Cisco-trained hackers led a nation-state espionage campaign against global telecom networks. The post Cisco-Trained Hackers Lead Sophisticated Attacks on Cisco Devices appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: Cisco-Trained Hackers…
Tag: EN
Critical GitLab Vulnerabilities Expose DevOps Pipelines
GitLab patched critical flaws that could enable XSS, denial-of-service attacks, and authentication bypasses. The post Critical GitLab Vulnerabilities Expose DevOps Pipelines appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: Critical GitLab…
Jenkins DoS Vulnerability Lets Attackers Freeze CI/CD Pipelines
A Jenkins denial-of-service vulnerability allows attackers to freeze CI/CD pipelines and disrupt build operations. The post Jenkins DoS Vulnerability Lets Attackers Freeze CI/CD Pipelines appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original…
Uncle Sam sues ex-Accenture manager over Army cloud security claims
Justice Department alleges federal auditors were misled over compliance with FedRAMP and DoD requirements The US is suing a former senior manager at Accenture for allegedly misleading the government about the security of an Army cloud platform.… This article has…
Fieldtex Data Breach Impacts 238,000
The Akira ransomware group took credit for the Fieldtex Products hack in November, claiming to have stolen 14 Gb of data. The post Fieldtex Data Breach Impacts 238,000 appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Emerging Predator Spyware Technique Enables Zero-Click Compromise
Intellexa is one of the most controversial and persistent players in the shadowy world of commercial cyber-espionage, even though mounting scrutiny, international sanctions, and ongoing investigations have led to increased scrutiny and investigation. Although it is best known for…
NANOREMOTE Malware Leverages Google Drive API for Command-and-Control (C2) to Attack Windows Systems
A sophisticated new Windows backdoor named NANOREMOTE emerged in October 2025, presenting a significant threat to enterprise environments by leveraging legitimate cloud infrastructure for malicious purposes. This fully-featured malware utilizes the Google Drive API as its primary Command-and-Control (C2) channel,…
New ConsentFix Attack Let Attackers Hijack Microsoft Accounts by Leveraging Azure CLI
A sophisticated new phishing attack technique called “ConsentFix” that combines OAuth consent phishing with ClickFix-style prompts to compromise Microsoft accounts without requiring passwords or multi-factor authentication. The attack leverages the Azure CLI app to gain unauthorized access to victim accounts.…
CyberVolk Hackers Group With New VolkLocker Payloads Attacks both Linux and Windows Systems
CyberVolk, a pro-Russia hacktivist group, has reemerged with a new ransomware platform called VolkLocker following a period of dormancy in 2025. The group, first documented in late 2024 for conducting attacks aligned with Russian government interests, initially went silent due…
UK watchdog urged to probe GDPR failures in Home Office eVisa rollout
Rights groups say digital-only record is leaking data and courting trouble Civil society groups are urging the UK’s data watchdog to investigate whether the Home Office’s digital-only eVisa scheme is breaching GDPR, sounding the alarm about systemic data errors and…
3 Compliance Processes to Automate in 2026
For years, compliance has been one of the most resource-intensive responsibilities for cybersecurity teams. Despite growing investments in tools, the day-to-day reality of compliance is still dominated by manual, duplicative tasks. Teams chase down screenshots, review spreadsheets, and cross-check logs,…
Aisuru Botnet Unleashes Record 29.7 Tbps DDoS Attack
A new record-breaking 29.7 Tbps distributed denial-of-service (DDoS) attack launched via the Aisuru botnet has set a new standard for internet disruption and reinforced that multi-terabit attacks are on track to soon be an everyday event for DDoS defenders.…
Recent GeoServer Vulnerability Exploited in Attacks
Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request. The post Recent GeoServer Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Elastic detects stealthy NANOREMOTE malware using Google Drive as C2
Elastic found a new Windows backdoor, NANOREMOTE, similar to FINALDRAFT/REF7707, using the Google Drive API for C2. Elastic Security Labs researchers uncovered NANOREMOTE, a new Windows backdoor that uses the Google Drive API for C2. Elastic says it shares code…
Building Trustworthy AI Agents
The promise of personal AI assistants rests on a dangerous assumption: that we can trust systems we haven’t made trustworthy. We can’t. And today’s versions are failing us in predictable ways: pushing us to do things against our own best…
MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities
XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25. The post MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities appeared first on…
Abusing DLLs EntryPoint for the Fun, (Fri, Dec 12th)
In the Microsoft Windows ecosystem, DLLs (Dynamic Load Libraries) are PE files like regular programs. One of the main differences is that they export functions that can be called by programs that load them. By example, to call RegOpenKeyExA(), the…
Illegal Streaming and Piracy Are on the Rise
Illegal streaming and digital piracy have surged dramatically. Visits to illegal streaming website climbing from 130 billion in 2020 to 216 billion by 2024. That’s… The post Illegal Streaming and Piracy Are on the Rise appeared first on Panda Security…
Apple Wins Concessions In Epic Games Appeal
US appeals court orders district judge to allow Apple to charge a commission on purchases made outside App Store This article has been indexed from Silicon UK Read the original article: Apple Wins Concessions In Epic Games Appeal
Nick Clegg Joins VC Firm To Invest In European Start-Ups
Former UK deputy prime minister Clegg joins London-based Hiro Capital, which aims to invest in European spatial AI start-ups This article has been indexed from Silicon UK Read the original article: Nick Clegg Joins VC Firm To Invest In European…