A sophisticated malware loader known as CastleLoader has emerged as a critical threat to US government agencies and critical infrastructure organizations. First identified in early 2025, this stealthy malware has been used as the initial access point in coordinated attacks…
Tag: EN
CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices. Key takeaways: CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have historically been common targets for cyber…
Microsoft Copilot Reprompt Attack Enables Stealthy Data Exfiltration
Reprompt is a one-click Microsoft Copilot attack that could enable silent data exfiltration, though Microsoft says it’s now patched. The post Microsoft Copilot Reprompt Attack Enables Stealthy Data Exfiltration appeared first on eSecurity Planet. This article has been indexed from…
This WhatsApp Link Can Hand Over Your Account in Seconds
A sophisticated phishing campaign impersonating WhatsApp Web uses fake meeting links and QR codes to hijack accounts and enable real-time surveillance. The post This WhatsApp Link Can Hand Over Your Account in Seconds appeared first on TechRepublic. This article has…
New Linux malware targets the cloud, steals creds, and then vanishes
Cloud-native, 37 plugins … an attacker’s dream A brand-new Linux malware named VoidLink targets victims’ cloud infrastructure with more than 30 plugins that allow attackers to perform a range of illicit activities, from silent reconnaissance and credential theft to lateral…
CERT-UA reports PLUGGYAPE cyberattacks on defense forces
CERT-UA reported PLUGGYAPE malware attacks on Ukraine’s defense forces, linked with medium confidence to Russia’s Void Blizzard group. The Computer Emergency Response Team of Ukraine (CERT-UA) reported new cyberattacks against Ukraine’s defense forces using PLUGGYAPE malware. Government experts attributed the…
The multibillion-dollar AI security problem enterprises can’t ignore
AI agents are supposed to make work easier. But they’re also creating a whole new category of security nightmares. As companies deploy AI-powered chatbots, agents, and copilots across their operations, they’re facing a new risk: How do you let employees and AI…
Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the…
The multi-billion AI security problem enterprises can’t ignore
AI agents are supposed to make work easier. But they’re also creating a whole new category of security nightmares. As companies deploy AI-powered chatbots, agents, and copilots across their operations, they’re facing a new risk: how do you let employees and AI agents use…
Hacking Wheelchairs over Bluetooth
Researchers have demonstrated remotely controlling a wheelchair over Bluetooth. CISA has issued an advisory. CISA said the WHILL wheelchairs did not enforce authentication for Bluetooth connections, allowing an attacker who is in Bluetooth range of the targeted device to pair…
New China Linked VoidLink Linux Malware Targets Major Cloud Providers
Researchers have discovered VoidLink, a sophisticated new Linux malware framework designed to infiltrate AWS, Google Cloud, and Azure. Learn how this Chinese-affiliated toolkit uses adaptive stealth to stay hidden. This article has been indexed from Hackread – Cybersecurity News, Data…
Verizon Outage Knocks Out US Mobile Service, Including Some 911 Calls
A major Verizon outage appeared to impact customers across the United States starting around noon ET on Wednesday. Calls to Verizon customers from other carriers may also be impacted. This article has been indexed from Security Latest Read the original…
Infection repeatedly adds scheduled tasks and increases traffic to the same C2 domain, (Wed, Jan 14th)
Introduction This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Infection repeatedly adds scheduled tasks and increases traffic to the same C2 domain, (Wed, Jan 14th)
Structure and reliability in e-commerce platforms
A successful e-commerce platform requires more than just a good-looking design. Security, stability, speed, and scalability are key… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: Structure and reliability…
Aikido Security Raises $60 Million at $1 Billion Valuation
The developer security company has raised a total of more than $84 million in funding. The post Aikido Security Raises $60 Million at $1 Billion Valuation appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Living Security Adds AI Engine to Surface Risky End User Behavior
Living Security revealed it is beta testing an artificial intelligence (AI) engine on its platform that continuously analyzes billions of signals to predict risk trajectories, recommend the most effective actions, and automate routine interventions to better secure employees and, by…
Microsoft named a Leader in IDC MarketScape for Unified AI Governance Platforms
Microsoft is honored to be named a Leader in the 2025–2026 IDC MarketScape for Unified AI Governance Platforms, highlighting our commitment to making AI innovation safe, responsible, and enterprise-ready. The post Microsoft named a Leader in IDC MarketScape for Unified…
Vibe coding security risks and how to mitigate them
<p>Vibe coding — using generative AI to help write code — has gained traction as developers tap into AI to build software. Rather than hand-code every line of logic, developers interact with AI systems using natural language and iterative adjustment.</p>…
New One-Click Microsoft Copilot Vulnerability Grants Attackers Undetected Access to Sensitive Data
A novel single-click attack targeting Microsoft Copilot Personal that enables attackers to silently exfiltrate sensitive user data. The vulnerability, now patched, allowed threat actors to hijack sessions via a phishing link without further interaction. Attackers initiate Reprompt by sending a…
Researchers Breakdown DragonForce Ransomware Along with Decryptor for ESXi and Windows Systems
DragonForce is the latest ransomware brand to move from noisy forum posts to full RaaS operations, targeting both Windows and VMware ESXi environments. First seen in December 2023 on BreachForums, the group advertises stolen data and uses a dark web…