Port 22

DeepSeek App Transmits Sensitive User and Device Data Without Encryption
February 7, 2025

A new audit of DeepSeek’s mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and

CISA Warns of Active Exploitation in Trimble Cityworks Vulnerability Leading to IIS RCE
February 7, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution. “This could

AI-Powered Social Engineering: Reinvented Threats
February 7, 2025

The foundations for social engineering attacks manipulating humans might not have changed much over the years. Its the vectors how these techniques are deployed that are evolving. And like most industries these days, AI is accelerating its evolution.  This article explores how these changes are impacting business, and how cybersecurity leaders can respond. Impersonation attacks:

Microsoft Identifies 3,000+ Publicly Disclosed ASP.NET Machine Keys Vulnerable to Code Injection
February 7, 2025

Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers’ pathway. The tech giant’s threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET

Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware
February 7, 2025

Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp’s Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a

Experts Flag Security, Privacy Risks in DeepSeek AI App
February 6, 2025

New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices – such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies – introduce a number of glaring security and privacy risks.

Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking
February 6, 2025

Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT. The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China. “This actor has increasingly targeted key roles

Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023
February 6, 2025

Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023. The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%. “The number of ransomware events increased into H2, but on-chain payments declined,

SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images
February 6, 2025

A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple’s and Google’s respective app stores to steal victims’ mnemonic phrases associated with cryptocurrency wallets.  The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server,

The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025
February 6, 2025

Privileged Access Management (PAM) has emerged as a cornerstone of modern cybersecurity strategies, shifting from a technical necessity to a critical pillar in leadership agendas. With the PAM market projected to reach $42.96 billion by 2037 (according to Research Nester), organizations invest heavily in PAM solutions.

Why is PAM climbing the ranks of leadership priorities? While Gartner

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
February 6, 2025

The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC). The attacks commence with phishing emails containing a Windows shortcut (LNK) file that’s disguised as a Microsoft Office or PDF document.

Top 3 Ransomware Threats Active in 2025
February 6, 2025

You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: “Pay $2 million in Bitcoin within 48 hours or lose everything.” And the worst part is that even after paying, theres no guarantee youll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
February 6, 2025

Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below -

CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote

Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
February 5, 2025

The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems. According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of

Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts
February 5, 2025

Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments. Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks. “Originally sourced from public

Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks
February 5, 2025

A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan. “This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector,” Seqrite Labs researcher Subhajeet Singha said in a technical report

New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack
February 5, 2025

Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0. “A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code

Navigating the Future: Key IT Vulnerability Management Trends
February 5, 2025

As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws. Staying informed on these trends can help MSPs and IT teams

AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks
February 5, 2025

A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels. “AsyncRAT is a remote access trojan (RAT) that exploits the async/await pattern for efficient, asynchronous communication,” Forcepoint X-Labs researcher Jyotika Singh said in an analysis. “It allows attackers to control infected systems

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25
February 5, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows -

CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized

Whos Behind the Seized Forums Cracked & Nulled?
February 4, 2025

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate an Internet service provider and a pair of e-commerce platforms catering to buyers and sellers on both forums.

Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
February 4, 2025

Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) was published to

Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections
February 4, 2025

A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09. “The vulnerability was

North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS
February 4, 2025

The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process. “Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update some required piece of software such as VCam or

Watch Out For These 8 Cloud Security Shifts in 2025
February 4, 2025

As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Lets take a

Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks
February 4, 2025

Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek’s Artificial Intelligence (AI) platform, citing security risks. “Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security,” according to a statement released by Taiwan’s Ministry of Digital Affairs, per Radio Free Asia. “DeepSeek

AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
February 4, 2025

A security vulnerability has been disclosed in AMD’s Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions. The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity. “Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
February 4, 2025

Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below -

CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
February 4, 2025

Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver. Successful exploitation of the flaw could lead

Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform
February 4, 2025

Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user’s credentials and stage follow-on attacks. This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf

Page 1 of 363 Older Posts →