Security News

Week in review: How QR code attacks work and how to protect yourself, 10 must-reads for CISOs
2025-03-09 09:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How QR code attacks work and how to protect yourself While QR codes are convenient, they also...

Unpatched Edimax IP camera flaw actively exploited in botnet attacks
2025-03-07 18:36

A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. [...]

PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors
2025-03-07 04:42

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. "The attacker has exploited the vulnerability...

Over 37,000 VMware ESXi servers vulnerable to ongoing attacks
2025-03-06 15:39

Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. [...]

Malicious Chrome extensions can spoof password managers in new attack
2025-03-06 14:19

A newly devised "polymorphic" attack allows malicious Chrome extensions to morph into browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive...

Outsmarting Cyber Threats with Attack Graphs
2025-03-06 12:14

Cyber threats are growing more sophisticated, and traditional security approaches struggle to keep up. Organizations can no longer rely on periodic assessments or static vulnerability lists to...

Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks
2025-03-06 00:47

Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox US government agencies announced Wednesday criminal charges against alleged members of China's Silk...

Open-source tool 'Rayhunter' helps users detect Stingray attacks
2025-03-05 20:36

The Electronic Frontier Foundation (EFF) has released a free, open-source tool named Rayhunter that is designed to detect cell-site simulators (CSS), also known as IMSI catchers or Stingrays. [...]

China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
2025-03-05 15:44

The China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT)...

YouTube warns of AI-generated video of its CEO used in phishing attacks
2025-03-05 15:27

YouTube warns that scammers are using an AI-generated video featuring the company's CEO in phishing attacks to steal creators' credentials. [...]