U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical Aviatrix Controllers OS Command Injection vulnerability, tracked as CVE-2024-50603 (CVSS score of 10)…
Tag: EN
Global Apps Exploited to Harvest Sensitive Location Data
Rogue actors within the advertising industry are reportedly exploiting major global apps to collect sensitive user location data on a massive scale. This data is then funneled to a location data firm whose subsidiary has previously sold global tracking…
Three Russian Nationals Charged with Money Laundering via Crypto-Mixing Services
The U.S. Department of Justice (DOJ) has charged three Russian nationals with money laundering for operating two sanctioned cryptocurrency mixing services, Blender.io and Sinbad.io. A federal grand jury in Georgia indicted Roman Vitalyevich Ostapenko, Alexander Evgenievich Oleynik, and Anton…
Play Ransomware Threat Intensifies with State-Sponsored Links and Advanced Tactics
Play ransomware continues to be a formidable cybersecurity threat, with over 300 successful attacks reported globally since its first detection in 2022. Named for the “.PLAY” extension it appends to encrypted files, this ransomware has been linked to Andariel,…
Malicious GitHub PoC Exploit Spreads Infostealer Malware
A malicious GitHub repository disguises a proof-of-concept (PoC) exploit for CVE-2024-49113, also known as “LDAPNightmare,” delivering infostealer malware that sends sensitive data to an external FTP server. Disguised as a legitimate PoC, the exploit tricks users into executing malware.…
How Russian hackers went after NGOs’ WhatsApp accounts
Star Blizzard, a threat actor tied to the Russian Federal Security Service (FSB), was spotted attempting to compromise targets’ WhatsApp accounts through a clever phishing campaign. The campaign The campaign started with a spear-phishing email that was made to look…
Lazarus Group Targets Developers in New Data Theft Campaign
SecurityScorecard identified a new campaign in which the North Korean Lazarus group aims to steal source code, secrets and cryptocurrency wallet keys from developer environments This article has been indexed from www.infosecurity-magazine.com Read the original article: Lazarus Group Targets Developers…
Growing Enterprise Data is Creating Big Cybersecurity Risk
Buzz about big data permeated tech conversations in the mid-1990s, but people today don’t talk as much about big data anymore. It’s not that data isn’t big. Data is bigger… The post Growing Enterprise Data is Creating Big Cybersecurity Risk…
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
Cybersecurity researchers have disclosed three security flaws in Planet Technology’s WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. “These switches are widely used in building and home automation systems for a variety…
Threat Brief: CVE-2025-0282 and CVE-2025-0283 (Updated Jan. 17)
CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident response case. The post Threat Brief: CVE-2025-0282 and CVE-2025-0283 (Updated Jan. 17) appeared first on Unit 42. This article has been indexed…
California Wildfires Spark Phishing Scams Exploiting Chaos
As Southern California continues to battle devastating wildfires, cybercriminals have seized the opportunity to exploit the chaos, targeting vulnerable individuals and organizations. The post California Wildfires Spark Phishing Scams Exploiting Chaos appeared first on Security Boulevard. This article has been…
DNS Silently Powers the Internet
As a part of almost every internet transaction, the Domain Name System is powerful, lightweight, and ubiquitous ? and delivers value for a modest investment. This article has been indexed from Blog Read the original article: DNS Silently Powers the…
Apple Suspends AI-Generated News Notifications After Errors
After complaint from BBC, Apple opts to suspending artificial intelligence feature after inaccurate summaries of news headlines This article has been indexed from Silicon UK Read the original article: Apple Suspends AI-Generated News Notifications After Errors
Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation
Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia. “Over the past two months, a significant volume of attacks from Python-based bots has been observed, suggesting a coordinated effort…
AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV
Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific versions of its native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon NICE DCV. Identified as CVE-2025-0500 and CVE-2025-0501, these vulnerabilities present significant risks, compelling…
MikroTik Botnet Exploits SPF Misconfigurations to Spread Malware
A MikroTik botnet exploited weak SPF configurations, spoofing 20,000 domains to launch widespread malspam campaigns. The post MikroTik Botnet Exploits SPF Misconfigurations to Spread Malware appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the…
Yahoo Japan Enforces DMARC Adoption for Users in 2025
Yahoo Japan enforces DMARC, SPF, and DKIM protocols starting December 2024 to strengthen email security and combat phishing. The post Yahoo Japan Enforces DMARC Adoption for Users in 2025 appeared first on Security Boulevard. This article has been indexed from…
Exploring the Vishing Threat Landscape
Voice phishing, also known as vishing, represents a growing threat to organizations worldwide. Keepnet’s 2024 Vishing Response Report illuminates the alarming statistic that 70% of companies are prone to voice… The post Exploring the Vishing Threat Landscape appeared first on…
Why Many New AI Tools Aren’t Available In Europe – And How To Access Them
Explore how AI tools like OpenAI’s Sora face restrictions in Europe due to GDPR, with insights on bypassing… This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: Why Many New…
Social Engineering to Disable iMessage Protections
I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the…