Security
Headlines
HeadlinesLatestCVEs

Latest News

New Docuseries Spotlights Hackers Who Shaped Cybersecurity

"Where Warlocks Stay Up Late" project speaks to hackers who have played pivotal roles in shaping the field of cybersecurity. The video interviews are complemented by an encyclopedia and an anthropological map.

DARKReading
Open in Source
#vulnerability#web#git#intel#auth
US Cyber Trust Mark logo for smart devices is coming

The White House has launched the Cyber Trust Mark to assist consumers in their quest to buy cybersecure internet connected devices.

Unconventional Cyberattacks Aim to Take Over PayPal Accounts

Attackers are abusing a Microsoft 365 feature to send payment requests to users, tricking them into logging in to their accounts so attackers can seize control over them.

GHSA-j4jw-m6xr-fv6c: Soft Serve vulnerable to path traversal attacks

### Impact Path traversal attack gives access to existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without explicitly giving them permissions. ### Patches This is patched in [v0.8.2](https://github.com/charmbracelet/soft-serve/releases/tag/v0.8.2) ### Workarounds Single user set-ups are not affected. This only affects multi-user Soft Serve set-ups that enable repository creation for users. Otherwise, upgrading is necessary to circumvent the attack.

Best Practices & Risks Considerations in LCNC and RPA Automation

Low-code/no-code (LCNC) and robotic process automation (RPA) technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits.

New PayPal Phishing Scam Exploits MS365 Tools and Genuine-Looking Emails

Fortinet uncovers a new PayPal phishing scam exploiting legitimate platform features. Learn how this sophisticated attack works and how to protect yourself from falling victim.

Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques

Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows systems. "The NonEuclid remote access trojan (RAT), developed in C#, is a highly sophisticated malware offering unauthorised remote access with advanced evasion techniques," Cyfirma said in a technical analysis published last week. "It employs

Scammers Impersonate Authorities to Swipe OTPs with Remote Access Apps

SUMMARY Cybersecurity researchers at Group-IB have discovered a sophisticated refund scam where scammers are using remote access tools…

Top 5 Malware Threats to Prepare Against in 2025

2024 had its fair share of high-profile cyber attacks, with companies as big as Dell and TicketMaster falling victim to data breaches and other infrastructure compromises. In 2025, this trend will continue. So, to be prepared for any kind of malware attack, every organization needs to know its cyber enemy in advance. Here are 5 common malware families that you can start preparing to counter

Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks

A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks. The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States.