Author: Admin
04 June 2025Red LakshmananLinux / malicious program Flying -Pogrosis pay attention to the new version of the Trojan Remote Access (Rat) called Chaos rat This is used in recent attacks on Windows and Linux Systems. According to Acronis findings, Artifact malicious programs may have been distributed by cheating on the victims in loading utilities for linux trouble. “Chaos Rat is an open source rat written in Holg, which offers transverse platform support for both Windows and Linux Systems” – Note In a report that shared with Hacker News. “Inspired by popular frames such as Cobalt Strike and Sliver, Chaos Rat…
04 June 2025Hacker NewsBrowser security / business safety Traditional data prevention tools (DLP) do not keep up with the realities of how modern business uses SAAS apps. Companies today are heavily relying on Saas platforms, such as Google Workspace, Salesforce, Slack and Generative AI Tools, which significantly changes the method of processing sensitive information. In these circumstances, data rarely are traditional files or crossing the ways that can control the final dots or DLP network tools. However, most companies continue to use Legacy DLP Systems, leaving critical space spaces. New White Book, DLP rethinking for the SAAS era: Why DLP,…
Several malicious packages have been found in NPM, Python and Ruby storage facilities that pour out cryptocurrency wallets, destroy whole code bases after installation and exfiltrate Telegram API tokens, once again demonstrating a variety of threats that are hidden in ecosystems. The results follow from multiple reports posted by Checkmarx, Reversinglabs, security and sockets in recent weeks. The list of identified packages on these platforms is given below – Socket noted that two harm gems were published by the actor threatened under the pseudonyms of Bùi Nam, Buidanhnam and Si_mobile only a few days after Vietnam ordered A general ban…
HPE releases security patch for Storeonce error, which allows by -by -distance authentication
04 June 2025Hacker NewsVulnerability / devops The Hewlett Packard Enterprise (HPE) has released security updates to solve as much as eight vulnerabilities in its reserve and deduction STORONCE data solution, which could lead to authentication and deleted code. “These vulnerabilities can be deleted to allow the remote code, disclosure, the forgery of the server request, authentication patency, arbitrary deletion of files and vulnerability to the catalogs of information,” HPE, “HPE” – Note In advisory. This includes a critical security deficiency, tracked as the CVE-2025-37093, which is estimated by 9.8 in the CVS count. This has been described as an authentication…
03 June 2025Red LakshmananThe United States The threats are warned of a new company that uses deceptive sites to trick anything susceptible users in performing malicious forces on their machines and infect them Netsupport Rat malicious software. The Domaintools Research (DTI) team said it has identified “multi -stage PowerShell booting scenarios”, which were located on Lure, which are Muscovy as Gitcode and Docusign. “These sites are trying to cheat users before copying and launching the initial PowerShell scenario on Windows Run,” the company – Note In a technical report that is shared with Hacker News. “At the same time, the…
03 June 2025Red LakshmananSecurity / vulnerability email Cybersecurity researchers have revealed details of the critical security lack of Webmail RoundCube software, which has left unnoticed over the decade and can be used to have sensitive systems and arbitrary code. Vulnerability tracked as Cve-2025-4913Carries CVSS 9.9 out of 10.0. It has been described as a case of post -auto -performing remote code using the PHP facility. “Webmail RoundCube up to 1.5.10 and 1.6.x to 1.6.11 allows to execute the deleted code by authenticated users, since the _from parameter in the URL is not confirmed in the program/actions/settings/upload.php, which leads to desserization…
On the eve of high-profile attacks on Marks Marks & Spencer and Spencer and co-op, the scattered spider, the spider was in all media, and the lighting shimmers into the main news due to the severity of the violations caused by the hundreds of millions of lost income only for M & S. This coverage is extremely valuable to the cybersecurity community as it increases the awareness of the fighting with which security groups are fighting every day. But it also created a lot of noise that can make it difficult to understand a big picture. The main story of…
03 June 2025Red LakshmananMobile Safety / Malicious Software An increasing number of malicious companies have used the recently discovered Trojan Android Banking called Crocodilus to orient users in Europe and South America. According to the new report published by OPHERFABRIC, enhanced methods of aggravation have been adopted to interfere with the analysis and detection, and includes the possibility of creating new contacts on the victim’s contacts. “The last activity reveals several companies aimed at European countries, continuing Turkish companies and expanding in the world in South America,” the Dutch security company – Note. Crocodilus was the first Publicly documented In…
03 June 2025Red LakshmananIntelligence threatens / cyber -defeat Microsoft and Crowdstrike have announced that they are united to align their individual taxonomy of the actors threatening by publishing a new cartographic actor of a joint threat. “Having reflected where our knowledge of these actors is aligned, we will provide security specialists to connect and make decisions with greater confidence faster,” – Vas Jacob, Vice President of Microsoft Security, Vice President – Note. The initiative is considered as a way to unleash the nicknames that private suppliers of cybersecurity are prescribed by various hacking groups that are widely classified as a…
Google Chrome to not check the two certificates about fulfilling issues and conduct problems
03 June 2025Red LakshmananWeb -Security / Digital Identity Google has shown that it would no longer trust the digital certificate issued by Chungwa Telecom and NetLock, citing “the behaviors observed in the last year”. Expected that changes will be made to Chrome 139, which is planned For public release in early August 2025. The current main version is 137. The update will affect server authentication certificates (TLS) issued by two certification bodies (CAS) after July 31, 2025, 11:59:59 PM UTC. Certificates issued before this date will not affect. Chungwa Telecom is the largest in Taiwan integrated telecommunications service provider, and…