Category: Uncategorized
-
![Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails info@thehackernews.com (The Hacker News)](https://sekuritasit.com/wp-content/uploads/2025/03/storm-2iOVMX.png)
Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails [email protected] (The Hacker News)
Microsoft has shed light on an ongoing phishing campaign that targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware. The activity, the tech giant said, started in December 2024 and operates with the end goal of conducting financial fraud and theft.…
-

North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps [email protected] (The Hacker News)
The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It’s not clear…
-

GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks [email protected] (The Hacker News)
Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections. SAML is an XML-based markup language and open-standard used for exchanging authentication and authorization data between parties, enabling features like single sign-on (SSO), which allowsRead More
-
How to build an application security program
Post ContentRead More
-

Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025 [email protected] (The Hacker News)
As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments, providers and locations, expanding the attack surface for emerging cyberthreats. While the need for a strong data protection strategy has…
-
What is a pass-the-hash attack?
Post ContentRead More
-

Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk [email protected] (The Hacker News)
Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS score of 8.1, indicating high severity. Described as an out-of-bounds write flaw, it could be exploited to achieve remote code execution…
-

WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback [email protected] (The Hacker News)
Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate. “On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla projects, including Firefox, will expire,” Mozilla said.…
-
Cyber Trust Mark explained: Everything you need to know
Post ContentRead More
-

Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits [email protected] (The Hacker News)
The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure. “The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script…
