Skip to content
information security Page 43

information security

U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN

U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN

Sep 23, 2025Ravie LakshmananNational Security / Threat Intelligence The U.S. Secret Service on Tuesday said it took down a network of electronic devices located across the New York tri-state area that were used to threaten… 

Read More »U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw

SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw

Sep 23, 2025Ravie LakshmananVulnerability / Data Security SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attackers to execute arbitrary commands… 

Read More »SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest. The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers… 

Read More »ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service
GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

Sep 23, 2025Ravie LakshmananSupply Chain Attack / Malware GitHub on Monday announced that it will be changing its authentication and publishing options “in the near future” in response to a recent wave of supply chain… 

Read More »GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security
BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells

BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells

Sep 23, 2025Ravie LakshmananSEO Poisoning / Malware Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in attacks targeting… 

Read More »BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells
ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks

ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks

Organizations in Belarus, Kazakhstan, and Russia have emerged as the target of a phishing campaign undertaken by a previously undocumented hacking group called ComicForm since at least April 2025. The activity primarily targeted industrial, financial,… 

Read More »ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks
Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. The vulnerability, tracked as CVE-2025-55241, has been assigned… 

Read More »Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants