Lucene search
+L

20906 matches found

thn
thn
added 2025/11/22 6:45 a.m.15 views

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-61757 CVSS score: 9.8, a...

9.8CVSS8.5AI score0.88312EPSS
Exploits1
thn
thn
added 2025/11/21 3:40 p.m.15 views

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, tracked as CVE-2025-41115 , carries a CVSS score of 10.0. It resides in the System for Cross-domain Identi...

10CVSS6.7AI score0.17653EPSS
Exploits1
thn
thn
added 2025/11/21 1:0 p.m.4 views

Google Brings AirDrop Compatibility to Android's Quick Share Using Rust-Hardened Security

In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple's equipment AirDrop, allowing users to more easily share files and photos between Android and iPhone devices. The cross-platform sharing feature is currentl...

6.1AI score
Exploits0
thn
thn
added 2025/11/21 11:0 a.m.17 views

Why IT Admins Choose Samsung for Mobile Security

Ever wonder how some IT teams keep corporate data safe without slowing down employees? Of course you have. Mobile devices are essential for modern work—but with mobility comes risk. IT admins, like you, juggle protecting sensitive data while keeping teams productive. That's why more enterprises a...

6.7AI score
Exploits0
thn
thn
added 2025/11/21 10:42 a.m.10 views

APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains

A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year campaign. "While earlier operations relied on broad strategic web compromises to...

9.3CVSS8AI score0.99966EPSS
Exploits57
thn
thn
added 2025/11/21 8:5 a.m.3 views

SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny

The U.S. Securities and Exchange Commission SEC has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security practices that led to the 2020 supply chain attack. In a joint motion filed November 20, 2025,...

6.6AI score
Exploits0
thn
thn
added 2025/11/21 5:32 a.m.13 views

Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity

Salesforce has warned of detected "unusual activity" related to Gainsight-published applications connected to the platform. "Our investigation indicates this activity may have enabled unauthorized access to certain customers' Salesforce data through the app's connection," the company said in an...

6.7AI score
Exploits0
thn
thn
added 2025/11/20 5:24 p.m.7 views

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence AI framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet. The activity, codenamed ShadowRay 2.0 , is an evolution...

9.8CVSS8.3AI score0.81512EPSS
Exploits6
thn
thn
added 2025/11/20 4:57 p.m.6 views

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that's targeting Windows users. Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a command-and-control C2 server, Kaspersky researcher Lisandro Ubiedo said in an...

7.3AI score
Exploits0
thn
thn
added 2025/11/20 12:29 p.m.10 views

ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we've seen arrests, spies at work, and big power moves online. Hackers are getting caught. Spies are getting better at their jobs. Even simple things like browser add-ons and smart home gadget...

9.8CVSS8.7AI score0.88312EPSS
Exploits2
thn
thn
added 2025/11/20 11:30 a.m.4 views

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally dubbed HackOnChat, abuses WhatsApp's familiar web interface, using social engineering tactics t...

6.8AI score
Exploits0
thn
thn
added 2025/11/20 11:4 a.m.6 views

New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud. "A key differentiator is its ability to bypass encrypted messaging," ThreatFabric said in a report shared with The...

6.7AI score
Exploits0
thn
thn
added 2025/11/20 7:35 a.m.10 views

Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt

Threat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a trend that Amazon has called cyber-enabled kinetic targeting. The development is a sign that the lines between state-sponsored cyber attacks and kinetic warfare ar...

6.6AI score
Exploits0
thn
thn
added 2025/11/20 4:6 a.m.26 views

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef. The end goal of the attacks is to establish persistence and deliver JavaScript malware that facilitates remote acces...

6.6AI score
Exploits0
thn
thn
added 2025/11/19 4:27 p.m.19 views

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The vulnerability in question is CVE-2025-11001 CVSS score: 7.0, which allows remote attackers to execute arbitrary code. ...

7CVSS7.4AI score0.27017EPSS
Exploits11
thn
thn
added 2025/11/19 3:35 p.m.6 views

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in Brazil. "It uses Internet Message Access Protocol...

6.6AI score
Exploits0
thn
thn
added 2025/11/19 1:0 p.m.12 views

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide

A newly discovered campaign has compromised tens of thousands of outdated or end-of-life EoL ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network. The router hijacking activity has been codenamed Operation WrtHug by SecurityScorecard's STRIKE...

9.2CVSS9.3AI score0.33641EPSS
Exploits2
thn
thn
added 2025/11/19 11:55 a.m.5 views

Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software

The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response EDR to chase threats after they have already entered the network, is fundamentally risky and contributes...

6.8AI score
Exploits0
thn
thn
added 2025/11/19 10:0 a.m.8 views

EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates

The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle AitM attacks. EdgeStepper "redirects all DNS queries to an external, malicious hijacking node, effectively rerouting the...

6.6AI score
Exploits0
thn
thn
added 2025/11/19 9:59 a.m.14 views

ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts

Malicious actors can exploit default configurations in ServiceNow's Now Assist generative artificial intelligence AI platform and leverage its agentic capabilities to conduct prompt injection attacks. The second-order prompt injection, according to AppOmni, makes use of Now Assist's agent-to-agen...

7.5AI score
Exploits0
thn
thn
added 2025/11/19 4:20 a.m.15 views

Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild

Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034 , carries a CVSS score of 6.7 out of a maximum of 10.0. "An Improper Neutralization of Special Elements used in an OS Command 'OS Comman...

9.8CVSS8.8AI score0.8936EPSS
Exploits20
thn
thn
added 2025/11/18 6:31 p.m.8 views

Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar

The malware authors associated with a Phishing-as-a-Service PhaaS kit known as Sneaky 2FA have incorporated Browser-in-the-Browser BitB functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount...

6.6AI score
Exploits0
thn
thn
added 2025/11/18 3:56 p.m.7 views

Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year

Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform's network protocol. The idea is to make it easier to delve into WhatsApp-specific...

8.4CVSS9.4AI score0.00583EPSS
Exploits4
thn
thn
added 2025/11/18 3:25 p.m.3 views

Learn How Leading Companies Secure Cloud Workloads and Infrastructure at Scale

You've probably already moved some of your business to the cloud—or you're planning to. That's a smart move. It helps you work faster, serve your customers better, and stay ahead. But as your cloud setup grows, it gets harder to control who can access what. Even one small mistake—like the wrong...

6.6AI score
Exploits0
thn
thn
added 2025/11/18 2:0 p.m.9 views

Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion

Cybersecurity researchers have disclosed details of a cyber attack targeting a major U.S.-based real-estate company that involved the use of a nascent command-and-control C2 and red teaming framework known as Tuoni. "The campaign leveraged the emerging Tuoni C2 framework, a relatively new,...

7.2AI score
Exploits0
thn
thn
added 2025/11/18 12:54 p.m.26 views

Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks

Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East. The activity has been attributed by Google-owned Mandiant to a threat cluster...

6.9AI score
Exploits0
thn
thn
added 2025/11/18 11:0 a.m.6 views

Beyond IAM Silos: Why the Identity Security Fabric is Essential for Securing AI and Non-Human Identities

Identity security fabric ISF is a unified architectural framework that brings together disparate identity capabilities. Through ISF, identity governance and administration IGA, access management AM, privileged access management PAM, and identity threat detection and response ITDR are all integrat...

7AI score
Exploits0
thn
thn
added 2025/11/18 10:37 a.m.17 views

Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages

Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately redirect them to sketchy crypto-themed sites. The malicious npm...

6.6AI score
Exploits0
thn
thn
added 2025/11/18 8:17 a.m.4 views

Microsoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU Botnet

Microsoft on Monday disclosed that it automatically detected and neutralized a distributed denial-of-service DDoS attack targeting a single endpoint in Australia that measured 15.72 terabits per second Tbps and nearly 3.64 billion packets per second pps. The tech giant said it was the largest DDo...

6.4AI score
Exploits0
thn
thn
added 2025/11/18 4:44 a.m.26 views

Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability

Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild. The vulnerability in question is CVE-2025-13223 CVSS score: 8.8, a type confusion vulnerability in the V8 JavaScript and WebAssembly...

9.8CVSS7.5AI score0.09185EPSS
Exploits16
thn
thn
added 2025/11/17 4:53 p.m.6 views

New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT

Cybersecurity researchers have discovered malware campaigns using the now-prevalent ClickFix social engineering tactic to deploy Amatera Stealer and NetSupport RAT. The activity, observed this month, is being tracked by eSentire under the moniker EVALUSION. First spotted in June 2025, Amatera is...

7.4AI score
Exploits0
thn
thn
added 2025/11/17 12:34 p.m.22 views

⚡ Weekly Recap: Fortinet Exploited, China's AI Hacks, PhaaS Empire Falls & More

This week showed just how fast things can go wrong when no one's watching. Some attacks were silent and sneaky. Others used tools we trust every day — like AI, VPNs, or app stores — to cause damage without setting off alarms. It's not just about hacking anymore. Criminals are building systems to...

10CVSS8.6AI score0.8936EPSS
Exploits27
thn
thn
added 2025/11/17 11:55 a.m.10 views

5 Reasons Why Attackers Are Phishing Over LinkedIn

Phishing attacks are no longer confined to the email inbox, with 1 in 3 phishing attacks now taking place over non-email channels like social media, search engines, and messaging apps. LinkedIn in particular has become a hotbed for phishing attacks, and for good reason. Attackers are running...

6.7AI score
Exploits0
thn
thn
added 2025/11/17 11:20 a.m.4 views

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT. The campaign, which is primarily aimed at Chinese-speaking users, employs trojanized NSIS installers...

7.1AI score
Exploits0
thn
thn
added 2025/11/17 6:2 a.m.5 views

Rust Adoption Drives Android Memory Safety Bugs Below 20% for First Time

Google has disclosed that the company's continued adoption of the Rust programming language in Android has resulted in the number of memory safety vulnerabilities falling below 20% of total vulnerabilities for the first time. "We adopted Rust for its security and are seeing a 1000x reduction in...

8.1CVSS8.5AI score0.00498EPSS
Exploits0
thn
thn
added 2025/11/15 4:35 p.m.11 views

RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet

The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution. The vulnerability in question is CVE-2025-24893 CVSS score: 9.8, an eval injection bug that could allow any...

9.8CVSS8.4AI score0.99898EPSS
Exploits51
thn
thn
added 2025/11/15 10:21 a.m.9 views

Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies

The U.S. Department of Justice DoJ on Friday announced that five individuals have pleaded guilty to assisting North Korea's illicit revenue generation schemes by enabling information technology IT worker fraud in violation of international sanctions. The five individuals are listed below - Audric...

6.5AI score
Exploits0
thn
thn
added 2025/11/14 6:25 p.m.8 views

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

The North Korean threat actors behind the Contagious Interview campaign have once again tweaked their tactics by using JSON storage services to stage malicious payloads. "The threat actors have recently resorted to utilizing JSON storage services like JSON Keeper, JSONsilo, and npoint.io to host...

6.7AI score
Exploits0
thn
thn
added 2025/11/14 3:20 p.m.21 views

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence AI inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang. "These vulnerabilities all traced back to t...

8.8CVSS10AI score0.00886EPSS
Exploits2
thn
thn
added 2025/11/14 2:40 p.m.9 views

Iranian Hackers Launch 'SpearSpecter' Spy Operation on Defense & Government Targets

The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps IRGC as part of a new espionage-focused campaign. The activity, detected in early September 2025 and assessed to be...

7.1AI score
Exploits0
thn
thn
added 2025/11/14 10:37 a.m.10 views

Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns

Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date. 1,590 victims disclosed across 85 leak sites, showing high, sustained activity despite law-enforcement pressure. 14 new ransomware brands launched this...

6.5AI score
Exploits0
thn
thn
added 2025/11/14 9:53 a.m.11 views

Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign

State-sponsored threat actors from China used artificial intelligence AI technology developed by Anthropic to orchestrate automated cyber attacks as part of a "highly sophisticated espionage campaign" in mid-September 2025. "The attackers used AI's 'agentic' capabilities to an unprecedented degre...

7.1AI score
Exploits0
thn
thn
added 2025/11/14 9:0 a.m.15 views

Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts

Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet FortiWeb Web Application Firewall WAF that could allow an attacker to take over admin accounts and completely compromise a device. "The watchTowr team is seeing active, indiscriminate...

9.8CVSS7.3AI score0.8936EPSS
Exploits17
thn
thn
added 2025/11/13 8:27 p.m.19 views

Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data

A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year. The activity, per Netcraft security researcher Andrew Brandt, is designed to target customers of the hospitality industry, specifically hotel guests who may...

6.3AI score
Exploits0
thn
thn
added 2025/11/13 1:4 p.m.7 views

Fake Chrome Extension "Safery" Steals Ethereum Wallet Seed Phrases Using Sui Blockchain

Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users' seed phrases. The name of the extension is "Safery: Ethereum Wallet," with the threat actor describing it as a "secure wallet for managin...

6.7AI score
Exploits0
thn
thn
added 2025/11/13 11:30 a.m.5 views

When Attacks Come Faster Than Patches: Why 2026 Will be the Year of Machine-Speed Security

The Race for Every New CVE Based on multiple 2025 industry reports: roughly 50 to 61 percent of newly disclosed vulnerabilities saw exploit code weaponized within 48 hours. Using the CISA Known Exploited Vulnerabilities Catalog as a reference, hundreds of software flaws are now confirmed as...

7.3AI score
Exploits0
thn
thn
added 2025/11/13 11:16 a.m.9 views

Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown

Malware families like Rhadamanthys Stealer, Venom RAT, and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust. The activity, which took place between November 10 and 13, 2025, marks Please remove image compression the latest phase...

6.7AI score
Exploits0
thn
thn
added 2025/11/13 10:10 a.m.17 views

ThreatsDay Bulletin: Cisco 0-Days, AI Bug Bounties, Crypto Heists, State-Linked Leaks and 20 More Stories

Behind every click, there’s a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and turn trusted systems against us. But security teams are fighting back. They’re building faster defenses,...

6.2AI score
Exploits0
thn
thn
added 2025/11/13 7:23 a.m.10 views

CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-9242 CVSS score: 9.3, an...

9.8CVSS6.9AI score0.90532EPSS
Exploits9
thn
thn
added 2025/11/13 4:58 a.m.8 views

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort. "The packages were systematically published over an extended period, flooding the npm...

7AI score
Exploits0
Total number of security vulnerabilities20906