Canada and FBI warn of China-linked APT Salt Typhoon targeting Canadian telecom firms in ongoing cyber espionage operations. The Canadian Centre for Cyber Security and the FBI warn that China-linked APT cyber espionage group Salt Typhoon, is targeting Canadian telecom…
Tag: EN
WhatsApp Banned on U.S. House Staffers Devices Due to Potential Security Risks
The U.S. House of Representatives has implemented a comprehensive ban on the WhatsApp messaging application across all government-issued devices used by congressional staffers, marking a significant escalation in federal cybersecurity protocols. The Chief Administrative Officer (CAO) issued the directive Monday,…
North Korean Hackers Trick Users With Weaponized Zoom Apps to Execute System-Takeover Commands
A sophisticated cybercriminal campaign has emerged targeting professionals through meticulously crafted fake Zoom applications designed to execute system takeover commands. The attack leverages advanced social engineering techniques combined with convincing domain spoofing to deceive users into compromising their systems, representing…
‘Psylo’ browser tries to obscure digital fingerprints by giving every tab its own IP address
Gotta keep ’em separated so the marketers and snoops can’t come out and play Psylo, which bills itself as a new kind of private web browser, debuted last Tuesday in Apple’s App Store, one day ahead of a report warning…
Retaliatory Iranian cyberattacks, steel giant confirms breach, ransomware hits healthcare system again
DHS warns of retaliatory Iranian cyberattacks Steel giant Nucor confirms breach Ransomware hits healthcare system again Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day…
WinRAR Vulnerability Exploited with Malicious Archives to Execute Code
A newly disclosed vulnerability in RARLAB’s WinRAR, the widely used file compression utility for Windows, has put millions of users at risk of remote code execution (RCE) attacks. Tracked as CVE-2025-6218 and assigned a CVSS score of 7.8 (High), this…
‘Psylo’ browser tries to obscure digital fingerprints by giving very tab its own IP address
Gotta keep ’em separated so the marketers and snoops can’t come out and play Psylo, which bills itself as a new kind of private web browser, debuted last Tuesday in Apple’s App Store, one day ahead of a report warning…
Cyber Intel Pros and Hobbyists Can Now Report Threats Anonymously
Draugnet is a new anonymous threat reporting platform built for the MISP ecosystem This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyber Intel Pros and Hobbyists Can Now Report Threats Anonymously
Aviatrix Cloud Controller Flaw Enables Remote Code Execution via Authentication Bypass
A Mandiant Red Team engagement has uncovered two critical vulnerabilities in Aviatrix Controller—cloud networking software used to manage multi-cloud environments. The flaws enable full system compromise through an authentication bypass (CVE-2025-2171) followed by authenticated command injection (CVE-2025-2172). Authentication Bypass (CVE-2025-2171)…
LapDogs Hackers Leverages 1,000 SOHO Devices Using a Custom Backdoor to Act Covertly
A sophisticated China-linked cyber espionage campaign has emerged, targeting over 1,000 Small Office/Home Office (SOHO) devices worldwide through an advanced Operational Relay Box (ORB) network dubbed “LapDogs.” This covert infrastructure operation, active since September 2023, represents a significant evolution in…
New Echo Chamber Attack Breaks AI Models Using Indirect Prompts
A groundbreaking AI jailbreak technique, dubbed the “Echo Chamber Attack,” has been uncovered by researchers at Neural Trust, exposing a critical vulnerability in the safety mechanisms of today’s most advanced large language models (LLMs). Unlike traditional jailbreaks that rely on…
Why work-life balance in cybersecurity must start with executive support
In this Help Net Security interview, Stacy Wallace, CISO at Arizona Department of Revenue, talks about the realities of work-life balance in cybersecurity leadership. She shares how her team handles constant pressure, sets boundaries, and deals with stress. Wallace also…
Notepad++ Vulnerability Allows Full System Takeover — PoC Released
A critical privilege escalation vulnerability (CVE-2025-49144) in Notepad++ v8.8.1 enables attackers to achieve full system control through a supply-chain attack. The flaw exploits the installer’s insecure search path behavior, allowing unprivileged users to escalate privileges to NT AUTHORITY\SYSTEM with minimal user interaction.…
The real story behind cloud repatriation in 2025
In this Help Net Security video, Mark Wilson, Technology and Innovation Director at Node4, shares key insights from the company’s 2025 mid-market report. He explores the surprising trend of cloud repatriation, where 97% of mid-market organizations plan to move some…
Reconmap: Open-source vulnerability assessment, pentesting management platform
Reconmap is an open source tool for vulnerability assessments and penetration testing. It helps security teams plan, carry out, and report on security tests from start to finish. The platform simplifies tasks and makes it easier for teams to work…
Cybersecurity jobs available right now: June 24, 2025
Cyber Security Analyst Ascendion | Singapore | On-site – View job details As a Cyber Security Analyst, you will lead incident response efforts, including forensic analysis, malware mitigation, and DoS attack resolution. Design and implement advanced security architectures with a…
Notepad++ Vulnerability Let Attacker Gain Complete System Control – PoC Released
A severe privilege escalation vulnerability has been discovered in Notepad++ version 8.8.1, potentially exposing millions of users worldwide to complete system compromise. The flaw, designated CVE-2025-49144, allows attackers to gain SYSTEM-level privileges through a technique known as binary planting, with…
China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom
The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber…
ISC Stormcast For Tuesday, June 24th, 2025 https://isc.sans.edu/podcastdetail/9502, (Tue, Jun 24th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, June 24th, 2025…
Bulletproof Security Workflows with Grip’s Jira Integration
See how Grip’s Jira integration automates SaaS security workflows, removes manual gaps, streamlines follow-up, and helps teams stay efficient and ahead of risk. The post Bulletproof Security Workflows with Grip’s Jira Integration appeared first on Security Boulevard. This article has…