Author: Admin
04 April 2025Red LakshmananVulnerability / cloud security The Java Apache Parquet Library revealed the maximum security of security security, which, if successfully used, can allow a remote attacker to perform an arbitrary code in sensitive instances. Apache Parquet is a free open source data file format designed to process data and search effectively, providing sophisticated data, high-performance compression and coding schemes. It was first launched in 2013. The vulnerability in question is monitored as Cve-2025-30065. It carries CVS 10.0. “The scheme scheme in the Parquet-AVRO module with Apache Parquet 1.15.0 and the previous versions allows the bad actors to perform…
04 April 2025Red LakshmananMalicious software / vulnerability Ivanti revealed details about the vulnerability of critical security, which affects its connection, which was actively exploited in the wild. Vulnerability tracked as Cve-2025-22457 (CVSS assessment: 9.0), concerns the case of a stack -based buffer overflowing, which can be used to perform arbitrary code in the affected systems. “The stack -based buffer overflow into Ivanti connects to security to version 22.7r2.6, Ivanti Policy Secure to version 22.7r1.4, and Ivanti Zta Gateway – Note in a warning published on Thursday. The disadvantage affects the following products and versions – Ivanti Connect Secure (versions 22.7r2.5…
04 April 2025Red LakshmananCritical infrastructure / malicious software The Emergency Response Team (CERT-UA) showed that at least three cyber-napades were recorded against the state administration bodies and critical infrastructure in the country to steal sensitive data. Company, agency – NoteIt affects the use of compromised email accounts to send phishing messages containing links that indicate legitimate services such as Dropmefiles and Google Drive. In some cases, the links are built into PDF investing. The digital missions sought to provoke a false sense of relevance, saying that the Ukrainian government planned to reduce their salaries, urging the recipient to move to…
Microsoft warns about multiple phishing companies that use tax related topics to deploy malware and theft of powers. “These companies, in particular – Note In a report that shared with Hacker News. The characteristic aspect of these companies is that they lead to phishing Raccoon365The electronic crime platform, which first appeared in early December 2024. Also delivered deleted Trojans access (rats) as a rat Remcos, as well as other malware and frame after operation such as LatrodectusAhkbot, Gulatorand Brutetel C4 (BRC4). It is estimated that one of these companies, noticed by the technological giant on February 6, 2025, sent hundreds…
North Korean threats behind a contagious interview have taken more and more popular Clickfix Social engineering tactics to attract people looking for work in the field of cryptocurrencies to deliver a previously unregistered back Go, called GolangHost in Windows and Macos Systems. The new activity that is estimated throughout the campaign has been named Interview Clickfake French Cybersecurity Company SEKOIA. Increased interviewAlso monitored as deport development, Dev#Popper and the famous Chollima, is known, has been valid at least from December 2022, although it was only recorded for the first time in the late 2023. “It uses legitimate web -residues to…
03 April 2025Hacker News The rules have changed. Again. Artificial intelligence brings new powerful tools to business. But it also gives cybercriminals smarter ways of attack. They move faster, aiming at more accurately and slipping past the old defense without noticing. And here’s the harsh truth: If your security strategy has not developed with AI, you are already behind. But you’re not alone – and you’re not powerless.Now Cybercriminals use II not only to automate the attacks, but also to customize them – according to phishing sheets, cloning of voice, manipulation of data models and check systems for subtle weaknesses…
03 April 2025Red LakshmananPrivacy / vulnerability of data Cybersecurity researchers disclosed Details of the new vulnerability that affects the short Google data utility for Windows, which can be used to achieve service (DOS) or send arbitrary files to the target device without approval. The downside, tracked as Cve-2014-10668 (CVSS assessment: 5.9), this is bypass for two of the 10 deficiencies that were originally revealed by Safebreach Labs in August 2024 Quickshell. It was considered in the fast share for the Windows version 1.0.2002.2 after a responsible disclosure in August 2024. The investigation of these 10 vulnerabilities, which are collectively monitored…
03 April 2025Red LakshmananIntelligence threats / mobile security It has been found that fake versions of popular smartphone models sold at reduced prices Triad. “More than 2,600 users in different countries have encountered a new version of Triada, most in Russia,” Kaspersky – Note In the report. The infections were recorded between March 13 and 27, 2025. Triada – This is the name given to the Android modular family that was that was For the first time discovered In the Russian cybersecurity campaign in March 2016. Trojan remote access (rat), it is equipped for theft of a wide range of…
In one of the largest coordinated law enforcement operations, the authorities dismantled Kidflix, a streaming platform that offered sexual abuse material (CSAM). “A total of 1.8 million users worldwide entered the platform between April 2022 and March 2025,” “European Parliament – Note In a statement. “On March 11, 2025, the server, which contained about 72,000 videos at the time was confiscated by German and Dutch authorities.” The European Law Enforcement has described it as the largest operation that has been combined by the sexual exploitation of children. It was a codonomed operating stream. A perennial zonewhich began in 2022 and…
03 April 2025Red LakshmananCybersecurity / Intelligence threats Hated hunters warn of the complex Company Web Skimmer This uses an outdated application programming interface (API) with a payment processor to check the stolen payment information before exclusion. “This tactic guarantees that the attackers are sent only valid card data, making the operation more efficient and potentially more difficult to detect,” – JSCrambler Pedro Fortuna, David Alves and Pedro Marrucho Researchers – Note In the report. 49 merchants estimate have been hit by the company today. Fifteen compromised sites have taken steps to remove malicious scenarios. Activity is estimated as at least…