Hackers exploited Windows flaw CVE-2025-29824 to deploy PipeMagic malware in RansomExx attacks, Kaspersky revealed. A joint report from Kaspersky and BI.ZONE analyzed the evolution of PipeMagic malware from its first detection in 2022 to new infections observed in 2025. The researchers identified key changes…
Allianz Life security breach impacted 1.1 million customers
Allianz Life breach exposed data of most of its 1.4M customers; HIBP lists 1.1M impacted, though the insurer hasn’t confirmed exact figures. In July, Allianz Life disclosed a breach where hackers stole data from a cloud database, affecting most of…
More customers asking for Google’s Data Boundary, says Cloud Experience boss
Developer demand for sovereign cloud from tech giant is on the rise, says exec Interview Google’s President of Customer Experience, Hayete Gallot, offered some words of comfort to developers who are looking nervously at the rise of AI assistants while…
Australian ISP iiNet Suffers Breach of 280,000+ Records
Over 280,000 customers of Australian ISP iiNet have been impacted by a data breach This article has been indexed from www.infosecurity-magazine.com Read the original article: Australian ISP iiNet Suffers Breach of 280,000+ Records
Foxconn, SoftBank To Manufacture Stargate Equipment In Ohio
Foxconn to operate plant owned by SoftBank in Lordstown to manufacture data centre equipment as companies push ahead with Stargate plan This article has been indexed from Silicon UK Read the original article: Foxconn, SoftBank To Manufacture Stargate Equipment In…
Nearly 90 Percent Of Game Developers Use AI Agents
Google-sponsored survey finds 87 percent of game developers use AI agents to automate cumbersome tasks, amidst record layoffs This article has been indexed from Silicon UK Read the original article: Nearly 90 Percent Of Game Developers Use AI Agents
Lockbit Linux ESXi Ransomware Variant Reveals Evasion Techniques and File Encryption Process
A recent reverse engineering analysis of a Lockbit ransomware variant targeting Linux-based ESXi servers has uncovered several sophisticated evasion techniques and operational details. The malware, first documented in 2022, employs the ptrace system call to detect debugging environments by attempting…
IT Security News Hourly Summary 2025-08-19 09h : 4 posts
4 posts were published in the last hour 7:3 : CISA Alerts on Active Exploitation of Trend Micro Apex One Vulnerability 7:3 : Browser wars are back, predicts Palo Alto, thanks to AI 7:3 : Git 2.51: Preparing for the…
U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Trend Micro Apex One flaw, tracked as CVE-2025-54948, to its Known Exploited Vulnerabilities (KEV) catalog.…
Hackers Exploit Cisco Secure Links to Evade Link Scanners and Bypass Network Filters
A sophisticated attack campaign uncovered where cybercriminals are weaponizing Cisco’s own security infrastructure to conduct phishing attacks. The attackers are exploiting Cisco Safe Links technology, designed to protect users from malicious URLs, to evade detection systems and bypass network filters…
CISA Warns of Trend Micro Apex One OS Command Injection Vulnerability Exploited in Attacks
CISA has issued a critical warning regarding a high-severity OS command injection vulnerability in Trend Micro Apex One Management Console that threat actors are actively exploiting in the wild. The vulnerability, tracked as CVE-2025-54948 and classified under CWE-78, poses significant…
Crypto Developers Attacked With Malicious npm Packages to Steal Login Details
A sophisticated new threat campaign has emerged targeting cryptocurrency developers through malicious npm packages designed to steal sensitive credentials and wallet information. The attack, dubbed “Solana-Scan” by researchers, specifically targets the Solana cryptocurrency ecosystem by masquerading as legitimate software development…
New Research Links VPN Apps, Highlights Security Deficiencies
Citizen Lab has identified links between multiple VPN providers, and multiple security weaknesses in their mobile applications. The post New Research Links VPN Apps, Highlights Security Deficiencies appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks
The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to prevent supply chain attacks. “These changes improve PyPI’s overall account security posture, making it harder for attackers to exploit…
China’s AI Cloud Market Reaches £2bn
Baidu, Alibaba top market in mainland China for public AI cloud infrastructure, led by computer vision and machine learning This article has been indexed from Silicon UK Read the original article: China’s AI Cloud Market Reaches £2bn
New Sni5Gect Attack Targets 5G to Steal Messages and Inject Payloads
Cybersecurity researchers at Singapore University of Technology and Design have unveiled a sophisticated new attack framework called SNI5GECT that can intercept 5G communications and inject malicious payloads without requiring a rogue base station. The research demonstrates significant vulnerabilities in the current 5G…
PipeMagic Malware Imitates ChatGPT App to Exploit Windows Vulnerability and Deploy Ransomware
The PipeMagic malware, which is credited to the financially motivated threat actor Storm-2460, is a remarkable illustration of how cyber dangers are always changing. It poses as the genuine open-source ChatGPT Desktop Application from GitHub. This sophisticated modular backdoor facilitates…
Malicious npm Packages Target Crypto Developers to Steal Login Credentials
A sophisticated threat campaign dubbed “Solana-Scan” has emerged, deploying malicious npm packages aimed at infiltrating the Solana cryptocurrency ecosystem. Identified by the Safety research team through advanced malicious package detection technology, this operation involves a threat actor operating under the…
Workday breach, post-quantum alliance, Chinese group targets Taiwan
Workday confirms data breach An alliance to unify post-quantum cryptography New Chinese threat actor targeting Taiwan Huge thanks to our sponsor, Conveyor If the thought of logging into a portal questionnaire makes you want to throw your laptop away, you’re…
CISA Alerts on Active Exploitation of Trend Micro Apex One Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Trend Micro Apex One vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation targeting the enterprise security platform. The vulnerability, tracked as CVE-2025-54948, affects the Trend…
Browser wars are back, predicts Palo Alto, thanks to AI
CEO says if you buy all your infosec stuff from him, life under assault from bots will be less painful Brace for a new round of browser wars, according to Palo Alto Networks CEO Nikesh Arora.… This article has been…
Git 2.51: Preparing for the future with SHA-256
Git 2.51 is out, and the release continues the long process of modernizing the version control system. The update includes several technical changes, but one of the most important areas of work is Git’s move toward stronger cryptographic security through…
OWASP Security Misconfiguration: Quick guide
Security misconfiguration is a significant concern, in the OWASP Top 10. During our web application penetration tests, we often discover numerous vulnerabilities of this nature. According to OWASP, this issue impacts nearly 90% of all web applications. In this blog,…
Hackers Exploit Cisco Secure Links to Evade Scanners and Bypass Filters
Cybercriminals have discovered a sophisticated new attack vector that weaponizes Cisco’s security infrastructure against users, according to recent research from Raven AI. The company’s context-aware detection systems uncovered a credential phishing campaign that exploits Cisco Safe Links to evade traditional…