azMza - Security Updates

Security

Updates

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which

09-01-2026 23:13

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organiza

09-01-2026 20:58

Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can't)

As organizations plan for 2026, cybersecurity predictions are everywhere. Yet many strategies are still shaped by headlines and speculation rather than evidence. The real challenge isn’t a lack of forecasts—it’s identifying which predictions reflect real

09-01-2026 16:39

In Other News: 8,000 Ransomware Attacks, China Hacked US Gov Emails, IDHS Breach Impacts 700k

Other noteworthy stories that might have slipped under the radar: Jaguar Land Rover sales crash, hundreds of gen-AI data policy violations, and Chinese cyberattacks against Taiwan intensified. The post appeared first on .

09-01-2026 15:58

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution. The vulnerability, tracked as CVE-20

09-01-2026 15:31

Tim Kosiba Named NSA Deputy Director

Kosiba, a veteran of the Intelligence Community with over 30 years of federal service, returns to the agency as its most senior civilian leader. The post appeared first on .

09-01-2026 15:18

Mistral AI Wins French Military Deal

France’s Ministry of the Armed Forces has taken a significant step to deepen its use of AI by awarding a framework agreement to French firm Mistral AI. The post appeared first on .

09-01-2026 15:17

FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes

The North Korean state-sponsored espionage group Kimsuky has targeted government organizations, think tanks, and academic institutions. The post appeared first on .

09-01-2026 14:56

CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it's retiring 10 emergency directives (Eds) that were issued between 2019 and 2024. The list of the directives now considered closed is as follows - ED 19-01: Mitigate DNS

09-01-2026 14:41

Trend Micro Patches Critical Code Execution Flaw in Apex Central

Tenable has released PoC code and technical details after the vendor announced the availability of patches for three vulnerabilities. The post appeared first on .

09-01-2026 14:01

CISA Closes 10 Emergency Directives as Vulnerability Catalog Takes Over

The Emergency Directives were retired because they achieved objectives or targeted vulnerabilities included in the KEV catalog. The post appeared first on .

09-01-2026 13:41

‘ZombieAgent’ Attack Let Researchers Take Over ChatGPT

Radware bypassed ChatGPT’s protections to exfiltrate user data and implant a persistent logic into the agent’s long-term memory. The post appeared first on .

09-01-2026 12:41

377,000 Impacted by Data Breach at Texas Gas Station Firm

Gulshan Management Services has informed authorities about a recent data breach resulting from a ransomware attack. The post appeared first on .

09-01-2026 12:06

Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure

Fresh attacks targeted three VMware ESXi vulnerabilities that were disclosed in March 2025 as zero-days. The post appeared first on .

09-01-2026 11:34

FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing

The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country. "As of 2025, Kimsuky actors

09-01-2026 11:16

Data Security Firm Cyera Raises $400M, Hits $9B Valuation

This represents a 50% jump from its $6 billion valuation achieved seven months ago, signaling investor confidence in AI security solutions. The post appeared first on .

09-01-2026 09:50

WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Re

08-01-2026 22:40

China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes

A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which has been active since at least 2022, primarily focuses on extensive techn

08-01-2026 20:24

AI and the Future of Work: 5 Predictions for 2026

Experts predict 2026 will bring less AI hype and more governance, delayed enterprise spending, AI moving into OT, smarter cyberattacks, and faster cooling tech. The post appeared first on .

08-01-2026 18:59

ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new wa

08-01-2026 18:19

The State of Trusted Open Source

Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a growing customer base and an extensive catalog of over 18

08-01-2026 17:20

UK Government Unveils New Cyber Action Plan

The UK government’s cyber action plan is by the government for the government, and has no advice for the private sector nor CNI. The post appeared first on .

08-01-2026 16:33

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit. The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4

08-01-2026 16:14

Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT. The names of the packages, all of which were taken down as of November 2025, are listed below. They

08-01-2026 16:01

CrowdStrike to Buy Identity Security Firm SGNL for $740 Million in Cash

The deal aims to bolster CrowdStrike's Falcon platform with "continuous identity" protection to secure human and AI-driven access in real-time. The post appeared first on .

08-01-2026 15:32

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is a

08-01-2026 15:23

Blackbird.AI Raises $28 Million for Narrative Intelligence Platform

The company will use the funds to enhance its AI-based narrative intelligence technology platform and accelerate go-to-market efforts. The post appeared first on .

08-01-2026 15:16

Cyera Raises $400 Million at $9 Billion Valuation

The New York-based data security company has tripled its valuation in just one year. The post appeared first on .

08-01-2026 15:01

Rethinking Security for Agentic AI

When software can think and act on its own, security strategies must shift from static policy enforcement to real-time behavioral governance. The post appeared first on .

08-01-2026 14:00

OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls

Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health. To that end, the sandboxed experience offers users the optiona

08-01-2026 12:27

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active

08-01-2026 10:22

Credential stuffing: What it is and how to protect yourself

Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts

08-01-2026 10:00

Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators

Security teams are still catching malware. The problem is what they're not catching. More attacks today don't arrive as files. They don't drop binaries. They don't trigger classic alerts. Instead, they run quietly through tools that already exist inside

07-01-2026 22:49

Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches

A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick users into downloading a backdoor capable of stealing sensitive data. Ac

07-01-2026 22:39

900,000 Users Hit as Malicious Chrome Extensions Steal ChatGPT, DeepSeek Chats

OX Security reveals how malicious Chrome extensions exposed AI chats from ChatGPT and DeepSeek, silently siphoning sensitive data from 900,000 users. The post appeared first on .

07-01-2026 20:37

Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control

Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances. The vulnera

07-01-2026 19:18

n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions

Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE). The vulnerability, which has been assigned the CVE identifier CVE-2026

07-01-2026 16:56

The Future of Cybersecurity Includes Non-Human Employees

Non-human employees are becoming the future of cybersecurity, and enterprises need to prepare accordingly. As organizations scale Artificial Intelligence (AI) and cloud automation, there is exponential growth in Non-Human Identities (NHIs), including bot

07-01-2026 16:30

Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication

Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a "critical" issue that could result in remote code execution (RCE). The vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9

07-01-2026 16:11

Critical macOS Flaw Lets Attackers Bypass Apple Privacy Controls Without Consent

A newly disclosed macOS vulnerability bypasses Apple’s TCC privacy controls, allowing silent access to files, microphone data, and user activity. The post appeared first on .

07-01-2026 15:30

Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing

Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute emails that appear as if they have been sent internally. "Threat actors have leveraged th

07-01-2026 15:12

Build Practical Cyber Defense Skills with This 5-Course Bundle

Train in AI threat detection, OSINT tools, and Zero Trust security models with lifetime access for just $19.99. The post appeared first on .

07-01-2026 14:04

UK Launches £210M Cyber Action Plan

At the heart of this plan sits a new Government Cyber Unit, designed to coordinate the UK's scattered cybersecurity efforts into a unified force. The post appeared first on .

07-01-2026 12:16

Complex Routing, Misconfigurations Exploited for Domain Spoofing in Phishing Attacks

Threat actors spoof legitimate domains to make their phishing emails appear to have been sent internally. The post appeared first on .

07-01-2026 11:29

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the "dnscfg.cgi" endpoin

07-01-2026 10:01

Apple Rolls Out iOS 26.3 Security Test to Beta Users

The new Background Security Improvements system represents a dramatic shift from their previous approach. The post appeared first on .

07-01-2026 09:03

Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users

Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers' control. The names of the ext

06-01-2026 22:51

Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain full control of the device. The flaw, CVE-2025-65606 (CVS

06-01-2026 21:17

Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat

Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death (BSoD) errors in attacks targeting the European hospitality sect

06-01-2026 17:43

What is Identity Dark Matter?

The Invisible Half of the Identity Universe Identity used to live in one place - an LDAP directory, an HR system, a single IAM portal. Not anymore. Today, identity is fragmented across SaaS, on-prem, IaaS, PaaS, home-grown, and shadow applications. Each

06-01-2026 17:00

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are non-existent in the Open VSX registry, potentially opening t

06-01-2026 16:55

Hacker Conversations: Katie Paxton-Fear Talks Autism, Morality and Hacking

From dismantling online games as a child to uncovering real-world vulnerabilities, Katie Paxton-Fear explains how autism, curiosity, and a rejection of ambiguity shaped her path into ethical hacking. The post appeared first on .

06-01-2026 15:00

Cyber Risk Trends for 2026: Building Resilience, Not Just Defenses

We can’t outpace the adversary by trying to stop every attack, but we can outlast them by engineering systems and culture to take a punch and try to quickly rebound. The post appeared first on .

06-01-2026 14:45

Researchers Trap Scattered Lapsus$ Hunters in Honeypot

Using fake accounts and synthetic data to lure the hackers, the researchers gathered information on their servers. The post appeared first on .

06-01-2026 14:03

Critical Dolby Vulnerability Patched in Android

The flaw is tracked as CVE-2025-54957 and its existence came to light in October 2025 after it was discovered by Google researchers. The post appeared first on .

06-01-2026 13:50

Sophisticated ClickFix Campaign Targeting Hospitality Sector

Fake Booking reservation cancellations and fake BSODs trick victims into executing malicious code leading to RAT infections. The post appeared first on .

06-01-2026 13:24

Dozens of Major Data Breaches Linked to Single Threat Actor

The initial access broker (IAB) relies on credentials exfiltrated using information stealers to hack organizations. The post appeared first on .

06-01-2026 12:29

NordVPN Denies Breach After Hacker Leaks Data

The VPN company has conducted an investigation after a threat actor claimed to have hacked its systems. The post appeared first on .

06-01-2026 11:24

New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands

A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host. The vulnerability, tracked as CVE-2025-

06-01-2026 10:38

Cybersecurity M&A Roundup: 30 Deals Announced in December 2025

Significant cybersecurity M&A deals announced by Akamai, Red Hat, Checkmarx, Silent Push, and ServiceNow. The post appeared first on .

06-01-2026 09:02

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

Users of the "@adonisjs/bodyparser" npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could allow a remote attacker to write arbitrary files on the

06-01-2026 09:00

Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government

The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives. "This organization has continued to conduct high-intens

05-01-2026 23:26

Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks

The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. "Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app

05-01-2026 22:11

Trusted Google Notifications Used in Phishing Campaign Targeting 3,000+ Orgs

Researchers warn that attackers are abusing Google notifications and cloud services to deliver phishing emails that bypass traditional email security controls. The post appeared first on .

05-01-2026 18:55

⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than an

05-01-2026 18:23

Cyberattack Unlikely in Communications Failure That Grounded Flights in Greece

Flights across Greece were impacted for several hours after noise was reported on multiple air traffic communication channels. The post appeared first on .

05-01-2026 17:49

The State of Cybersecurity in 2025: Key Segments, Insights, and Innovations

Featuring: Cybersecurity is being reshaped by forces that extend beyond individual threats or tools. As organizations operate across cloud infrastructure, distributed endpoints, and complex supply chains, security has shifted from a collection of point

05-01-2026 17:25

Windows Users at Risk as Critical Zoom Vulnerability Exploited

A critical Zoom vulnerability put Windows users at risk of data theft and system compromise. Zoom has patched the flaw. Users should update immediately. The post appeared first on .

05-01-2026 16:06

Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act

Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early. In a post shared on X last week, the 38-ye

05-01-2026 15:12

California Unveils DROP Tool for Personal Data Deletion

The platform gives residents the ability to request deletion of their personal information from 500+ registered data brokers with a single submission. The post appeared first on .

05-01-2026 14:51

Palo Alto Networks Eyes $400M Acquisition of Koi Security

A high-profile acquisition by a global cybersecurity leader could help signal renewed confidence in Israeli cyber startups. The post appeared first on .

05-01-2026 13:35

New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code

Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that's capable of harvesting Discord credentials and tokens. The stealer is said to have been on sale on Telegram a

05-01-2026 13:18

Master IT Fundamentals with This CompTIA Certification Prep Bundle

Prepare for a successful IT career with lifetime access to expert-led courses covering CompTIA A+, Network+, Security+, and Cloud+ certification prep. The post appeared first on .

05-01-2026 13:00

President Trump Orders Divestment in $2.9 Million Chips Deal to Protect US Security Interests

The deal involved aerospace and defense specialist Emcore Corp. selling its computer chips and wafer fabrication operation. The post appeared first on .

03-01-2026 10:46

Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia

The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts. "The c

02-01-2026 19:22

The ROI Problem in Attack Surface Management

Attack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information. Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There is visible activity and measurable out

02-01-2026 17:00

Hacker Claims 200GB Data Theft From European Space Agency — Here’s What We Know

The European Space Agency confirmed a cyber incident after a hacker claimed to access and steal data from external collaboration servers. The post appeared first on .

02-01-2026 15:56

Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign

Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud's Application Integration service to distribute emails. The activity, Check Poi

02-01-2026 14:44

Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks

Ryan Goldberg and Kevin Martin have admitted being affiliates of the BlackCat/Alphv ransomware group. The post appeared first on .

02-01-2026 12:08

RondoDox Botnet Exploiting React2Shell Vulnerability

In December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers. The post appeared first on .

02-01-2026 11:12

Covenant Health Data Breach Impacts 478,000 Individuals

The Qilin ransomware group hacked the healthcare organization and stole data from its systems in May 2025. The post appeared first on .

02-01-2026 10:20

Adobe ColdFusion Servers Targeted in Coordinated Campaign

GreyNoise has observed thousands of requests targeting a dozen vulnerabilities in Adobe ColdFusion during the Christmas 2025 holiday. The post appeared first on .

02-01-2026 10:11

ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories

The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic — new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors don’t pause for holidays or resolutions. They just evolve

01-01-2026 21:22

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox. As of December 2025, the activity has been o

01-01-2026 14:49

How To Browse Faster and Get More Done Using Adapt Browser

As web browsers evolve into all-purpose platforms, performance and productivity often suffer. Feature overload, excessive background processes, and fragmented workflows can slow down browsing sessions and introduce unnecessary friction, especially

01-01-2026 11:17

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack

Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8

31-12-2025 21:59

DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox.

31-12-2025 21:44

Microsoft Makes Teams ‘Secure by Default’ Starting January 2026

Microsoft will enable Teams messaging security by default in January 2026, blocking risky files and malicious links to protect against AI-driven threats. The post appeared first on .

31-12-2025 19:34

Critical CVSS 9.8 Flaw Found in IBM API Connect Authentication System

IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It h

31-12-2025 19:07

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is "@vietm

31-12-2025 18:59

Apache StreamPipes Flaw Lets Anyone Become Admin

A critical Apache StreamPipes vulnerability lets users hijack admin accounts via broken authentication. The post appeared first on .

31-12-2025 18:35

Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist

The worm exposed Trust Wallet’s Developer GitHub secrets, allowing attackers to publish a backdoor extension and steal funds from 2,520 wallets. The post appeared first on .

31-12-2025 11:58

U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator, from the specially designated nation

31-12-2025 10:47

European Space Agency Confirms Breach After Hacker Offers to Sell Data

The European Space Agency is conducting an investigation and says external science servers have been compromised. The post appeared first on .

31-12-2025 09:35

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution

The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-526

30-12-2025 21:58

New ‘GhostPairing’ Technique Enables Undetected WhatsApp Access

Researchers warn of a new WhatsApp “GhostPairing” attack that silently links attacker devices to accounts, enabling message spying without users knowing. The post appeared first on .

30-12-2025 21:02

Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware

The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0). "This sophisticated attack leverages a complex kill cha

30-12-2025 16:16

How to Integrate AI into Modern SOC Workflows

Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is because SOCs are adopting AI without an intentional appr

30-12-2025 15:00

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia. The

30-12-2025 14:05

8 Cybersecurity Acquisitions Surpassed $1 Billion Mark in 2025

The total disclosed value for all the cybersecurity M&A deals announced in 2025 exceeded $84 billion. The post appeared first on .

30-12-2025 12:29

source : hackernews, securityweek, techrepublicsecurity, welivesecurity