network security

MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware

May 08, 2025Ravie LakshmananMalware / Cyber Espionage The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed against government agencies and public institutions…

Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware

The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures. “LOSTKEYS is capable of stealing files from a…

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT

May 08, 2025Ravie LakshmananVulnerability / Network Security Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files…

Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks

May 07, 2025Ravie LakshmananDark Web / Cybercrime Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world. In connection with the operation,…

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

May 07, 2025Ravie LakshmananVulnerability / Web Security A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is…

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

May 07, 2025Ravie LakshmananVulnerability / IT Service Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated…

A Technical Gap Analysis of Last-Mile Protection

May 07, 2025The Hacker NewsBrowser Security / Enterprise Security Security Service Edge (SSE) platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy…

Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization

Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The…

Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

May 07, 2025Ravie LakshmananSoftware Supply Chain / Malware Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access…

NSO Group Fined 8M for Targeting 1,400 WhatsApp Users With Pegasus Spyware

NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware

May 07, 2025Ravie LakshmananVulnerability / Spyware A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four months after a federal judge ruled…

« Previous
1
…
103
104
105
106
107
…
333
Next »