Hackers spoof Microsoft ADFS login pages to steal credentials
A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections. #ADFS #Account #Computer #InfoSec #Lateral #MFA #Microsoft #Notification #Phishing #Push #Security #Takeover
VulnCheck and partner GreyNoise discovered Zyxel-related vulnerabilities being targeted in the wild. In this blog, VulnCheck describes the vulnerabilities CVE-2024-40891 and CVE-2025-0890.
SparkCat crypto stealer in Google Play and App Store
Kaspersky experts discover iOS and Android apps infected with the SparkCat crypto stealer in Google Play and the App Store. It steals crypto wallet data using an OCR model.
Une cyberattaque paralyse Radio Top et Tele Top à Winterthour
La radio et la chaîne télévisée du groupe TOP à Winterthour sont à l'arrêt après avoir été piratées ce week-end. Les diffusions en direct n'étaient plus possibles dimanche en milieu de journée.
Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek
Evaluation of three jailbreaking techniques on DeepSeek shows risks of generating prohibited content. Evaluation of three jailbreaking techniques on DeepSeek shows risks of generating prohibited content.
Live Chat Blog #2: Cisco Webex Connect - Access to millions of chats histories
In July 2024, we identified a vulnerability that resulted in access to millions of live customer support messages for organizations using Cisco Webex Connect.
Exposed SMB: The Hidden Risk Behind ‘WantToCry’ Ransomware Attacks
Learn how the WantToCry ransomware group is exploiting vulnerable SMB (Server Message Block) services to launch devastating attacks. Understand the risks of misconfigured SMB and discover best practices to protect your organization from ransomware.
DeepSeek’s Popular AI App Is Explicitly Sending US Data to China | WIRED
Amid ongoing fears over TikTok, Chinese generative AI platform DeepSeek says it’s sending heaps of US user data straight to its home country, potentially setting the stage for greater scrutiny.
Tbilisi public transport hacked, playing pro-European messages
Ticket machines for public transport in Georgia’s capital city of Tbilisi, including buses and mini-buses, were reportedly hacked on January 24, playing a series...
Swiss tax authority forced to buy Bahamas domain name after URL typo
What do you do if a web address you printed on a physical flyer contains a typo, and you send that flyer to more than 100,000 households? Well, if you're
South Africa’s government-run weather service knocked offline by cyberattack | The Record from Recorded Future News
A cyberattack has forced the government-run South African Weather Service (SAWS) offline, limiting access to a critical service used by the country’s airlines, farmers and allies. The website for SAWS has been down since Sunday evening, according to a statement posted to social media. SAWS has had to use Facebook, X and other sites to share daily information on thunderstorms, wildfires and other weather events.
Active Exploitation of Zero-day Zyxel CPE Vulnerability (CVE-2024-40891)
After identifying a significant overlap between IPs exploiting CVE-2024-40891 and those classified as Mirai, the team investigated a recent variant of Mirai and confirmed that the ability to exploit CVE-2024-40891 has been incorporated into some Mirai strains. GreyNoise is observing active exploitation attempts targeting a zero-day critical command injection vulnerability in Zyxel CPE Series devices tracked as CVE-2024-40891. At this time, the vulnerability is not patched, nor has it been publicly disclosed. Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration. At publication, Censys is reporting over 1,500 vulnerable devices online.
10,000 WordPress Websites Found Delivering MacOS and Windows Malware
Third-party scripts are a key part of the supply chain, giving 3rd party access to sensitive data or allowing malicious actions in the browser of your user. c/side helps you regain control over your website.
Hacker forums Cracked, Nulled and others, seized under FBI's 'Operation Talent'
Hacker forums Cracked[.]io, Nulled[.]to, MySellIX[.]io, and StarkRDP[.]io on Wednesday are seized by the FBI, Europol, and international law enforcement as part of ‘Operation Talent.’ A large ‘‘Operation Talent’ seizure poster was splashed across most of the shady websites by Wednesday afternoon.
Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog
A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information.
On November 25, 2024, a third party, from SECURE NETWORK BVTECH, reported the D-Link DSL-3788 hardware revision B2 with firmware version vDSL-3788_fw_revA1_1.01R1B036_EU_EN or below, of a Unauthenticated Remote Code Execution (RCE) vulnerability. When D-Link became aware of the reported security issues, we promptly started investigating and developing security patches. Patches were release within the 90-day of the report of the vulnerabilities.
Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany. The actor has delivered different payloads, including Agent Tesla, Snake Keylogger, and a new undocumented backdoor we are calling TorNet, dropped by PureCrypter malware. The actor is running a Windows scheduled task on victim machines—including on endpoints with a low battery—to achieve persistence. The actor also disconnects the victim machine from the network before dropping the payload and then connects it back to the network, allowing them to evade detection by cloud antimalware solutions. We also found that the actor connects the victim’s machine to the TOR network using the TorNet backdoor for stealthy command and control (C2) communications and detection evasion.
Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor
Salt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has breached at least nine U.S.-based telecommunications companies with the intent to target high profile government and political figures. Tenable Research examines the tactics, techniques and procedures of this threat actor.
