U.S. Senator Bill Cassidy, Chairman of the Senate Health, Education, Labor, and Pensions (HELP) Committee, has demanded answers from Cisco Systems regarding recent zero-day vulnerabilities in its widely used networking equipment. The October 10, 2025, letter to CEO Chuck Robbins…
Tag: EN
Mysterious Elephant APT Hackers Infiltrate Organization to Steal Sensitive Information
In recent months, a new advanced persistent threat (APT) group known as Mysterious Elephant has emerged as a formidable adversary targeting government and diplomatic institutions across the Asia-Pacific region. First identified by Kaspersky’s Global Research and Analysis Team (GReAT) in…
Qilin Ransomware Using Ghost Bulletproof Hosting to Attack Organizations Worldwide
The Qilin ransomware group has emerged as one of the most prolific and dangerous threat actors in the cybersecurity landscape, exploiting sophisticated bulletproof hosting infrastructure to conduct devastating attacks on organizations across multiple sectors. Operating under a Ransomware-as-a-Service (RaaS) model,…
Operation Silk Lure Weaponizing Windows Scheduled Tasks to Drop ValleyRAT
Over the past month, a targeted campaign dubbed Operation Silk Lure has surfaced, exploiting the Windows Task Scheduler to deploy a novel variant of ValleyRAT. Emerging in mid-2025, the operation hinges on spear-phishing emails that carry malicious LNK attachments masquerading…
Video call app Huddle01 exposed 600K+ user logs
Privacy left the chat. A misconfigured Kafka broker effectively undid the anonymity many users rely on. This article has been indexed from Malwarebytes Read the original article: Video call app Huddle01 exposed 600K+ user logs
Locked out of your Gmail account? Google says phone a friend
Recovery feature lets trusted contacts help you get back in when other methods fail The latest security feature for Gmail enables users to recover their accounts with a little help from their friends.… This article has been indexed from The…
South Korea Loses 858TB of Government Data After Massive Fire at National Data Center
In a shocking turn of events, South Korea’s National Information Resources Service (NIRS) lost 858 terabytes of critical government data after a devastating fire engulfed its data center — and there were no backups available. The incident occurred on…
CoMaps: The Open-Source, Privacy-Focused Google Maps Alternative You’ll Actually Want to Use
Google Maps may be convenient, but for some users, its constant tracking and battery drain are reason enough to look for an alternative. One such option is CoMaps, an open-source navigation app built for privacy and efficiency. Users frustrated…
Phishing Alert: Fake ‘LastPass Hack’ Emails Spreading Malware
A new phishing campaign impersonating LastPass is circulating today, October 13, 2025, aiming to deceive users into downloading malicious desktop software. Emails purporting to come from “hello@lastpasspulse.blog” or “hello@lastpassgazette.blog” carry the alarming subject line “We Have Been Hacked – Update…
North Korean Hackers Deploy BeaverTail–OtterCookie Combo for Keylogging Attacks
Researchers at Cisco Talos have uncovered a sophisticated campaign by the Famous Chollima subgroup of Lazarus, wherein attackers deploy blended JavaScript tools—BeaverTail and OtterCookie—to carry out stealthy keylogging, screenshot capture, and data exfiltration. This cluster of activity, part of the…
Microsoft Dominates Phishing Impersonations in Q3 2025
Cyber criminals are sticking with familiar names, and Microsoft remains their favorite disguise. According to Check Point Research’s Brand Phishing Report for Q3 2025, Microsoft accounted for 40% of all brand impersonation attempts this quarter, holding its place as the…
2025 Insider Risk Report: The Hidden Cost of Everyday Actions
Insider risk is on the rise as everyday actions inadvertently expose sensitive data. Discover insights, trends, and best practices from Fortinet’s 2025 Insider Risk Report. This article has been indexed from Fortinet Industry Trends Blog Read the original article:…
Beware of Malicious Ivanti VPN Client Sites in Google Search That Delivers Malware
An aggressive SEO poisoning campaign has surfaced in early October 2025, preying on users searching for the legitimate Ivanti Pulse Secure VPN client. Attackers have registered lookalike domains such as ivanti-pulsesecure.com and ivanti-secure-access.org to host trojanized installers that appear official.…
CISA Warns Of Windows Improper Access Control Vulnerability Exploited In Attacks
CISA has added a critical Microsoft Windows vulnerability to its Known Exploited Vulnerabilities catalog, warning organizations that threat actors are actively exploiting it in real-world attacks. Identified as CVE-2025-59230, the flaw stems from improper access control in the Windows Remote…
PhantomVAI Loader Attacking Organizations Worldwide to Deliver AsyncRAT, XWorm, FormBook and DCRat
A sophisticated multi-stage malware campaign is targeting organizations globally, utilizing the PhantomVAI Loader to distribute dangerous information-stealing malware. The attack chain, which begins with carefully crafted phishing emails, has emerged as a significant threat to businesses across manufacturing, education, healthcare,…
Microsoft kills 9.9-rated ASP.NET Core bug – ‘our highest ever’ score
Flaw in Kestrel web server allowed request smuggling, impact depends on hosting setup and application code Microsoft has patched an ASP.NET Core vulnerability with a CVSS score of 9.9, which security program manager Barry Dorrans said was “our highest ever.”…
AI Attacks Surge as Microsoft Process 100 Trillion Signals Daily
Microsoft systems analyze over 100 trillion daily signals, suggesting dramatically increasing AI-driven cyber-threats This article has been indexed from www.infosecurity-magazine.com Read the original article: AI Attacks Surge as Microsoft Process 100 Trillion Signals Daily
Ethical Hacking in the Gaming Industry: How Penetration Testing Enhances Security
Imagine this: millions of players logged in, trading gear, leveling up, and trusting your platform with not just their credit cards, but their identities, emotions, and time. Now, imagine a… The post Ethical Hacking in the Gaming Industry: How Penetration…
Operation Silk Lure: Weaponizing Windows Scheduled Tasks for ValleyRAT Delivery
A targeted cyber-espionage campaign exploiting Windows Scheduled Tasks and DLL side-loading to deploy the sophisticated ValleyRAT backdoor. The operation pivots on tailored spear-phishing emails, weaponized Windows shortcuts, and a persistent task scheduler mechanism, all delivering a multi-stage malware payload designed…
Senator presses Cisco over firewall flaws that burned US agency
Bill Cassidy letter asks if Switchzilla sat on critical flaws before feds were forced into emergency patching US Senator Bill Cassidy has fired off a pointed letter to Cisco over the firewall flaws that allegedly let hackers breach “at least…