A newly disclosed vulnerability, tracked as CVE-2025-27522, has been discovered in Apache InLong, a widely used real-time data streaming platform. The Apache InLong vulnerability introduces the potential for remote code execution (RCE). The vulnerability affects Apache InLong versions 1.13.0 through 2.1.0, making a show more ...
Image: Shutterstock, ArtHead. The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as “pig butchering.” In January 2025, show more ...
The software company, which specializes in remote IT management, said a "sophisticated nation state actor" was behind the attack but provided few details.
_Delphotos_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
AI tools shook up development. Now, product security must change too.
A "highly active" Chinese threat group is taking proverbial candy from babies, exploiting known bugs in exposed servers to steal data from organizations in sensitive sectors.
Apex will enhance Tenable's AI Aware tool by mitigating the threats of AI applications and tools not governed by organizations, while enforcing existing security policies.
The rate of compensation gains has slowed from the COVID years, and budgets remain largely static due to economic fears, but CISOs are increasingly gaining executive status and responsibilities.
The US Treasury said cryptocurrency investment schemes like the ones facilitated by Funnull Technology Inc. have cost Americans billions of dollars annually.
In addition to Coca-Cola, entities in Abu Dhabi, Jordan, Namibia, South Africa, and Switzerland are experiencing extortion attacks, all involving stolen SAP SuccessFactor data.
_ArtemisDiana_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
At this year's Build developer conference, Microsoft reflects on what the company learned about securing features and writing secure code in the early 2000s.
Several Senate Democrats called on Homeland Security Secretary Kristi Noem to reestablish the Cyber Safety Review Board (CSRB) so it could continue looking into China-linked hacks.
A 28-year-old civilian IT worker at the Defense Intelligence Agency has been arrested in Northern Virginia on suspicion that he leaked secrets to a foreign government.
The latest report from Meta on social media influence operations tracked some low-impact campaigns to China, Iran and Romania.
Russian internet service provider ASVT blamed widespread outages on a DDoS incident and attributed it to a pro-Ukraine collective.
Australia is now the first country to require ransomware victims to report if they make any extortion payments to their attackers.
Three hospitals run by Catholic healthcare organization Covenant Health are dealing with a cyberattack that forced the facilities to shut off all access to data systems.
ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. "ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation-state actor, which affected a very small number of ScreenConnect
Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025. "We detected and removed these campaigns before they were able to build authentic audiences on our apps," the social media giant said in its quarterly Adversarial Threat Report. This included a network of 658 accounts on Facebook, 14 Pages, and
The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses. The Treasury accused the Taguig-headquartered company of enabling thousands of websites involved in
The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. "The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend
Breaking Out of the Security Mosh Pit When Jason Elrod, CISO of MultiCare Health System, describes legacy healthcare IT environments, he doesn't mince words: "Healthcare loves to walk backwards into the future. And this is how we got here, because there are a lot of things that we could have prepared for that we didn't, because we were so concentrated on where we were." This chaotic approach has
A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as
"We don’t just want payment; we want accountability." The malicious hackers behind the Interlock ransomware try to justify their attacks. Learn more about what you need to know about Interlock in my article on the Tripwire State of Security blog.
The UK’s Ministry of Defence has revealed that it was the target of a sophisticated cyber attack that saw Russia-linked hackers pose as journalists. Read more in my article on the Hot for Security blog.
From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it's a wrap on another month filled with impactful cybersecurity news
Source: thehackernews.com – Author: . Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero. “CyberLock ransomware, show more ...
Source: thehackernews.com – Author: . Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings from Fortinet. The DOS (Disk Operating System) and PE (Portable Executable) headers are essential parts of a show more ...
Source: thehackernews.com – Author: . The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider’s (MSP) SimpleHelp remote monitoring and management (RMM) tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It’s show more ...
Source: heimdalsecurity.com – Author: Guest Author Free software is everywhere, used for email, marketing, accounting, scheduling, and even storing customer data. For small businesses under pressure, it’s a tempting way to cut costs and stay afloat. But “free” often comes with strings. Many of these tools show more ...
Source: krebsonsecurity.com – Author: BrianKrebs Image: Shutterstock, ArtHead. The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams show more ...
Source: go.theregister.com – Author: Simon Sharwood Security services vendor SentinelOne experienced a major outage on Thursday. A company post states the incident “is impacting commercial customer consoles,” however The Register has seen several social media posts that show a SentinelOne dashboard show more ...
Source: go.theregister.com – Author: Iain Thomson The US Treasury has sanctioned a Philippine company and its administrator after linking them to the infrastructure behind the majority of so-called “pig butchering” scams reported to the FBI. Treasury’s Office of Foreign Assets Control designated show more ...
Source: go.theregister.com – Author: Iain Thomson Microsoft’s latest Patch Tuesday update is failing to install on some Windows 11 machines, mostly virtual ones, and dumping them into recovery mode with a boot error. Its only recommendation to avoid the problem for now is to dodge the update. According to show more ...
Source: go.theregister.com – Author: Jessica Lyons Chinese government spies burrowed deep into American telecommunications systems and critical infrastructure networks for one reason, according to retired US Army Lt. Gen. H.R. McMaster. “Why is China on our systems? Because I think they’re preparing show more ...
Source: go.theregister.com – Author: Connor Jones Thousands of Asus routers are currently ensnared by a new botnet that is trying to disable Trend Micro security features before exploiting vulnerabilities for backdoor access. Threat monitoring company GreyNoise discovered the botnet, which it dubbed AyySSHush, show more ...
Source: go.theregister.com – Author: Connor Jones A VPN vendor says billions of stolen cookies currently on sale either on dark web or Telegram-based marketplaces remain active and exploitable. More than 93.7 billion of them are currently available for criminals to buy online and of those, between 7-9 percent show more ...
Source: go.theregister.com – Author: Dan Robinson The European Commission (EC) has kicked off a scheme to make Europe a better place to nurture global technology businesses, providing support throughout their lifecycle, from startup through to maturity. AWS claims 50% of Azure workloads would jump ship if show more ...
Source: securityboulevard.com – Author: Alison Mack Why is Trust Crucial in NHI Management? Think about it. How much faith do we place in Non-Human Identities (NHIs) that aid in modern cybersecurity protocols? Is that trust well-founded? The role of trust in NHI management becomes key as we rely more on machine show more ...
Source: securityboulevard.com – Author: Alison Mack Have You Considered the Strategic Importance of NHI Management? Consider this: The evolving technology has caused a seismic shift in how businesses protect their IT infrastructure. A crucial part of this protection is the effective management of Non-Human show more ...
Source: www.csoonline.com – Author: The botnet brute-forces SSH credentials against a list of harvested IP addresses, instead of conducting internet-wide scans. Security researchers are warning about a novel Linux botnet, dubbed PumaBot, targeting Internet of Things (IOT) surveillance devices. According to a show more ...
Source: www.csoonline.com – Author: News 30. Mai 20254 Minuten Advanced Persistent ThreatsCyberangriffeE-Mail-Sicherheit Die neue russische APT-Bande Void Blizzard hat bereits die niederländische Polizei infiltriert und greift nun nach Unternehmensdaten in der NATO. Russische Hacker ändern ihre Taktik von show more ...
Source: www.csoonline.com – Author: Immer mehr Unternehmen setzen auf Alternativen wie Passkeys oder biometrische Verfahren, denn moderne Cyber-Angriffe nutzen KI, um selbst MFA zu umgehen. Selbst MFA ist vor raffinierten, KI-gesteuerten Phishing-Angriffen nicht sicher. Biometrische Verfahren gelten als show more ...
Source: www.csoonline.com – Author: Hat China jahrelang die diplomatische Kommunikation eines Nato- und EU-Staats mitgelesen? In Brüssel sorgen entsprechende Informationen für Sorge und Empörung. Die EU macht chinesische Hacker für eine bösartige Cyberkampagne gegen das Außenministerium in Tschechien show more ...
Source: www.csoonline.com – Author: Microsoft’s latest rollouts to Windows 11 24H2 and Windows Server 2025 include the arrival of Recall and hotpatching. Here are the security settings and recommendations to note. Windows 11 24H2 and Server 2025 are rolling out new features and enhancements — some of which show more ...
Source: www.csoonline.com – Author: Tactic tries to fool employees who trust the Google brand. Threat actors have discovered a way to abuse Google Apps Scripts to sneak links to malicious websites past phishing defenses. According to new research from Cofense, a new attack has been discovered where, if an show more ...
Source: www.csoonline.com – Author: News May 29, 20254 mins Machine LearningMalwarePyTorch Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting malicious code inside ML models lacking, expect the technique to spread. Developers have been show more ...
Source: thehackernews.com – Author: . The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to show more ...
Source: thehackernews.com – Author: . ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. “ConnectWise recently learned of suspicious activity within our show more ...
Source: thehackernews.com – Author: . Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025. “We detected and removed these campaigns before they were able to build authentic audiences on our apps,” show more ...
Source: security.googleblog.com – Author: Edward Fernandez. Security Blog The latest news and insights from Google on security and safety on the Internet Original Post url: http://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html Category & Tags: show more ...
Source: www.securityweek.com – Author: Ionut Arghire Unbound, a cybersecurity startup working on technology to enable organizations to securely and responsibly adopt generative-AI tools across their environments, on Thursday announced raising $4 million in seed-stage financing. The investment round was led by show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major crypto losses through fraud infrastructure. The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Philippines-based company show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its ScreenConnect customers. ConnectWise revealed it had detected suspicious activity linked to an advanced nation-state actor. The company confirmed that show more ...
Source: hackread.com – Author: Waqas. A newly emerged threat actor, going by the alias “Often9,” has posted on a prominent cybercrime and database trading forum, claiming to possess 428 million unique TikTok user records. The post is titled “TikTok 2025 Breach – 428M Unique Lines.” The seller’s show more ...
Source: hackread.com – Author: Deeba Ahmed. Victoria’s Secret website was down due to a ‘security incident’ impacting online and some in-store services. Get the latest on the lingerie giant’s efforts to restore operations and what customers need to know. Lingerie giant Victoria’s Secret shut down its show more ...
Source: hackread.com – Author: Deeba Ahmed. A new report from cybersecurity firm Netcraft reveals a rise in a Chinese-language Phishing-as-a-Service (PhaaS) known as Haozi. This service makes it incredibly easy for criminals, even those without technical skills, to launch sophisticated phishing attacks. Rob show more ...
