OpenAI has officially launched GPT-5.4 mini and GPT-5.4 nano, introducing high-efficiency models optimized for automated workflows, coding subagents, and latency-sensitive deployments. These models are designed to reduce application programming interface (API) overhead while maintaining complex reasoning capabilities, making them highly…
Tag: EN
Critical Telnetd Vulnerability Enables Remote Code Execution Attacks
A critical buffer overflow vulnerability has been discovered in the GNU InetUtils telnetd daemon. Tracked as CVE-2026-32746, the flaw carries a maximum CVSS 3.1 score of 9.8 and allows unauthenticated attackers to execute arbitrary code with root privileges. There is…
ForceMemo Hijacks GitHub Accounts, Backdoors Python Repos
ForceMemo is an active software supply‑chain campaign hijacking GitHub accounts and silently backdooring Python repositories via force‑pushed commits that look legitimate in the web UI. It builds on GlassWorm’s stolen‑token ecosystem and uses the Solana blockchain as a resilient command‑and‑control…
The SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in Mexico
Kaspersky SOC uncovered and analyzed a complex Horabot campaign in Mexico. In this article we share insights into how it is unleashed and how to hunt for this threat. This article has been indexed from Securelist Read the original article:…
Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t Patch
Meta does not plan on fixing the vulnerability because it involves the use of a modified client application. The post Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t Patch appeared first on SecurityWeek. This article has been indexed from…
Druva connects identity data and behavior to restore access after attacks
Druva has revealed Druva Identity Resilience, adding support for Okta and Microsoft Active Directory alongside Microsoft Entra ID. Druva Identity Resilience delivers unified protection, cyber recovery, and threat detection and response in a single SaaS platform, bringing disparate identity providers…
Ofcom Tweaks Rules For Fibre Broadband Rollout
Ofcom to regulate BT Openreach wholesale prices for broader range of speeds, as it seeks to spur fibre rollout to last unconnected households This article has been indexed from Silicon UK Read the original article: Ofcom Tweaks Rules For Fibre…
New ClickFix Scam Tricks Users Into Mapping Hacker-Controlled Drives
A new ClickFix scam tricks Windows users into running hidden commands that map hacker-controlled drives and load malware… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: New ClickFix Scam…
Join Our Next Livestream: The War Machine
On March 26, a panel of WIRED experts will dissect the defense tech industry’s impact on modern warfare. Submit your questions now. This article has been indexed from Security Latest Read the original article: Join Our Next Livestream: The War…
BlackHawk Data introduces CloudSight for continuous security auditing
BlackHawk Data announced the launch of CloudSight, a continuous auditing and monitoring platform designed to help organizations maximize the security, performance, and visibility of their Cloudflare environments. As Cloudflare adoption continues to grow across enterprises, many organizations struggle to maintain…
Blumira enhances EDR and ITDR to speed up threat detection and containment
Blumira has announced the release of expanded endpoint detection and response (EDR) and identity threat detection and response (ITDR) capabilities in its platform. Security teams on Blumira Respond and Automate editions can now contain active threats by isolating compromised endpoints,…
Transparent COM instrumentation for malware analysis
In this article, Cisco Talos presents DispatchLogger, a new open-source tool that delivers high visibility into late-bound IDispatch COM object interactions via transparent proxy interception. This article has been indexed from Cisco Talos Blog Read the original article: Transparent COM instrumentation for malware analysis
From Misconfigured Spring Boot Actuator to SharePoint Exfiltration: How Stolen Credentials Bypass MFA
Not every cloud breach starts with malware or a zero-day. In this incident, attackers discovered an exposed Spring Boot Actuator endpoint, harvested credentials from leaked configuration data, then used the OAuth2 Resource Owner Password Credentials (ROPC) flow to authenticate without…
Why East-West Visibility Matters for Grid Security
Learn how east-west traffic visibility helps detect and stop lateral movement attacks inside electric grid infrastructure and critical OT networks. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Why East-West Visibility Matters…
MPs Query Lloyds Group Over Privacy Breach
Chair of Commons Treasury Committee writes to Lloyds over breach that showed detailed transactions to people other than account holders This article has been indexed from Silicon UK Read the original article: MPs Query Lloyds Group Over Privacy Breach
Iran Cyber Ops Merge With PsyOps and EW Amid Escalating Conflict
A new phase of the Iran war is unfolding in which ballistic missiles, drones, electronic warfare, and cyber operations are being deployed in parallel, with cyber activity increasingly tied to kinetic targeting, damage assessment, and strategic messaging. Iran’s leadership has…
Tracking the Iran War: A Month of Escalation and Regional Impact
Iran war likely prolonged, increasing cyber threats, energy disruption, and instability, with companies in the Middle East facing higher risk. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Iran) This article has been indexed from Security Affairs Read the original article: Tracking the…
Robotic surgery firm Intuitive reports data breach after targeted phishing attack
Intuitive suffered a phishing attack leading to a data breach exposing customer, employee, and corporate information. Intuitive is an American company that designs, manufactures, and sells robotic systems for minimally invasive surgery. Its most well-known products include the da Vinci…
Attackers Abuse Court Documents, GitHub Payloads to Infect Judicial Targets With COVERT RAT
A new wave of targeted attacks is quietly hitting Argentina’s judicial system, using fake court documents to lure legal professionals into installing a dangerous piece of malware. The campaign, formally called Operation Covert Access, deploys a Rust-built Remote Access Trojan…
Boggy Serpens Targets Diplomats and Critical Infrastructure in Multi-Wave Espionage Campaign
A well-resourced Iranian nation-state group known as Boggy Serpens — also tracked as MuddyWater — has sharply escalated its cyberespionage operations, running sustained and targeted campaigns against diplomatic missions, energy companies, maritime operators, and financial institutions. Attributed to Iran’s Ministry…