A sophisticated new Android malware campaign has emerged targeting Indian banking customers through convincing impersonations of popular financial applications. The malicious software masquerades as legitimate apps from major Indian financial institutions, including SBI Card, Axis Bank, Indusind Bank, ICICI, and…
Tag: EN
Microsoft & Google lead zero day exploits, Plague Linux malware maintains SSH access, panel to create US Cyber Force
Microsoft and Google among most affected as zero day exploits jump 46% Vietnamese hackers use PXA Stealer, hit 4,000 IPs and steal 200,000 passwords globally New Plague Linux malware stealthily maintains SSH access Huge thanks to our sponsor, ThreatLocker ThreatLocker®…
WAF Protections Bypassed via JS Injection and Parameter Pollution for XSS Attacks
A groundbreaking security research has revealed that parameter pollution techniques combined with JavaScript injection can bypass 70% of modern Web Application Firewalls (WAFs), raising serious concerns about the effectiveness of current web security defenses. Security researchers conducting autonomous penetration testing discovered…
Security tooling pitfalls for small teams: Cost, complexity, and low ROI
In this Help Net Security interview, Aayush Choudhury, CEO at Scrut Automation, discusses why many security tools built for large enterprises don’t work well for leaner, cloud-native teams. He explains how simplicity, integration, and automation are key for SMBs with…
SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported
SonicWall said it’s actively investigating reports to determine if there is a new zero-day vulnerability following reports of a spike in Akira ransomware actors in late July 2025. “Over the past 72 hours, there has been a notable increase in…
LegalPwn Attack Tricks AI Tools Like ChatGPT and Gemini into Running Malicious Code
Security researchers have discovered a new type of cyberattack that exploits how AI tools process legal text, successfully tricking popular language models into executing dangerous code. Cybersecurity firm Pangea has unveiled a sophisticated attack method called “LegalPwn” that embeds malicious…
BloodHound 8.0 debuts with major upgrades in attack path management
SpecterOps has released BloodHound 8.0, the latest iteration of its open-source attack path management platform, featuring major enhancements and expanded capabilities. BloodHound OpenGraph The release introduces BloodHound OpenGraph, a major advancement in identity attack path management that uncovers attack paths…
Threat Actors are Actively Exploiting Vulnerabilities in Open-Source Ecosystem to Propagate Malicious Code
The open-source software ecosystem, once considered a bastion of collaborative development, has become an increasingly attractive target for cybercriminals seeking to infiltrate supply chains and compromise downstream systems. Recent analysis conducted during the second quarter of 2025 reveals that threat…
Claude AI Flaws Let Attackers Execute Unauthorized Commands Using the Model Itself
Security researchers have discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to bypass security restrictions and execute unauthorized commands, with the AI assistant itself helping to facilitate these attacks. The vulnerabilities, designated CVE-2025-54794 and CVE-2025-54795, demonstrate how sophisticated…
Ransomware groups shift to quadruple extortion to maximize pressure
Threat actors are using a new quadruple extortion tactic in ransomware campaigns, while double extortion remains the most common approach, according to Akamai. Ransomware extortion tactics (Source: Akamai) The emerging trend of quadruple extortion includes using DDoS attacks to disrupt…