At Black Hat, Push Security co-founder and CTO Tyron Erasmus talks about why attackers are increasingly shifting their focus from endpoints to browsers — and what that means for defenders. Erasmus, who began his career in penetration testing and offensive…
Tag: EN
Google Mandates License or Certification for Crypto App Developers
The cryptocurrency ecosystem is experiencing heightened scrutiny from both regulatory authorities and criminal organizations, as Google Play implements stringent publishing requirements for crypto applications while the FBI warns of sophisticated recovery scams targeting previous fraud victims. These developments highlight the…
Threat Actors Use Advanced Tactics to Personalize Phishing for Malware Delivery
Threat actors are using topic customization as a more advanced strategy in targeted malware-delivery phishing campaigns as the environment of cyber threats changes. This method involves crafting personalized subject lines, attachment names, and embedded links to mimic authentic communications, fostering…
Fortinet VPNs Under Coordinated Attack
Time for your Weekly Cyber Snapshot with Adam Pilton, former Cybercrime Investigator, currently Cybersecurity Advisor. The five major cyber stories this week go from North Korea’s cyber playbook getting leaked to the silent burnout creeping up on MSPs. Let’s go.…
Romance scammers in Ghana charged with more than $100 million in theft
Four men from Ghana were extradited for their alleged role in stealing more than $100 million through romance scams and BEC. This article has been indexed from Malwarebytes Read the original article: Romance scammers in Ghana charged with more than…
BtcTurk suspends operations amid alleged $49M hot wallet heist
Turkish exchange is the latest victim of a recent spate of major crypto thefts Turkish cryptocurrency exchange BtcTurk is halting all deposits and withdrawals amid fears that blockchain bandits succeeded in significantly compromising its hot wallets.… This article has been…
New HTTP/2 ‘MadeYouReset’ Vulnerability Enables Large-Scale DoS Attacks
Multiple HTTP/2 implementations have been found susceptible to a new attack technique called MadeYouReset that could be explored to conduct powerful denial-of-service (DoS) attacks. “MadeYouReset bypasses the typical server-imposed limit of 100 concurrent HTTP/2 requests per TCP connection from a…
Hackers Exploit Microsoft Flaw to Breach Canadian House of Commons to Gain Unauthorized Access
The Canadian House of Commons has fallen victim to a significant cyberattack orchestrated by an unidentified “threat actor” who successfully exploited a recent Microsoft vulnerability to access sensitive government employee data. The incident, which occurred on Friday, August 9, 2025,…
Rockwell Automation ControlLogix Ethernet Modules
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix Ethernet Modules Vulnerability: Initialization of a Resource with an Insecure Default 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote…
Rockwell FactoryTalk Linx
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Rockwell Equipment: FactoryTalk Linx Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to create, update, and delete FTLinx…
Rockwell Automation FactoryTalk Viewpoint
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Viewpoint Vulnerability: Improper Handling of Insufficient Permissions or Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could result in full privilege escalation.…
Rockwell Automation 1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: 1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT Vulnerabilities: Improper Input Validation, Improper Handling of Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an…
Siemens Third-Party Components in SINEC OS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…
KernelSU v0.5.7 Flaw Lets Android Apps Gain Root Access
A flaw in KernelSU 0.5.7 allows attackers to impersonate its manager app and gain root access to Android devices This article has been indexed from www.infosecurity-magazine.com Read the original article: KernelSU v0.5.7 Flaw Lets Android Apps Gain Root Access
Norway Blames Pro-Russian Hackers for Dam Cyberattack
Norway says pro-Russian hackers breached a dam in Bremanger in April, opening a water valve for 4 hours… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Norway Blames…
Qilin Ransomware Dominates July with Over 70 Claimed Victims
The Qilin ransomware group has solidified its position as the most active threat actor in July 2025, marking its third top ranking in four months following the downturn of former leader RansomHub. According to cybersecurity intelligence from Cyble, Qilin claimed…
Canada’s House of Commons Hit by Cyberattack Exploiting Recent Microsoft vulnerability
A significant cyberattack hit the Canadian House of Commons on August 9, 2025, when threat actors exploited a recently disclosed Microsoft vulnerability to gain unauthorized access to sensitive employee information. The breach underscores the growing cybersecurity challenges facing Canada’s government…
BSidesSF 2025: AI Won’t Help You Here
Creator, Author and Presenter: (Ian Amit) Our deep appreciation to Security BSides – San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView…
New Hacking Tool Lets Ransomware Groups Disable Security Systems
Cybersecurity experts have discovered a new malicious tool designed to shut down computer security programs, allowing hackers to attack systems without being detected. The tool, which appears to be an updated version of an older program called EDRKillShifter, is…
New WinRAR Zero-Day Flaw Exploited by Russian-Linked Hackers
A previously unknown security flaw in the popular file archiver WinRAR is being actively exploited by the Russia-aligned… The post New WinRAR Zero-Day Flaw Exploited by Russian-Linked Hackers appeared first on Hackers Online Club. This article has been indexed from…