Category Security

Feb 18, 2025Ravie LakshmananVulnerability / Enterprise Security Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services. “This…

Feb 18, 2025Ravie LakshmananMalware / Website Hacking Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to…

MacOS malware XCSSET is reportedly re-emerging under a new variant, according to Microsoft. In a new social media post published on February 17, Microsoft Threat Intelligence said it had detected a new variant of XCSSET. This sophisticated modular malware targets…

South Korea has suspended new downloads of the Chinese AI chatbot DeepSeek as it undergoes scrutiny for non-compliance with the country’s data protection laws. The Personal Information Protection Commission (PIPC) announced the suspension on February 15, citing deficiencies in the…

Feb 17, 2025Ravie LakshmananThreat Intelligence / Cyber Attack Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. Netskope Threat Labs, which detailed the functions of the malware, described it…

A pro-Russia hacker group, NoName057(16), has launched a wave of DDoS (distributed denial-of-service) attacks targeting key Italian organizations.  Early on Monday, the group disrupted the websites of major airports in Milan, including Linate and Malpensa, as well as the Transport Authority,…

Feb 17, 2025Ravie LakshmananEndpoint Security / Malware Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. “Its first known variant since 2022, this latest XCSSET…

Feb 17, 2025The Hacker NewsEnterprise Security / Attack Simulation Cyber threats evolve—has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity. This concise report…

Two Estonian nationals are facing up to 20 years behind bars after pleading guilty to running a huge cryptocurrency fraud scheme that netted hundreds of millions of dollars. Sergei Potapenko and Ivan Turõgin, both 40, made $577m in sales from…

Feb 17, 2025Ravie LakshmananArtificial Intelligence / Data Protection South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations.…