A critical remote code execution vulnerability in n8n, a popular open-source workflow automation platform, threatens over 103,000 potentially vulnerable instances worldwide. Tracked as CVE-2025-68613 with a maximum CVSS severity score of 9.9, the flaw allows authenticated attackers to execute arbitrary…
Tag: EN
Indian Income Tax–Lure Campaign Deploying Multi-Stage Malware Against Businesses
Tax-themed phishing campaigns have intensified in recent months, capitalizing on the heightened awareness surrounding India’s Income Tax Return (ITR) filing season. Public discussions about refund timelines and compliance deadlines create an ideal backdrop for attackers to craft credible lures. Recent…
Denmark Accuses Russia of Conducting Two Cyberattacks
News: The Danish Defence Intelligence Service (DDIS) announced on Thursday that Moscow was behind a cyber-attack on a Danish water utility in 2024 and a series of distributed denial-of-service (DDoS) attacks on Danish websites in the lead-up to the municipal…
Feds Seize Password Database Used in Massive Bank Account Takeover Scheme
The cybercriminals attempted to steal $28 million from compromised bank accounts through phishing. The post Feds Seize Password Database Used in Massive Bank Account Takeover Scheme appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Nissan Confirms Impact From Red Hat Data Breach
The personal information of 21,000 customers was stolen after hackers compromised Red Hat’s GitLab instances. The post Nissan Confirms Impact From Red Hat Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Breaking: Massive Spotify Data Scrape Hits 300TB — 86M Tracks Exposed
Spotify is currently making headlines as it battles a massive unauthorized data scrape. A group known as Anna’s… The post Breaking: Massive Spotify Data Scrape Hits 300TB — 86M Tracks Exposed appeared first on Hackers Online Club. This article has…
Assessing SIEM effectiveness
We share the results of assessing the effectiveness of Kaspersky SIEM in real-world infrastructures and explore common challenges and solutions to these. This article has been indexed from Securelist Read the original article: Assessing SIEM effectiveness
Passwd: A walkthrough of the Google Workspace Password Manager
Passwd is designed specifically for organizations operating within Google Workspace. Rather than competing as a general consumer password manager, its purpose is narrow, and business-focused: secure credential storage, controlled sharing, and seamless Workspace integration. The platform emphasizes practicality over feature…
INTERPOL Arrests 574 in Africa; Ukrainian Ransomware Affiliate Pleads Guilty
A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued crackdown on cybercrime networks in Africa. The coordinated effort, named Operation…
Chinese Crypto Scammers on Telegram Are Fueling the Biggest Darknet Markets Ever
Online black markets once lurked in the shadows of the dark web. Today, they’ve moved onto public platforms like Telegram—and are racking up historic illicit fortunes. This article has been indexed from Security Latest Read the original article: Chinese Crypto…
Pirate Group Anna’s Archive Copies 256M Spotify Songs in Data Scrape
Spotify has confirmed a massive unauthorised data scrape involving 256 million track records and 86 million audio files. Learn how “Anna’s Archive” bypassed security, and why experts warn against downloading the leaked files. This article has been indexed from Hackread…
Why Third-Party Access Remains the Weak Link in Supply Chain Security
Attackers exploited a supply chain weakness, abusing trusted components to compromise systems and spread malicious activity across connected targets. Your next breach probably won’t start inside your network—it will start with someone you trust. Every supplier, contractor, and service provider…
New GhostLocker Tool that Uses Windows AppLocker to Neutralize and Control EDR
A new tool named GhostLocker has been released, demonstrating a novel technique to neutralize Endpoint Detection and Response (EDR) systems by weaponizing the native Windows AppLocker feature. Developed by security researcher zero2504, the tool highlights a fundamental architectural vulnerability in…
NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data
The package provides legitimate functionality to evade detection, while stealing users’ data and deploying a backdoor. The post NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Italy Antitrust Agency Fines Apple $116 Million Over Privacy Feature; Apple Announces Appeal
Italy’s antitrust authority fined Apple $116 million after determining that operating one of its privacy features restricted App Store competition. The post Italy Antitrust Agency Fines Apple $116 Million Over Privacy Feature; Apple Announces Appeal appeared first on SecurityWeek. This…
Nissan: Thousands Impacted By Red Hat Breach
Nissan has revealed that over 20,000 customers have had personal information compromised in a third-party data breach This article has been indexed from www.infosecurity-magazine.com Read the original article: Nissan: Thousands Impacted By Red Hat Breach
A year of Keeper Security!
Keeper Security, the provider of zero-trust and zero-knowledge cybersecurity software protecting passwords and passkeys, infrastructure secrets, remote connections and endpoints, had reflected on 2025 as a year of meaningful growth. Amid an increase in credential-based attacks, rapid AI adoption and…
Threat Actors Weaponizing Nezha Monitoring Tool as Remote Access Trojan
Researchers at Ontinue’s Cyber Defense Center have uncovered a significant threat as attackers exploit Nezha, a legitimate open-source server monitoring tool, for post-exploitation access. The discovery reveals how sophisticated threat actors repurpose benign software to gain complete control over compromised…
Malicious Chrome Extensions as VPN Intercept User Traffic to Steal Credentials
Two fake Chrome extensions named “Phantom Shuttle” are deceiving thousands of users by posing as legitimate VPN services while secretly intercepting their web traffic and stealing sensitive login information. These malicious extensions, active since 2017, have been distributed to over…
574 Arrested, $3 Million Seized in Crackdown on African Cybercrime Rings
Authorities in Senegal, Ghana, Benin, and Cameroon dismantled BEC, ransomware, and other cyber-fraud networks. The post 574 Arrested, $3 Million Seized in Crackdown on African Cybercrime Rings appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…