Author: Admin
Organizations now use on average 112 apps Saas- The figure that continues to grow. In a 2024 study 49% of 644 respondents who often used Microsoft 365 General data showed more than 1000+ Microsoft 365 Saas connections to SAAS on average for deployment. And this is just one major Saas supplier. Imagine other unforeseen critical safety risks: Each SAAS app has unique security configurations- Adoption of erroneous conditions is the highest risk. Important for business app (CRM, financial and cooperation tools) retain a huge amount of sensitive data, making them the main goals for attackers. Shadows IT and Third Integration…
Hackers use .Net Maui to target Indian and Chinese users with fake banking affairs, social applications
March 25, 2025Red LakshmananMobile safety / data theft Cybersecurity researchers pay attention to the malicious Android software that uses the Microsoft Multi-Platform App UI (.NET MAUI) to create fictitious banking and social media applications focused on Indian and Chinese users. “These threats are masked as legitimate applications, focusing on users to theft of secret information,” McAfee Labs Dexter Shin researcher – Note. .NET MAUI – Microsoft’s Cross -Platform desktop and mobile app To create native applications using C# and Xaml. It is an evolution of Xamarin, with additional opportunities not only to create multi -platform applications using one project, but…
Law enforcement agencies in seven African countries arrested 306 suspects and confiscated 1842 devices under the Codenament International Operation Red card It happened between November 2024 and February 2025. Coordinated efforts “aimed at violating and dismantling cross -border criminal networks that cause considerable damage to people and enterprises” InterPOL – NoteAdding it focused on targeted cheaters for mobile banks, investment and messaging. More than 5,000 victims participated in cyber-cafeers. In the countries involved in the operation, there are Benin, Coast -Dioire, Nigeria, Rwanda, South Africa, Tag and Zambia. “The success of the Red Card operation demonstrates the power of international…
March 24, 2025Red LakshmananVulnerability / cloud security A set of five critical disadvantages was disclosed in Mention of the Nginx controller during Kubernetes This can lead to unauthorized remote code, exposing more than 6,500 clusters at immediate risk by exposing the component on the public. Vulnecs (CVE-2025-24513, Cve-2025-24514, Cve-2015-1097, Cve-2025-1098 and Cve-2025-1974), assigned to CVSS 9.8, were collectively named inress ingress Mare Wiz. It should be noted that the disadvantages do not affect the Nginx -controller IngressWhich is another implementation of the Ingress controller for Nginx and Nginx Plus. “The operation of these vulnerabilities leads to unauthorized access to all…
March 24, 2025Red LakshmananSecurity Enterprise / browser Microsoft on Monday announced A new feature called Inline Data Protection for its enterprise, focused on Business Web Browser. Native data control data control is designed to prevent sensitive employees related to companies, in the consumer application of generative artificial intelligence (Genai), such as Openai Chatgpt, Google Gemini and Deepseek. The list will be expanded over time to include other Genai, email, cooperation and social media applications. “With the new Edge Building Option for Edge, you can prevent data leakage in different ways that users interact with sensitive data in the browser, including…
March 24, 2025Red LakshmananMalicious software / redemption Operation Ransomware-How Service (RAAS) called Rampage He has already claimed three victims since the launch on March 7, 2025. “The RAAS model allows a wide range of participants: from experienced hackers to aliens, participate in a deposit of $ 5,000. Partners retain 80% ransom payments, while the main operators earn 20%,” – Note In a report published over the weekend./P> “The only rule is not to focus on the Commonwealth of Independent States (CIS).” As with any Ransomware program supported by the affiliate, Vanhelsing claims that it offers the ability to focus on…
March 24, 2025Red LakshmananSafety / Save your password If you can make a choice, most users are likely to prefer unobstructed experiences compared to complex security measures as they do not prefer high -safet password. However, the balance of safety and convenience should not be a zero amount. By introducing the best practices and tools you need, you can make a balance between reliable password safety and user experience without friction (UX). This article studies how to achieve the perfect balance between strong password safety and unobstructed user experience, even if the standards for strong passwords continue to develop. Why…
March 24, 2025Red LakshmananMalicious software / encryption Cybersecurity researchers have found two malicious extensions on the Visual Studio Code (VScode) market, which are designed to deploy the excitement that is being developed for its users. The expansion named “Ahban.shiba” and “Ahban.cychelloworld” have since been lifted in the market. Both extensions, per ReversinglabsInclude the code designed to call the PowerShell command, which then grabs the PowerShell-Script’s useful load from the Command and Control (C2) server and performs it. It is suspected that a useful load is a compelling program in the development of the early stage, only file encryption in the…
March 24, 2025Red LakshmananVulnerability / safety online The following response was revealed by a critical lack of safety. Vulnerability tracked as Cve-2025-29927Carries CVSS 9.1 out of 10.0. “NEXT.JS uses the internal title of the X-Middleware-Subrequest to prevent recursive requests from launching endless loops”, next.js – Note In advisory. ‘You could miss running softwareWhich can allow requests to miss critical checks – for example, checking authorization – before reaching the routes. ” The deficiency was considered in versions 12.3.5, 13.5.9, 14.2.25 and 15.2.3. If the fix is not an option, it is recommended that users prevent external user requests that contain…
The GitHub “TJ-Actions/Changer-Files” chain attack began as a highly assault on one of the open source Coinbase projects before turning into something wider in the sphere. “The useful load was focused on using the public flow CI/CD one of its open source projects – Agentkit, probably for the use of it for further compromises,” Palo Alto Networks 42 division 42 – Note In the report. “However, the attacker was unable to use Coinbase’s secrets or to publish packages.” A incident It was born on March 14, 2025, when it was established that “TJ-Actions/Change-Files” were compromised in an injection code that…