Security Issues, Vulnerabilities, Exploits & Government Alerts
May 28, 2025The Hacker NewsBrowser Security / Credential Theft Would you expect an end user to log on to a cybercriminal’s computer, open their browser, and type in their usernames and passwords? Hopefully not! But…
May 28, 2025Ravie LakshmananNetwork Security / Vulnerability Cybersecurity researchers have disclosed details of a coordinated cloud-based scanning activity that targeted 75 distinct “exposure points” earlier this month. The activity, observed by GreyNoise on May 8,…
May 28, 2025Ravie LakshmananMobile Security / Software Security Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone. The…
May 27, 2025Ravie LakshmananCloud Security / Threat Intelligence Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet. The attacks, designed to mine for…
May 27, 2025Ravie LakshmananMalware / Cybersecurity Cybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus software from Bitdefender to dupe victims into downloading a remote access trojan called Venom…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: iSTAR Configuration Utility (ICU) tool Vulnerability: Use of Uninitialized Variable 2. RISK EVALUATION Successful exploitation of this vulnerability…
May 27, 2025Ravie Lakshmanan Cloud Security / Malware Microsoft has shed light on a previously undocumented cluster of threat activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said…
Artificial intelligence is driving a massive shift in enterprise productivity, from GitHub Copilot’s code completions to chatbots that mine internal knowledge bases for instant answers. Each new agent must authenticate to other services, quietly swelling the…
Threat hunters have exposed a novel campaign that makes use of search engine optimization (SEO) poisoning techniques to target employee mobile devices and facilitate payroll fraud. The activity, first detected by ReliaQuest in May 2025…
May 27, 2025Ravie LakshmananData Breach / Social Engineering The U.S. Federal Bureau of Investigation (FBI) has warned of social engineering attacks mounted by a criminal extortion actor known as Luna Moth targeting law firms over…