threat – Threat Note

From Graham Cluley – Smashing Security podcast #412: Signalgate sucks, and the quandary of quishing

QR codes are being weaponised by scammers — so maybe think twice before scanning that parking meter. And in a blunder so dumb it makes autocorrect look smart, the White…

shaikh Saqib April 10, 2025

News

From Cybercrime Magazine – Passkeys: A More Secure Future.

Why Passkeys Are the Future of Online Security: Moving Beyond Vulnerable Passwords –Alfred Bonilla, Vice President, Modern Access, Mastercard San Jose, Calif. – Apr. 9, 2025 At this point, we’ve…

shaikh Saqib April 9, 2025

Vulnerabilities

From Cybersecurity Help – Intelligence agencies warn of Chinese spyware targeting Taiwan, Tibetan rights advocates

The advisory focuses on two spyware families, dubbed ‘BadBazaar’ and ‘Moonshine’ masquerading as seemingly legitimate apps. Read More

shaikh Saqib April 9, 2025

News

From Dark Reading – Using Post-Quantum Planning to Improve Security Hygiene

With careful planning, the transition to post-quantum cryptography can significantly improve security and risk management for the present and future. Read More

shaikh Saqib April 9, 2025

News

From Cyber Security News – Shopware Security Plugin Exposes Systems to SQL Injection Attacks

A plugin designed to patch security vulnerabilities in older versions of Shopware has itself been found vulnerable to SQL injection attacks. The flaw, discovered in Shopware Security Plugin 6 version…

shaikh Saqib April 9, 2025

Vulnerabilities

From Cybersecurity Help – One of largest bulletproof web hosting providers Media Land got its internal data leaked

Researchers believe the hacker behind the breach is likely the same group responsible for the previous BlackBasta leak. Read More

shaikh Saqib April 9, 2025

News

From Cyber Security News – Attackers Exploits SourceForge Software Hosting Platform to Deliver Malware

Cybercriminals have devised a sophisticated scheme exploiting SourceForge, a popular software hosting platform, to distribute malicious software disguised as legitimate office applications. The attack leverages the platform’s feature that automatically…

shaikh Saqib April 9, 2025

News

From Cybercrime Magazine – Investigative Journalist Deep Dives Into The Bybit Hack

This week in cybersecurity from the editors at Cybercrime Magazine –Listen to the podcast Sausalito, Calif. – Apr. 9, 2025 Major media outlets globally reported Feb. 21, 2025 that a $1.5…

shaikh Saqib April 9, 2025

News

From Security Week – Qevlar AI Raises $10 Million for Autonomous Investigation Platform

[[{"value":"French cybersecurity startup Qevlar AI has raised $10 million in a funding round led by EQT Ventures and Forgepoint Capital International. The post Qevlar AI Raises $10 Million for Autonomous…

shaikh Saqib April 9, 2025

News

From Cyber Security News – Windows Kerberos Vulnerability Let Attackers Bypass Security Feature & Access Credentials

Microsoft has released a patch for a critical Windows Kerberos vulnerability (CVE-2025-29809) that allows attackers to bypass security features and potentially access sensitive authentication credentials. The flaw, addressed in the…

shaikh Saqib April 9, 2025

News

From Cyber Security News – CISA Warns of Microsoft Windows CLFS Vulnerability Exploited in Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Microsoft Windows vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The flaw in the Windows Common Log File…

shaikh Saqib April 9, 2025

News

From Cyber Security News – New GIFTEDCROOK Stealer Attacking Government Orgs To Steal Sensitive Data

Ukrainian government organizations are facing a sophisticated new cyber threat as threat actors deploy the recently discovered GIFTEDCROOK stealer malware to harvest sensitive data. Since February 2025, security researchers have…

shaikh Saqib April 9, 2025

News

From Security Week – Treasury’s OCC Says Hackers Had Access to 150,000 Emails

[[{"value":"The Office of the Comptroller of the Currency (OCC) has disclosed an email security incident in which 100 accounts were compromised for over a year. The post Treasury’s OCC Says…

shaikh Saqib April 9, 2025

News

From The Hacker News – New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner

A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB. "Previously unseen in ToddyCat attacks, [TCESB] is designed to stealthily execute payloads in circumvention of protection and monitoring tools installed on the device," Kaspersky said in an

shaikh Saqib April 9, 2025

News

From Security Week – CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days

[[{"value":"CISA has added fresh CentreStack and Windows CLFS vulnerabilities to the Known Exploited Vulnerabilities catalog. The post CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days appeared first on SecurityWeek."}]] Read…

shaikh Saqib April 9, 2025