Author: Admin
01 April 2025Hacker NewsWeb -security / matching GDPR Are your safety tokens? Learn how reflectiz has helped giant retailers put pixel on Facebook, which hidden tracking sensitive CSRF tokens with the erroneous errors. Learn about the detection process, response strategy and steps to mitigate this critical question. Download full case study there. Introducing Reflectiz Recommendations, retail trade avoided the following: Potential GDPR fines (up to 20 million euros or 4% turn) The cost of data violation is $ 3.9 million (average) 5% of buyers Introduction You may not know much about CSRF tokens, but as an Internet shop, you need…
01 April 2025Red LakshmananNetwork security / vulnerability Cybersecurity researchers warn about a spike in a suspicious login focused on Palo Alto Networks Pan-Os GlobalProt GateWays, with almost 24,000 unique IPs trying to access these portals. “This picture suggests that the concerted efforts to check the protection of the network and the detection of exposed or vulnerable systems, potentially as a predecessor of purposeful operation”, “threatened intelligence firm Greynoise – Note. It is said that the overstretch began on March 17, 2025, supporting almost 20,000 unique IPs a day before being rejecting on March 26. At the peak of 23 958…
01 April 2025Red LakshmananMobile security / vulnerability Apple corrected three vulnerabilities on Monday, which were actively operating in the wild to old models and previous versions of operating systems. The vulnerabilities in question are below – Cve-2025-24085 (CVSS assessment: 7.3) -des using error-based media companies that can allow the malicious application already installed on the device to raise privileges Cve-2025-24200 (CVSS assessment: 4.6) – The problem with the resolution in the availability that can make possible Cve-2025-24201 (CVSS assessment: 8.8)–problem of the account out of the restriction Updates are now available for the following versions of the operating system -…
01 April 2025Red LakshmananData protection / privacy Apple suffered a fine of 150 million euros (162 million dollars) of France’s competition for the implementation of its scope of application tracking (ATT). Autorité de La Concess said he invest against Apple for abuse of a dominant position as a mobile app distributor for iOS and iPados devices between April 26, 2021 to July 25, 2023. Yes, introduce According to iPhone manufacturer with iOS 14.5, iPados 14.5 and TVOS 14.5, this frame This requires mobile applications to look for obvious users’ consent to access IDFA) and track them by apps and sites…
It was found in Microsoft Windows found Silence and Darkwisp. Activities was linked to a Russian hacking group called Water Hamayunwhich is also known as Encrypthub and larva-208. “The Threat Actor Deploy Payloads Primarily by Melicious Provisioning Packages, Signed .msi Files, and Windows Msc Files, Using Techniques Like The Intellij Runnerw.exe for Command Execution,” Trend Micro Researchers Aliakbar Zahravi and Ahmed Mohamed Ibrahim – Note In the following analysis published last week. Water Gamayun has been associated with the active operation of the CVE-2025-2633 (aka MSc Eviltwin), vulnerability within Microsoft Cancole (MMC) to perform malicious software using the Microsoft Console…
March 31, 2025Hacker NewsDetection of invasion / vulnerability If you are using AWS, it is easy to assume that your cloud security is handled – but it’s a dangerous misconception. AWS provides its own infrastructure but security inside The cloud is the client’s responsibility. Think about AWS safety, such as building protection: AWS provides strong walls and firm roofs, but clients depend on the processing of the locks, install the alarm and make sure the values do not remain subjected. In this blog we will clarify what AWS does not provide vulnerability in the real world, and like cloud safety…
March 31, 2025Red LakshmananData steal / web safety The threatening actors use the MU-planning catalog on WordPress websites to hide the malicious code to maintain permanent remote access and redirect site visitors to fake sites. Mu-meline shortened for Required plugsrefers to plugins in a special directory (“WP-Content/Mu-Plugins”), which are automatically performed by WordPress without having to turn them clearly through the administrator’s dashboard. It also makes the catalog the perfect place for malware. “This approach is a tendency because the MU-Plane (the plugin of the compulsory use) is not made in the standard WordPress plugin interface, making them less noticeable…
March 31, 2025Red LakshmananIntelligence threats / malicious software Subjects in Ukraine were aimed at a phishing campaign aimed at distributing Trojan remote Rat Remecos. “File names use Russian words related to troops in Ukraine as a bait,” Cisco Talos Guilherme Venere researcher – Note In a report published last week. “Loading PowerShell is in contact with geo-aggregated servers located in Russia and Germany to download the mail file in the second stage containing Backdoor Remcos.” Activities has been associated with moderate confidence for a Russian hacking group known as HomoredonAlso tracked under Monikers Aqua Blizzard, Armageddon, Blue Otso, Bluealpha, Hive0051,…
March 30, 2025Red LakshmananVulnerability / zero day US Cybersecurity and infrastructure agencies (CISA) shed light on a new malicious software called Rebellion This was deployed within the framework of operating activities aimed at the current lack of security in IVanti Connect Secure (ICS) devices. “Management contains the possibilities of malicious Spownchimera software, including reset that survived; however, resurge contains distinctive commands that change its behavior,” agency – Note. “The file contains the possibilities of rootkit, dropper, back, bootkit, proxy and tunneler.” The vulnerability of security associated with the deployment of malware, there is Cve-2025-0282The vulnerability of a stack -based buffer…
March 29, 2025Red LakshmananIntelligence threats / mobile security Cybersecurity researchers have discovered a new malicious Android Banking software called Crocodile This is primarily intended for targeting users in Spain and Turkey. “Crocodilus goes on stage not as a simple clone, but as a full threat from the beginning, equipped with modern – Note. As of other Bank trojans Of -a sort of malicious software designed to facilitate devices’ absorption (Hundred) and eventually conduct fake operations. Analysis of the source code and reports of debugs shows that the author of malware is Turkish. Crocodilus Artifacts, analyzed by the Dutch Masquerade Mobile…