Skip to content
information security Page 3

information security

New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials

New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials

Jul 23, 2025Ravie LakshmananWindows Security / Cryptocurrency The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information.… 

Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages

Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages

Jul 23, 2025Ravie LakshmananSoftware Integrity / DevSecOps Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks. “As… 

SysAid Flaws Under Active Attack Enable Remote File Access and SSRF

SysAid Flaws Under Active Attack Enable Remote File Access and SSRF

Jul 23, 2025Ravie LakshmananVulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of… 

CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks

CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks

Jul 23, 2025Ravie LakshmananVulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based… 

Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups

Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups

Jul 22, 2025Ravie LakshmananVulnerability / Threat Intelligence Microsoft has formally tied the exploitation of security flaws in internet-facing SharePoint Server instances to two Chinese hacking groups called Linen Typhoon and Violet Typhoon as early as… 

Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access

Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access

Jul 22, 2025Ravie LakshmananNetwork Security / Vulnerability Cisco on Monday updated its advisory of a set of recently disclosed security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) to acknowledge active… 

Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate

Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate

Mexican organizations are still being targeted by threat actors to deliver a modified version of AllaKore RAT and SystemBC as part of a long-running campaign. The activity has been attributed by Arctic Wolf Labs to… 

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The cybersecurity company said it observed first exploitation attempts targeting an…