photo-Stealing Spyware Sneaks Into Apple App Store, Google Play
Newly discovered spyware has sneaked into Apple’s App Store and Google Play to steal images from users’ mobile devices. The post Photo-Stealing Spyware Sneaks Into Apple App Store, Google Play appeared first on SecurityWeek. This article has been indexed from…
Chinese APT Hacking Routers to Build Espionage Infrastructure
A Chinese APT has been infecting SOHO routers with the ShortLeash backdoor to build stealthy espionage infrastructure. The post Chinese APT Hacking Routers to Build Espionage Infrastructure appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Using AI to Identify Patterns in Vishing Attempts
AI-powered defenses offer clear strategic advantages for telecom providers and enterprise security teams to help combat vishing attacks. The post Using AI to Identify Patterns in Vishing Attempts appeared first on Security Boulevard. This article has been indexed from Security…
High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)
A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by remote attackers to execute arbitrary code on affected installations. The vulnerability has been patched in WinRAR 7.12 beta 1, released on June 10, 2025, and users are…
APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages to deliver two new malware families dubbed BEARDSHELL and COVENANT. BEARDSHELL, per…
U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues
The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios. The decision, according to the House Chief Administrative Officer (CAO), was motivated by…
LapDogs Hackers Compromise 1,000 SOHO Devices Using Custom Backdoor for Stealthy Attacks
Security researchers at SecurityScorecard have uncovered a sprawling cyber-espionage campaign orchestrated by the LapDogs Operational Relay Box (ORB) Network, a sophisticated infrastructure compromising over 1,000 devices worldwide. Identified as a key tool for China-Nexus threat actors, LapDogs primarily targets Small…
Advanced Malware Campaign Targets WordPress and WooCommerce Sites with Hidden Skimmers
The Wordfence Threat Intelligence Team uncovered a sophisticated malware campaign during a routine site cleanup, revealing a family of malicious code targeting WordPress and WooCommerce platforms. This campaign, which dates back to September 2023 as per their Threat Intelligence platform,…
WinRAR Vulnerability Let Execute Arbitrary Code Using a Malicious File
A severe security vulnerability has been identified in RARLAB’s WinRAR software that enables remote attackers to execute arbitrary code through malicious archive files. The flaw, designated as CVE-2025-6218, carries a CVSS score of 7.8 and affects the handling of directory…
Apple, Netflix, Microsoft Sites ‘Hacked’ for Tech Support Scams
Tech support scammers are using sponsored ads and search parameter injection to trick users into calling them. The post Apple, Netflix, Microsoft Sites ‘Hacked’ for Tech Support Scams appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Unstructured Data Management: Closing the Gap Between Risk and Response
Unstructured Data Management: Closing the Gap Between Risk and Response madhav Tue, 06/24/2025 – 05:44 < div> The world is producing data at an exponential rate. With generative AI driving 90% of all newly created content, organizations are overwhelmed by…
NSFOCUS was Selected as a Representative Provider of Gartner® “Innovation Insight: Adversarial Exposure Validation in China”
SANTA CLARA, Calif., June 24, 2025 – Recently, Gartner released the 2025 “Innovation Insight: Adversarial Exposure Validation in China”¹, NSFOCUS was selected as a Representative Provider for its adversarial exposure validation (AEV) capability in the continuous threat exposure management (CTEM) service.…
Common Good Cyber Fund launches to support nonprofits protecting the internet
The Common Good Cyber Fund is a new effort to support cybersecurity that protects everyone, especially those most at risk of harassment, harm, or coercion. It has the potential to make cybersecurity better and more accessible for billions of people…
NCSC Urges Experts to Join Cyber Advisor Program
The NCSC says its Cyber Advisor program is not growing fast enough This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Urges Experts to Join Cyber Advisor Program
Xiaomi Interoperability App Flaw Allows Unauthorized Access to User Devices
A critical security vulnerability, tracked as CVE-2024-45347, has been discovered in Xiaomi’s Mi Connect Service App, exposing millions of users to the risk of unauthorized access to their smart devices. The flaw, which received a CVSS severity score of 9.6,…
OWASP Launches AI Testing Guide to Uncover Vulnerabilities in AI Systems
As artificial intelligence (AI) becomes a cornerstone of modern industry, the Open Web Application Security Project (OWASP) has announced the release of its AI Testing Guide—a comprehensive framework designed to help organizations identify and mitigate vulnerabilities unique to AI systems.…
I found a worthy Ring alternative in this video security camera (and it has no subscriptions)
The Aqara Camera Hub G5 Pro blends AI-driven visual recognition with a robust suite of home security features. This article has been indexed from Latest stories for ZDNET in Security Read the original article: I found a worthy Ring alternative…
U.S. warns of incoming cyber threats following Iran airstrikes
U.S. warns of cyberattacks by pro-Iranian groups after launching airstrikes on Iran’s nuclear sites amid the Iran –Israel war starting June 13, 2025. The Iran conflict raises cyber threat levels in the U.S., with likely low-level attacks by pro-Iranian hacktivists…
China-linked APT Salt Typhoon targets Canadian Telecom companies
Canada and FBI warn of China-linked APT Salt Typhoon targeting Canadian telecom firms in ongoing cyber espionage operations. The Canadian Centre for Cyber Security and the FBI warn that China-linked APT cyber espionage group Salt Typhoon, is targeting Canadian telecom…
WhatsApp Banned on U.S. House Staffers Devices Due to Potential Security Risks
The U.S. House of Representatives has implemented a comprehensive ban on the WhatsApp messaging application across all government-issued devices used by congressional staffers, marking a significant escalation in federal cybersecurity protocols. The Chief Administrative Officer (CAO) issued the directive Monday,…
North Korean Hackers Trick Users With Weaponized Zoom Apps to Execute System-Takeover Commands
A sophisticated cybercriminal campaign has emerged targeting professionals through meticulously crafted fake Zoom applications designed to execute system takeover commands. The attack leverages advanced social engineering techniques combined with convincing domain spoofing to deceive users into compromising their systems, representing…
IT Security News Hourly Summary 2025-06-24 09h : 5 posts
5 posts were published in the last hour 7:2 : WinRAR Vulnerability Exploited with Malicious Archives to Execute Code 7:2 : ‘Psylo’ browser tries to obscure digital fingerprints by giving very tab its own IP address 7:2 : Cyber Intel…
‘Psylo’ browser tries to obscure digital fingerprints by giving every tab its own IP address
Gotta keep ’em separated so the marketers and snoops can’t come out and play Psylo, which bills itself as a new kind of private web browser, debuted last Tuesday in Apple’s App Store, one day ahead of a report warning…
Retaliatory Iranian cyberattacks, steel giant confirms breach, ransomware hits healthcare system again
DHS warns of retaliatory Iranian cyberattacks Steel giant Nucor confirms breach Ransomware hits healthcare system again Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day…
WinRAR Vulnerability Exploited with Malicious Archives to Execute Code
A newly disclosed vulnerability in RARLAB’s WinRAR, the widely used file compression utility for Windows, has put millions of users at risk of remote code execution (RCE) attacks. Tracked as CVE-2025-6218 and assigned a CVSS score of 7.8 (High), this…