What if the smart thermostat in your home decides that winter is the perfect time for you to experience tropical heat or your self-driving car interprets a stop sign as… The post Guardians of AIoT: Protecting Smart Devices from Data…
Tag: EN
DeepSeek can be gently persuaded to spit out malware code
It might need polishing, but a useful find for any budding cybercrooks out there DeepSeek’s flagship R1 model is capable of generating a working keylogger and basic ransomware code, just as long as a techie is on hand to tinker…
Tencent’s AI Chatbot Yuanbao Becomes China’s Most Downloaded iOS App
Tencent’s AI chatbot, Yuanbao, has surpassed DeepSeek to become the most downloaded free app on China’s iOS App Store. The chatbot, launched in May 2024, gained significant traction following Tencent’s integration of DeepSeek’s R1 reasoning model in February. This…
Webcam Exploited by Ransomware Group to Circumvent EDR Protections
Researchers at S-RM have discovered an unusual attack method used by the Akira ransomware gang. The Akira ransomware gang utilized an unsecured webcam to conduct encryption attacks against victims’ networks via the use of an unsecured webcam. The attackers…
FBI Warns of Fake Ransom Demands Sent by Mail to US Executives
A new scam is targeting top business leaders in the United States, where criminals are sending letters demanding large ransom payments. Unlike typical ransomware attacks that involve hacking into computer systems, this scheme relies on physical mail. The letters…
GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections. SAML is an XML-based markup language and open-standard used for exchanging authentication and authorization…
How Do US Privacy Laws Affect You and Your Digital Footprint?
Have you ever wondered who’s keeping tabs on all that personal data we hand out online? You know, those pesky “Accept Cookies” pop-ups or the endless sign-up forms that seem to ask for everything but your childhood pet’s middle name.…
86,000+ Healthcare Staff Records Exposed Due to AWS S3 Misconfiguration
A non-password-protected database belonging to ESHYFT, a New Jersey-based HealthTech company, was recently discovered by cybersecurity researcher Jeremiah Fowler. The database contained over 86,000 records, amounting to 108.8 GB of sensitive information. This data breach, while not attributed to intentional…
DeepSeek’s Malware-Generation Capabilities Put to Test
Researchers have analyzed the ability of the Chinese gen-AI DeepSeek to create malware such as ransomware and keyloggers. The post DeepSeek’s Malware-Generation Capabilities Put to Test appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Microsoft Finally Patches 2-Year-Old Windows Kernel Security Flaw
Microsoft has released a critical patch for a 2-year-old Windows kernel security vulnerability. This vulnerability, identified as CVE-2025-24983, allows attackers to exploit a weakness in the Windows Win32 Kernel Subsystem, leading to an elevation of privilege. The patch comes after…
North Korean Hackers’ Android Malware on Google Play Steals SMS, Call Logs & Screenshots
A sophisticated new Android malware campaign linked to North Korean hackers has been discovered, posing a significant security threat that managed to infiltrate Google’s official Play Store. The spyware, dubbed “KoSpy,” targets Korean and English-speaking users by disguising itself as…
Tenda AC7 Routers Vulnerability Let Attackers Gain Root Shell With Malicious Payload
A severe vulnerability in Tenda AC7 Routers running firmware version V15.03.06.44 allows malicious actors to execute arbitrary code and gain root shell access. The flaw originates from a stack overflow vulnerability in the router’s formSetFirewallCfg function. Attackers can use a…
Meta Warns of FreeType Vulnerability Exploited in Wild to Execute Arbitrary Code
A critical vulnerability in the widely used FreeType font rendering library has been discovered and is reportedly being exploited in the wild, posing a serious security threat to millions of devices across multiple platforms. Security researchers have identified the flaw,…
Blind Eagle Attacking Organizations With Weaponized .url Files To Extract User Hash
The cybersecurity landscape has witnessed a concerning development as the threat actor group known as Blind Eagle (also tracked as APT-C-36) has launched a sophisticated campaign targeting organizations primarily in South America with a novel attack vector. The group, known…
Beware of North Korean Hackers DocSwap Malware Disguised As Security Document Viewer
A sophisticated malware campaign targeting mobile users in South Korea has been uncovered, with clear links to North Korean threat actors. The malicious application, masquerading as a “Document Viewing Authentication App” (문서열람 인증 앱). This malicious app was identified through…
Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025
As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments, providers and locations, expanding the…
North Korean Hackers Use Google Play Malware to Steal SMS, Calls & Screenshots
Cybersecurity researchers at Lookout Threat Lab have uncovered a sophisticated Android surveillance tool dubbed “KoSpy,” which appears to be the work of North Korean state-sponsored hackers. This newly discovered spyware has been active since March 2022, with the most recent…
Hackers Exploiting JSPSpy To Manage Malicious Webshell Networks
Cybersecurity researchers have recently identified a cluster of JSPSpy web shell servers featuring an unexpected addition, Filebroser, a rebranded version of the open-source File Browser file management tool. This discovery sheds light on how attackers continue to leverage web shells…
Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution
Organizations can align their processes with one of two global industry standards for self-assessment and security maturity—BSIMM and OWASP SAMM. The post Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution appeared first on SecurityWeek. This article…
Suspected North Korea Group Targets Android Devices with Spyware
A North Korea-backed threat group, APT37, disguised KoSpy as utility apps in Google Play to infect Android devices, using the spyware for such activities as gathering sensitive information, tracking locations, capturing screenshots, recording keystrokes, and accessing files. The post Suspected…