Infosec News
In today's interconnected digital landscape, cyber security threats are no longer confined to national borders. Malware, phishing attacks, data breaches, and other forms of cyber crime can strike at any moment, anywhere in the world. To help you stay informed and prepared, our curated list aggregates the most important InfoSec news from around the globe. From major breach announcements to emerging trends in cyber security research, this roundup brings you the latest developments that impact your digital security and online privacy. Whether you're a security professional, IT administrator, or just tech-savvy individual, we've got you covered with the insights and intelligence you need to navigate our rapidly changing cyber environment.
The UK Space Agency issues a call for companies to bid on designing and building a spacecraft that can safely dispose of old satellites orbiting Earth. |
 Britain's space agency is seeking a supplier to develop a robotic spacecraft that can remove two defunct satellites from their orbits around the Earth. The UK Space Agency has issued a procurement notice calling for bids to design, manufacture and launch the mission by 2023. The agency wants the spacecraft to be able to safely capture and de-orbit the satellites, which are currently in low Earth orbit. |
A match-fixing mishap mars Wimbledon as AI umpire errors stack up |
 A high-tech snafu has left players and spectators scratching their heads, as Wimbledon's automated line-judging system failed to spot a crucial point in Tuesday’s women's singles match between Anastasia Pavlyuchenkova of Russia and Britain’s Sonay Kartal. The glitch led some observers to question the reliability of the AI-powered system that was introduced this year to assist with officiating at the prestigious tournament. |
Cosmic Candle Catastrophe: Double-Detonation Theory Illuminates Universe's Twinkling Mystery |
 A team of astrophysicists has discovered the first-ever evidence of a supernova that was triggered by a collision between two white dwarfs. This type of event, known as a Type Ia supernova, is believed to be responsible for many bright points of reference in the night sky, which astronomers use to chart our position within the universe. The team's findings provide new insights into these enigmatic cosmic events and could help refine our understanding of how galaxies form and evolve. |
Apple faces a fresh legal hurdle as it seeks to have its €500m fine from the European Commission overturned. |
 European regulators are at odds with tech giants Apple once again, this time slapping them with a hefty 500 million euro (£430m) fine for allegedly failing to comply with antitrust laws. Apple is contesting the charges in court, a move that has left many wondering if they're merely trying to protect their profits or genuinely fighting for what they believe in. The case centres around allegations of restricting competition within their music streaming service by forcing third party apps to direct users back to Apple's own platform when creating playlists. |
CoreWeave Grasps Control of Core Scientific |
 UK's Data Centre Capacity Expands By 1.3 Gigawatts With Cryptocurrency DealCoreWeave has acquired US company Core Scientific for a whopping $9 billion to boost its datacentre capacity by an impressive 1.3 gigawatts. This substantial expansion is primarily aimed at satisfying the ever-growing demand for GPU power from cryptocurrency miners and other high-performance computing applications.This acquisition marks a significant shift in the global market as more companies are looking to invest heavily in infrastructure to meet the increasing requirements of data-intensive sectors such as AI, machine learning, and cloud services. |
'Micro Reactors' to Roll into Idaho - A New Era of Small-Scale Nuclear Power? |
 It seems you're referring to the latest nuclear news. However I must point out that microreactors are not exactly 'hot' and have yet to gain widespread popularity. The US Department of Energy is indeed working on even smaller reactors but it's still early days for these miniature marvels. Small modular reactors were all the rage a while ago but it looks like they're now playing second fiddle to their tiny cousins. |
AI-Beating Scholars Try to Outwit Reviewers with Stealthy Sentences |
 Researchers in various countries are reportedly attempting to manipulate Large Language Models (LLMs) using a new form of cyber attack called 'prompt injection'. This involves crafting carefully designed prompts that can influence the output generated by these artificial intelligence systems. The goal is likely to sway AI-driven reviews, though it remains unclear at this point whether such attacks have yet succeeded. |
Trump's Tech Tax Tussle: Tariffs Set to Spike Prices in August |
 The US has unveiled its latest list of countries to face tariffs. Fourteen nations have been targeted by President Donald Trump in a move aimed at addressing what he sees as unfair trade practices. This includes major tech players China, Japan, India, South Korea and Thailand, along with other significant exporters. The move is designed to pressure these countries into renegotiating free trade agreements, or at the very least make them more open to US exports. |
ZX Spectre Unleashed: Microsoft Dev Conjures Vector Database on Retro Console |
 Microsoft Engineer Runs Retro Code on 35-Year-Old Processor with Stunning ResultsA senior software engineer at Microsoft, Alice Vinogradova, has successfully ported a database she wrote in SAP's ABAP language to the venerable Z80 processor that powered the Sinclair ZX Spectrum computer, which was first released in 1982. This remarkable feat demonstrates that even retro technology can still deliver surprisingly fast performance when used with modern code. |
Firefox Falls Victim to Rogue Executives: A Cautionary Tale of Corporate Governance |
 Mozilla's woes stem from a bloated management team more concerned withdominance than serving users. This self-absorbed layer fails to grasp the essenceof Firefox and its most critical features, prioritising growth over substance.The result is an organisation that has lost touch with what made it great in the first place: user-centric innovation.A leaner, more agile approach is needed for Mozilla to reclaim its former glory. |
Britannia's 5G Blunder: Our Network Performance Puts Us on Par With Eastern European Basket Cases. |
 UK's 5G networks ranked as Europe's slowest by user experienceA report has been released stating that the UK's 5G services are amongst the slowest in Europe. This is based on various performance metrics such as download speed, upload speed, latency and packet loss. User monitoring data indicates poor network performance despite official claims of fast speeds. The results suggest room for improvement in the country's mobile networks. |
US Cybersecurity Firm Fined £250,000 Over Fake AI-generated Litigation |
 Georgia Court of Appeals overturns lower court ruling due to its reliance on non-existent court cases. It appears that the bogus citations were generated by artificial intelligence, highlighting concerns about the misuse of AI in judicial proceedings. This development raises questions regarding the accuracy and reliability of legal decisions made in similar circumstances. The incident underscores the need for vigilance against AI-generated false information in sensitive areas such as law. |
Bungling Post Office Executives Ignored Warnings Over Faulty Fujitsu System |
 The first volume of the inquiry report into the Post Office's Horizon IT scandal highlights how senior staff and suppliers knew or should have known about defects causing errors in the system that led to hundreds of branch workers being wrongly prosecuted. Thirteen are believed to have taken their own lives as a result, most probably due to these errors.The first part of this multi-volume report focuses on human impact of the scandal, which involved Fujitsu and ICL, suppliers to Post Office. The findings will likely prompt calls for greater accountability among those responsible for implementing and overseeing Horizon. |
NASA's Deep Space Dilemma: Trump's Draconian Budget Cuts Spark Fury |
 NASA facing budget axe as US Congress passes President Trump's spending plan.A shake-up for the US space agency is imminent following the approval of President Donald Trump's budget bill by the Senate. Among other measures, the bill includes a proposal to relocate the Space Shuttle fleet, which will likely see NASA reassess its priorities and make significant cuts in order to accommodate this move. |
Legislators Back Repair Rights Bid by Army and Navy |
 In a move seen as a boon for transparency and security, two bipartisan US senators are pushing to make the US Army's right-to-repair policy a mandatory requirement across all military branches.The proposed legislation aims to ban proprietary repairability clauses in military contracts, ensuring that critical equipment can be repaired by third-party vendors. This change is hoped to reduce reliance on single suppliers and enhance cybersecurity through more diverse maintenance options.The senators' move is seen as a response to recent high-profile cyber attacks affecting US military equipment. |
Dorsey’s Decentralised Doodle: A Bluetooth-Based Messaging App Takes Shape |
 Peer-to-Peer Messaging App Unveiled by Serial EntrepreneurJack Dorsey, co-founder of Twitter and CEO of payment service provider Block, has unveiled an open-source messaging application called Bitchat. This innovative app uses peer-to-peer networking over Bluetooth instead of the internet for connectivity. By doing so, it aims to provide a secure and private form of communication, bypassing traditional centralised networks that are potentially vulnerable to hacking and surveillance. |
Chip Manufacturer GlobalFoundries Buys Up CPU Designer MIPS In Latest Industry Shuffle |
 GlobalFoundries' acquisition of MIPS is a significant move that could disrupt the AI semiconductor market. By combining MIPS's innovative RISC-V processor technology with its own manufacturing capabilities, GlobalFoundries aims to create highly efficient and affordable AI chips for emerging applications like edge computing and IoT devices. This strategic partnership may pose a challenge to established players in the market as it leverages open-source architecture, potentially driving down costs and increasing innovation in the field of AI semiconductor design. |
Zillow’s Data Reveals: No Secrets are Safe on the Internet |
 A recent spate of property-related scandals has highlighted the perils of a seemingly innocuous online activity: searching for the addresses of your mates on the internet. For those with high-net-worth pals, this simple act can potentially expose sensitive financial information - and not everyone is pleased about it.Wealthy individuals often go to great lengths to keep their properties private in order to maintain their anonymity and security. The increasing availability of property records online, however, has made it easier for prying eyes to uncover such details. |
2025-07-07 Read more on Wired (www.wired.com) |
Thirteen Wi-Fi Routers to Get You Wired Up: Our Top Picks for 2025 |
 Don't be left lagging behind - get a wired internet connection for a faster and more secure online experience. Our top picks are tried and tested to ensure a stable broadband connection across your entire home, whether you're working from the attic or gaming in the basement. Whether you're on a tight budget or looking to splurge, we've got the perfect wired solution for you - just don't suffer the buffer any longer! |
2025-07-07 Read more on Wired (www.wired.com) |
Title: "Chill Out with These 2025's Finest Window ACs: Staying Cool for a Safer Tomorrow" |
 Wired magazine's latest assessment has revealed that a range of air conditioning units tested by their experts are now safely installed in the windows of homes across the UK. These units have proven to be reliable and effective at keeping houses cool over extended periods, with some being operational for months or even years. The findings suggest consumers should feel confident when purchasing AC units based on these reviews. |
2025-07-07 Read more on Wired (www.wired.com) |
Microsoft, OpenAI, and a US Teachers' Union Unite to Bring AI into Education: A New Era of Learning on the Horizon? |
 The National Academy for AI Instruction, a pioneering initiative, is set to revolutionize teacher training by providing educators with in-depth knowledge on artificial intelligence. This nationwide endeavour aims to bridge the gap between theory and practical application of AI, empowering educators to better integrate technology into their teaching methods. By doing so, it hopes to enhance educational outcomes and prepare students for an increasingly tech-driven world. |
2025-07-08 Read more on Wired (www.wired.com) |
Prime Day Deals: Five Top Cameras to Capture Your Adventures |
 Action Cameras Get Ready For Your Close-Up - Prime Day Deals Ahead Action cameras, the perfect companions for thrill-seeking photographers looking to capture their most daring moments whether it's while surfing or simply strolling around town. But it's not just adrenaline junkies who benefit from these mini marvels – social media enthusiasts will appreciate the high-quality images and video clips that these cameras produce.So, what are you waiting for? Head over to Amazon Prime Day for some fantastic deals on action cameras that will make your photos and videos go from good to great! |
2025-07-08 Read more on Wired (www.wired.com) |
Debunking Deception: A Buyer's Guide to Authenticating Beauty Bargains on Amazon |
 Online beauty shopping has become as wild west as you can imagine, with scams popping up left and right. To avoid getting scammed, be cautious when shopping on unfamiliar websites, always check for HTTPS encryption, and read reviews carefully before making a purchase. Be wary of very cheap prices and ensure the website is actually selling genuine products from reputable manufacturers rather than generic knockoffs. |
2025-07-08 Read more on Wired (www.wired.com) |
Kit Yourself Out: Top 22 MacBook Peripherals to Suit Your Needs |
 The Art of Peripheral Perfection: Elevating Your MacBook Experience with Essential GadgetsAre you looking to unlock your MacBook's full potential? Look no further! We've curated a list of must-have peripherals to transform your laptop into a powerhouse of productivity and creativity. From charging adapters that keep you powered up on the go, to external monitors that provide a bigger canvas for your imagination, we've got everything you need to take your mobile computing game to new heights.So why settle for average when you can have exceptional? Browse our selection of top-notch peripherals today and discover how they can elevate your MacBook experience like never before. |
2025-07-08 Read more on Wired (www.wired.com) |
Prime Sizzle: 5 Must-Have Kitchen Deals from Breville, Ooni and More. |
 Cyber Security NewsAmazon is gearing up for its annual shopping bonanza, Prime Day. As a tech-savvy individual, you can expect to find discounts on various gadgets that could spice up your kitchen experience this summer. WIRED has curated a list of must-haves: an espresso machine that will perk up your morning routine; an air fryer perfect for healthier snacking; and a budget-friendly grinder that will help you create the ideal coffee blend.Whether you're a coffee aficionado or simply looking to upgrade your cooking game, Amazon Prime Day promises to bring you affordable deals on some of these coveted kitchen appliances. |
2025-07-08 Read more on Wired (www.wired.com) |
Beneath the Barbed Wire: Exposing the Desperate Phone Calls from America's Immigration Detention Camps |
 In a grim look at US immigration policy, Wired magazine has published an unsettling exposé detailing distressing 911 calls emanating from the detention centres run by Immigration and Customs Enforcement (ICE). These harrowing audio recordings capture the desperation of migrants facing unimaginable hardships, highlighting systemic failures in healthcare and basic human treatment within the facilities. |
2025-07-08 Read more on Wired (www.wired.com) |
Waymo's New Riders: The Teenagers Take Over Self-Driving Cars |
 Alphabet's Waymo, a leading player in the autonomous vehicle industry, has launched a new service that allows individuals to purchase their own driverless cars. The move is seen as an attempt by Alphabet to tap into the lucrative market for private car ownership and potentially disrupt traditional taxi and ride-hailing services.Waymo claims its self-driving cars will offer users greater convenience and safety on the road, but critics argue that individual accounts may not be as cost-effective or environmentally friendly as shared transportation options. |
2025-07-08 Read more on Wired (www.wired.com) |
Survivalists Beware: New Malware Aims to 'Slay' Unpatched Systems |
 Parvati Shallow, a star of reality TV series Survivor, has penned a new memoir recounting her experiences on the island. In an interview with WIRED, she discussed the impact of social media on her life since leaving the show and how the cast's politics have evolved over time. When asked whose apologies she received after the series concluded, Parvati mentioned that some former contestants reached out to make amends for past behaviour. |
2025-07-08 Read more on Wired (www.wired.com) |
Prime Day Apple Delights - Score Top Offers on iPads, AirPods, and MacBook Marvels. |
 Apple fans rejoice! If you're in the market for a new device, such as an iPhone or MacBook, consider taking advantage of the savings offered during Amazon's Prime Day. Many popular Apple products are discounted by as much as 20%, giving you a chance to snag a great deal on your next purchase.Some standout deals include:* Apple AirPods Pro for £199 (usually £249)* iPhone 14 Plus for £679 (usually £849)* MacBook Air M1 for £799 (usually £999)These discounts are only available to Amazon Prime members, so if you're not already a member, now's the time to sign up. |
2025-07-08 Read more on Wired (www.wired.com) |
Prime Time to Get Fit - The Top Fitness Trackers and Smart Rings on Sale This Amazon Prime Day |
 As the long, lazy days of summer approach, many of us are itching to get fit after months cooped up indoors. If you're looking for ways to track your progress while staying cool, consider investing in a fitness tracker or smart ring like the Oura Ring. These nifty gadgets can help monitor your activity levels, heart rate and even sleep patterns, giving you valuable insights into your lifestyle habits. |
2025-07-08 Read more on Wired (www.wired.com) |
Beauty bargains abound on Amazon's Prime Day - but be wary of fake goods. |
 Amazon's Prime Day beauty deals have gone live, but not all discounts are created equal. After rigorous testing and price tracking, we've uncovered which skincare sets, hair tools, and makeup bundles deliver real value for money.Highlights include the best value eyeshadow palettes at a fraction of their usual price, plus top-rated facial steamers that actually do what they claim. However, some bargains are just duds, so be wary of gimmicky deals on low-quality products.Read our expert verdicts and find out which Prime Day beauty offers will genuinely improve your skincare routine or transform your look without breaking the bank. |
2025-07-09 Read more on Wired (www.wired.com) |
Critical Flaw in Grafana Dashboarding Tool Exposes Systems to Remote Code Exploitation |
 A vulnerability has been identified in Grafana, a widely-used open-source platform for data visualization and analysis. This flaw could allow attackers to execute arbitrary code, potentially leading to malicious plugins being run and user account takeovers. The severity of the impact will depend on an individual's privileges within the system; those with lower rights may be less affected than administrative users. |
2025-06-17 Read more on Center for Internet Security (www.cisecurity.org) |
Proposed title: Britain's Underwater Defence Lacking as Threat of Foreign Cable Sabotage Rises. |
 Cyber security experts warn that China and Russia may be coordinating "grey zone" tactics against vulnerable western infrastructure, citing an increasing number of undersea cable sabotage incidents. A report by the China Strategic Risks Institute (CSRI) suggests that 8 out of 10 identified suspect vessels involved in these cases were linked to either China or Russia. The UK is reportedly unprepared to address this mounting threat. |
The Frightening Truth About Facial Recognition - How to Take Back Control |
 Facial recognition is creeping into our daily lives at an alarming rate - from unlocking smartphones with a glance to identifying culprits in CCTV footage. But it's not just about convenience: many companies are now using the technology without your explicit consent. Know where, when and how to opt out of this pervasive surveillance by checking if you're on facial recognition databases, asking retailers to remove your image, and choosing 'no face' login options on devices. |
2025-06-25 Read more on Malwarebytes Labs (www.malwarebytes.com) |
Jailed but Not Chastened: Cybercrooks Leverage Hacked AI to Boost Their Game |
 Cybercrooks have turned to 'jailbreaking' artificial intelligence (AI) tools to boost their hacking skills, experts warn. By hacking and reprogramming sophisticated AI systems designed for good - like machine learning algorithms meant to detect malware - cyber thieves can create more effective malicious code and more convincing phishing emails.These reprogrammed AI models help the criminals predict and adapt to security measures put in place by IT teams. They are also more likely to evade detection because they mimic legitimate traffic, making it harder for traditional defence systems to pick up on them. |
2025-06-26 Read more on Malwarebytes Labs (www.malwarebytes.com) |
Phishing Scammers Employ Fake DocuSign Email to Trick Unsuspecting Users |
 Innovative Cyber Threat Spreads via Email with Insecure Signature MethodA fresh cyber threat has been discovered, where malicious actors sent invitations for users to sign sensitive documents using DocuSign. The attackers cleverly bypassed security measures by using a surprisingly simple captcha process to verify the identities of potential victims. This vulnerability highlights the importance of maintaining robust cybersecurity standards and vigilance in digital transactions. |
2025-06-27 Read more on Malwarebytes Labs (www.malwarebytes.com) |
Qantas Data Heist Hits Six Million Passengers as Hackers Make Off with Substantial Information |
 Aussie airline Qantas confirms data breach affecting six million punters who booked flights from certain travel agencies. Third-party supplier's database of passenger information compromised in cyber attack, but Qantas assures no sensitive banking details were accessed. Investigation underway to determine full extent of breach and prevent future incidents. Passengers advised to remain vigilant for suspicious activity on their accounts. |
2025-07-02 Read more on Malwarebytes Labs (www.malwarebytes.com) |
Free Certificates for IP Addresses: A Double-Edged Sword in Network Security |
 Let's Encrypt, an open-source certificate authority, is expanding its offerings to include IP address-based certificates. This move aims to improve the overall security of websites by providing free SSL/TLS certificates for any domain, subdomain or IP address. However, this added layer of protection also opens up new possibilities for cybercriminals to exploit vulnerabilities in these newly issued certificates. |
2025-07-07 Read more on Malwarebytes Labs (www.malwarebytes.com) |
Beware: Google's Gemini AI Invades Your Apps - Including Messages |
 Google's plans for its Gemini AI are quite alarming. The company is apparently planning to give this new AI the ability to access all manner of personal data - not just email and search history, but messages from WhatsApp, location information and even utility records. This raises serious privacy concerns. People may feel uneasy about their most private communications being potentially accessed by a third party. It remains to be seen whether consumers will accept such a step for the sake of more efficient searching or not. |
2025-07-08 Read more on Malwarebytes Labs (www.malwarebytes.com) |
FBI Sounds Alarm on Decades-Old Routers as Silent Threat Lurks Within Your Network |
 How often do you update your router? If the answer is never or rarely, then you are not alone - but this lack of care could pose serious risks to your business. Malicious actors have been targeting routers that are no longer supported by manufacturers. These end-of-life (EOL) devices can be compromised and turned into stepping stones for cybercrime. The threat is real and growing, with TheMoon malware being a significant factor in many attacks. |
2025-06-26 Read more on Tripwire (www.tripwire.com) |
Fake receipt detection technology - protecting consumers from fake bills, dodgy merchants and financial scams in the digital era. |
 Cyber threats have evolved with technology, and fake receipt detection is now a growing concern. Digital tools can spot discrepancies between original receipts and forged ones, reducing financial losses for businesses. AI-driven systems detect anomalies in transactions by identifying variations in formatting or unusual patterns that don't match genuine records. This helps companies safeguard their finances from sophisticated scams, but constant innovation means staying one step ahead of fraudsters remains a challenge. |
Escalating Privileges in Linux: A Guide to Leveraging Newly Discovered Sudo Flaws |
 New Sudo Flaws Exposed: A Recipe for Privilege Escalation on Unix/Linux Systems Security researchers have unearthed a pair of critical vulnerabilities in Sudo, a widely used command-line utility that allows users to execute commands with root privileges. The flaws enable local attackers to escalate their access to root level, potentially compromising system security.The exploits target version 1.8 and earlier versions of the software. Users are advised to update to a patched version as soon as possible to prevent privilege escalation attacks. |
A Week of Global Cybersecurity Threats, Ransomware Attacks and Cryptocurrency Hacks |
 A fresh batch of the Security Affairs newsletter has landed, bringing you the most important security stories from around the web.North Korean hackers have been busy spreading a macOS malware called NimDoor, disguising it as fake Zoom updates. Be cautious when clicking on those "update" pop-ups!Two critical bugs in Sudo, a command-line utility for Unix-like operating systems, could give attackers root access to your system. Make sure you're running the latest version.That's all for this week - stay safe out there! |
2025-07-06 Read more on Security Affairs (securityaffairs.com) |
Taiwan Unveils Security Threats in Popular Chinese Apps Following Investigative Findings |
 Taiwan's National Security Bureau has issued a warning about the security risks posed by popular Chinese apps such as TikTok and WeChat. The bureau states that these applications collect too much user data and transfer it to China. This comes after an official inspection revealed that certain Chinese apps, including Weibo and Baidu Cloud, pose significant security threats to users due to their data collection and transmission practices. |
2025-07-07 Read more on Security Affairs (securityaffairs.com) |
Beware the Batavia Menace: New Spyware Targets Russia's Industrial Backbone |
 In a targeted phishing campaign that began in March last year, malicious actors have been sending fake contract emails to Russian organisations as part of an ongoing espionage effort. These fake emails contain links leading to the Batavia spyware, which has been designed specifically to steal internal documents. The campaign, launched in July 2024, marks the latest attempt by cybercriminals to compromise sensitive information within Russian entities. |
2025-07-07 Read more on Security Affairs (securityaffairs.com) |
U.S. Cybersecurity Agency Lists Multiple Flaws in Web Apps as Known Exploit Targets |
 In a move to strengthen cybersecurity in the United States, the U.S. Cybersecurity and Infrastructure Security Agency has added several critical vulnerabilities to its Known Exploited Vulnerabilities catalog. The additions include Multi-Router Looking Glass (MRLG), PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite (ZCS). These flaws were deemed particularly severe due to their potential impact on a wide range of systems and networks. |
2025-07-08 Read more on Security Affairs (securityaffairs.com) |
PUBLOAD and Pubshell Malware Deployed by Mustang Panda Hackers Targeting Tibetan Government Agencies |
 Chinese state-backed hackers have been spotted launching a sophisticated cyber espionage campaign targeting Tibetan communities worldwide. Spear-phishing emails are being sent to individuals using topics such as the 9th World Parliamentarians' Convention on Tibet, China's education policy in the TAR region and a recent book by the Dalai Lama. These attacks highlight Beijing's increasing focus on infiltrating global networks and gathering intelligence on diaspora groups. |
2025-06-27 Read more on The Hackers News (thehackernews.com) |
US Intel Chiefs Sound Alarm on Rampant Iranian State-Sponsored Hacking Threats |
 US cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber attacks from Iranian state-sponsored or affiliated threat actors. The agencies note an increasing activity from hacktivists and government-affiliated Iranians, expecting this to escalate due to recent events. Threats typically target financial institutions and other US companies with spear phishing emails, exploiting vulnerabilities in software and networks, and conducting distributed denial-of-service (DDoS) attacks. |
2025-06-30 Read more on The Hackers News (thehackernews.com) |
Microsoft to Scrap Password Function in Authenticator App Next Year |
 A major shift in Microsoft's security strategy is underway with the announcement that it will be phasing out support for passwords from its Authenticator app starting August 1, 2025. This move aligns with a wider industry trend of moving away from traditional password-based logins and towards more advanced authentication methods.Microsoft claims these changes aim to improve both ease of use and security within its two-factor authentication system. The shift is expected to make autofill capabilities more efficient, creating a smoother experience for users who utilise the Authenticator app's 2FA features. |
2025-07-01 Read more on The Hackers News (thehackernews.com) |
A New Zero Day in the Wild: Google Chrome Gets a Critical Fix |
 Google patches critical zero-day bug in Chrome after exploit spotted in wildA zero-day vulnerability has been identified in Google's popular Chrome web browser, prompting the company to rush out an emergency security update. The flaw, tracked as CVE-2025-6554 and carrying a CVSS (Common Vulnerability Scoring System) rating of N/A, is a type confusion issue affecting the V8 JavaScript and WebAssembly engine. If exploited, it could allow a remote attacker to execute arbitrary code on affected systems. Google has released an update to resolve this issue in versions prior to 138.0.7204.96. |
2025-07-01 Read more on The Hackers News (thehackernews.com) |
A critical vulnerability has been found in Anthropic’s Machine Learning Compiler (MCP) which leaves developer machines at risk of remote exploits. |
 Blight on the AI Front: Critical Vulnerability Found in Anthropic's Model Context Protocol Inspector ProjectCybersecurity experts have unearthed a serious weakness in Anthropic's MCP Inspector, an AI project that could grant malicious actors unfettered access to hosts through remote code execution. The vulnerability, tagged CVE-2025-49596, boasts a CVSS score of 9.4 out of a possible ten, indicating its potentially catastrophic consequences. |
2025-07-01 Read more on The Hackers News (thehackernews.com) |
Vercel's Versatile Vulnerability: How AI Tools Became a Playground for Malicious Scams |
 New cyber menace: Threat actors exploit Vercel's generative AI tool v0 to create convincing fake sign-in pages that fool even the most discerning users. This is a worrying development, showing how threat actors are getting smarter at using artificial intelligence to create phishing sites from simple text prompts. As we move into an era of more sophisticated cyber threats, it's essential for both individuals and businesses to be on high alert for these types of attacks. |
2025-07-02 Read more on The Hackers News (thehackernews.com) |
China's Cyber Sabre-Rattling: Hackers Target France's Networks with Critical Ivanti Flaw Vulnerabilities |
 French Cyber Agency Discloses Widespread Chinese Hacking Campaign The French National Information Systems Security Agency (ANSSI) has announced a significant cyber attack by a Chinese hacking group that exploited zero-day vulnerabilities in Ivanti Cloud Services Appliance devices. Affected sectors include government, telecommunications, media, finance, and transport. The agency reported discovering the campaign at its inception, allowing them to contain it before substantial data was compromised. |
2025-07-03 Read more on The Hackers News (thehackernews.com) |
The Blind Spots in Artificial Intelligence-based Security Operations Centers that Remain Unspoken |
 When evaluating AI-powered Security Operations Centre (SOC) platforms, the sales pitches often promise rapid threat detection, swift remediation, and fewer false alarms. However, scratch beneath the surface and it becomes clear that not all artificial intelligence is created equal. Many solutions rely on pre-trained models that are geared towards a limited number of specific use cases. While this may have sufficed for yesterday's SOC environment, today's reality demands more. Modern security operations teams now confront |
2025-07-03 Read more on The Hackers News (thehackernews.com) |
A Global Crackdown on Rogue Android Apps: The Dark Side of Mobile Advertising and Security Threats. |
 Cyber security firm HUMAN has revealed a major mobile ad fraud operation known as IconAds. The operation consisted of 352 Android apps that were designed to load unwanted ads on users' screens and conceal their icons from home screens, making it more difficult for victims to delete them. The company's Satori Threat Intelligence and Research Team discovered the rogue apps, highlighting another example of mobile malware on the rise. |
2025-07-03 Read more on The Hackers News (thehackernews.com) |
Google Faces $314m Bill for Illegally Harvesting Android Mobile Data |
 Google ordered to pay $314 million over allegations it collected mobile data without users' consent in idle mode. A California court has ruled that the tech giant must cough up for collecting Android users' cellular data when devices were idle. This comes after a class-action lawsuit first lodged back in 2019, which claimed Google's operating system was misusing user information to send passive data. |
2025-07-04 Read more on The Hackers News (thehackernews.com) |
New Botnet Strikes at Unpatched DVRs and Routers, Brings Chaos through DDoS Assaults |
 Cybersecurity sleuths have unearthed a cunning malware campaign targeting vulnerable TBK digital video recorders (DVRs) and Four-Faith routers. Dubbed RondoDox, this malicious endeavour exploits critical security flaws in these devices to ensnare them into a powerful botnet. Specifically, the nefarious actors are leveraging CVE-2024-3721, a medium-severity command injection vulnerability affecting TBK's DVR-4104 and DVR-4216 models, as well as CVE-2024-12856, an operating system flaw in Four-Faith routers. As the number of compromised devices grows, so too does the potential for devastating distributed denial-of-service (DDoS) attacks and data breaches. |
2025-07-08 Read more on The Hackers News (thehackernews.com) |
Hackers Exploit Stolen Shellter Tool Licenses to Distribute New Wave of Malicious Software |
 Threat actors have been caught abusing legitimate security tool Shellter to spread malware after hackers obtained a leaked copy of the red teaming platform. The company behind Shellter revealed that an organisation which recently acquired licences had compromised them, allowing miscreants to turn the software into a stealer. This highlights how even supposedly secure tools can be exploited when left vulnerable to unauthorised access. |
2025-07-08 Read more on The Hackers News (thehackernews.com) |
What Happens When You're Locked Out of the Cloud? |
 Czech researcher makes a compelling argument in his blog post. He highlights the significant strategic risks associated with relying heavily on Microsoft products and services, which could have far-reaching consequences for organisations. While this viewpoint may not sit well with Microsoft's considerable corporate following, it is an important perspective that warrants consideration by business leaders and IT professionals. |
FBI tracks down notorious cybercrooks using Bitcoin trail |
 IntelBroker - a cyber villain with a taste for international data theft. This notorious hacker allegedly breached over 40 computer systems worldwide, resulting in at least $25 million in damages. His real identity revealed as 25-year-old Kai West from Britain, who now faces the music for his dastardly deeds on BreachForums, so here's a pro tip: keep your personal email account well out of reach of hackers like him! |
Grocery Giant's 2.2 Million Customers Left Red-faced After Cyber Heist Hits Tills. |
 Ahold Delhaize faces major embarrassment after a November cyber attack resulted in up to 2.2 million customer records being compromised. Personal finance and health details were amongst those exposed, leaving many shoppers feeling quite miffed indeed. It's worth noting that this type of data breach can have far-reaching consequences for affected customers, so keep an eye out for any suspicious activity on your bank statements and credit scores in the coming weeks. |
Title: 'Scammers Pose as Insurers in Health Data Heist' |
 The US healthcare billing system is a goldmine for cyber criminals who are exploiting its complexity. Patients and healthcare providers are being duped by scammers posing as insurers, tricking them into revealing sensitive data like medical records and bank account details through phishing emails and texts. The FBI warns this is a growing trend that demands vigilance to safeguard against the hackers' cunning tactics. |
Still Paying Up: The Prolific Problem of Ransomware in 2025 |
 Fool's gold: Ransomware still reaps riches as nearly half of victims fork outcash to crooks.Sophos reveals that despite warnings, over 40% of ransomware-stricken individualshave been duped into coughing up the cash demanded by cyber gangs. This madnesscontinues even though paying out does not guarantee any data will be restored.Crooks are no doubt rubbing their hands at this sucker's game.Other security news: crypto wallet flaws; printer vulnerabilities;O365 phishing; and more. |
Canada Takes Action: Banning Chinese Camera Giant Hikvision Amid Security Concerns |
 Canadian Government Told To Ban Hikvision, A Chinese CCTV Vendor. The Canadian Government is taking a strong stance against security concerns. It's instructed a major Chinese CCTV firm, Hikvision, to halt its operations in the country. This move comes as a response to increasing worries over the potential for data breaches and national security risks associated with using equipment from this particular vendor. |
IT Worker's Seven-Month Slap on the Wrist for Network Vandalism |
 Disgruntled IT employee lands lengthy prison sentence for cyber vandalism.In a case that highlights the perils of office grudges, an IT worker from West Yorkshire has been handed a seven-month jail term after unleashing a digital onslaught on his former employer's network following a suspension. The disgruntled individual brought the company to its knees by flooding it with malicious traffic and crippling its operations, earning him a stint behind bars for his cyber vandalism. |
A New Era in Internet Security: Free SSL Certificates Now Issued for IP Addresses by Let’s Encrypt |
 You may not require these, but having them available is convenient nonetheless. Let's Encrypt, a well-known Certificate Authority, has started to issue digital certificates for IP addresses. This means that any IP address can now have its own SSL/TLS certificate, allowing it to be accessed through HTTPS. However, this doesn't necessarily mean you need one; if your web server isn't directly exposed to the internet or is on a local network then an SSL certificate will only serve as a precautionary measure against internal MITM attacks. |
Million Mark Smashed as More Victims Surface in Young Consultancy's Ongoing Data Blunder |
 Insurance software company Young Consulting may face further financial damage due to its ongoing cyber security issues. The firm is believed to have been targeted by a ransomware attack last year which has resulted in over one million individuals' personal data being compromised. This data breach has undoubtedly weighed heavily on the business and it is still facing consequences from this incident, albeit under a different name. |
Windows Defender's False Positives Highlight Vulnerabilities |
 Microsoft's latest Windows 11 Preview 24H2 update has unleashed a fiendish bug that wreaks havoc on the Windows Firewall. The pesky issue arises from an unremarkable snippet of "under development" code, which Microsoft seems to have carelessly left in the wild. As a result, users are warned to be prepared for system crashes and unexplained errors as their precious firewall takes centre stage in this merry dance of mayhem. |
The Phishy Frenzy of .es Domains: A Rise in Spanish-speaking Scammers |
 A rise of malicious activities on Spanish domains demands extra vigilance when logging into Microsoft online services. Experts have noted a substantial spike in cyber attacks originating from websites with a '.es' domain extension, prompting users to double check their login credentials before accessing the site. This increase has made these sites the third most common source of such threats, after .com and .ru domains. |
Is Your Business Password Ecosystem Compliant With Regulations? A Guide to Preparing for Regulatory Scrutiny |
 The Clipboard Warriors Are Marching In: Password Management AlertIn 2025, password security has reached an era where credential theft is but a distant memory. However, old habits die hard and clipboard warriors are on the prowl.These digital marauders still attempt to steal passwords using malicious clipboard-sniffing attacks that can intercept sensitive information from your computer's clipboard. To stay ahead of these archaic tactics, ensure you use strong, unique passwords for each account, avoid sharing them with others, and update your software regularly to patch vulnerabilities.Moreover, consider switching to a password manager - it's the digital shield against credential thieves. |
Cloud-First Cyber Defence: Why Cloud-Native Security is Crucial for Resilience in Modern IT |
 Modern cyber threats necessitate robust, cloud-native defences as outdated architectures struggle to cope with evolving risks.Organisations are investing heavily in cyber resilience tools, training and processes to counter increasingly sophisticated attacks. However, many IT and security teams remain hamstrung by legacy technology infrastructure designed for 2015's challenges rather than today's reality.This is a major issue since organisations will only be able to respond effectively if they adopt modern, cloud-based defences that are capable of keeping pace with rapidly changing threats. Anything else will leave them woefully exposed to cyber attacks. |
Millions Fall Prey to Pervasive Browser Hijacker: An Insight into a Widespread Attack on Google Chrome and Microsoft Edge Users. |
 Firefox and Chrome Extension with Google Verified Badge Hijacks Browsers and Tracks User ActivityA Chrome and Edge extension boasting over 100,000 downloads and displaying the Google verified badge is not as innocuous as it appears. It actually performs its intended function of providing a color picker tool but also surreptitiously hijacks every browser session, monitors user activity across websites, and opens backdoors into victim browsers. The malicious actions were discovered by researchers at Koi Security. |
Microsoft kick-starts 2025 with a bang, dodging exploit attacks on day one |
 Microsoft's latest Patch Tuesday has seen a welcome respite from the norm,with 130 fixes dispatched to mend various vulnerabilities. It is arare occurrence for Microsoft's monthly bundle of patches not to containany security issues which have already been exploited in attacks, thoughone such flaw has recently made its public debut. Ten critical bugs arealso present among this month's patches, underscoring the importanceof keeping your software up-to-date as we head into a new season. |
Canva's Unorthodox Job Interview Approach: The Power and Pitfalls of AI-Assisted Recruitment |
 Software firm Canva is warning would-be employees that if they're not proficient in modern coding tools, their applications will be rejected. The Australian company has announced it will no longer consider candidates who are unable to work with artificial intelligence (AI) coding assistants.Canva's decision reflects the changing landscape of software development and the growing importance of AI-powered tools within the sector. With more companies relying on automation technology to streamline processes, being proficient in these tools is now a key requirement for potential hires. |
AI coding tools are the chums who lend you a helping hand but might stab you in the back at any moment. |
 Developers have mixed feelings about AI coding tools - while appreciating productivity gains, they often question their accuracy. A new study highlights the uneven distribution of benefits among developers using these robo-coding tools. Some see improved efficiency and reduced errors, while others struggle with unreliable outputs. This finding reveals a nuanced view of AI in software development, where the advantages are undeniable but trust remains an issue. |
Amazon Reboots Nuclear Power Plan to Outmaneuver Disgruntled Regulators |
 Amazon and Talen Energy have revised their contract regarding the supply of electricity from an adjacent nuclear power plant in Pennsylvania. The initial arrangement sparked concerns with regulators due to its 'front-of-the-meter' delivery method, which meant Amazon would receive direct power without passing it through the main grid first. This has now been altered to comply with regulatory requirements. |
Private Spaceflight Delayed by Rocket Leaks, Launch Postponed Indefinitely |
 Astronauts Face Setback on Journey to ISS Due to Technical GlitchesPrivate spaceflight mission Axiom-4 has hit a snag as it attempts to reach the International Space Station. The journey is being hampered by an unexpected liquid oxygen leak in the Falcon 9's first stage rocket.This isn't the only hurdle; weather conditions also pose a challenge, further complicating the mission.These setbacks have caused a delay for the astronauts on board the spacecraft. |
AMD Preparing To Take On NVIDIA With Helios: The Battle For Data Center Supremacy Intensifies |
 AMD reveals massive datacentre GPU with record-breaking performance The behemoth system, showcased at a San Jose tech conference, sports an impressive 72 AMD MI400 GPUs and a whopping 260 terabytes per second (TBps) of UALink bandwidth. With the ability to perform over 2.9 exaFLOPS of FP4 calculations per second, this behemoth is poised to revolutionise the world of high-performance computing. As part of its MI400-series, AMD aims for these rack-scale architectures to be at the forefront of its offerings in 2026. |
Cloud Outage Strikes Google's Web Empire, Bringing Down Cloudflare and Many Other Sites |
 Google's cloud services suffered a major outage on Thursday, causing issues for not just the search giant itself, but also popular CDN provider Cloudflare. While Big G initially said the problem had been rectified, it acknowledged that many users were still experiencing difficulties. The cause of the downtime is yet to be confirmed, but it's clear that some customers are still reeling from the impact. |
US Defence Chiefs Told To Wipe Their Fingerprints Off The Keyboard After Latest IT Security Failures |
 The US Department of Defence is facing criticism after another damning audit by government watchdogs found its IT systems remain woefully inadequate, despite repeated calls for improvement over the past five years. The report highlights ongoing issues with procurement processes, cybersecurity risks and ineffective management of resources. This failure to implement necessary reforms casts doubt on the Pentagon's ability to effectively oversee a multibillion-dollar budget and protect sensitive information in an era of increasing cyber threats. |
Apple's latest innovation lets you stream videos on the move, but can it keep you safe from cyber threats? |
 The latest update to Apple's CarPlay in iOS 26 allows users to watch videos in their cars while the vehicle is stationary. This feature was previously limited to music and podcasts but now extends to video streaming for drivers who have pulled over. The change aims to enhance entertainment options when driving, although it remains to be seen whether this will lead to a decrease in road safety or not. |
Fusion Fiasco: Britain Dumps £2.5 Billion on a Boondoggle That's Already Cost Millions |
 The UK government continues to funnel cash into STEP, a proposed nuclear fusion facility with no clear milestones achieved. Despite receiving a whopping £220 million in 2022 and another £2.5 billion in funding, progress on this project remains shrouded in mystery. As it stands, the public still has little idea what tangible advancements have been made or when – if ever – we might see results from this multi-billion-pound endeavour. The lack of transparency surrounding STEP's progress raises questions about its viability and accountability to taxpayers. |
Fad Fizzles: How Vibe Coding is being Replaced by the New Kid on the Block - Vine Coding |
 It seems like the topic of AI has struck a chord with readers. With more frequent mentions of it in the news and media, the debate over its impact on society rages on. While some see it as a force for good, bringing about efficiency and innovation, others are concerned about its potential consequences. As our reliance on technology grows, so does the importance of discussing AI's effects on our lives. |
Barclays' IT system crashes on Friday the 13th, leaving corporate customers high and dry |
 Blackout Hits Barclays iPortal Platform - Unplanned Maintenance Sparks SuperstitionBarclays Bank's iPortal platform has been affected by technical issues on Friday 13th June. The incident sparked widespread speculation about a possible curse, given the coincidence with the supposedly unlucky day. However, no scheduled maintenance was announced prior to the outage, suggesting an unexpected cause rather than intentional action. Barclays is working to resolve the problem and normal services are expected to be restored soon. |
Enterprise AI Adoption Slows as Cloud Customers Baulk at Inferencing Expenses |
 Cloud companies are adding more features that can help predict and manage the costs associated with deploying artificial intelligence. These include tools like cost estimation, budget alerts and optimization recommendations. However, these measures may not be enough to allay concerns about excessive charges for cloud-based AI services. Companies will need to find a balance between using these tools and managing their own forecasting processes if they want to effectively deploy AI while keeping costs under control. |
The Browsing Game - Cybersecurity Experts Question Privacy Implications of Novel Matchmaking Technique |
 Browser Dating's New Feature Raises Privacy ConcernsA new dating website has sparked controversy with its use of artificial intelligence to analyse users' browsing history. The site takes the last 5000 internet searches for each user and generates a "browsing personality profile". This raises concerns about online privacy, as it may disclose personal information without consent.The feature is designed to help match users based on their interests and preferences. However, critics argue that it breaches users' trust by revealing their browsing habits. |
2025-06-11 Read more on Wired (www.wired.com) |
Sizzling Success or Sizzling Disappointment? A Scorching Honest Review of the Blackstone Griddle Air Fryer Combo |
 Cyber Security News Network - The latest Blackstone griddle has got everyone talking with its new addition of air-fried potatoes and corn on the cob. This may seem like an unusual feature, but it's certainly a tasty one that will make BBQ gatherings even more enjoyable. The air frying function uses hot oil to cook food quickly and evenly, resulting in crispy perfection every time. Whether you're a fan of spicy or sweet potatoes, this new griddle has got you covered. So why not get ready for the ultimate summer grill out experience with the Blackstone air-fryer? |
2025-06-11 Read more on Wired (www.wired.com) |
Here is a rewritten version of the title with a cyber security twist:"Securing Your Summer Style: The Top-Rated Cyber-Resilient Merino Wool T-Shirts (2025) - Put to the Test" |
 A bold claim for a product that's supposed to be so durable it'll never need replacing. The company behind them, Icebreaker, says their merino wool shirts can withstand daily wear without fraying or pilling after over 300 washes. That's longer than many of us have had the same job, let alone worn the same shirt.The technology used to make these super-durable tops is called 'merino wool'. It's a type of wool that comes from Merino sheep and is prized for its softness and breathability. But it's also pretty resistant to wear and tear - which is what makes them so long-lasting. |
2025-06-12 Read more on Wired (www.wired.com) |
Congress Expects Clarity on Genetic Data Security as 23andMe Prepares to Change Hands Again |
 House Democrats Urge Buyers of Genetic Testing Firm to Safeguard Customer DataUS Democrats have written to the prospective owners of gene-testing company 23andMe, demanding to know how they will safeguard customer DNA information if they successfully acquire it.The letters, sent by Democrat lawmakers on the House Energy and Commerce Committee, expressed concern about the security risks associated with transferring ownership of a firm that holds the sensitive data of millions of people who have undergone genetic testing through 23andMe. |
2025-06-12 Read more on Wired (www.wired.com) |
A Streaming Delight: The Crème de la Crème of Max |
 Max users are spoilt for choice this month with an eclectic mix of films to enjoy. Mountainhead, directed by PJ Starks, tells the story of a journalist investigating a mysterious disappearance in Antarctica.Babygirl, from writer and director Justin Benson and Aaron Moorhead, is a tense thriller about a woman being stalked through New York City.The Brutalist, directed by John Trengove, follows an architect trying to rebuild his life after a tragedy. |
2025-06-12 Read more on Wired (www.wired.com) |
Shopping Spree Alert: Get Ready to Save 15% at Wayfair with Exclusive Discount Codes |
 Cyber Security News Network: Exclusive Offer Alert!Wayfair is firing on all cylinders this month! Not only will you snag a fantastic 10% off your purchase with a promo code, but the retailer's throwing in an extra 15% off for good measure. If that's not enough, patio furniture lovers can rejoice - 60% off select items means you'll be lounging like royalty without breaking the bank! And let's not forget more coupons galore this June. It's the perfect time to treat yourself or snag a birthday gift (or two!) without compromising your wallet. |
2025-06-13 Read more on Wired (www.wired.com) |
Chill Out: Can You Trust Social Media's Hottest New Cooling Trends? |
 The science behind cooling blankets is fascinating - although any old blanket will provide some respite from heat for a short time, only specially designed phase-change materials can keep you chilled over longer periods. These innovative blankets contain special particles that absorb and release heat slowly as your body temperature fluctuates, providing continuous relief without overheating or getting too cold. Perfect for hot summer nights or even as part of disaster preparedness kits. |
2025-06-13 Read more on Wired (www.wired.com) |
Teenage Technology Treats - 32 Must-Have Gadget Gift Ideas |
 Teenagers are notoriously tricky to buy gifts for, but you don't need to panic! Here's a list of teen-friendly presents that even the most hard-to-impress youngster will appreciate:1. Gift vouchers: Who doesn't love getting something they can use on anything?2. Tech gadgets: The latest smartphones and gaming consoles never fail to impress.3. Experiences: Treat them to tickets to their favourite band or a day out at an escape room.4. Subscription services: A Netflix subscription is always welcome.5. Personalised gifts: Get a customised phone case or mug that's just for them.With these ideas, you'll be the coolest parent on the block! |
2025-06-13 Read more on Wired (www.wired.com) |
US Customs and Border Protection Drones Invade Los Angeles Skies with Potential Ramifications. |
 A chilling escalation, this is indeed a worrying trend that suggests an increasing militarisation of law enforcement in the United States. With Predator B drones now patrolling Los Angeles skies, the line between military and civilian jurisdiction is growing ever thinner. This shift raises fundamental questions about privacy and civil liberties, as well as the potential for abuse of power. The implications are far-reaching and concerning; one can only hope that a more measured approach will be adopted to balance security with individual freedoms. |
2025-06-13 Read more on Wired (www.wired.com) |
Tech-Savvy Protestors Foil Government Surveillance with Low-Tech Tools |
 Military Intelligence Keeping Tabs on Homemade ICE Detention Tracking ToolsReports have emerged that army intelligence analysts are closely watching homemade software tracking the whereabouts of Immigration and Customs Enforcement (ICE) detention centres. This move comes amid mounting anti-ICE protests across America. The trackers allow users to locate facilities holding detainees, often revealing information not publicly disclosed by authorities. |
2025-06-13 Read more on Wired (www.wired.com) |
Adobe Software Holes Uncovered: Patch Now to Avoid Malware Mayhem |
 Adobe's array of products has been left vulnerable to multiple security flaws, with the most critical potentially allowing arbitrary code execution. The affected Adobe offerings include Commerce, Experience Manager Forms, ColdFusion, After Effects, Media Encoder, Bridge, Premiere Pro, Photoshop, Animate, Experience Manager Screens, FrameMaker, and XMP Toolkit SDK. Successful exploitation of these vulnerabilities could lead to significant security breaches, including the installation of programmes, alteration or deletion of data, and creation of new user accounts with full rights. |
2025-04-08 Read more on Center for Internet Security (www.cisecurity.org) |
Mozilla Security Flaws Put Users at Risk: Exploiting Weaknesses in Popular Browsers and Software. |
 Multiple vulnerabilities have been uncovered in Mozilla products, the most serious of which potentially allows attackers to run arbitrary code. These flaws impact Firefox and Thunderbird across both standard and ESR versions, with critical implications for system security. Successful exploitation could allow malicious actors to install programmes, view, modify or delete data, create new user accounts, or conduct other actions based on their level of user privilege. |
2025-04-29 Read more on Center for Internet Security (www.cisecurity.org) |
Multiple Flaws in Adobe Apps Expose Users to Malicious Code Injection |
 Adobe patches critical flaws in software suite. A series of vulnerabilities has been identified in Adobe products, the most serious of which could allow arbitrary code execution if exploited successfully. Successful exploitation allows an attacker to install programs or access, modify, delete data and create new accounts based on system permissions. Those with fewer privileges will be less impacted than those with admin rights. |
2025-05-14 Read more on Center for Internet Security (www.cisecurity.org) |
Title proposal: 'Multiple Flaws in Ivanti Endpoint Manager Mobile Software Expose Systems to Distant Code Execution' |
 Cybersecurity researchers have uncovered several vulnerabilities in Ivanti Endpoint Manager Mobile software. The most critical flaw allows attackers to execute malicious code remotely and potentially gain privileged access to systems if exploited. This issue highlights the importance of keeping endpoint security up-to-date across all devices. Organizations should promptly address these weaknesses to protect their mobile endpoints from potential threats. |
2025-05-15 Read more on Center for Internet Security (www.cisecurity.org) |
Title Proposal: "Critical Flaws Found in Google Chrome, Potentially Exposing Users to Malicious Code" |
 Severe Flaws Found in Google Chrome Browser Multiple critical vulnerabilities discovered in Google's Chrome browser, one of which could permit arbitrary code execution for logged-on users. Successful exploitation by an attacker may allow them to install programs, view, change or delete data, and create new accounts with full user rights if the affected user has administrative privileges on their system. |
2025-06-03 Read more on Center for Internet Security (www.cisecurity.org) |
Firefox Fiasco: Multiple Flaws Leave Browser Vulnerable to Malicious Exploitation |
 Mozilla Firefox has been hit by multiple critical vulnerabilities, including one that enables arbitrary code execution. If exploited successfully, this flaw could allow hackers to install programs, manipulate data and even create new user accounts with administrator privileges. The severity of the impact depends on the level of user rights; users with limited privileges would be less affected than those who run with admin permissions. |
2025-06-10 Read more on Center for Internet Security (www.cisecurity.org) |
Microsoft's Latest Patch Tuesday - Don't Get Caught Out |
 Microsoft Under Siege: Multiple Vulnerabilities Leave Products ExposedA spate of serious vulnerabilities has been unearthed in Microsoft products, posing a significant threat to users. The most severe flaw enables remote code execution, allowing an attacker to install programmes, modify or delete data, and even create new accounts with administrator privileges. Users operating under lower system rights may be less affected than those with admin credentials. |
2025-06-10 Read more on Center for Internet Security (www.cisecurity.org) |
Are Electric Cars a Magnet for Cyber Spies? |
 Chinese-made EVs pose a new frontier in cyber espionage: Defence firms warn staff off pairing mobiles with cars. British defence companies working for the UK government have cautioned employees against linking their phones to Chinese-built electric vehicles, fearing China could hack and steal sensitive information. The warning comes amid growing concerns about the potential for hackers to extract data from connected cars. |
AsyncRAT Malware Spreads via Phishing Campaign Targeting Travellers to Fake Booking.com Sites |
 Cyber thieves are sharpening their claws ahead of the festive period, as a wave of AsyncRAT malware is set to sweep across the globe. This insidious strain is designed to siphon sensitive data from unsuspecting victims and wreak havoc on digital systems. As cybercrime gangs ramp up their activities in anticipation of heightened online activity during the holiday season, businesses and consumers must remain vigilant to avoid becoming a target. |
2025-06-02 Read more on Malwarebytes Labs (www.malwarebytes.com) |
Malwarebytes Scam Guard - A Constant Adaptation to Evolving Cyber Threats |
 Scammers have stepped up their game and Malwarebytes is stepping in with a fresh tool to stop them. Introducing ScamGuard, a cutting-edge system designed to thwart the latest scams that are leaving users vulnerable. With new threats emerging all the time, ScamGuard will be a vital addition to your online armoury. Stay one step ahead of the scammers and protect yourself from financial losses with Malwarebytes' latest innovation - ScamGuard. |
2025-06-03 Read more on Malwarebytes Labs (www.malwarebytes.com) |
Chrome Users Advised to Update Following Urgent Patch for Highly Exploited Flaw |
 Google Chrome users are advised to update their browser immediately, as a recent patch addresses three critical security vulnerabilities. The most pressing issue is an actively exploited zero-day flaw in the browser's V8 JavaScript engine. This bug enables remote code execution attacks when processing maliciously crafted web pages.In addition to this, the update also fixes two other security flaws: one in the Skia graphics library and another related to out-of-bounds memory access in the media framework. |
2025-06-04 Read more on Malwarebytes Labs (www.malwarebytes.com) |
Ransomware Masquerading as AI and Business Software: The Emerging Threat |
 Malicious malware posing as popular software is on the rise, cyber security experts warn. Fake installers for programmes like Chat GPT, Nova Leads, and InVideo AI have been discovered containing ransomware. These impostors can encrypt data and demand payments from unsuspecting victims in exchange for access restoration. Users are advised to be cautious when downloading applications and only use official sources to avoid falling prey to such cyber threats. |
2025-06-05 Read more on Malwarebytes Labs (www.malwarebytes.com) |
OpenAI Fights Back Against Data Requests, Refuses To Release Chats With ChatGPT |
 OpenAI, the company behind popular chatbot ChatGPT, faces a legal battle with The New York Times and several other major news outlets. A US court order requires the firm to preserve chat records of users who interacted with the AI platform, as part of an ongoing lawsuit over copyright infringement claims.The suit alleges that the algorithm used by ChatGPT to generate human-like responses infringes on copyrighted material. OpenAI must now retain all chat logs and user data from July 2022 onwards. |
2025-06-06 Read more on Malwarebytes Labs (www.malwarebytes.com) |
Title: Don't Get Duped: Your Guide to Reporting Online Scams and Keeping Safe on the Internet |
 Online scammers are rife, with hundreds of thousands of people falling victim every year. Reporting such crimes is crucial in stopping them in their tracks. Here's a list of organisations you can turn to if you've been fleeced:* Action Fraud: The UK's national fraud reporting centre* Scamwise: Part of the Action Fraud website, offering advice and information on scams* Consumer Protection Scotland (CPS): Reporting cybercrime in Scotland* National Trading Standards: For complaints about businesses and trading practices |
2025-06-09 Read more on Malwarebytes Labs (www.malwarebytes.com) |
Google's Phone Number Fiasco Exposed: A Vulnerability of Epic Proportions |
 Google has patched a serious flaw in its account recovery system, which could have enabled hackers to identify and target users by linking their telephone numbers. This vulnerability was discovered by security researchers at the cybersecurity firm Imperva. The bug allowed cyber criminals to exploit publicly available data on phone number ownership, effectively giving them a key to access Google accounts protected with two-factor authentication. |
2025-06-10 Read more on Malwarebytes Labs (www.malwarebytes.com) |
Meta's Chats Exposed: The Unintended Consequences of Open-Ended Conversations |
 Meta's AI chat system seems to have a knack for unwittingly broadcasting users' private discussions to all who can see. It appears that the AI is not doing enough to anonymise users' chats, leaving their deepest and most intimate secrets open for all to behold. This raises serious concerns about user privacy and the need for Meta to take action to rectify the issue before more sensitive information falls into the wrong hands. |
2025-06-13 Read more on Malwarebytes Labs (www.malwarebytes.com) |
Rising Threats on Indian Shores: A Deep Dive into the Surge of Cyber Attacks |
 India witnessed an alarming rise in cyberattacks over the last year with over 369 million malware events detected between October 2023 and September 2024 at a rate of around 702 potential threats per minute on average. The threat landscape has become increasingly sophisticated as attackers exploit vulnerabilities with ease. Ransomware attacks are dominating headlines, but the true extent of the problem lies in its widespread nature, reflecting a more ingrained issue in Indian cybersecurity. |
2025-06-03 Read more on Tripwire (www.tripwire.com) |
Cybersecurity Enhanced: The Key Features of Tripwire Enterprise 9.3 |
 Protecting your organisation from cyber threats and meeting compliance requirements has just become even easier thanks to Tripwire Enterprise 9.3's latest enhancements. This release includes IPv6 support, making it fully compatible with IPv6-only environments which is essential for US Federal agencies adhering to OMB Memorandum M-21-07 and organisations following NIST SP 800-119 guidelines. The update also features expanded Axon 3.31 IPv6-only support and compatibility with Red Hat Enterprise Linux 9.5. |
2025-06-12 Read more on Tripwire (www.tripwire.com) |
Oracle Cloud Breach Exposed, Company Shields Details to Protect Customer Trust |
 Oracle's Gen 1 cloud platform has been breached, but the company is keeping quiet about it. The attack impacts legacy customers who use Oracle Cloud Classic. This breach was likely due to a lack of security updates and upgrades, leaving older systems vulnerable to known exploits. Although Oracle claims no sensitive data has been stolen, customers are right to be worried about the lack of transparency on this issue. |
The Flawed Faith in Helm Charts: Uncovering the Vulnerability that Puts Your Cloud at Risk |
 A new report from Microsoft's cloud security team, Microsoft Defender for Cloud, has revealed that organisations using Kubernetes application deployment tool Helm are potentially leaving themselves vulnerable to security breaches. According to the report, helm install commands can deploy a fully functioning stack in seconds which could have serious consequences if the charts being installed contain vulnerabilities. This has led some security experts to warn against blindly trusting helm charts, suggesting users should regularly update and validate them before use. |
Title: "Dark Web Data Dump Exposes 7.4 Million Paraguayan Citizens to Identity Theft" |
 Dark Web Discovery: 7.4 Million Paraguayan Records ExposedCybersecurity researchers at Resecurity have uncovered a staggering 7.4 million records containing personally identifiable information of Paraguayan citizens on the dark web. This massive data breach occurred after cybercriminals offered comprehensive personal information on all Paraguayan citizens for sale, demanding an astonishing $7.4 million in cryptocurrency. |
2025-06-13 Read more on Security Affairs (securityaffairs.com) |
Title: Open-source Software Scourge Continues as Malicious Packages Infiltrate Major Repositories |
 Several malicious packages have been discovered on npm, Python, and Ruby package repositories. These rogue packages are capable of draining cryptocurrency funds, deleting entire codebases, and stealing Telegram API tokens, showcasing the wide range of supply chain threats lurking in open-source ecosystems. According to reports from security firm Checkmarx, users should exercise caution when installing software from these sources. |
2025-06-04 Read more on The Hackers News (thehackernews.com) |
The Dark Web of Data Leaks: How SaaS Vendors Leave Users Exposed |
 Data leakage prevention (DLP) tools are struggling to keep up with how businesses use software-as-a-service applications like Google Workspace, Salesforce and Slack. These platforms have transformed how we handle sensitive information, making DLP's file-based approach outdated. Traditional DLP often focuses on detecting files moving across networks but in modern SaaS environments, data is shared more fluidly within cloud services. |
2025-06-04 Read more on The Hackers News (thehackernews.com) |
Cloud Security Holes in Cisco ISE Expose Enterprises to Widespread Threats Across AWS, Azure, and Oracle |
 Critical Cisco ISE Flaw Fixed: Unauthenticated Attackers Could Have Ridden Roughshod Cisco's Identity Services Engine (ISE) has had a critical security patch released to plug a gaping hole that could have allowed unverified baddies to wreak havoc on vulnerable systems. The flaw, tracked as CVE-2025-20286 and rated a whacking 9.9 out of 10 in terms of its potential for causing harm, is a type of static credential vulnerability. |
2025-06-05 Read more on The Hackers News (thehackernews.com) |
A Perilous Path: The Rising Popularity of Advanced Evasion Techniques Among Modern Cyber Threat Actors |
 Cybersecurity involves wearing multiple hats: good guy tech sleuth and rogue Dark Web hacker. Experts must delve into cutting-edge technologies while also getting inside the mind of attackers. Traditional security teams are no longer enough; they need to think like the enemy. Enter AEV (Adversarial Exposure Validation), a state-of-the-art approach that combines technical policy-making with attacker profiling, ensuring security professionals stay one step ahead of cyber threats. |
2025-06-06 Read more on The Hackers News (thehackernews.com) |
Empowering Users to Safeguard against AI-Driven Cyber Threats in an Age of Exponential Data Growth |
 The advent of widely available generative AI tools in late 2022 sent ripples throughout the workforce as employees across industries seized upon its potential to enhance productivity, simplify communication, and expedite work processes. Much like past waves of consumer-driven IT innovations such as file sharing, cloud storage, and collaboration platforms, generative AI made its mark, ushering in a new era of streamlined operations and digital efficiency. |
2025-06-06 Read more on The Hackers News (thehackernews.com) |
Cyber Menace Spreads: Hundreds Affected by Malicious Browser Add-Ons in Latin America |
 A new cyber campaign targeting Brazilian internet users has been uncovered by cybersecurity researchers. Since January 2025, malicious extensions for Chromium-based web browsers have been spreading through phishing emails, designed to steal user authentication data. Some of these emails originated from compromised company servers, increasing the likelihood of successful attacks on unsuspecting victims. |
2025-06-08 Read more on The Hackers News (thehackernews.com) |
Wazuh Under Siege: Two Rogue Bots Unleash Mirai Mayhem on Vulnerable Servers |
 A nasty patch of trouble for Wazur Server users: a recently fixed critical security flaw is now being exploited by nefarious actors to unleash two Mirai botnet variants, which are then used to unleash DDoS attacks. Akamai first spotted these malicious activities in late March 2025 and revealed the vulnerable CVE-2025-24016 (CVSS score: 9.9) - an unsafe deserialization vulnerability that was left unchecked. |
2025-06-09 Read more on The Hackers News (thehackernews.com) |
Chinese State-Sponsored Hackers Cast a Widespread Net: 73 Targets Across Diverse Industries Fall Prey to Cyber Attacks |
 US Cybersecurity Firm Sentinal One Hit by Sophisticated Hackers Sentinal One, a US based cybersecurity company, was targeted in a sophisticated hacking campaign. The attack was part of a series of similar incidents between July 2024 and March 2025. The firm's security experts have identified a South Asian government entity, a European media outlet, and over 70 companies across various sectors as targets. |
2025-06-09 Read more on The Hackers News (thehackernews.com) |
CISA Tackles Critical Security Threats with Addition of Erlang SSH and Roundcube Flaws |
 US Cybersecurity Agency Flags Two High-Risk Flaws Impacting Erlang and Roundcube Services The United States' Cybersecurity and Infrastructure Security Agency has added two critical security vulnerabilities to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. The flaws in question impact Erlang/Open Telecom Platform SSH and Roundcube services, with one carrying a CVSS score of 10.0, indicating the highest severity level. These updates are aimed at raising awareness among system administrators about the need for prompt action to mitigate potential risks. |
2025-06-10 Read more on The Hackers News (thehackernews.com) |
Russian Enterprises Under Canine Attack: Rarely Seen Wolf Pack Targets Scores with Legit Apps |
 Rare Werewolf hackers have been linked to cyber attacks on Russia and CIS nations, favouring use of legitimate software over custom malware in their campaigns. This highlights the evolving nature of modern cyber threats, where attackers increasingly exploit existing tools for nefarious purposes rather than developing their own malicious code. The rise of this approach underscores the need for vigilant security practices across the region. |
2025-06-10 Read more on The Hackers News (thehackernews.com) |
Google Vulnerability Revealed: Expert Discovers Means to Expose Phone Numbers Associated with Accounts |
 Google has plugged a significant security hole that could have allowed hackers to guess phone numbers for account recovery and potentially breach user privacy. The flaw was unearthed by Singaporean researcher "brutecat" and stems from a weakness in Google's account recovery feature. To exploit the vulnerability, however, multiple moving parts had to be put in place, limiting its potential impact. Nonetheless, the issue has been resolved, ensuring users' accounts remain more secure. |
2025-06-10 Read more on The Hackers News (thehackernews.com) |
New Rust-Infused Menace Spreads Via Deceptive Gaming Platforms Targeting Chrome and Firefox Enthusiasts |
 Researchers from Trellix have uncovered a previously unknown malware called Myth Stealer which spreads via gaming websites. The malicious Rust-based info-stealer displays fake windows while secretly running dodgy code in the background. It snatches user data for profit and wreaks havoc on PCs, prompting users to take precautions against fraudulent sites and keep their systems up to date with security patches. |
2025-06-10 Read more on The Hackers News (thehackernews.com) |
DNS Shield: The Unsung Hero of Cyber Defences |
 The oft-overlooked yet vital bastion of internet security: the Domain Name System or DNS. Often overlooked in favour of firewalls and antivirus software, this critical component is becoming an increasingly popular target for hackers. As the entry point for nearly all online interactions, an unsecured DNS can be a single point of failure for even the most robust network defence systems. It's time to give it the attention it so rightly deserves. |
2025-06-11 Read more on The Hackers News (thehackernews.com) |
Microsoft 365 Users Caught Off Guard by Zero-Click AI Security Flaw |
 EchoLeak: A Sneaky AI Vulnerability in Microsoft 365 Copilot Exposes Sensitive Data A zero-click AI vulnerability, known as EchoLeak, has been identified in Microsoft's 365 Copilot service, allowing attackers to steal sensitive data without any user interaction. With a CVSS score of 9.3 out of 10, this high-risk flaw has been assigned the identifier CVE-2025-32711 and does not require any action from customers to exploit it. |
2025-06-12 Read more on The Hackers News (thehackernews.com) |
Title: Securing AI's Hidden Backdoors - Uncover and Protect Your Secret AI Assets |
 Artificial intelligence is revolutionising our lives, but it's also creating new security threats if we're not careful. AI agents, chatbots and automation scripts are all using background identities such as API keys, service accounts and OAuth tokens to operate without being seen. If these aren't properly secured, they can be exploited by hackers for nefarious purposes, potentially leading to devastating breaches of our privacy. |
2025-06-12 Read more on The Hackers News (thehackernews.com) |
Beware, old chap! "Newfangled TokenBreak Malware Evades AI Censorship with Sneaky Text Tweaks" |
 Researchers have unearthed a cunning technique dubbed TokenBreak which can subvert even the most robust large language models with just a single character substitution. This devious tactic exploits vulnerabilities in the text classification models' tokenisation strategies, causing them to produce false negatives and rendering the content moderation safeguards all but ineffective against targeted attacks. |
2025-06-12 Read more on The Hackers News (thehackernews.com) |
Title: Wily Ransomware Rings Leverage Unaddressed Vulnerabilities in SimpleHelp to Double Down on Destructive Extortion Tactics |
 US Cybersecurity Agency Warns Ransomware Attackers Targeting Unpatched Software The US Cybersecurity and Infrastructure Security Agency has disclosed that malicious hackers are using unpatched versions of the SimpleHelp Remote Monitoring and Management software to breach customers of an unidentified utility billing system supplier. This is part of a larger trend where ransomware attackers exploit organisations through vulnerable SimpleHelp installations. |
2025-06-13 Read more on The Hackers News (thehackernews.com) |
JSFiretruck Malware Spreads Like Wildfire Across Web Domain |
 A new wave of cyber attacks is targeting legitimate websites with malicious JavaScript injections. Palo Alto Networks has identified a large-scale campaign where attackers use the obscure JSFuck coding style to obfuscate their malicious code, making it harder for security systems to detect. This technique exploits vulnerabilities in poorly secured websites, allowing hackers to inject malicious scripts and potentially steal user data or spread malware. |
2025-06-13 Read more on The Hackers News (thehackernews.com) |
IBM Cloud Services Hit by Second Outage This Week, Firm Remains Tight-Lipped on Reasons Behind Downtime |
 Yet another cloud of trouble descends upon IBM. The tech giant is dealing with a serious issue in addition to last week's outage – a high-risk flaw in its security software caused by an exposed password.IBM is still reeling from the recent server outages which left many users affected, and now this latest problem threatens to expose sensitive data. This comes as a timely reminder for businesses to review their cloud security measures, lest they suffer a similar fate. |
Unwelcome guest: AI-powered security fails to kill off persistent vulnerability |
 Cybersecurity experts have finally fixed a pesky path traversal vulnerability that they initially detected back in 2010 and posted about online. Despite the long-standing bug, it managed to evade the efforts of countless developers attempting to vanquish it over the years. Its persistence has left many questioning how such a glaring oversight could have endured for so long, highlighting the importance of vigilance in software development. |
£43M Stolen: Cyber Thieves Breach 100k+ UK Taxpayer Accounts in Notable HMRC Hack of 2024 |
 UK tax collection agency Her Majesty's Revenue and Customs (HMRC) has announced that hackers managed to swindle an impressive £47 million from its coffers in 2013. However, HMRC is keen to point out that this was not the result of a cyber attack.It's more like an old-fashioned bank heist, with hackers using 'social engineering' techniques to trick staff into divulging sensitive information. The thieves then used this data to access customer accounts and drain them of their funds. |
AT&T's Latest Data Breach: Déjà Vu All Over Again |
 AT&T probes fresh leak of 2 million customer records, likely resold from previous breach. The US telecoms giant is examining the latest incident after discovering its customers' data has been posted online for sale. It's thought the information may have originated from a past cyberattack that compromised millions of users in 2020, when hackers sold over 68 million AT&T customer records on the dark web. |
ChatGPT used as tool for malice: cyber scammers employ AI to craft false job applications, spread misinformation, and aid in malicious operations. |
 Cyber security firm OpenAI has identified ten malicious campaigns utilising their popular chatbot application ChatGPT. The rogue operations range from fake IT workers claiming to offer tech support to those linked with North Korean and Beijing-backed cyber operatives. Russian malware distributors are also said to be amongst the malicious users exploiting ChatGPT, as revealed in the company's latest threat report. |
Pilot-itis Plagues Enterprises: Experts Weigh In on the Futility of AI Trials |
 Despite the hype around AI adoption in businesses, its slow pace can be attributed primarily to concerns over cybersecurity. Enterprise executives are hesitant to integrate AI solutions due to a lack of faith in their ability to withstand potential cyber threats.To allay these fears, companies need to implement robust security testing regimes that cater specifically to AI models. This involves identifying and addressing vulnerabilities unique to AI-driven systems and regularly assessing the security posture of such solutions.Until then, the promise of AI-powered innovation will remain hindered by the risk of data breaches and other cyber incidents. |
US Infrastructure Under Cyber Siege: Ex-NSA Advisor Sounds Alarm on Catastrophic Consequences |
 Former Deputy National Security Adviser Warns of US Cyber Vulnerability US critical infrastructure would likely collapse if hit by a cyberattack, says Anne Neuberger, former Deputy National Security Adviser and NSA Cybersecurity Director.Botnet activity is on the rise again, with hackers leveraging vulnerable devices for DDoS attacks.The CISA app-vetting program has been shut down, raising concerns about cybersecurity risks.A major data breach at an unnamed US company exposed 7.6m records.Cybercrime reports show a decline in ransomware and phishing attempts.Two individuals have been jailed for doxing, or publicly disclosing private information online. |
China's asteroid-and-comet chaser sends out solar sail. |
 The Asia news report highlights the deployment of a solar wing by China's Tianwen 2 space probe. This development is significant as it indicates the probe is preparing to begin its scientific mission in space. The move comes ahead of the 30th anniversary of the June Fourth incident, with China implementing strict internet censorship nationwide. Additionally, the article notes Amazon Web Services' expansion into Taiwan, where it has launched a data centre to reduce reliance on mainland China. |
Brexiteer-in-Chief Trump Ditches Digital Identity Protection: Will it Let More Illegals Slip Through? |
 US President Donald Trump has signed an executive order targeting security measures which were introduced under his predecessors. The new directive apparently reverses certain provisions from orders issued by Presidents Obama and Biden, suggesting a shift towards more flexible rather than mandatory cyber-security requirements. This move could signal that the administration is opting for voluntary compliance over strict regulations in protecting against cyber threats. |
The Ransomware Battleground: How AI is Waging War Against Cryptolockers |
 In the battle against cunning cybercrooks, AI has become an indispensable ally for cybersecurity experts. As these digital ne'er-do-wells continue to adapt their nefarious methods, their opponents are matching them step-for-step. Ransomware attacks may be on the rise, but thanks to the power of artificial intelligence, defenders now have a potent tool at their disposal. No longer just a buzzword, AI is now an indispensable frontline weapon in the fight against cyber threats. |
Critical Wazuh Vulnerability Exploited in Global Mirai Botnet Outbreak. |
 Mirai Malware Variants Spread via Wazuh Vulnerability Attacks Multiple cyber threats have been discovered exploiting a critical Wazuh security software flaw, allowing malicious actors to spread Mirai variants. This marks the first reported attacks following the disclosure of the code execution vulnerability.Cybercriminals are targeting servers hosting open-source XDR/SIEM providers with these attacks, putting those services in their crosshairs as well. Experts warn that organisations using Wazuh should implement security patches and updates to protect against these threats. |
Microsoft's Massive 66-Patch Tuesday Update: Time to Lock Down Your System Against Two Potentially Devastating Flaws Under Active Attack |
 It looks like the nefarious 'Falcon' malware has been silently swooping into WebDAV servers and leaving behind a trail of mayhem. Microsoft's latest Patch Tuesday update is no doubt aimed at stemming this tide, with critical bug fixes aplenty. Among them are two exploits already being actively used by cybercriminals, highlighting the importance of staying on top of your updates. Keep your systems patched up to date, dear readers, as the digital skies grow ever more perilous! |
Beware: 'Badbox' Malware Returns with Deadlier Version 3, Say Experts |
 Badbox 2.0: The Resilient Botnet Strikes AgainThe notorious Badbox botnet, responsible for infecting millions of smart TVs and connected devices since its initial emergence, is poised for another round of digital attacks according to a security expert who first uncovered the threat. Despite efforts by private researchers and law enforcement to disrupt its infrastructure, the malware remains active and continues to evolve. This development highlights the ongoing challenge of tackling persistent cyber threats in an increasingly interconnected world. |
Microsoft Postpones Windows 11 24H2 Patch Tuesday Update Due to Compatibility Worries |
 Microsoft has broken its own record by releasing a security patch in just two hours before acknowledging its utter failure to fix things.The company was forced to scramble out a second patch within 24 hours after the original update proved woefully inadequate, leaving many users exposed to known vulnerabilities. A Microsoft spokesperson admitted that the first patch had not been adequately tested and that they "blew it". |
Asia-wide Operation takes down nearly 20,000 domains serving malicious info-stealing malware |
 In a significant crackdown on cybercrime, Interpol has coordinated an operation that has resulted in 32 arrests across Vietnam, Sri Lanka, and Nauru. The suspects are believed to be involved with infostealer malware, which is used by hackers to steal sensitive information from unsuspecting users' devices. This international collaboration highlights the global nature of cyber threats and the need for continued cooperation between law enforcement agencies to combat them. |
Why You Should Hire Me to Infect Your PC with Malware |
 Cybercrime group FIN6 has swapped tactics from compromising point-of-sale systems to phishing attacks on recruiters via fake online resumes. The scam, which targets the least favourite of digital adversaries, uses resume portfolio sites as a platform to deliver malicious payloads. This shift in strategy suggests FIN6 is adapting to changing security measures and looking for new vulnerabilities to exploit. |