A wormable cryptojacking campaign spreads via pirated software, using BYOVD and a time-based logic bomb to deploy a custom XMRig miner. Researchers uncovered a wormable cryptojacking campaign that spreads through pirated software bundles to deploy a custom XMRig miner. The…
Forescout Partners with E-ISAC to Bring Threat Intelligence and Research to North American Utilities
Forescout Technologies has joined the Electricity Information Sharing and Analysis Center Vendor Affiliate Program, a move that will expand the sharing of threat intelligence with utilities and government partners working to protect North America’s power grid. The program is run…
Americans are destroying Flock surveillance cameras
While some cities are moving to end their contracts with Flock over its links to ICE, others are taking matters into their own hands. This article has been indexed from Security News | TechCrunch Read the original article: Americans are…
New MIMICRAT Custom RAT Uncovered in Sophisticated Multi-Stage ClickFix Campaign
A sophisticated new cyber campaign has been uncovered, utilizing a deceptive technique known as “ClickFix” to distribute a custom remote access trojan dubbed MIMICRAT. This operation compromises legitimate websites to serve as delivery vectors, bypassing traditional security controls by relying…
Randall Munroe’s XKCD ‘Early Arthropods’
via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Early Arthropods’ appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: Randall Munroe’s…
AWS Threat Intel Finds 600+ FortiGate Devices Hit
AWS Threat Intel found AI was used to hack 600+ FortiGate devices. The post AWS Threat Intel Finds 600+ FortiGate Devices Hit appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: AWS…
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. “Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated,…
PayPal Alerts Users to Data Exposure Linked to Loan App Software Glitch
PayPal has informed customers about a data exposure incident caused by a software error in its loan application platform, which left sensitive personal information visible for nearly six months in 2025. The issue involved the company’s PayPal Working Capital…
Multiple Zero-Day Flaws in PDF Platforms Enable XSS and One-Click Attacks
16 zero-day security flaws found in Foxit and Apryse PDF platforms could lead to account takeover and RCE. Learn how AI identified these risks. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read…
North Korean Threat Actors Leverage Fake IT Worker Campaigns and Contagious Interview Tactics
North Korean nation-state threat actors have been running a two-part operation — posing as job recruiters while embedding fake workers inside real companies. Since at least 2022, these actors have tricked software developers into running malicious code during fake technical…
New Phishing Framework Starkiller Proxies Real Login Pages to Bypass MFA
A highly sophisticated phishing framework named Starkiller has recently emerged, offering attackers an advanced method to steal credentials and bypass multi-factor authentication. Developed by a group known as Jinkusu, this malicious toolkit is sold as a commercial software-as-a-service product. Unlike…
Microsoft MFA Down – 504 Gateway Timeout Errors Disrupting MFA Access for U.S. Users
Microsoft is currently investigating a significant service degradation affecting Multi-Factor Authentication (MFA) across its Microsoft 365 suite, with users in the North America region reporting widespread 504 gateway timeout errors when attempting to authenticate into MFA-protected services. The incident, tracked…
AI Powered Attacks Target Hundreds of Fortinet Firewalls in Weeks
Cybercrime sophistication is no longer primarily determined by technical mastery but by the ability to industrialize opportunities as well. An anonymous, Russian-speaking threat actor quietly orchestrated a campaign over five weeks ago that compromised more than 600 FortiGate devices…
Dragos Warns of New State-Backed Threat Groups Targeting Critical Infrastructure
A fresh wave of state-backed hacking targeted vital systems more aggressively over the past twelve months, as newer collectives appeared while long-known teams kept their campaigns running, per Dragos’ latest yearly analysis. Operating underground until now, three distinct gangs…
Anthropic Launches Claude Code Security To Autonomously Detect And Patch Bugs
Anthropic has introduced Claude Code Security, a new AI-powered capability in its Claude Code assistant that promises to raise the bar for software security by scanning entire codebases for vulnerabilities and suggesting human-reviewed patches. The feature is currently rolling…
Over 200K Australian Driver’s Licences Exposed in youX Cyber Breach
A youX breach exposed sensitive borrower data in Australia, including over 200,000 driver’s licence numbers, raising fraud and phishing risks. The post Over 200K Australian Driver’s Licences Exposed in youX Cyber Breach appeared first on TechRepublic. This article has been…
NDSS 2025 – Generating API Parameter Security Rules With LLM For API Misuse Detection
Session 13B: API Security Authors, Creators & Presenters: Jinghua Liu (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Yi Yang (Institute of Information Engineering, Chinese Academy of…
Hackers target vulnerabilities in Roundcube Webmail
CISA has added the flaws, one of which is considered critical, to its Known Exploited Vulnerabilities catalog. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Hackers target vulnerabilities in Roundcube Webmail
IT Security News Hourly Summary 2026-02-23 18h : 6 posts
6 posts were published in the last hour 16:34 : VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report 16:34 : The Apple-Google AI Deal: What $1 Billion Says About Who’s Really Winning the AI Race…
VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report
Chinese hackers allegedly broke into the network of an Ivanti subsidiary in 2021. The hackers exploited a backdoor in its VPN product, which allowed the hackers to gain access to 119 other unnamed organizations. This article has been indexed from…
The Apple-Google AI Deal: What $1 Billion Says About Who’s Really Winning the AI Race
Apple chose Google’s Gemini over ChatGPT for Siri’s AI upgrade. This $1B/year deal reveals who’s actually winning the AI race—and it’s not who you think. The post The Apple-Google AI Deal: What $1 Billion Says About Who’s Really Winning the…
AI helps novice threat actor compromise FortiGate devices in dozens of countries
Generative AI tools analyzed target networks and wrote exploit code, giving an opportunistic attacker an outsized impact, according to a new Amazon report. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: AI helps…
Global regulators say AI image tools don’t get a free pass on privacy rules
Watchdogs warn models that can generate realistic images of people must comply with data protection laws A global coalition of privacy watchdogs has fired a warning shot at the generative AI industry, saying companies churning out realistic synthetic images can’t…
US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach
The Everest ransomware group has taken credit for a hacker attack on Vikor Scientific, now called Vanta Diagnostics. The post US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach appeared first on SecurityWeek. This article has been indexed from…