A series of actively exploited zero-day vulnerabilities affecting Windows, Google Chrome, and Apple platforms was disclosed in mid-December, according to The Hacker News, reinforcing a persistent reality for defenders: attackers no longer wait for exposure windows to close. They exploit…
Tag: EN
Cybersecurity Crossed the AI Rubicon: Why 2025 Marked a Point of No Return
For years, artificial intelligence sat at the edges of cybersecurity conversations. It appeared in product roadmaps, marketing claims, and isolated detection use cases, but rarely altered the fundamental dynamics between attackers and defenders. That changed in 2025. This year marked…
Inside the Global Airline that Eliminated 14,600 SaaS Security Issues with AppOmni
28 apps secured. 37 orgs monitored. 14,600 issues resolved. See how a global airline strengthened SaaS security with AppOmni. The post Inside the Global Airline that Eliminated 14,600 SaaS Security Issues with AppOmni appeared first on AppOmni. The post Inside…
Chinese Hackers Turn Compromised Servers Into ShadowPad Nodes
A sophisticated Chinese threat actor tracked as Ink Dragon has been weaponizing a custom ShadowPad IIS Listener module to convert compromised servers into distributed relay nodes, according to research by Check Point Research. The tactic represents a significant escalation in…
Hackers Can Seize Control of Car Dashboards Through Modem Vulnerabilities
Imagine cruising down the highway in your brand-new electric car when suddenly the multimedia display fills with Doom, the iconic 3D shooter game completely replacing your navigation map and vehicle controls. Shockingly, this isn’t science fiction. Security researchers have demonstrated…
Microsoft Desktop Window Manager Flaw Allows Privilege Escalation
A critical vulnerability has been discovered in the Windows Desktop Window Manager (DWM) that could allow attackers to escalate privileges to system level. The flaw, tracked as CVE-2025-55681, resides in the dwmcore.dll component and was disclosed during the TyphoonPWN Windows security competition, where…
ForumTrol Operation Uses Chrome Zero-Day in Fresh Phishing Attacks
The ForumTroll APT group has resurfaced with a sophisticated phishing campaign targeting Russian academics, marking a significant escalation in their ongoing operations against entities in Russia and Belarus. While the group initially gained notoriety for exploiting CVE-2025-2783, a zero-day vulnerability…
Kimsuky Hackers Use Weaponized QR Codes to Distribute Malicious Mobile Apps
Threat researchers have uncovered a sophisticated mobile malware campaign attributed to North Korea-linked threat actor Kimsuky, leveraging weaponized QR codes and fraudulent delivery service impersonations to trick users into installing remote access trojans on their smartphones. The ENKI WhiteHat Threat…
Operation ForumTrol Known for Exploiting Chrome 0-Day Attacking Users With New Phishing Campaign
Operation ForumTrol, an advanced persistent threat group, has launched a new targeted phishing campaign against Russian political scientists and researchers. This sophisticated operation continues the group’s pattern of cyberattacks that began in March 2025 with the exploitation of CVE-2025-2783, a…
Cisco email security appliances rooted and backdoored via still unpatched zero-day
A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that appliances with non-standard configurations (…)…
Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks
A new distributed denial-of-service (DDoS) botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, and may be associated with another botnet known as AISURU, according…
SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances
SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access (SMA) 100 series appliances that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-40602 (CVSS score: 6.6), concerns a case of…
Cisco says Chinese hackers are exploiting its customers with a new zero-day
Cisco said it discovered a Chinese hacking campaign targeting its customers by exploiting a zero-day in some of the company’s most popular products. This article has been indexed from Security News | TechCrunch Read the original article: Cisco says Chinese…
Askul Discloses Scope of Customer Data Theft Following October Ransomware Incident
Japanese e-commerce firm Askul Corporation has officially confirmed that a ransomware attack earlier this year led to the unauthorized access and theft of data belonging to nearly 740,000 individuals. The company made the disclosure after completing a detailed investigation…
14 Malicious NuGet Packages Found Stealing Crypto Wallets and Ad Data
ReversingLabs discovers 14 malicious NuGet packages, including Netherеum.All, using homoglyphs and fake downloads to steal crypto wallets and Google Ads data. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article:…
Moonwalk++ Bypasses EDR by Spoofing Windows Call Stacks
A new Moonwalk++ proof-of-concept (PoC) shows how malware can spoof Windows call stacks while staying encrypted in memory, bypassing modern EDR detection. The research highlights blind spots in stack-based telemetry increasingly relied on by enterprise defenders. “Public detection tools fail…
Border Patrol Bets on Small Drones to Expand US Surveillance Reach
Federal records show CBP is moving from testing small drones to making them standard surveillance tools, expanding a network that can follow activity in real time and extend well beyond the border. This article has been indexed from Security Latest…
5 SOC Analyst Tips for Super-Fast Triage
Every extra minute spent guessing during triage puts your SOC at risk. When it’s unclear what a file does, whether it’s malicious, or how urgent it is, real threats slip through while time is wasted on noise. Fast triage depends on removing uncertainty early,…
Access Fabric: A modern approach to identity and network access
An Access Fabric is a unified access security solution that continuously decides who can access what, from where, and under what conditions—in real time. The post Access Fabric: A modern approach to identity and network access appeared first on Microsoft…
Peak Season Isn’t a Season. It’s the World You Operate In.
Peak season isn’t seasonal anymore. Learn why modern surges stem from security risks, not traffic, and how Akamai keeps businesses resilient every day. This article has been indexed from Blog Read the original article: Peak Season Isn’t a Season. It’s…