New findings from Lares Labs underscore the importance of realistic threat emulation exercises that mirror the sophisticated tactics of the Scattered Spider APT group. By integrating real-world incident data into controlled simulations, organizations can proactively assess defenses across networks, endpoints,…
Category: EN
New TamperedChef Attack With Weaponized PDF Editor Steals Sensitive Data and Login Credentials
A sophisticated malware campaign that weaponizes a seemingly legitimate PDF editor to steal sensitive data and login credentials from unsuspecting users across Europe. The attack uncovered by Truesec, dubbed “TamperedChef,” represents a new evolution in social engineering tactics that leverage…
FreePBX Servers Hacked in 0-Day Attack – Admins are Urged to Disable Internet Access
A critical zero-day exploit targeting exposed FreePBX 16 and 17 systems. Threat actors are abusing an unauthenticated privilege escalation vulnerability in the commercial Endpoint Manager module, allowing remote code execution (RCE) when the Administrator Control Panel is reachable from the…
Thousands of Citrix NetScaler boxes still sitting ducks despite patches
Shadowserver counts more than 13,000 appliances still wide open – including thousands in US, Germany, and UK Thousands of Citrix NetScaler appliances remain exposed to a trio of security flaws that the vendor patched this week, one of which is…
TransUnion admits 4.5M affected after third-party support app breached
Credit agency offers own services as compensation Credit scoring and monitoring biz TransUnion says that it recently suffered a breach affecting nearly 4.5 million individuals.… This article has been indexed from The Register – Security Read the original article: TransUnion…
China’s Salt Typhoon Hacked Critical Infrastructure Globally for Years
China-linked APT ‘Salt Typhoon’ exploited known router flaws to maintain persistent access across telecom, government, and military networks, giving Beijing’s intelligence services global surveillance reach. The post China’s Salt Typhoon Hacked Critical Infrastructure Globally for Years appeared first on SecurityWeek.…
Webinar: Why Top Teams Are Prioritizing Code-to-Cloud Mapping in Our 2025 AppSec
Picture this: Your team rolls out some new code, thinking everything’s fine. But hidden in there is a tiny flaw that explodes into a huge problem once it hits the cloud. Next thing you know, hackers are in, and your…
Netherlands Confirms China’s Salt Typhoon Targeted Small Dutch Telcos
Salt Typhoon’s primary Dutch targets were small internet service providers and hosting providers This article has been indexed from www.infosecurity-magazine.com Read the original article: Netherlands Confirms China’s Salt Typhoon Targeted Small Dutch Telcos
FreePBX Servers Hit by 0-Day Exploit, Disable Internet Access Advised
FreePBX administrators worldwide have been urged to immediately disable public internet access to their systems after a critical 0-day vulnerability was discovered in the commercial Endpoint Manager module. The Sangoma FreePBX Security Team confirmed that attacker-controlled exploit code can gain…
You Can’t Protect What You Can’t See
A business ecosystem is a borderless entity. Where organizations operate across vast, global networks, achieving a comprehensive view of their digital operations is a major challenge. Security leads, faced with… The post You Can’t Protect What You Can’t See appeared…