Microsoft is currently investigating a service disruption affecting users attempting to set up multi-factor authentication (MFA) or access the self-service sign-in portal at mysignins.microsoft.com. The issue was officially acknowledged by the company’s Microsoft 365 Status account on X (formerly Twitter)…
Tag: EN
New DriveSurge Threat Actor Uses ClickFix and Fake Updates to Infect Website Visitors
A newly identified threat actor named DriveSurge has been quietly compromising thousands of legitimate websites to push malware onto unsuspecting visitors. Using a combination of fake browser update pages and a social engineering trick known as ClickFix, this operation ran…
Iran-Linked Hackers Destroy IT, Backups, and Recovery Systems in Cyberattack targeting Middle East
Iran-linked hackers have launched a sweeping campaign of digital destruction across the United States and the Middle East, wiping IT systems, erasing backups, and dismantling recovery infrastructure at multiple organizations. The attacks, carried out under a pro-Iranian persona called “Ababil…
As the Pentagon Pushes for Battlefield AI, Some Military Leaders Urge Caution
AI’s use in the military is part of the administration’s larger push to grow the capability it sees as a unique American advantage. The post As the Pentagon Pushes for Battlefield AI, Some Military Leaders Urge Caution appeared first on…
How NIST fumbled management of the National Vulnerability Database
A US federal watchdog has outlined how the National Institute of Standards and Technology (NIST) failed to effectively manage the growing backlog of unprocessed cybersecurity vulnerabilities in the National Vulnerability Database (NVD). How the NVD crisis unfolded The NVD was…
The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools
Three years ago, the practical question for an MSP building a cybersecurity practice was which “vCISO platform” to buy. The term was good shorthand for the work at the time: assessments, advisory, reporting, maybe a compliance module bolted on the…
Infosecurity Europe: AI SOCs Will Still Need SOC Analysts, Security Vendors Say
Top cybersecurity vendors said AI won’t replace entry-level – only routine ticket-taking and triage This article has been indexed from www.infosecurity-magazine.com Read the original article: Infosecurity Europe: AI SOCs Will Still Need SOC Analysts, Security Vendors Say
Iranian Hackers Hijack AppDomainManager to Bypass EDR
Iran-linked hackers have upgraded their tradecraft by using AppDomainManager hijacking in .NET applications to turn off security telemetry before malicious code fully starts, making endpoint detection and response tools much harder to spot the attack. The campaign, attributed to the…
Password manager Dashlane suspends customer accounts amid brute-force attacks
Engineers’ weekends ruined as Dashlane’s automatic protections kicked in This article has been indexed from www.theregister.com – Articles Read the original article: Password manager Dashlane suspends customer accounts amid brute-force attacks
19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access
proof-of-concept (PoC) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux systems. The post 19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access appeared first on SecurityWeek. This article…
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that’s targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for…
Fake Purchase Order Emails Spread Fileless PureLogs Malware via RAR Archives
Hackers are using fake purchase order emails and process hollowing to deploy fileless PureLogs malware to steal Windows users’ browser, crypto, and Discord data. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read…
The Romance Scammer Who Made a Small Fortune Posing as a WWE Superstar
In this excerpt from WIRED Book Club pick The Yahoo Boys, journalist Carlos Barragán traces one scammer’s journey from flop to fortune. This article has been indexed from Security Latest Read the original article: The Romance Scammer Who Made a…
Putin sends submarines to survey Britain’s subsea cables. UK deploys Royal Navy, mobilizes parliamentary draftsmen
Proposed legislation threatens fines and prison for reckless damage. Russian Prez must be shaking in his boots This article has been indexed from www.theregister.com – Articles Read the original article: Putin sends submarines to survey Britain’s subsea cables. UK deploys…
FSB Group Gamaredon Hides Worm in Windows Data Streams
FSB-linked Gamaredon concealed a fileless worm in NTFS data streams to spy on Ukraine targets This article has been indexed from www.infosecurity-magazine.com Read the original article: FSB Group Gamaredon Hides Worm in Windows Data Streams
Microsoft: No Lawsuits Against Researchers in Nightmare-Eclipse Row
Microsoft has issued a clarifying statement, assuring the global cybersecurity community that it has no intention of pursuing legal action against security researchers conducting or publishing legitimate security research. A significant walkback amid the firestorm sparked by its earlier confrontation with a…
The 2026 U.S. Midterms Have a Cyber Problem, But it’s Not at the Ballot Box
As the U.S. approaches the 2026 elections in November, the greatest threat to voting integrity will likely not be from hackers targeting voting machines or altering ballots, but from a growing war over reality itself. Voter influence operations are increasingly focused on manipulating the information environment surrounding voters,…
CIFSwitch, a Linux Root Bug Hidden in Plain Sight for 19 Years
CIFSwitch is a 19-year-old Linux logic bug turning forged CIFS auth keys into root. Affects Mint, CentOS, Rocky, Kali, SLES. CIFSwitch stands apart from typical privilege escalation vulnerabilities because of how it was discovered. Asim Manizada, a security engineer at…
Recent Palo Alto Networks Vulnerability Exploited for Weeks
Hackers began exploiting CVE-2026-0257, an authentication bypass in Palo Alto Networks PAN-OS, four days after public disclosure. The post Recent Palo Alto Networks Vulnerability Exploited for Weeks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Dragos acquires Phosphorus to secure extended operational technology
Dragos has acquired Phosphorus, extending the Dragos Platform to protect billions of connected devices embedded across critical infrastructure and other operational networks. Operational environments have outgrown traditional OT boundaries. Power grids, pipelines, manufacturing facilities, and data centers now depend on…