AI-Powered Presentation Tool Leveraged in Phishing Attacks – Dark Reading
Researchers at Abnormal Security said threat actors are using a legitimate presentation and graphic design tool named “Gamma” in phishing attacks. – Read More
2025
Hertz Falls Victim to Cleo Zero-Day Attacks – Dark Reading
Customer data such as birth dates, credit card numbers and driver’s license information were stolen when threat actors exploited zero-day vulnerabilities in Cleo-managed file transfer products. – Read More
Wave of Wine-Inspired Phishing Attacks Targets EU Diplomats – Dark Reading
Russia-backed APT29’s latest campaign once again uses malicious invites to wine-tasting events as its lure, but this time targets a different set of vintages — errr, victims — and delivers…
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool – The Hacker News
The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called…
“Is existing continued professional development process still fit for purpose”? – Law Gazette – Features
Professional Development. (Sponsored content.) – Read More
Are We Prioritizing the Wrong Security Metrics? – Dark Reading
True security isn’t about meeting deadlines — it’s about mitigating risk in a way that aligns with business objectives while protecting against real-world threats. – Read More
China-Backed Threat Actor ‘UNC5174’ Using Open Source Tools in Stealthy Attacks – Dark Reading
Sysdig researchers detailed an ongoing campaign from China-backed threat actor UNC5174, which is using open source hacking tools to stay under the radar. – Read More
A Proven 3-Step Approach to Review, Redline, and Negotiate Construction Contracts Successfully – Contract Nerds
Key Takeaways: Reading the contract all the way through at least once before you begin to redline will give you a roadmap to follow as you begin your review. Having…
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence – The Hacker News
A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change.…
Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders – The Hacker News
Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that’s designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious…
Cyberangriff kostet IKEA-Betreiber mehrere Millionen – CSO Online
Die Folgen des Ransomware-Angriffs auf den Franchise-Nehmer der IKEA-Filialen in Südosteuropa sind noch immer zu spüren. dimitris_k – shutterstock.com Ende des vergangenen Jahres meldete die Fourlis Group, dass die technischen…
China alleges US cyber espionage during the Asian Winter Games, names 3 NSA agents – CSO Online
China has accused the US of conducting more than 170,000 cyberattacks against the Asian Winter Games held in Harbin this February. Officials have named three alleged NSA operatives they claim…
Incomplete patching leaves Nvidia, Docker exposed to DOS attacks – CSO Online
A critical race condition bug affecting the Nvidia Container Toolkit, which received a fix in September, might still be open to attacks owing to incomplete patching. Tracked as CVE-2024-0132, the…
Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds – The Hacker News
Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’…
Solicitor ‘restrained’ after judge lets them bypass court security – Legal Cheek
Judge issued formal advice A judge who helped a solicitor enter a court building through an “alternative entrance” after they refused to comply with security checks has been issued with…