A patch has been released for a serious information disclosure vulnerability affecting a Verizon call filtering application. The post Call Records of Millions Exposed by Verizon App Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Tag: EN
Ukrzaliznytsia Cyberattack Disrupts Online Ticket Sales but Train Services Remain Unaffected
Ukraine’s national railway operator, Ukrzaliznytsia, has fallen victim to a large-scale cyberattack, severely disrupting its online ticket sales and forcing passengers to rely on physical ticket booths. The attack, which began on March 23, has caused significant delays, long…
Hackers Target Australia’s Largest Pension Funds
Multiple pension funds in Australia have been hit in co-ordinated hacking attacks, and unfortunately customers have reportedly lost money This article has been indexed from Silicon UK Read the original article: Hackers Target Australia’s Largest Pension Funds
Flaw in Verizon call record requests put millions of Americans at risk
A security researcher found a flaw in Verizon call record requests that may have put millions of Americans at risk This article has been indexed from Malwarebytes Read the original article: Flaw in Verizon call record requests put millions of…
Pentagon Confirms Investigation Of Signal Use By Pete Hegseth
Inspector General at the Pentagon confirms investigation into the use of Signal app by US Secretary of Defense, Pete Hegset This article has been indexed from Silicon UK Read the original article: Pentagon Confirms Investigation Of Signal Use By Pete…
Beware of Fake Unpaid Toll Message Attack to Steal Login Credentials
A deceptive phishing campaign targeting mobile users with fake unpaid toll notifications has intensified significantly in recent months, evolving into one of the most sophisticated SMS-based credential theft operations currently active. This scheme represents a tactical shift in phishing methodology,…
New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack
A sophisticated phishing campaign dubbed “PoisonSeed” has emerged targeting customer relationship management (CRM) and bulk email service providers in a concerning supply chain attack. The operation leverages compromised email infrastructure to distribute malicious content aimed at cryptocurrency wallet holders, particularly…
Hackers Exploit Fast Flux to Evade Detection and Obscure Malicious Servers
Cybersecurity agencies worldwide have issued a joint advisory warning against the growing threat posed by “fast flux,” a sophisticated technique used by malicious actors to evade detection and obscure the locations of their command-and-control (C2) servers. The advisory, released by…
President Trump fired the head of U.S. Cyber Command and NSA
President Trump fired Gen. Timothy Haugh as head of U.S. Cyber Command and NSA President Donald Trump this week fired Air Force Gen. Timothy Haugh, who served as the head of U.S. Cyber Command and the National Security Agency. Gen.…
In Other News: Apple Improving Malware Detection, Cybersecurity Funding, Cyber Command Chief Fired
Noteworthy stories that might have slipped under the radar: Apple adding TCC events to Endpoint Security, cybersecurity funding report for Q1 2025, Trump fires the head of NSA and Cyber Command. The post In Other News: Apple Improving Malware Detection,…
Oracle Reports Data Breach, Initiates Client Notifications
Oracle Corporation has confirmed a data breach involving its older Gen 1 servers, marking its second cybersecurity incident disclosed in recent weeks. This breach underscores vulnerabilities in legacy systems and raises concerns about the company’s ability to safeguard sensitive client…
Hackers Leveraging URL Shorteners & QR Codes for Tax-Related Phishing Attacks
Cybercriminals are intensifying their efforts to exploit taxpayers through sophisticated phishing campaigns. These campaigns utilize tax-related themes as social engineering lures to steal credentials and deploy malware. What distinguishes this year’s attacks is the increased use of redirection methods such…
New Android Spyware That Asks Password From Users to Uninstall
A new type of Android spyware that requires a password for uninstallation has been identified, making it increasingly difficult for victims to remove the malicious software from their devices. A stealthy phone monitoring app that effectively blocks device owners from…
State Bar of Texas Confirms Data Breach Started Notifying Consumers
The State Bar of Texas has confirmed a significant data security incident that occurred in early 2025, compromising sensitive information of its members and clients. The breach, which was discovered on February 12, 2025, involved unauthorized access to the organization’s…
Design, implement, and deploy application protection policies with Cursor Agent | Impart Security
< div class=”text-rich-text w-richtext”> Introducing Impart + Cursor: Truly Autonomous Application Protection Runtime Security Without the Babysitting Security teams can now define application protection policies declaratively in Impart — with Cursor’s agent executing them safely and autonomously, eliminating the need…
BitcoinOS to Introduce Alpha Mainnet for Digital Ownership Platform
BitcoinOS and Sovryn founder Edan Yago is creating a mechanism to turn Bitcoin into a digital ownership platform. Growing up in South Africa and coming from a family of Holocaust survivors, Yago’s early experiences sneaking gold coins out of…
Threat Actors Compromised by Security Firms Working to Protect Victims
An outstanding example of counter-cybercrime has been the successful penetration of the digital infrastructure associated with the ransomware group BlackLock. Threat intelligence professionals succeeded in successfully infiltrating this infrastructure. As a result of this operation, researchers were able to…
Longtime ‘Fast Flux’ Evasion Technique Now a National Security Threat
CISA, the FBI, and NSA issued an advisory about the national security threat posed by “fast flux,” a technique used by threat actors to evade detection of their C2 infrastructures that has been around for two decades but has seen…
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the “tj-actions/changed-files” GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs. “The…
Vite Development Server Flaw Allows Attackers Bypass Path Restrictions
A critical security vulnerability, CVE-2025-31125, has been identified in the Vite development server. Due to improper path verification during URL request processing, attackers can bypass path restrictions and gain unauthorized access to arbitrary files on affected servers. This flaw is particularly…