Microsoft researchers warn that threat actors are delivering the Godzilla framework using a static ASP.NET machine. In December 2024, Microsoft Threat Intelligence researchers spotted a threat actor using a public ASP.NET machine key to deploy Godzilla malware, exploiting insecure key…
Tag: EN
HPE Aruba Networking ClearPass Policy Manager Vulnerabilities Allow Arbitrary Code Execution
Hewlett Packard Enterprise (HPE) has disclosed multiple critical vulnerabilities in its Aruba Networking ClearPass Policy Manager (CPPM), a widely used network access control solution. These flaws, if exploited, could lead to arbitrary code execution, privilege escalation, and sensitive data exposure.…
DeepSeek iOS App Sending Data Unencrypted to ByteDance Controlled Server
Critical vulnerabilities have been disclosed in the DeepSeek iOS app, raising concerns over privacy and national security risks. The app, which has been the top iOS download since January 25, 2025, transmits sensitive user data unencrypted to servers controlled by…
Dell Update Manager Plugin Vulnerability Let Hackers Access Sensitive Data
Dell Technologies has issued a security update addressing a vulnerability in its Update Manager Plugin (UMP), which could allow attackers to exploit sensitive data through improper neutralization of HTML tags in web pages. This vulnerability, identified as CVE-2025-22402, has been…
Ex-Google Engineer Charged for Stealing AI Secrets to China
In a groundbreaking case highlighting the intersection of technology and national security, a federal grand jury has indicted Linwei Ding, also known as Leon Ding, on four counts of theft of trade secrets. The charges allege that Ding, a former…
Logsign Vulnerability Remote Attackers to Bypass Authentication
A severe security vulnerability identified as CVE-2025-1044 has been disclosed in the Logsign Unified SecOps Platform, a widely used software for security operations. This flaw, rated with a CVSS score of 9.8, poses a critical threat, allowing remote attackers to…
Trimble Cityworks Customers Warned of Zero-Day Exploitation
Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware. The post Trimble Cityworks Customers Warned of Zero-Day Exploitation appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Cybercriminals Weaponize Graphics Files in Phishing Attacks
Sophos has observed cybercriminals ramping up their use of graphics files as part of email phishing attacks to bypass conventional security protections This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybercriminals Weaponize Graphics Files in Phishing Attacks
Former Google Engineer Charged for Allegedly Stealing AI Secrets for China
A federal grand jury has indicted Linwei Ding, also known as Leon Ding, a former Google software engineer, on four counts of theft of trade secrets. The charges stem from allegations that Ding stole proprietary artificial intelligence (AI) technologies from…
Hackers Exploiting DeepSeek & Qwen AI Models To Develop Malware
Hackers have begun leveraging the capabilities of DeepSeek and Qwen AI models to create sophisticated malware. These models, known for their advanced language processing capabilities, have attracted the attention of cybercriminals due to their potential for generating malicious content with…
Securing Data Catalog Implementation
If you have been reached out by your data engineering team to give security approval for a particular data catalog vendor and wondering what a data catalog solution can do, its purpose and how to securely integrate a data catalog solution…
Outlook RCE bug, Kimsuky forceCopy malware, Treasury tightens DOGE
Critical RCE bug in Microsoft Outlook now exploited in attacks Kimsuky uses forceCopy malware to steal browser-stored credentials Treasury agrees to block additional DOGE staff from accessing sensitive payment systems Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a…
Dell Update Manager Plugin Flaw Exposes Sensitive Data
Dell Technologies has issued a security advisory (DSA-2025-047) to address a vulnerability in the Dell Update Manager Plugin (UMP) that could expose sensitive data to malicious actors. The flaw, identified as CVE-2025-22402, is categorized as a low-risk issue but requires immediate attention and…
Building a Culture of Security: Employee Awareness and Training Strategies
Establishing a culture of security — where every employee actively contributes to protecting information — is key to building a strong shield against evolving cyber risks. The post Building a Culture of Security: Employee Awareness and Training Strategies appeared first…
Self-sovereign identity could transform fraud prevention, but…
The way we manage digital identity is fundamentally broken. The root of the problem lies in traditional, centralized identity models, where a single organization holds and controls a user’s credentials, creating an attractive target for attackers. The bigger the database,…
DeepSeek Security Concerns: Cyber Security Today for Friday, February 7, 2025
Cybersecurity Today: EDR Evasion, SSH Backdoor, WhatsApp Zero-Click Hack, and DeepSeek AI In today’s episode of Cybersecurity Today, host Jim Love discusses several pressing cybersecurity issues. The show covers Canada’s Digital Governance Council’s launch of a cyber ready validation program…
Hackers Exploited 3,000+ ASP.NET Keys To Execute Code on IIS Server Remotely
A recent security incident has revealed that over 3,000 publicly disclosed ASP.NET machine keys were exploited by hackers to execute remote code on IIS servers. This attack utilized ViewState code injection techniques, allowing malicious actors to gain unauthorized access and…
Barracuda Networks Adds Ability to Scan Outbound Email Messages
Barracuda Networks has added an ability to analyze outbound messages for anomalies to its email protection platform. The post Barracuda Networks Adds Ability to Scan Outbound Email Messages appeared first on Security Boulevard. This article has been indexed from Security…
Richter Scale measurement for Cyber Attacks and OpenAI data breach details
UK uses Richter Scale measurement for Cyber Attacks The United Kingdom has introduced a groundbreaking new method for assessing the severity of cyber attacks, with the launch of a scale similar to the Richter scale used for earthquakes. This new…
DeepSeek iOS App Leaks Data to ByteDance Servers Without Encryption
DeepSeek iOS app—a highly popular AI assistant recently crowned as the top iOS app since its January 25 release—has been discovered to transmit sensitive user data to ByteDance servers without encryption. The security flaws, uncovered by mobile app security firm…