Taiwan warned that popular Chinese-owned apps, including TikTok and Weibo, are harvesting personal data and sending it back to servers in China This article has been indexed from www.infosecurity-magazine.com Read the original article: Taiwan Flags Chinese Apps Over Data Security…
Hunters International Ransomware Gang Rebrands as World Leaks
Hunters International ransomware gang closes after 55 confirmed and 199 unconfirmed cyberattacks. Read about its rebrand to World… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Hunters International…
Hackers Exploit Java Debug Wire Protocol Servers to Deploy Cryptomining Payloads
A sophisticated cyberattack targeting unsecured Java Debug Wire Protocol (JDWP) interfaces on honeypot servers running TeamCity, a popular CI/CD application, has been discovered, according to a startling disclosure from the Wiz Research Team. The team observed that within mere hours…
Hackers use Fake Cloudflare Verification Screen to Trick Users into Executing Malware
A sophisticated social engineering campaign has emerged targeting unsuspecting users through fraudulent Cloudflare verification screens, representing a new evolution in malware distribution tactics. This attack method leverages the trusted appearance of legitimate web security services to deceive victims into executing…
New “123 | Stealer” Advertised on Underground Hacking Forums for $120 Per Month
A new credential-stealing malware dubbed “123 | Stealer” has surfaced on underground cybercrime forums, being marketed by threat actor “koneko” for $120 per month. This malware-as-a-service (MaaS) offering represents the latest evolution in information stealer technology, combining sophisticated data exfiltration…
Microsoft Investigating Forms Service Issue Not Accessible for Users
Microsoft is currently investigating a significant service disruption affecting Microsoft Forms, leaving numerous users unable to access the popular online survey and quiz platform. The issue, identified as incident FM1109073, began on July 4, 2025, at 12:42 PM GMT+5:30 and…
New Sophisticated Attack ypasses Content Security Policy Using HTML-Injection Technique
A sophisticated technique to bypass Content Security Policy (CSP) protections using a combination of HTML injection and browser cache manipulation. The method exploits the interaction between nonce-based CSP implementations and browser caching mechanisms, specifically targeting the back/forward cache (bfcache) and…
Massive Android Ad Fraud ‘IconAds’ Leverages Google Play to Attack Phone Users
A sophisticated mobile ad fraud operation dubbed “IconAds” has infiltrated Android devices worldwide through 352 malicious applications distributed via Google Play Store, generating up to 1.2 billion fraudulent bid requests daily at its peak. The scheme represents a significant evolution…
The Role Culture and Trust Play in Countering Deepfakes
Empowering employees with critical thinking and transparency to combat synthetic media impersonations and fortify organizational defenses. The post The Role Culture and Trust Play in Countering Deepfakes appeared first on Security Boulevard. This article has been indexed from Security Boulevard…
Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is below…
Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It
Generative AI is changing how businesses work, learn, and innovate. But beneath the surface, something dangerous is happening. AI agents and custom GenAI workflows are creating new, hidden ways for sensitive enterprise data to leak—and most teams don’t even realize…
Massive Android Ad Fraud ‘IconAds’ Uses Google Play to Target and Exploit Users
HUMAN’s Satori Threat Intelligence and Research Team has dismantled a sprawling ad fraud operation named IconAds, which infiltrated the Google Play Store with 352 malicious apps. At its peak, this scheme generated a staggering 1.2 billion bid requests daily, flooding…
Cybercriminals Use Fake Cloudflare Verification Screens to Deceive Users into Running Malware
Threat actors have developed a clever social engineering technique to disseminate malware by posing as trustworthy security measures, which is a terrifying new development in the realm of cybercrime. Cybersecurity researchers have uncovered a malicious campaign that leverages fake Cloudflare…
EU Launches Plan to Implement Quantum-Secure Infrastructure
The EU’s Quantum Strategy includes plans to develop secure quantum communication infrastructure across the region This article has been indexed from www.infosecurity-magazine.com Read the original article: EU Launches Plan to Implement Quantum-Secure Infrastructure
A flaw in Catwatchful spyware exposed logins of +62,000 users
A flaw in Catwatchful spyware exposed logins of 62,000 users, turning the spy tool into a data leak, security researcher Eric Daigle revealed. A flaw in the Catwatchful Android spyware exposed its full user database, leaking email addresses and plaintext…
Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission
Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users’ cellular data when they were idle to passively send information to the company. The verdict…
New “123 | Stealer” Malware Rented on Dark Web for $120/Month
A new credential-stealing malware, dubbed “123 | Stealer,” has surfaced on underground cybercrime forums, with the threat actor known as #koneko offering the tool for rent at $120 per month. The malware, which is being marketed as a powerful and flexible information stealer,…
Researchers Defeat Content Security Policy Protections via HTML Injection
In a breakthrough that challenges the perceived safety of nonce-based Content Security Policy (CSP), security researchers have demonstrated a practical method to bypass these protections by combining HTML injection, CSS-based nonce leakage, and browser cache manipulation. The Setup: A Realistic…
Catwatchful Android Spyware Leaks Credentials of 62,000+ Users
A major security lapse has exposed the credentials of over 62,000 users of Catwatchful, a full-featured Android spyware app that openly markets itself as a tool for covert surveillance. The breach, discovered by a security researcher, highlights the persistent risks…
Multiple PHP Vulnerabilities Enables SQLi and DoS Attacks – Update Now
Security researchers have disclosed two significant vulnerabilities in PHP, the popular server-side scripting language, that could allow attackers to launch SQL injection (SQLi) and Denial of Service (DoS) attacks. According to the report, Administrators and developers are urged to update…
Undetectable Android spyware is detectable, Hunters ransomware quits, Salt Typhoon dormant
Undetectable Android spyware leaks user logins Hunters ransomware group shuts doors Medical device company Surmodics reports cyberattack Huge thanks to our sponsor, Palo Alto Networks You’re moving fast in the cloud and so are attackers. But while SecOps and cloud…
NTLM relay attacks are back from the dead
NTLM relay attacks are the easiest way for an attacker to compromise domain-joined hosts. While many security practitioners think NTLM relay is a solved problem, it is not – and, in fact, it may be getting worse. Anecdotally, they are…
New hires, new targets: Why attackers love your onboarding process
In this Help Net Security video, Ozan Ucar, CEO of Keepnet Labs, highlights a critical cybersecurity blind spot: the vulnerability of new hires during onboarding. He explains how attackers now use AI-powered, multi-channel phishing tactics to target fresh employees who…
A Simple Guide to Launching GenAI Successfully
Generative AI (GenAI) is one of today’s most exciting technologies, offering potential to improve productivity, creativity, and customer service. But for many companies, it becomes like a forgotten gym membership, enthusiastically started, but quickly abandoned. So how can businesses…
Exposed and unaware? Smart buildings need smarter risk controls
75% of organizations have building management systems (BMS) affected by known exploited vulnerabilities (KEVs), according to Claroty. The post Exposed and unaware? Smart buildings need smarter risk controls appeared first on Help Net Security. This article has been indexed from…
Africa’s cybersecurity crisis and the push to mobilizing communities to safeguard a digital future
While Africa hosts some of the fastest-growing digital economies globally, it also faces persistent challenges in cybersecurity preparedness. Many organizations and individuals remain unaware of the risks they face online. Phishing schemes and social engineering tactics continue to succeed at…
Azure API Vulnerabilities Leak VPN Keys and Built-In Roles Allow Over-Privileged Access
Microsoft Azure’s role-based access control system has been found to contain critical security vulnerabilities that could expose enterprise networks to unauthorized access. Security researchers have identified a combination of over-privileged built-in roles and API implementation flaws that create dangerous attack…