Skip to content
Security News, Assessments & Alerts Page 208

Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training

12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training

A dataset used to train large language models (LLMs) has been found to contain nearly 12,000 live secrets, which allow for successful authentication. The findings once again highlight how hard-coded credentials pose a severe security… 

Read More »12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training
Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus

Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus

Feb 28, 2025Ravie LakshmananFinancial Fraud / Cyber Espionage The threat actor known as Sticky Werewolf has been linked to targeted attacks primarily in Russia and Belarus with the aim of delivering the Lumma Stealer malware… 

Read More »Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus
Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations

Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations

Feb 27, 2025Ravie LakshmananMalware / Threat Intelligence A new campaign is targeting companies in Taiwan with malware known as Winos 4.0 as part of phishing emails masquerading as the country’s National Taxation Bureau. The campaign,… 

Read More »Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations
Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware

Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware

Feb 27, 2025Ravie LakshmananMalware / Network Security The threat actor known as Space Pirates has been linked to a malicious campaign targeting Russian information technology (IT) organizations with a previously undocumented malware called LuckyStrike Agent.… 

Read More »Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware
89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals

89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals

Feb 27, 2025The Hacker NewsArtificial Intelligence / Browser Security Organizations are either already adopting GenAI solutions, evaluating strategies for integrating these tools into their business plans, or both. To drive informed decision-making and effective planning,… 

Read More »89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals
New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades

New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades

Feb 27, 2025Ravie LakshmananCybercrime / Android Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic (aka ToxicPanda), indicating that the threat actors behind it are continuously making changes in response to… 

Read More »New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades
Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers

Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Communication modules for Modicon M580 and Quantum controllers Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this… 

Read More »Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers
PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices

PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices

Feb 27, 2025Ravie LakshmananVulnerability / Network Security A new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at least the… 

Read More »PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices
Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers

Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers

Feb 27, 2025Ravie LakshmananCybercrime / Cryptocurrency The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company’s CEO Ben Zhou declared a “war… 

Read More »Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers
Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites

Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites

A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam… 

Read More »Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites