Author: Admin
05 June 2025Red LakshmananNetwork security / vulnerability Cisco has released security patches to address a critical security lack that affects the identity engine (ISE), which, if successfully used, can allow unauthorized actors to carry out malicious actions on sensitive systems. Security defect, tracked as Cve-2025-20286Carries CVSS 9.9 out of 10.0. This has been described as static vulnerability of accounts. “The vulnerability in Amazon Web Services (AWS), Microsoft Azure and Oracle Cloud Infrastructure (OCI) deploying Cisco Identiss Services Engine (ISE) can allow unauthorized, remote attackers to access sensitive data Violations of services within the affected systems “,” the company that has…
04 June 2025Red Lakshmanan Threat of intelligence / data violation Google revealed the details of the financially motivated threat cluster stating that he was “specializing” on voice phishing (AKA Vishing) aimed at violating copies of organizations for large -scale data theft and subsequent extortion. Intelligence team at threat of technological giant tracks activity under nickname Unc6040which, according to his words Com. “Over the past few months, UNC6040 has demonstrated repeated success in violation of networks, forcing him to bring himself to his support employee in a convincing telephone based on telephone engineering,” company company company – Note In a report…
04 June 2025Red LakshmananLinux / malicious program Flying -Pogrosis pay attention to the new version of the Trojan Remote Access (Rat) called Chaos rat This is used in recent attacks on Windows and Linux Systems. According to Acronis findings, Artifact malicious programs may have been distributed by cheating on the victims in loading utilities for linux trouble. “Chaos Rat is an open source rat written in Holg, which offers transverse platform support for both Windows and Linux Systems” – Note In a report that shared with Hacker News. “Inspired by popular frames such as Cobalt Strike and Sliver, Chaos Rat…
04 June 2025Hacker NewsBrowser security / business safety Traditional data prevention tools (DLP) do not keep up with the realities of how modern business uses SAAS apps. Companies today are heavily relying on Saas platforms, such as Google Workspace, Salesforce, Slack and Generative AI Tools, which significantly changes the method of processing sensitive information. In these circumstances, data rarely are traditional files or crossing the ways that can control the final dots or DLP network tools. However, most companies continue to use Legacy DLP Systems, leaving critical space spaces. New White Book, DLP rethinking for the SAAS era: Why DLP,…
Several malicious packages have been found in NPM, Python and Ruby storage facilities that pour out cryptocurrency wallets, destroy whole code bases after installation and exfiltrate Telegram API tokens, once again demonstrating a variety of threats that are hidden in ecosystems. The results follow from multiple reports posted by Checkmarx, Reversinglabs, security and sockets in recent weeks. The list of identified packages on these platforms is given below – Socket noted that two harm gems were published by the actor threatened under the pseudonyms of Bùi Nam, Buidanhnam and Si_mobile only a few days after Vietnam ordered A general ban…
04 June 2025Hacker NewsVulnerability / devops The Hewlett Packard Enterprise (HPE) has released security updates to solve as much as eight vulnerabilities in its reserve and deduction STORONCE data solution, which could lead to authentication and deleted code. “These vulnerabilities can be deleted to allow the remote code, disclosure, the forgery of the server request, authentication patency, arbitrary deletion of files and vulnerability to the catalogs of information,” HPE, “HPE” – Note In advisory. This includes a critical security deficiency, tracked as the CVE-2025-37093, which is estimated by 9.8 in the CVS count. This has been described as an authentication…
03 June 2025Red LakshmananThe United States The threats are warned of a new company that uses deceptive sites to trick anything susceptible users in performing malicious forces on their machines and infect them Netsupport Rat malicious software. The Domaintools Research (DTI) team said it has identified “multi -stage PowerShell booting scenarios”, which were located on Lure, which are Muscovy as Gitcode and Docusign. “These sites are trying to cheat users before copying and launching the initial PowerShell scenario on Windows Run,” the company – Note In a technical report that is shared with Hacker News. “At the same time, the…
03 June 2025Red LakshmananSecurity / vulnerability email Cybersecurity researchers have revealed details of the critical security lack of Webmail RoundCube software, which has left unnoticed over the decade and can be used to have sensitive systems and arbitrary code. Vulnerability tracked as Cve-2025-4913Carries CVSS 9.9 out of 10.0. It has been described as a case of post -auto -performing remote code using the PHP facility. “Webmail RoundCube up to 1.5.10 and 1.6.x to 1.6.11 allows to execute the deleted code by authenticated users, since the _from parameter in the URL is not confirmed in the program/actions/settings/upload.php, which leads to desserization…
On the eve of high-profile attacks on Marks Marks & Spencer and Spencer and co-op, the scattered spider, the spider was in all media, and the lighting shimmers into the main news due to the severity of the violations caused by the hundreds of millions of lost income only for M & S. This coverage is extremely valuable to the cybersecurity community as it increases the awareness of the fighting with which security groups are fighting every day. But it also created a lot of noise that can make it difficult to understand a big picture. The main story of…
03 June 2025Red LakshmananMobile Safety / Malicious Software An increasing number of malicious companies have used the recently discovered Trojan Android Banking called Crocodilus to orient users in Europe and South America. According to the new report published by OPHERFABRIC, enhanced methods of aggravation have been adopted to interfere with the analysis and detection, and includes the possibility of creating new contacts on the victim’s contacts. “The last activity reveals several companies aimed at European countries, continuing Turkish companies and expanding in the world in South America,” the Dutch security company – Note. Crocodilus was the first Publicly documented In…