Here’s the summary: We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure,…
Tag: EN
Hackers Steal Sensitive Data From Auction House Sotheby’s
Sotheby’s has disclosed a data breach impacting personal information, including SSNs. The post Hackers Steal Sensitive Data From Auction House Sotheby’s appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Hackers Steal Sensitive Data…
New Tech Support Scam Exploits Microsoft Logo to Steal User Credentials
Microsoft’s name and branding have long been associated with trust in computing, security, and innovation. Yet a newly uncovered campaign by the Cofense Phishing Defense Center demonstrates that even the most recognized logos can be hijacked by threat actors to…
Cisco Desk, IP, and Video Phone Vulnerabilities Let Remote Attackers Trigger DoS And XSS Attacks
Cisco has issued a security advisory warning of multiple vulnerabilities in its Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models running Cisco Session Initiation Protocol (SIP) Software. Published on October 15, 2025, the…
LinkPro Rootkit Attacking GNU/Linux Systems Using eBPF Module to Hide Malicious Activities
A sophisticated rootkit targeting GNU/Linux systems has emerged, leveraging advanced eBPF (extended Berkeley Packet Filter) technology to conceal malicious activities and evade traditional monitoring tools. The threat, known as LinkPro, was discovered during a digital forensic investigation of a compromised…
‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability
CVE-2025-55315 is an HTTP request smuggling bug leading to information leaks, file content tampering, and server crashes. The post ‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability appeared first on SecurityWeek. This article has been indexed from…
Prosper Data Breach Exposes 17 Million Customers’ Personal Info
The US lending platform said early investigations found no evidence of unauthorized account access or fund theft This article has been indexed from www.infosecurity-magazine.com Read the original article: Prosper Data Breach Exposes 17 Million Customers’ Personal Info
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign
Microsoft revoked 200+ certificates used by Vanilla Tempest to sign fake Teams installers spreading Oyster backdoor and Rhysida ransomware. Microsoft revoked over 200 certificates used by the cybercrime group Vanilla Tempest (aka VICE SPIDER and Vice Society) to sign fake…
Prosper data breach puts 17 million people at risk of identity theft
While Prosper says no funds or accounts were accessed, the stolen data could lead to targeted phishing and identity theft. This article has been indexed from Malwarebytes Read the original article: Prosper data breach puts 17 million people at risk…
Differences Between Secure by Design and Secure by Default
Explore the differences between Secure by Design and Secure by Default in Enterprise SSO & CIAM. Learn how each approach impacts security, usability, and development. The post Differences Between Secure by Design and Secure by Default appeared first on Security…
Windows GDI Vulnerability in Rust Kernel Module Enables Remote Attacks
A newly discovered flaw in Microsoft’s Rust-based Graphics Device Interface (GDI) kernel component allows unprivileged attackers to crash or take control of Windows systems. Check Point Research (CPR) uncovered the issue in January 2025 and reported it to Microsoft. The…
Post-exploitation framework now also delivered via npm
The npm registry contains a malicious package that downloads the AdaptixC2 agent onto victims’ devices, Kaspersky experts have found. The threat targets Windows, Linux, and macOS. This article has been indexed from Securelist Read the original article: Post-exploitation framework now…
Microsoft revokes 200 certs used to sign malicious Teams installers
By revoking 200 software-signing certificates, Microsoft has hampered the activities of Vanilla Tempest, a ransomware-wielding threat actor that has been targeting organizations with malware posing as Microsoft Teams. “In this campaign, Vanilla Tempest used fake MSTeamsSetup.exe files hosted on malicious…
Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting…
New York Judge Sanctions Lawyer Over AI-Generated Filings
Judge sanctions attorney after he submits AI-generated filing to explain previous AI-generated documents replete with errors This article has been indexed from Silicon UK Read the original article: New York Judge Sanctions Lawyer Over AI-Generated Filings
ConnectWise Flaws Let Attackers Deliver Malicious Software Updates
ConnectWise has issued a critical security update for its Automate™ platform after uncovering vulnerabilities that could allow attackers to intercept and tamper with software updates. The flaws, present in on-premises installations configured to use unsecured communication channels, put organizations at…
Microsoft Report Warns of AI-Powered Automation in Cyberattacks and Malware Creation
Cybercriminals are weaponizing artificial intelligence to accelerate malware development, discover vulnerabilities faster, and create more sophisticated phishing campaigns, according to Microsoft’s latest Digital Defense Report covering trends from July 2024 through June 2025. In 80% of the cyber incidents Microsoft…
Microsoft’s Patch Tuesday: 172 Flaws Fixed
The tech titan is addressing 172 security flaws, including six zero-day vulnerabilities. Among these, eight are rated “Critical,” consisting of five remote code execution bugs and three elevation of privilege issues. The post Microsoft’s Patch Tuesday: 172 Flaws Fixed appeared…
PowerSchool hacker got four years in prison
Matthew D. Lane, a Massachusetts student, got four years in prison for hacking and extorting $3M from PowerSchool and another company. A Massachusetts student, Matthew D. Lane, was sentenced to four years in prison for hacking and extorting about $3…
Over 269,000 F5 Devices Exposed Online After Major Breach: U.S. Faces Largest Risk
Over 269,000 F5 devices are reportedly exposed to the public internet daily, according to data from The Shadowserver Foundation. This exposure comes at a critical time following F5’s disclosure of a sophisticated nation-state attack that compromised its development environment, stealing…