Citizen Lab has identified links between multiple VPN providers, and multiple security weaknesses in their mobile applications. The post New Research Links VPN Apps, Highlights Security Deficiencies appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks
The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to prevent supply chain attacks. “These changes improve PyPI’s overall account security posture, making it harder for attackers to exploit…
China’s AI Cloud Market Reaches £2bn
Baidu, Alibaba top market in mainland China for public AI cloud infrastructure, led by computer vision and machine learning This article has been indexed from Silicon UK Read the original article: China’s AI Cloud Market Reaches £2bn
New Sni5Gect Attack Targets 5G to Steal Messages and Inject Payloads
Cybersecurity researchers at Singapore University of Technology and Design have unveiled a sophisticated new attack framework called SNI5GECT that can intercept 5G communications and inject malicious payloads without requiring a rogue base station. The research demonstrates significant vulnerabilities in the current 5G…
PipeMagic Malware Imitates ChatGPT App to Exploit Windows Vulnerability and Deploy Ransomware
The PipeMagic malware, which is credited to the financially motivated threat actor Storm-2460, is a remarkable illustration of how cyber dangers are always changing. It poses as the genuine open-source ChatGPT Desktop Application from GitHub. This sophisticated modular backdoor facilitates…
Malicious npm Packages Target Crypto Developers to Steal Login Credentials
A sophisticated threat campaign dubbed “Solana-Scan” has emerged, deploying malicious npm packages aimed at infiltrating the Solana cryptocurrency ecosystem. Identified by the Safety research team through advanced malicious package detection technology, this operation involves a threat actor operating under the…
Workday breach, post-quantum alliance, Chinese group targets Taiwan
Workday confirms data breach An alliance to unify post-quantum cryptography New Chinese threat actor targeting Taiwan Huge thanks to our sponsor, Conveyor If the thought of logging into a portal questionnaire makes you want to throw your laptop away, you’re…
CISA Alerts on Active Exploitation of Trend Micro Apex One Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Trend Micro Apex One vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation targeting the enterprise security platform. The vulnerability, tracked as CVE-2025-54948, affects the Trend…
Browser wars are back, predicts Palo Alto, thanks to AI
CEO says if you buy all your infosec stuff from him, life under assault from bots will be less painful Brace for a new round of browser wars, according to Palo Alto Networks CEO Nikesh Arora.… This article has been…
Git 2.51: Preparing for the future with SHA-256
Git 2.51 is out, and the release continues the long process of modernizing the version control system. The update includes several technical changes, but one of the most important areas of work is Git’s move toward stronger cryptographic security through…
OWASP Security Misconfiguration: Quick guide
Security misconfiguration is a significant concern, in the OWASP Top 10. During our web application penetration tests, we often discover numerous vulnerabilities of this nature. According to OWASP, this issue impacts nearly 90% of all web applications. In this blog,…
Hackers Exploit Cisco Secure Links to Evade Scanners and Bypass Filters
Cybercriminals have discovered a sophisticated new attack vector that weaponizes Cisco’s security infrastructure against users, according to recent research from Raven AI. The company’s context-aware detection systems uncovered a credential phishing campaign that exploits Cisco Safe Links to evade traditional…
Threat Actors Abuse Microsoft Help Index File to Execute PipeMagic Malware
Cybersecurity researchers have uncovered a sophisticated malware campaign exploiting Microsoft Help Index Files (.mshi) to deliver the notorious PipeMagic backdoor, marking a significant evolution in the threat actors’ tactics since the malware’s first detection in 2022. The campaign, which has…
What happens when penetration testing goes virtual and gets an AI coach
Cybersecurity training often struggles to match the complexity of threats. A new approach combining digital twins and LLMs aims to close that gap. Researchers from the University of Bari Aldo Moro propose using Cyber Digital Twins (CDTs) and generative AI…
Hijacked Satellites and Orbiting Space Weapons: In the 21st Century, Space Is the New Battlefield
From hacked satellites to nuclear threats in orbit, the battle for dominance beyond Earth is redefining modern warfare and national security. The post Hijacked Satellites and Orbiting Space Weapons: In the 21st Century, Space Is the New Battlefield appeared first…
The cybersecurity myths companies can’t seem to shake
Cybersecurity myths are like digital weeds: pull one out, and another quickly sprouts in its place. You’ve probably heard them before: Macs don’t get viruses, we’re too small to be a target, or changing passwords often keeps us safer. Experts…
As AI grows smarter, your identity security must too
AI is no longer on the horizon, it’s already transforming how organizations operate. In just a few years, we’ve gone from isolated pilots to enterprise-wide adoption. According to a recent SailPoint survey, 82% of companies are running AI agents today,…
Intel Websites Compromised, Allowing Hackers Access to Employee and Confidential Data
A series of critical security flaws in Intel’s internal web infrastructure exposed the personal details of more than 270,000 employees and potentially provided attackers with access to sensitive corporate and supplier information. The discoveries highlight severe weaknesses across multiple Intel-owned…
Threats Actors Using Telegram as The Communication Channel to Exfiltrate The Stolen Data
Cybersecurity researchers have identified an alarming trend where threat actors are increasingly leveraging Telegram’s Bot API infrastructure as a covert communication channel for data exfiltration. This sophisticated attack methodology combines traditional phishing techniques with legitimate messaging services to bypass conventional…
Weaponized Python Package Termncolor Attacking Leverages Windows Run Key to Maintain Persistence
A sophisticated supply chain attack targeting Python developers has emerged through a seemingly innocuous package named termncolor, which conceals a multi-stage malware operation designed to establish persistent access on compromised systems. The malicious package, distributed through the Python Package Index…
DoJ Seizes $2.8 Million in Crypto From Zeppelin Ransomware Operators
The U.S. Department of Justice (DoJ) announced the seizure of over $2.8 million in cryptocurrency, $70,000 in cash, and a luxury vehicle linked to Zeppelin ransomware operations. The warrants were unsealed on August 14, 2025, in federal courts across Virginia,…
University of Western Australia Hit by Cybersecurity Breach
The University of Western Australia (UWA) has confirmed a concerning cybersecurity incident that left thousands of staff, students, and visitors temporarily locked out of their accounts after hackers gained access to password data. The breach was detected late Saturday,…
Cybersecurity jobs available right now: August 19, 2025
Senior Cybersecurity Analyst DOT Security | USA | On-site – View job details As a Senior Cybersecurity Analyst, you will lead the investigation of real-time alerts from SIEM platforms and other security tools, ensuring timely identification of potential threats. You…
What makes airport and airline systems so vulnerable to attack?
In this Help Net Security video, Recep Ozdag, VP and GM at Keysight Technologies, explains why airline and airport systems are so difficult to secure. He explores the complex aviation ecosystem, from legacy systems and third-party vendors to the challenges…