software vulnerability

Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

Oct 17, 2025Ravie LakshmananMalware / Cybercrime Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks.…

North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts

Oct 16, 2025Ravie LakshmananMalware / Blockchain A threat actor with ties to the Democratic People’s Republic of Korea (aka North Korea) has been observed leveraging the EtherHiding technique to distribute malware and enable cryptocurrency theft,…

Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites

A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain smart contracts as a way to facilitate the distribution of information stealers such as Atomic (AMOS), Lumma, Rhadamanthys (aka RADTHIEF), and Vidar, targeting…

LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets

Oct 16, 2025Ravie LakshmananVulnerability / Malware An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro, according to findings from Synacktiv.…

How to Assess and Choose the Right AI-SOC Platform

Scaling the SOC with AI – Why now? Security Operations Centers (SOCs) are under unprecedented pressure. According to SACR’s AI-SOC Market Landscape 2025, the average organization now faces around 960 alerts per day, while large…

Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in “Zero Disco’ Attacks

Oct 16, 2025Ravie LakshmananVulnerability / Linux Cybersecurity researchers have disclosed details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on…

Beware the Hidden Costs of Pen Testing

Penetration testing helps organizations ensure IT systems are secure, but it should never be treated in a one-size-fits-all approach. Traditional approaches can be rigid and cost your organization time and money – while producing inferior…

$15B Crypto Bust, Satellite Spying, Billion-Dollar Smishing, Android RATs & More

Oct 16, 2025Ravie LakshmananCybersecurity / Hacking News The online world is changing fast. Every week, new scams, hacks, and tricks show how easy it’s become to turn everyday technology into a weapon. Tools made to…

CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack

Oct 16, 2025Ravie LakshmananVulnerability / Data Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on…

Chinese Threat Group ‘Jewelbug’ Quietly Infiltrated Russian IT Network for Months

A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group’s expansion to the country beyond Southeast Asia and South America. The…

« Previous
1
…
23
24
25
26
27
…
332
Next »