We analyze two new KimJongRAT stealer variants, combining new research with existing knowledge. One uses a Portable Executable (PE) file and the other PowerShell. The post Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation appeared first on Unit…
Tag: EN
Italy Opens DeepSeek Probe Over False Information
Italy’s consumer and competition regulator opens latest probe into Chinese AI start-up DeepSeek over failure to warn about ‘hallucinations’ This article has been indexed from Silicon UK Read the original article: Italy Opens DeepSeek Probe Over False Information
OpenAI In $200m Pentagon Deal
OpenAI strikes $200m deal to provide AI for combat and enterprise applications as its annualised revenues surge to $10bn This article has been indexed from Silicon UK Read the original article: OpenAI In $200m Pentagon Deal
Critical sslh Vulnerabilities Allow Remote Denial-of-Service Attacks
Security researchers disclosed two critical vulnerabilities in sslh, a widely used protocol multiplexer that enables multiple services—such as SSH, HTTPS, and OpenVPN—to share a single network port. These flaws, tracked as CVE-2025-46807 and CVE-2025-46806, could allow remote attackers to crash…
Water Curse Hacker Group Uses 76 GitHub Accounts to Spread Multistage Malware
A newly identified threat actor known as Water Curse has been linked to a sprawling campaign utilizing at least 76 GitHub accounts to distribute weaponized repositories packed with multistage malware. This financially motivated group leverages the inherent trust in open-source…
Are WAFs Obsolete? Pros, Cons, and What the Future Holds
Web Application Firewalls (WAFs) have long served as the front line of defense for web applications, filtering out malicious traffic and enforcing security policies. But as threats grow more sophisticated and application environments become more dynamic, many are questioning whether…
How Human Behavior Can Strengthen Healthcare Cybersecurity
Few sectors exemplify the enormous value of data as healthcare does. From the relatively mundane, such as digitalizing patient data for streamlined care, to the extraordinary, like the use of AI to revolutionize prostate cancer diagnosis and care, data is…
Hackers Actively Exploiting Zyxel RCE Vulnerability Via UDP Port
A significant spike was observed in exploitation attempts targeting CVE-2023-28771, a critical remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders. The coordinated attack campaign, observed on June 16, 2025, represents a concentrated burst of malicious activity…
Threat Actors Exploits OEM Permissions on Android Devices to Perform Privilege Escalation Attacks
Android users face a sophisticated security threat as malicious actors increasingly leverage legitimate system features to gain unauthorized access to devices. A concerning trend has emerged where attackers exploit Original Equipment Manufacturer (OEM) permissions to perform privilege escalation attacks, creating…
CISA Warns of iOS 0-Click Vulnerability Exploited in the Wild
CISA has added a critical iOS zero-click vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw has been actively exploited by sophisticated mercenary spyware in targeted attacks against journalists. The vulnerability, tracked as CVE-2025-43200, affects multiple Apple…
Malicious Loan App on iOS & Google Play Store Infected 150K+ Users Devices
A malicious loan application masquerading as a legitimate financial service has infected over 150,000 iOS and Android devices before being removed from official app stores. The app, identified as “RapiPlata,” achieved a Top 20 ranking in the finance category on…
Water Curse Hacker Group Weaponized 76 GitHub Accounts to Deliver Multistage Malware
A sophisticated threat actor known as Water Curse has exploited the inherent trust in open-source software by weaponizing at least 76 GitHub accounts to distribute malicious repositories containing multistage malware. The campaign represents a significant supply chain risk, targeting cybersecurity…
Asus Armoury Crate Vulnerability Leads to Full System Compromise
A high-severity authorization bypass vulnerability in Asus Armoury Crate provides attackers with low-level system privileges. The post Asus Armoury Crate Vulnerability Leads to Full System Compromise appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks
Cybersecurity researchers have called attention to a new campaign that’s actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware. “Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in…
Microsoft Promises to Keep European Cloud Data in Europe
Microsoft’s Sovereign Cloud solutions are designed to ensure European cloud data is stored and processed in Europe This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Promises to Keep European Cloud Data in Europe
Dutch Court Upholds Competition Ruling Against Apple
Rotterdam district court upholds 2021 ruling by competition regulator that subjected Apple to 50m euros in fines over App Store rules This article has been indexed from Silicon UK Read the original article: Dutch Court Upholds Competition Ruling Against Apple
OpenAI ‘Considers’ Making Antitrust Allegations Against Microsoft
OpenAI executives reportedly discussed making antitrust accusations against minority owner Microsoft amidst escalating friction This article has been indexed from Silicon UK Read the original article: OpenAI ‘Considers’ Making Antitrust Allegations Against Microsoft
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2023-33538 (CVSS score: 8.8),…
Hackers Exploiting Chrome Zero‑Day Vulnerability in the Wild
A newly discovered zero-day vulnerability in Google Chrome, tracked as CVE-2025-2783, is being actively exploited by hackers in sophisticated cyber-espionage campaigns. Security researchers have observed a surge in targeted attacks leveraging this flaw, with attribution pointing to the advanced persistent…
150K+ Users Affected by Malicious Loan Apps on iOS and Google Play
Over 150,000 users across Google Play and the Apple App Store have fallen victim to a malicious SpyLoan application named “RapiPlata,” which was identified in February 2025 by advanced detection engines. This app, posing as a legitimate financial service primarily…