“Cyber warfare is as much about psychological strategy as technical prowess.”
― James Scott
-
Top 10 Cybersecurity Trends to Expect in 2025 [email protected] (The Hacker News)
The 2025 cybersecurity landscape is increasingly complex, driven by sophisticated cyber threats, increased regulation, and rapidly evolving technology. In 2025, organizations will be challenged with protecting sensitive information for their customers while continuing to provide seamless and easy user experiences. Here’s a closer look at ten emerging challenges and threats set to shape theRead More
-
U.S. Judge Rules Against NSO Group in WhatsApp Pegasus Spyware Case [email protected] (The Hacker News)
Meta Platforms-owned WhatsApp scored a major legal victory in its fight against Israeli commercial spyware vendor NSO Group after a federal judge in the U.S. state of California ruled in favor of the messaging giant for exploiting a security vulnerability to deliver Pegasus. “The limited evidentiary record before the court does show that defendants’ Pegasus…
-
Italy Fines OpenAI €15 Million for ChatGPT GDPR Data Privacy Violations [email protected] (The Hacker News)
Italy’s data protection authority has fined ChatGPT maker OpenAI a fine of €15 million ($15.66 million) over how the generative artificial intelligence application handles personal data. The fine comes nearly a year after the Garante found that ChatGPT processed users’ information to train its service in violation of the European Union’s General Data Protection Regulation…
-
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages [email protected] (The Hacker News)
A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department…
-
Identity and access management tools and features for 2025
Post ContentRead More
-
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware [email protected] (The Hacker News)
The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging a “complex infection chain” targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular…
-
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack [email protected] (The Hacker News)
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm…
-
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation [email protected] (The Hacker News)
Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list…
-
Apache Struts 2 RCE Attack
FortiGuard Labs has detected on-going exploit attempts targeting a recently patched Apache Struts 2 vulnerability. Attackers can manipulate file upload parameters to enable path traversal, potentially leading to malicious file upload. This may result in Remote Code Execution, allowing attackers to run arbitrary code, steal data, or compromise entire systems.Read More
-
Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools [email protected] (The Hacker News)
A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending…
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.”
― Martina Navratilova